Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Computer Problems, maybe infected

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Computer Problems, maybe infected

Unread postby Groffles » March 10th, 2011, 10:11 am

Hello, I have been here before and you guys were amazing with your help. You were quick and great!

But now I have come back with might be a problem, but I am unsure.

I have a new laptop (10 months), and I have traveled with it to China. Well I have done nothing to cause problems by going to bad sites (that I am aware of)...but in the past 2 months things have been noticeably slower. My computer appears to lag and become jagged quite frequently. Windows Explorer will constantly say that the window is Not Responding and then after a second...maybe 5 seconds...it picks back up without an issue. But this will happen all the time, and sometimes several times in a row. This happens with EVERYTHING. iTunes, Winamp, VLC, GoogleCrome, Firefox, Thunderbird, Windows Media Player, Microsoft Office programs etc. With Media players like iTunes or VLC...the program will lose audio completely or video (if there is video) like I pushed pause.

So I am confused what has been causing this problem. It never happened before. I also think it might have been recent because when someone connected their USB into my Laptop to transfer a .ppt, my Kaspersky Anti-Virus went nuts. I scanned their USB and it constantly came up saying it found a potential trojan or other problematic file/program.



DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by owner at 21:50:51.81 on Thu 03/10/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2937.1387 [GMT 8:00]

AV: Kaspersky Anti-Virus *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky Anti-Virus *Enabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}

============== Running Processes ===============

C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\windows\system32\igfxext.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\StikyNot.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\windows\system32\DllHost.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\windows\system32\taskmgr.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\SearchFilterHost.exe
C:\Users\owner\Desktop\dds.scr
C:\windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig?brand=TSNA&bmod=TSNA
uDefault_Page_URL = hxxp://www.google.com/ig?brand=TSNA&bmod=TSNA
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain ... &bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain ... &bmod=TSNA
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [QQIntl] "C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe" /background
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
mRun: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
mRun: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\GROOVE.EXE
StartupFolder: C:\Users\owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\GROOVE.EXE
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/tri ... /wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~2\mzvkbd3.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\ievkbd.dll
BHO-X64: IEVkbdBHO - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll
BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll
BHO-X64: link filter bho - No File
TB-X64: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
TB-X64: {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - No File
mRun-x64: [(Default)]
mRun-x64: [IgfxTray] C:\windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\windows\system32\igfxpers.exe
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun-x64: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun-x64: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun-x64: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
mRun-x64: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
mRun-x64: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
mRun-x64: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

================= FIREFOX ===================

FF - ProfilePath - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\bz3ibyqc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.hk/
FF - prefs.js: network.proxy.ftp - 127.0.0.1
FF - prefs.js: network.proxy.ftp_port - 8580
FF - prefs.js: network.proxy.gopher - 127.0.0.1
FF - prefs.js: network.proxy.gopher_port - 8580
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 8580
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 8580
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 8580
FF - prefs.js: network.proxy.type - 4
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - component: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\bz3ibyqc.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Tencent\QQMusic\npQzoneMusic.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Perapera-kun: Popup Japanese and Chinese Translator: chineseperakun@gmail.com - %profile%\extensions\chineseperakun@gmail.com
FF - Ext: Morning Coffee: morningCoffee@shaneliesegang - %profile%\extensions\morningCoffee@shaneliesegang
FF - Ext: Chinese-English Dictionary for Perapera-kun: peraperakun-chinese@gmail.com - %profile%\extensions\peraperakun-chinese@gmail.com
FF - Ext: <![CDATA[1-ClickWeather]]>: {DCBD1271-D228-4082-9FBC-36D9B7660B03} - %profile%\extensions\{DCBD1271-D228-4082-9FBC-36D9B7660B03}
FF - Ext: 1-Click YouTube Video Downloader: YoutubeDownloader@PeterOlayev.com - %profile%\extensions\YoutubeDownloader@PeterOlayev.com
FF - Ext: Winamp Toolbar: {0b38152b-1b20-484d-a11f-5e04a9b0661f} - %profile%\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
FF - Ext: BetterPrivacy: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3} - %profile%\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}

============= SERVICES / DRIVERS ===============

R1 kl2;kl2;C:\Windows\System32\drivers\kl2.sys [2010-6-9 11864]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2010-4-22 27736]
S3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2009-11-2 22544]

=============== Created Last 30 ================

2011-03-08 09:56:03 7947600 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{27BE5DFD-1C2E-418B-9FEE-051B23822C0E}\mpengine.dll
2011-02-24 04:30:13 367104 ----a-w- C:\windows\System32\wcncsvc.dll
2011-02-24 04:30:12 276992 ----a-w- C:\windows\SysWow64\wcncsvc.dll
2011-02-23 09:30:05 662528 ----a-w- C:\windows\System32\XpsPrint.dll
2011-02-23 09:30:05 475648 ----a-w- C:\windows\System32\XpsGdiConverter.dll
2011-02-23 09:30:05 442880 ----a-w- C:\windows\SysWow64\XpsPrint.dll
2011-02-23 09:30:05 288256 ----a-w- C:\windows\SysWow64\XpsGdiConverter.dll
2011-02-22 02:09:04 -------- d-----w- C:\Users\owner\AppData\Local\SCE
2011-02-21 02:40:58 -------- d-----w- C:\Users\owner\AppData\Local\PackageAware
2011-02-14 06:59:56 714752 ----a-w- C:\windows\System32\kerberos.dll
2011-02-14 06:58:41 612352 ----a-w- C:\windows\System32\vbscript.dll
2011-02-14 06:58:41 428032 ----a-w- C:\windows\SysWow64\vbscript.dll
2011-02-14 06:58:30 5510528 ----a-w- C:\windows\System32\ntoskrnl.exe
2011-02-14 06:58:30 1739176 ----a-w- C:\windows\System32\ntdll.dll
2011-02-14 06:58:29 3957120 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2011-02-14 06:58:29 3901824 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2011-02-14 06:58:29 1293120 ----a-w- C:\windows\SysWow64\ntdll.dll
2011-02-14 06:58:28 366080 ----a-w- C:\windows\System32\atmfd.dll
2011-02-14 06:58:27 46080 ----a-w- C:\windows\System32\atmlib.dll
2011-02-14 06:58:27 34304 ----a-w- C:\windows\SysWow64\atmlib.dll
2011-02-14 06:58:27 294400 ----a-w- C:\windows\SysWow64\atmfd.dll

==================== Find3M ====================

2011-03-10 09:18:34 44544 ----a-w- C:\windows\SysWow64\agremove.exe
2011-03-09 23:05:56 17920 ----a-w- C:\windows\System32\rpcnetp.exe
2011-02-19 06:37:44 1135104 ----a-w- C:\windows\System32\FntCache.dll
2011-02-19 06:37:10 1540608 ----a-w- C:\windows\System32\DWrite.dll
2011-02-19 06:36:49 902656 ----a-w- C:\windows\System32\d2d1.dll
2011-02-19 05:32:48 1074176 ----a-w- C:\windows\SysWow64\DWrite.dll
2011-02-19 05:32:35 739840 ----a-w- C:\windows\SysWow64\d2d1.dll
2011-02-02 09:11:20 270720 ------w- C:\windows\System32\MpSigStub.exe
2011-01-26 06:53:10 982912 ----a-w- C:\windows\System32\drivers\dxgkrnl.sys
2011-01-26 06:53:10 265088 ----a-w- C:\windows\System32\drivers\dxgmms1.sys
2011-01-26 06:31:20 144384 ----a-w- C:\windows\System32\cdd.dll
2011-01-05 04:00:16 3127808 ----a-w- C:\windows\System32\win32k.sys
2010-12-23 06:07:50 1118720 ----a-w- C:\windows\System32\sbe.dll
2010-12-23 06:07:49 961024 ----a-w- C:\windows\System32\CPFilters.dll
2010-12-23 06:07:49 723968 ----a-w- C:\windows\System32\EncDec.dll
2010-12-23 06:02:33 259072 ----a-w- C:\windows\System32\mpg2splt.ax
2010-12-23 05:28:29 850432 ----a-w- C:\windows\SysWow64\sbe.dll
2010-12-23 05:28:28 642048 ----a-w- C:\windows\SysWow64\CPFilters.dll
2010-12-23 05:28:28 534528 ----a-w- C:\windows\SysWow64\EncDec.dll
2010-12-23 05:24:02 199680 ----a-w- C:\windows\SysWow64\mpg2splt.ax
2010-12-21 06:16:27 97280 ----a-w- C:\windows\System32\wscsvc.dll
2010-12-21 06:16:27 62976 ----a-w- C:\windows\System32\wscapi.dll
2010-12-21 06:16:16 214016 ----a-w- C:\windows\System32\winsrv.dll
2010-12-21 06:16:14 442880 ----a-w- C:\windows\System32\winhttp.dll
2010-12-21 06:16:14 1197056 ----a-w- C:\windows\System32\wininet.dll
2010-12-21 06:16:09 258048 ----a-w- C:\windows\System32\WebClnt.dll
2010-12-21 06:15:55 264192 ----a-w- C:\windows\System32\upnp.dll
2010-12-21 06:15:31 15360 ----a-w- C:\windows\System32\slwga.dll
2010-12-21 06:13:03 2003968 ----a-w- C:\windows\System32\msxml6.dll
2010-12-21 06:13:03 1880576 ----a-w- C:\windows\System32\msxml3.dll
2010-12-21 06:10:22 100864 ----a-w- C:\windows\System32\davclnt.dll
2010-12-21 05:38:24 51200 ----a-w- C:\windows\SysWow64\wscapi.dll
2010-12-21 05:38:22 981504 ----a-w- C:\windows\SysWow64\wininet.dll
2010-12-21 05:38:22 350720 ----a-w- C:\windows\SysWow64\winhttp.dll
2010-12-21 05:38:21 204800 ----a-w- C:\windows\SysWow64\WebClnt.dll
2010-12-21 05:38:19 204288 ----a-w- C:\windows\SysWow64\upnp.dll
2010-12-21 05:38:16 14336 ----a-w- C:\windows\SysWow64\slwga.dll
2010-12-21 05:36:17 1389568 ----a-w- C:\windows\SysWow64\msxml6.dll
2010-12-21 05:36:16 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll
2010-12-21 05:34:12 80384 ----a-w- C:\windows\SysWow64\davclnt.dll
2010-12-19 05:05:47 18760 ----a-w- C:\windows\SysWow64\QQVistaHelper.dll
2010-12-18 06:12:28 3138048 ----a-w- C:\windows\System32\mstscax.dll
2010-12-18 06:11:41 57856 ----a-w- C:\windows\System32\licmgr10.dll
2010-12-18 06:08:15 1097216 ----a-w- C:\windows\System32\mstsc.exe
2010-12-18 05:30:20 2690560 ----a-w- C:\windows\SysWow64\mstscax.dll
2010-12-18 05:29:40 44544 ----a-w- C:\windows\SysWow64\licmgr10.dll
2010-12-18 05:29:31 541184 ----a-w- C:\windows\SysWow64\kerberos.dll
2010-12-18 05:26:55 1034240 ----a-w- C:\windows\SysWow64\mstsc.exe
2010-12-18 04:55:03 482816 ----a-w- C:\windows\System32\html.iec
2010-12-18 04:20:55 386048 ----a-w- C:\windows\SysWow64\html.iec
2010-12-18 04:13:40 1638912 ----a-w- C:\windows\System32\mshtml.tlb
2010-12-18 03:47:59 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb
2009-02-13 16:02:52 80896 ----a-w- C:\Program Files\devcon_amd64.exe

============= FINISH: 21:55:56.87 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 5/10/2010 1:23:01 PM
System Uptime: 3/10/2011 7:20:26 AM (14 hours ago)

Motherboard: TOSHIBA | | NBWAA
Processor: Intel(R) Celeron(R) CPU 900 @ 2.20GHz | U2E1 | 2194/mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 222 GiB total, 74.75 GiB free.
D: is CDROM ()
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP159: 2/21/2011 10:42:14 AM - Removed Heroes of Might and Magic V - Tribes of the East
RP160: 2/21/2011 10:04:11 PM - Windows Update
RP161: 2/22/2011 2:26:03 PM - Windows Update
RP162: 2/24/2011 12:29:34 PM - Windows Update
RP163: 2/25/2011 3:54:50 PM - Windows Update
RP164: 3/1/2011 3:34:43 PM - Windows Update
RP165: 3/2/2011 11:23:49 AM - Installed DirectX
RP166: 3/4/2011 4:32:18 PM - Windows Update
RP167: 3/8/2011 5:55:27 PM - Windows Update
RP168: 3/10/2011 6:33:42 AM - Windows Update

==== Installed Programs ======================

??QQ2010
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.2
Any Video Converter 3.0.6
Apple Application Support
Apple Software Update
Beat Hazard
CDisplay 1.8
Champions Online
Compatibility Pack for the 2007 Office system
D3DX10
DAEMON Tools Toolbar
Galapago
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Office (KB975927)
Java(TM) 6 Update 14
Junk Mail filter update
K-Lite Codec Pack 5.8.3 (Full)
Kaspersky Anti-Virus 2011
Malwarebytes' Anti-Malware
Mastering Elementary School 2009
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Reader
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Mozilla Firefox (3.6.13)
Mozilla Thunderbird (3.1.9)
MSVCRT
MSVCRT_amd64
Pando Media Booster
Plants vs. Zombies(TM)
QQ???
QQ?????3.5
QQ??2010
QuickTime
Ranch Rush(R) 2
Realtek 8136 8168 8169 Ethernet Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
Roxio Burn
Roxio Express Labeler 3
Roxio Roxio Burn
Roxio Update Manager
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype Toolbars
Skype™ 5.1
SpywareBlaster 4.3
Steam
Tencent QQ
Titan Quest
Titan Quest: Immortal Throne
Torchlight
TOSHIBA Application Installer
TOSHIBA Assist
TOSHIBA Bulletin Board
TOSHIBA ConfigFree
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Flash Cards Support Utility
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
TOSHIBA Media Controller
TOSHIBA Quality Application
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
ToshibaRegistration
Turbo Subs FREE
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2508979)
Utility Common Driver
VLC media player 1.1.5
Winamp
Winamp Detector Plug-in
Winamp Toolbar
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR archiver

==== Event Viewer Messages From Past Week ========

3/6/2011 5:33:36 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

==== End Of File ===========================
Groffles
Regular Member
 
Posts: 18
Joined: November 22nd, 2008, 1:12 pm
Advertisement
Register to Remove

Re: Computer Problems, maybe infected

Unread postby askey127 » March 11th, 2011, 7:42 am

Hi Groffles,
A lot do do at first here. Just take one step at a time, in this order.
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Uninstall a program under the Programs heading.
Right click each Entry, as follows, one by one, if it exists, choose Uninstall/Change, and give permission to Continue:
Adobe Reader 9.4.2
Java(TM) 6 Update 14
Pando Media Booster
SpywareBlaster 4.3

Take extra care in answering questions posed by any Uninstaller.
----------------------------------------------
Download and Run Temp File Cleaner (TFC.exe)
Download Temp File Cleaner and save it to your desktop.
You might want to Copy/Paste/Print these instructions and Save any unsaved work. TFC will close ALL open programs... including your browser!
Double click to run it. (Right click and choose Run as Administrator in Vista or Win7)
If you have a lot of junk files to remove, it could take a while, so please be patient and let it finish.
When it's done, it will report the total size of files removed. If it asks to Reboot, choose to do so. This will remove files that could not be removed while Windows was running.
After Restart, log back in to your usual account.
------------------------------------------------------------
Download and Install the latest version of Java Runtime Environment from here : http://java.sun.com/javase/downloads/index.jsp, and install it to your computer.
In the first section on the page, labeled JDK 6 Update 24 (JDK or JRE), click on the button labeled Download JRE. Do NOT choose the button labeled "Download JDK".
Select the Platform Windows and check the box to agree to the license.
Choose the Windows Offline installation version and click on the link.
Download it, choose Save, and save it to your desktop.
Then doubleclick it on your desktop, (or right click and choose "Run as administrator") and it will install the newest version of Java for you to use.
During the Installation, be sure to UNCHECK any offer for McAfee Security Scan Plus. It's just adware.
When it finishes, you can remove the Installer from your desktop.
--------------------------------------------------------
Download and Install the newest version of Adobe Reader for reading pdf files, due to the vulnerabilities in earlier versions.
All versions numbered lower than 10.0 are vulnerable.
Go HERE and click on AdbeRdr1000_en_US.exe to download the latest version of Adobe Acrobat Reader.
Save this file to your desktop and run it to install the latest version of Adobe Reader.

After the new Reader is installed, Open Adobe Reader X. (Right click and Run as administrator in Visat/Win7)
OK the license.
Click on Edit and select Preferences.
On the Left, click on the Javascript category and Uncheck Enable Acrobat Javascript.
Click on the Security (Enhanced) category and Uncheck Automatically trust sites from my Win OS security zones.
Click on the Trust Manager category and Uncheck Allow opening of non-PDF file attachments with external applications.
Click the OK button
---------------------------------------------
Run a Scan with OTL
  1. Please download OTL.exe by OldTimer and save it to your desktop.
  2. Right click on OTL.exe and select Run As Administrator to run it. If Windows UAC prompts you, please allow it.
    If you have a 64-bit version of Windows, check the box at the top, labeled Include 64 bit scans
  3. Check the boxes labeled :
    • Scan All Users
    • LOP check
    • Purity check
  4. Click on the Run Scan button at the top left hand corner.
  5. OTL will start running. When done, 2 Notepad files will open; OTL.txt and Extras.txt.
    They will be saved on your desktop.
Please post the contents of these files.
You may use separate replies if you wish.
If any of the files are too large to post, you can split the oversize one(s) into multiple replies

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Computer Problems, maybe infected

Unread postby Groffles » March 11th, 2011, 10:42 pm

Cool, so I have done all that and here is the files that it spat out. This is a post with the OTL.txt only.


OTL logfile created on: 3/12/2011 9:05:56 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\owner\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 222.43 Gb Total Space | 76.72 Gb Free Space | 34.49% Space Free | Partition Type: NTFS

Computer Name: MOBILEGROFFLES | User Name: owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/12 09:04:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe
PRC - [2011/03/03 16:15:15 | 001,004,088 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2010/12/09 18:45:58 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2010/09/22 06:27:36 | 000,352,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
PRC - [2009/10/07 14:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
PRC - [2009/07/29 11:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2009/07/15 10:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe
PRC - [2009/07/14 06:24:00 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
PRC - [2009/03/11 09:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2009/01/14 12:33:40 | 000,034,088 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe


========== Modules (SafeList) ==========

MOD - [2011/03/12 09:04:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe
MOD - [2010/08/21 13:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/10/07 14:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2009/09/18 04:41:36 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/08/22 00:31:06 | 000,488,800 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/07/29 07:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/14 09:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/02/27 18:16:49 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/09/22 06:27:36 | 000,352,976 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe -- (AVP)
SRV - [2010/03/19 02:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/18 01:48:42 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/08/11 10:55:58 | 000,248,688 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009/07/15 10:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)
SRV - [2009/06/11 05:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/11 09:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/09/22 06:27:36 | 000,556,120 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2010/07/26 23:45:19 | 000,828,912 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/06/09 17:44:00 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2010/06/09 17:43:56 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2010/04/22 19:07:36 | 000,027,736 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2010/03/31 16:10:18 | 000,450,048 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8187B.sys -- (RTL8187B)
DRV:64bit: - [2009/11/02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009/10/07 21:49:28 | 006,379,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech QuickCam Pro 5000(UVC)
DRV:64bit: - [2009/10/07 21:47:46 | 000,327,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2009/10/07 21:45:38 | 000,271,640 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvpopf64.sys -- (lvpopf64)
DRV:64bit: - [2009/10/07 14:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009/10/07 14:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009/08/27 23:07:06 | 007,369,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/07/31 12:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/31 12:02:36 | 000,044,912 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2009/07/31 08:46:22 | 000,222,208 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/07/25 06:57:08 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009/07/21 08:48:32 | 000,274,480 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/15 06:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/14 09:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 09:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 09:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 09:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 09:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 09:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 18:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/11 05:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/11 04:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/11 04:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 04:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 04:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 04:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 09:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/23 13:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/19 02:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/02/14 00:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain ... &bmod=TSNA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain ... &bmod=TSNA


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2704545491-159923085-3084112489-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig?brand=TSNA&bmod=TSNA
IE - HKU\S-1-5-21-2704545491-159923085-3084112489-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2704545491-159923085-3084112489-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?brand=TSNA&bmod=TSNA
IE - HKU\S-1-5-21-2704545491-159923085-3084112489-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com.hk/"
FF - prefs.js..extensions.enabledItems: YoutubeDownloader@PeterOlayev.com:1.5
FF - prefs.js..extensions.enabledItems: {DCBD1271-D228-4082-9FBC-36D9B7660B03}:1.1.9.1
FF - prefs.js..extensions.enabledItems: peraperakun-chinese@gmail.com:1.0
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736
FF - prefs.js..extensions.enabledItems: morningCoffee@shaneliesegang:1.33
FF - prefs.js..extensions.enabledItems: chineseperakun@gmail.com:2.1.1
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.48.3
FF - prefs.js..network.proxy.backup.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ftp_port: 8580
FF - prefs.js..network.proxy.backup.gopher: "127.0.0.1"
FF - prefs.js..network.proxy.backup.gopher_port: 8580
FF - prefs.js..network.proxy.backup.socks: "127.0.0.1"
FF - prefs.js..network.proxy.backup.socks_port: 8580
FF - prefs.js..network.proxy.backup.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ssl_port: 8580
FF - prefs.js..network.proxy.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.ftp_port: 8580
FF - prefs.js..network.proxy.gopher: "127.0.0.1"
FF - prefs.js..network.proxy.gopher_port: 8580
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 8580
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 8580
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 8580
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/02/15 13:18:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/03/12 09:00:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/03/06 16:58:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\THBExt [2010/09/22 03:09:18 | 000,000,000 | ---D | M]

[2010/09/05 07:02:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\Extensions
[2010/09/05 07:02:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/12/26 11:30:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\bz3ibyqc.default\extensions
[2010/05/13 20:26:42 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\bz3ibyqc.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2010/08/03 21:37:31 | 000,000,000 | ---D | M] ("BetterPrivacy") -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\bz3ibyqc.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2010/05/13 17:10:01 | 000,000,000 | ---D | M] () -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\bz3ibyqc.default\extensions\{DCBD1271-D228-4082-9FBC-36D9B7660B03}
[2010/09/08 18:59:42 | 000,000,000 | ---D | M] (Perapera-kun: Popup Japanese and Chinese Translator) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\bz3ibyqc.default\extensions\chineseperakun@gmail.com
[2010/05/13 17:02:10 | 000,000,000 | ---D | M] ("Morning Coffee") -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\bz3ibyqc.default\extensions\morningCoffee@shaneliesegang
[2010/05/13 17:04:42 | 000,000,000 | ---D | M] (Chinese-English Dictionary for Perapera-kun) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\bz3ibyqc.default\extensions\peraperakun-chinese@gmail.com
[2010/08/03 21:37:31 | 000,000,000 | ---D | M] (1-Click YouTube Video Downloader) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\bz3ibyqc.default\extensions\YoutubeDownloader@PeterOlayev.com
[2010/11/01 20:07:31 | 000,002,059 | ---- | M] () -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\bz3ibyqc.default\searchplugins\daemon-search.xml
[2010/05/13 20:37:21 | 000,001,196 | ---- | M] () -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\bz3ibyqc.default\searchplugins\winamp-search.xml
[2011/03/12 08:58:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/06/27 14:33:33 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/03/12 08:58:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010/05/13 21:35:11 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2011/03/12 08:57:30 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/12/09 18:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2009/06/11 05:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-2704545491-159923085-3084112489-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-21-2704545491-159923085-3084112489-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKU\S-1-5-21-2704545491-159923085-3084112489-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-2704545491-159923085-3084112489-1000\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2704545491-159923085-3084112489-1000..\Run: [QQIntl] C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe (Tencent)
O4 - HKU\S-1-5-21-2704545491-159923085-3084112489-1000..\Run: [RESTART_STICKY_NOTES] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2704545491-159923085-3084112489-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O8:64bit: - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2704545491-159923085-3084112489-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2704545491-159923085-3084112489-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2704545491-159923085-3084112489-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2704545491-159923085-3084112489-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/tri ... /wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~2\mzvkbd3.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\mzvkbd3.dll (Kaspersky Lab ZAO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{587c0538-1b8d-11e0-865e-705ab6c039ad}\Shell - "" = AutoRun
O33 - MountPoints2\{587c0538-1b8d-11e0-865e-705ab6c039ad}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{605a341a-0eb5-11e0-902c-70f1a1692d33}\Shell - "" = AutoRun
O33 - MountPoints2\{605a341a-0eb5-11e0-902c-70f1a1692d33}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{8a20aedb-5d84-11df-a4b4-705ab6c039ad}\Shell - "" = AutoRun
O33 - MountPoints2\{8a20aedb-5d84-11df-a4b4-705ab6c039ad}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{e4a47e6e-0a68-11e0-bb9d-705ab6c039ad}\Shell - "" = AutoRun
O33 - MountPoints2\{e4a47e6e-0a68-11e0-bb9d-705ab6c039ad}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk /r \??\C:) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/12 09:04:47 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe
[2011/03/12 09:00:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2011/03/12 09:00:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2011/03/12 08:58:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/03/12 08:58:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/03/12 08:58:18 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\deployJava1.dll
[2011/03/12 08:58:18 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\javaws.exe
[2011/03/12 08:58:18 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\javaw.exe
[2011/03/12 08:58:18 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\java.exe
[2011/03/12 08:35:56 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\owner\Desktop\TFC.exe
[2011/03/09 17:07:15 | 001,540,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll
[2011/03/09 17:07:15 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\DWrite.dll
[2011/03/09 17:07:14 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d2d1.dll
[2011/03/09 17:07:14 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d2d1.dll
[2011/03/09 17:07:09 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\CPFilters.dll
[2011/03/09 17:07:09 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\EncDec.dll
[2011/03/09 17:07:08 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sbe.dll
[2011/03/09 17:07:08 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\CPFilters.dll
[2011/03/09 17:07:08 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\EncDec.dll
[2011/03/09 17:07:06 | 000,850,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\sbe.dll
[2011/03/09 17:07:06 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mpg2splt.ax
[2011/03/09 17:07:06 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mpg2splt.ax
[2011/03/09 17:07:02 | 003,138,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mstscax.dll
[2011/03/09 17:07:02 | 002,690,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mstscax.dll
[2011/03/09 17:07:02 | 001,097,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mstsc.exe
[2011/03/09 17:07:02 | 001,034,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mstsc.exe
[2011/02/23 17:30:05 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XpsPrint.dll
[2011/02/23 17:30:05 | 000,475,648 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XpsGdiConverter.dll
[2011/02/23 17:30:05 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XpsPrint.dll
[2011/02/23 17:30:05 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XpsGdiConverter.dll
[2011/02/22 10:09:04 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\SCE
[2011/02/21 10:40:58 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\PackageAware
[2011/02/15 11:35:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2011/02/14 15:55:21 | 000,000,000 | R--D | C] -- C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/02/14 15:01:01 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msfeeds.dll
[2011/02/14 15:00:59 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2011/02/14 15:00:58 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\html.iec
[2011/02/14 15:00:58 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\html.iec
[2011/02/14 15:00:58 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iepeers.dll
[2011/02/14 15:00:58 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iepeers.dll
[2011/02/14 15:00:58 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2011/02/14 15:00:58 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2011/02/14 15:00:58 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\licmgr10.dll
[2011/02/14 15:00:58 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\licmgr10.dll
[2011/02/14 15:00:58 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msfeedssync.exe
[2011/02/14 15:00:58 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeedssync.exe
[2011/02/14 14:59:43 | 000,264,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\upnp.dll
[2011/02/14 14:59:41 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\upnp.dll
[2011/02/14 14:59:29 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\davclnt.dll
[2011/02/14 14:59:27 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\davclnt.dll
[2011/02/14 14:59:27 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wscapi.dll
[2011/02/14 14:59:27 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wscapi.dll
[2011/02/14 14:59:27 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\slwga.dll
[2011/02/14 14:59:27 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\slwga.dll
[2011/02/14 14:59:19 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll
[2011/02/14 14:59:13 | 000,265,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\dxgmms1.sys
[2011/02/14 14:59:11 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cdd.dll
[2011/02/14 14:58:41 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2011/02/14 14:58:41 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2011/02/14 14:58:41 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2011/02/14 14:58:30 | 005,510,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2011/02/14 14:58:30 | 001,739,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntdll.dll
[2011/02/14 14:58:29 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2011/02/14 14:58:29 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2011/02/14 14:58:28 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysNative\atmfd.dll
[2011/02/14 14:58:27 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\atmfd.dll
[2011/02/14 14:58:27 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\windows\SysNative\atmlib.dll
[2011/02/14 14:58:27 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\SysWow64\atmlib.dll
[2009/02/14 00:02:52 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Program Files\devcon_amd64.exe

========== Files - Modified Within 30 Days ==========

[2011/03/12 09:04:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe
[2011/03/12 09:00:40 | 000,002,029 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/03/12 08:57:29 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\deployJava1.dll
[2011/03/12 08:57:29 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\javaws.exe
[2011/03/12 08:57:29 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\javaw.exe
[2011/03/12 08:57:29 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\java.exe
[2011/03/12 08:52:55 | 000,016,304 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/12 08:52:55 | 000,016,304 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/12 08:51:42 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/12 08:46:22 | 000,044,544 | ---- | M] (Absolute Software Corp.) -- C:\windows\SysWow64\agremove.exe
[2011/03/12 08:42:58 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/12 08:42:52 | 000,065,536 | ---- | M] () -- C:\windows\SysNative\Ikeext.etl
[2011/03/12 08:42:44 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/03/12 08:42:41 | 2309,660,672 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/12 08:42:37 | 000,017,920 | ---- | M] () -- C:\windows\SysNative\rpcnetp.exe
[2011/03/12 08:36:13 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\TFC.exe
[2011/03/10 07:31:40 | 000,001,154 | ---- | M] () -- C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office Groove.lnk
[2011/03/08 12:22:33 | 002,862,109 | ---- | M] () -- C:\Users\owner\Desktop\Tic Tac Toe win strat.png
[2011/03/08 11:45:32 | 002,110,355 | ---- | M] () -- C:\Users\owner\Desktop\relationshipthecardgame.pdf
[2011/03/06 11:48:01 | 000,000,000 | ---- | M] () -- C:\windows\SysNative\drivers\lvuvc.hs
[2011/03/04 18:44:02 | 000,624,128 | ---- | M] () -- C:\Users\owner\Desktop\dds.scr
[2011/03/02 11:32:53 | 000,001,301 | ---- | M] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Champions Online.lnk
[2011/03/01 16:00:53 | 000,008,516 | ---- | M] () -- C:\Users\owner\Desktop\Zombatar_1.jpg
[2011/02/27 15:59:56 | 003,538,361 | ---- | M] () -- C:\Users\owner\Desktop\P2130785.JPG
[2011/02/26 08:34:22 | 010,329,243 | ---- | M] () -- C:\Users\owner\Desktop\1cpsg2.pdf
[2011/02/25 21:36:42 | 000,739,918 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2011/02/25 21:36:42 | 000,632,946 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2011/02/25 21:36:42 | 000,110,548 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2011/02/19 14:37:10 | 001,540,608 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll
[2011/02/19 14:36:49 | 000,902,656 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\d2d1.dll
[2011/02/19 13:32:48 | 001,074,176 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\DWrite.dll
[2011/02/19 13:32:35 | 000,739,840 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\d2d1.dll
[2011/02/17 21:13:09 | 003,757,809 | ---- | M] () -- C:\Users\owner\Desktop\P2130787.JPG
[2011/02/17 21:12:32 | 003,851,603 | ---- | M] () -- C:\Users\owner\Desktop\P2130783.JPG
[2011/02/15 13:22:53 | 000,001,013 | ---- | M] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2011/02/14 22:01:21 | 400,354,043 | ---- | M] () -- C:\windows\MEMORY.DMP
[2011/02/14 15:34:53 | 000,432,576 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2011/03/12 09:00:39 | 000,002,029 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/03/12 09:00:38 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/03/10 07:31:40 | 000,001,154 | ---- | C] () -- C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office Groove.lnk
[2011/03/08 12:22:45 | 002,862,109 | ---- | C] () -- C:\Users\owner\Desktop\Tic Tac Toe win strat.png
[2011/03/08 11:45:46 | 002,110,355 | ---- | C] () -- C:\Users\owner\Desktop\relationshipthecardgame.pdf
[2011/03/04 18:43:50 | 000,624,128 | ---- | C] () -- C:\Users\owner\Desktop\dds.scr
[2011/03/02 11:32:53 | 000,001,301 | ---- | C] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Champions Online.lnk
[2011/03/01 16:00:53 | 000,008,516 | ---- | C] () -- C:\Users\owner\Desktop\Zombatar_1.jpg
[2011/02/26 08:34:11 | 010,329,243 | ---- | C] () -- C:\Users\owner\Desktop\1cpsg2.pdf
[2011/02/17 19:38:32 | 003,757,809 | ---- | C] () -- C:\Users\owner\Desktop\P2130787.JPG
[2011/02/17 19:38:28 | 003,851,603 | ---- | C] () -- C:\Users\owner\Desktop\P2130783.JPG
[2011/02/17 19:38:17 | 003,538,361 | ---- | C] () -- C:\Users\owner\Desktop\P2130785.JPG
[2011/01/10 18:52:46 | 000,102,400 | ---- | C] () -- C:\windows\SysWow64\Unl.exe
[2010/12/02 19:26:02 | 000,018,760 | ---- | C] () -- C:\windows\SysWow64\QQVistaHelper.dll
[2010/10/14 01:36:44 | 000,179,263 | ---- | C] () -- C:\windows\SysWow64\xlive.dll.cat
[2010/07/27 13:45:07 | 000,000,001 | ---- | C] () -- C:\windows\SysWow64\SI.bin
[2010/06/11 03:52:01 | 000,743,594 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2010/06/08 05:48:31 | 000,002,162 | ---- | C] () -- C:\Users\owner\AppData\Roaming\install.dat
[2010/05/29 12:02:25 | 000,004,096 | ---- | C] () -- C:\windows\d3dx.dat
[2010/05/13 20:36:43 | 000,165,376 | ---- | C] () -- C:\windows\SysWow64\unrar.dll
[2010/05/13 20:36:43 | 000,000,038 | ---- | C] () -- C:\windows\avisplitter.ini
[2010/05/13 20:36:41 | 000,881,664 | ---- | C] () -- C:\windows\SysWow64\xvidcore.dll
[2010/05/13 20:36:41 | 000,205,824 | ---- | C] () -- C:\windows\SysWow64\xvidvfw.dll
[2010/05/13 20:36:40 | 000,085,504 | ---- | C] () -- C:\windows\SysWow64\ff_vfw.dll
[2010/05/13 18:50:44 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/05/13 17:13:50 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat
[2010/04/22 16:55:02 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2009/08/27 23:05:12 | 000,982,220 | ---- | C] () -- C:\windows\SysWow64\igkrng500.bin
[2009/08/27 23:05:12 | 000,439,300 | ---- | C] () -- C:\windows\SysWow64\igcompkrng500.bin
[2009/08/27 23:05:12 | 000,134,592 | ---- | C] () -- C:\windows\SysWow64\igfcg500.bin
[2009/08/27 23:05:12 | 000,092,216 | ---- | C] () -- C:\windows\SysWow64\igfcg500m.bin
[2009/07/14 13:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 10:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/14 10:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/14 08:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/14 07:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/14 05:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/06/11 05:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
[2009/04/28 19:37:00 | 000,028,672 | ---- | C] () -- C:\windows\SysWow64\SPCtl.dll

========== LOP Check ==========

[2010/06/08 05:53:51 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Absolute
[2010/07/21 00:22:21 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\AnvSoft
[2010/07/02 04:58:16 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Beat Hazard
[2010/08/13 23:46:15 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Bioshock
[2011/01/10 18:52:55 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Chinatelecom
[2010/07/25 13:59:26 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\DAEMON Tools
[2010/11/01 20:09:58 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\DAEMON Tools Lite
[2010/07/27 05:58:50 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\DAEMON Tools Pro
[2010/12/12 10:09:50 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Fogware
[2010/05/29 12:20:24 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\freshgames
[2010/05/29 12:02:25 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\GamesCafe
[2010/05/27 02:05:11 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Leadertech
[2010/06/08 02:47:39 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Oberon Games
[2010/12/09 13:17:34 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\QQMusicUpdate
[2010/06/09 05:38:50 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\runic games
[2011/01/19 17:10:48 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Tencent
[2010/09/05 07:02:23 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Thunderbird
[2010/12/09 13:28:18 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Toshiba
[2010/06/11 03:57:23 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Turbine
[2010/05/10 13:24:04 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\WinBatch
[2011/01/29 22:56:46 | 000,032,598 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2010/12/13 20:47:54 | 000,003,062 | ---- | M] ()(C:\Users\owner\Desktop\???.txt) -- C:\Users\owner\Desktop\穷开心.txt
[2010/12/03 20:49:17 | 000,003,062 | ---- | C] ()(C:\Users\owner\Desktop\???.txt) -- C:\Users\owner\Desktop\穷开心.txt
[2010/12/03 17:46:49 | 000,000,000 | ---D | M](C:\Users\owner\Desktop\???? ?????) -- C:\Users\owner\Desktop\走遍美国 讲解版全集
[2010/12/03 17:44:43 | 000,000,000 | ---D | C](C:\Users\owner\Desktop\???? ?????) -- C:\Users\owner\Desktop\走遍美国 讲解版全集
[2010/12/02 19:31:09 | 000,001,173 | ---- | M] ()(C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\QQ??.lnk) -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\QQ音乐.lnk
[2010/12/02 19:31:09 | 000,001,173 | ---- | C] ()(C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\QQ??.lnk) -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\QQ音乐.lnk
[2010/12/02 19:28:39 | 000,002,241 | ---- | M] ()(C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\??QQ.lnk) -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\腾讯QQ.lnk
[2010/12/02 19:28:39 | 000,002,241 | ---- | C] ()(C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\??QQ.lnk) -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\腾讯QQ.lnk
[2010/12/01 20:43:33 | 000,000,000 | ---D | M](C:\Users\owner\Desktop\??) -- C:\Users\owner\Desktop\音乐
[2010/11/12 18:58:35 | 000,000,000 | ---D | C](C:\Users\owner\Desktop\??) -- C:\Users\owner\Desktop\音乐
[2010/08/09 14:06:41 | 011,248,024 | ---- | M] ()(C:\Users\owner\Desktop\???-?????ktv.MP4) -- C:\Users\owner\Desktop\信乐团-死了都要爱ktv.MP4
[2010/08/09 13:53:46 | 011,248,024 | ---- | C] ()(C:\Users\owner\Desktop\???-?????ktv.MP4) -- C:\Users\owner\Desktop\信乐团-死了都要爱ktv.MP4
[2010/08/09 13:17:15 | 011,908,188 | ---- | M] ()(C:\Users\owner\Desktop\????????(KTV).MP4) -- C:\Users\owner\Desktop\對面的女孩看過來(KTV).MP4
[2010/08/09 13:05:06 | 011,908,188 | ---- | C] ()(C:\Users\owner\Desktop\????????(KTV).MP4) -- C:\Users\owner\Desktop\對面的女孩看過來(KTV).MP4
(C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\????) -- C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件

========== Alternate Data Streams ==========

@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:3B3A35EC
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:0FEED4C3
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:D9987109
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:F71C42D3
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:E0718E77

< End of report >
Groffles
Regular Member
 
Posts: 18
Joined: November 22nd, 2008, 1:12 pm

Re: Computer Problems, maybe infected

Unread postby Groffles » March 11th, 2011, 10:46 pm

This is the Extras.txt post.



OTL Extras logfile created on: 3/12/2011 9:05:56 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\owner\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 222.43 Gb Total Space | 76.72 Gb Free Space | 34.49% Space Free | Partition Type: NTFS

Computer Name: MOBILEGROFFLES | User Name: owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2704545491-159923085-3084112489-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5BCC94A1-DEF1-4AB4-8046-BC13048E929A}" = TOSHIBA ReelTime
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96D5EB02-DE18-4DCD-A713-929B4461CA8D}" = iTunes
"{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C19D4D8F-4433-4F6D-9F0C-79589FD0B973}" = Bonjour
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D8CC254C-C671-4664-9A38-FA368D1E2C97}" = SES Driver
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F64684A0-754B-4637-B7F9-6E8DAA8CD5CD}" = TOSHIBA Bulletin Board
"422991454CB076E9B856C21BBF99AF2B82317EDA" = Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (03/06/2009 1.0.0008.0)
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}" = 腾讯QQ2010
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = TOSHIBA Assist
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3CA54984-A14B-42FE-9FF1-7EA90151D725}" = Tencent QQ
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Anti-Virus 2011
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116579967}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116953487}" = Turbo Subs FREE
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Roxio Burn
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X
"{B0F9ABC5-6D72-4D9F-9FD1-3F86B16D4355}" = Mastering Elementary School 2009
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"am-plantsvszombiestm" = Plants vs. Zombies(TM)
"am-ranchrushr2" = Ranch Rush(R) 2
"Any Video Converter_is1" = Any Video Converter 3.0.6
"CDisplay_is1" = CDisplay 1.8
"Champions Online" = Champions Online
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{5BCC94A1-DEF1-4AB4-8046-BC13048E929A}" = TOSHIBA ReelTime
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{F64684A0-754B-4637-B7F9-6E8DAA8CD5CD}" = TOSHIBA Bulletin Board
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Anti-Virus 2011
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.8.3 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mozilla Thunderbird (3.1.9)" = Mozilla Thunderbird (3.1.9)
"QQMusic" = QQ音乐2010
"QQToolbar" = QQ工具栏
"QQ拼音输入法" = QQ拼音输入法3.5
"Steam App 41500" = Torchlight
"Steam App 4540" = Titan Quest
"Steam App 4550" = Titan Quest: Immortal Throne
"Steam App 49600" = Beat Hazard
"VLC media player" = VLC media player 1.1.5
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2704545491-159923085-3084112489-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/14/2010 12:02:48 PM | Computer Name = MobileGroffles | Source = Google Update | ID = 20
Description =

Error - 11/14/2010 6:46:04 PM | Computer Name = MobileGroffles | Source = Google Update | ID = 20
Description =

Error - 11/14/2010 6:49:05 PM | Computer Name = MobileGroffles | Source = Google Update | ID = 20
Description =

Error - 11/15/2010 8:26:22 PM | Computer Name = MobileGroffles | Source = Google Update | ID = 20
Description =

Error - 11/16/2010 12:57:39 PM | Computer Name = MOBILEGROFFLES | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/16/2010 12:57:40 PM | Computer Name = MOBILEGROFFLES | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 51424825

Error - 11/16/2010 12:57:40 PM | Computer Name = MOBILEGROFFLES | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 51424825

Error - 11/16/2010 12:58:28 PM | Computer Name = MobileGroffles | Source = Google Update | ID = 20
Description =

Error - 11/16/2010 8:12:04 PM | Computer Name = MobileGroffles | Source = Google Update | ID = 20
Description =

Error - 11/16/2010 8:49:07 PM | Computer Name = MobileGroffles | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 8/29/2010 7:18:22 AM | Computer Name = MobileGroffles | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.

Error - 8/29/2010 7:18:42 AM | Computer Name = MobileGroffles | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.

Error - 8/29/2010 7:27:23 AM | Computer Name = MobileGroffles | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR5.

Error - 8/29/2010 9:18:15 AM | Computer Name = MobileGroffles | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.

Error - 8/29/2010 4:48:34 PM | Computer Name = MobileGroffles | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.

Error - 8/29/2010 4:48:54 PM | Computer Name = MobileGroffles | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.

Error - 9/1/2010 1:37:32 AM | Computer Name = MobileGroffles | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 9/1/2010 1:38:18 AM | Computer Name = MobileGroffles | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.

Error - 9/1/2010 1:52:00 AM | Computer Name = MobileGroffles | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Netman service.

Error - 9/1/2010 1:54:13 AM | Computer Name = MobileGroffles | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.


< End of report >
Groffles
Regular Member
 
Posts: 18
Joined: November 22nd, 2008, 1:12 pm

Re: Computer Problems, maybe infected

Unread postby askey127 » March 12th, 2011, 8:50 am

Groffles,
-----------------------------------------
Check hard Drive for Errors
Open Notepad... then copy and paste the following line into Notepad:
(Notepad is in Start, Programs, Accessories)
Code: Select all
cmd  /c  chkdsk  c:  |find  /v  "percent"  >> "%userprofile%\desktop\checkhd.txt"

Now Save the NotePad file like this:
  • Click on File from the top menu bar.
  • Select Save As, use Filename: testhd.bat. and Save As Type: All Files.
  • Choose Desktop as the location
  • Click Save.
Right click on testhd.bat on your desktop and select Run As Administrator to run it. OK the UAC.
A Command Prompt box will pop up, then close after a couple minutes.
Please post the contents of the checkhd.txt file from your desktop.
If the file is very long, just copy and paste the LAST 20 or 30 lines into your reply.

--------------------------------------------
TDSSKiller - Rootkit Removal Tool
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  1. Right Click TDSSKiller.exe and select "Run As Administrator"
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
    If you need to rename it and don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure Cure (default) is selected... then click Continue > Reboot now to finish the cleaning process.
    • If Cure is not offered as an option, choose Skip.
  5. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the main directory of C:
    (the dd.mm.yyyy_hh.mm.ss in the filename is the time/date stamp)
  6. Copy and paste the contents of that file in your next reply.
If, for some reason,you can't locate the text file to paste into your reply, just tell me, but DO NOT run the program a second time.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Computer Problems, maybe infected

Unread postby Groffles » March 13th, 2011, 2:29 am

Here is the TDSSKiller first but I did it second...but since it is harder to find I will post it first.




2011/03/13 14:22:24.0476 1304 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/13 14:22:26.0478 1304 ================================================================================
2011/03/13 14:22:26.0478 1304 SystemInfo:
2011/03/13 14:22:26.0478 1304
2011/03/13 14:22:26.0478 1304 OS Version: 6.1.7600 ServicePack: 0.0
2011/03/13 14:22:26.0478 1304 Product type: Workstation
2011/03/13 14:22:26.0478 1304 ComputerName: MOBILEGROFFLES
2011/03/13 14:22:26.0478 1304 UserName: owner
2011/03/13 14:22:26.0478 1304 Windows directory: C:\windows
2011/03/13 14:22:26.0478 1304 System windows directory: C:\windows
2011/03/13 14:22:26.0478 1304 Running under WOW64
2011/03/13 14:22:26.0478 1304 Processor architecture: Intel x64
2011/03/13 14:22:26.0478 1304 Number of processors: 1
2011/03/13 14:22:26.0478 1304 Page size: 0x1000
2011/03/13 14:22:26.0478 1304 Boot type: Normal boot
2011/03/13 14:22:26.0478 1304 ================================================================================
2011/03/13 14:22:48.0142 1304 Initialize success
2011/03/13 14:22:59.0095 5088 ================================================================================
2011/03/13 14:22:59.0095 5088 Scan started
2011/03/13 14:22:59.0095 5088 Mode: Manual;
2011/03/13 14:22:59.0095 5088 ================================================================================
2011/03/13 14:23:01.0947 5088 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\windows\system32\DRIVERS\1394ohci.sys
2011/03/13 14:23:02.0101 5088 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\windows\system32\DRIVERS\ACPI.sys
2011/03/13 14:23:02.0245 5088 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\windows\system32\DRIVERS\acpipmi.sys
2011/03/13 14:23:02.0460 5088 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
2011/03/13 14:23:02.0589 5088 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
2011/03/13 14:23:02.0727 5088 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
2011/03/13 14:23:02.0881 5088 AFD (b9384e03479d2506bc924c16a3db87bc) C:\windows\system32\drivers\afd.sys
2011/03/13 14:23:03.0033 5088 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\windows\system32\DRIVERS\agrsm64.sys
2011/03/13 14:23:03.0177 5088 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\DRIVERS\agp440.sys
2011/03/13 14:23:03.0340 5088 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\DRIVERS\aliide.sys
2011/03/13 14:23:03.0462 5088 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\DRIVERS\amdide.sys
2011/03/13 14:23:03.0586 5088 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
2011/03/13 14:23:03.0711 5088 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
2011/03/13 14:23:03.0859 5088 amdsata (7a4b413614c055935567cf88a9734d38) C:\windows\system32\DRIVERS\amdsata.sys
2011/03/13 14:23:03.0986 5088 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
2011/03/13 14:23:04.0117 5088 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\windows\system32\DRIVERS\amdxata.sys
2011/03/13 14:23:04.0265 5088 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\windows\system32\drivers\appid.sys
2011/03/13 14:23:04.0447 5088 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
2011/03/13 14:23:04.0593 5088 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
2011/03/13 14:23:04.0745 5088 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
2011/03/13 14:23:04.0865 5088 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\DRIVERS\atapi.sys
2011/03/13 14:23:05.0049 5088 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
2011/03/13 14:23:05.0185 5088 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
2011/03/13 14:23:05.0331 5088 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
2011/03/13 14:23:05.0509 5088 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
2011/03/13 14:23:05.0655 5088 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\windows\system32\DRIVERS\bowser.sys
2011/03/13 14:23:05.0776 5088 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
2011/03/13 14:23:05.0898 5088 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
2011/03/13 14:23:06.0044 5088 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
2011/03/13 14:23:11.0778 5088 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
2011/03/13 14:23:11.0900 5088 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
2011/03/13 14:23:12.0023 5088 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
2011/03/13 14:23:12.0158 5088 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
2011/03/13 14:23:12.0312 5088 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
2011/03/13 14:23:12.0461 5088 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\windows\system32\DRIVERS\cdrom.sys
2011/03/13 14:23:12.0623 5088 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
2011/03/13 14:23:12.0735 5088 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
2011/03/13 14:23:12.0923 5088 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
2011/03/13 14:23:13.0037 5088 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\DRIVERS\cmdide.sys
2011/03/13 14:23:13.0160 5088 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\windows\system32\Drivers\cng.sys
2011/03/13 14:23:13.0300 5088 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
2011/03/13 14:23:13.0434 5088 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\windows\system32\DRIVERS\CompositeBus.sys
2011/03/13 14:23:13.0585 5088 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
2011/03/13 14:23:13.0768 5088 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\windows\system32\Drivers\dfsc.sys
2011/03/13 14:23:13.0913 5088 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
2011/03/13 14:23:14.0065 5088 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
2011/03/13 14:23:14.0251 5088 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
2011/03/13 14:23:14.0436 5088 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\windows\System32\drivers\dxgkrnl.sys
2011/03/13 14:23:14.0667 5088 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
2011/03/13 14:23:14.0880 5088 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
2011/03/13 14:23:15.0011 5088 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\DRIVERS\errdev.sys
2011/03/13 14:23:15.0188 5088 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
2011/03/13 14:23:15.0311 5088 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
2011/03/13 14:23:15.0450 5088 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
2011/03/13 14:23:15.0600 5088 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
2011/03/13 14:23:15.0715 5088 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
2011/03/13 14:23:15.0830 5088 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
2011/03/13 14:23:15.0954 5088 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\windows\system32\drivers\fltmgr.sys
2011/03/13 14:23:16.0087 5088 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
2011/03/13 14:23:16.0198 5088 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
2011/03/13 14:23:16.0339 5088 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\windows\system32\DRIVERS\fvevol.sys
2011/03/13 14:23:16.0498 5088 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
2011/03/13 14:23:16.0635 5088 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
2011/03/13 14:23:16.0799 5088 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
2011/03/13 14:23:22.0635 5088 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\windows\system32\drivers\HdAudio.sys
2011/03/13 14:23:22.0808 5088 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\windows\system32\DRIVERS\HDAudBus.sys
2011/03/13 14:23:22.0923 5088 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
2011/03/13 14:23:23.0093 5088 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
2011/03/13 14:23:23.0217 5088 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
2011/03/13 14:23:23.0377 5088 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\windows\system32\DRIVERS\hidusb.sys
2011/03/13 14:23:23.0543 5088 HpSAMD (0886d440058f203eba0e1825e4355914) C:\windows\system32\DRIVERS\HpSAMD.sys
2011/03/13 14:23:23.0678 5088 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\windows\system32\drivers\HTTP.sys
2011/03/13 14:23:23.0913 5088 hwpolicy (f17766a19145f111856378df337a5d79) C:\windows\system32\drivers\hwpolicy.sys
2011/03/13 14:23:24.0076 5088 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
2011/03/13 14:23:24.0212 5088 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\windows\system32\DRIVERS\iaStor.sys
2011/03/13 14:23:24.0360 5088 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\windows\system32\DRIVERS\iaStorV.sys
2011/03/13 14:23:24.0685 5088 igfx (3c3f27002abc69c5afe29cbe6cf7addf) C:\windows\system32\DRIVERS\igdkmd64.sys
2011/03/13 14:23:24.0973 5088 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
2011/03/13 14:23:25.0171 5088 IntcAzAudAddService (0c3cf4b3bae28e121a1689e3538f8712) C:\windows\system32\drivers\RTKVHD64.sys
2011/03/13 14:23:25.0306 5088 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\DRIVERS\intelide.sys
2011/03/13 14:23:25.0436 5088 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
2011/03/13 14:23:25.0579 5088 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\windows\system32\DRIVERS\ipfltdrv.sys
2011/03/13 14:23:25.0714 5088 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\windows\system32\DRIVERS\IPMIDrv.sys
2011/03/13 14:23:25.0863 5088 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
2011/03/13 14:23:26.0047 5088 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
2011/03/13 14:23:26.0206 5088 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\DRIVERS\isapnp.sys
2011/03/13 14:23:26.0348 5088 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\windows\system32\DRIVERS\msiscsi.sys
2011/03/13 14:23:26.0493 5088 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
2011/03/13 14:23:26.0659 5088 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\windows\system32\DRIVERS\kbdhid.sys
2011/03/13 14:23:26.0835 5088 kl1 (8d7120743a0973ceab548b475c9d4289) C:\windows\system32\DRIVERS\kl1.sys
2011/03/13 14:23:26.0959 5088 kl2 (cd146d8e525d6eebdcaf24120a8ab9ce) C:\windows\system32\DRIVERS\kl2.sys
2011/03/13 14:23:27.0142 5088 KLIF (177505577604c94c4be7b9316a90ada1) C:\windows\system32\DRIVERS\klif.sys
2011/03/13 14:23:27.0317 5088 KLIM6 (2a64b3a9eed93a2e96537b67c079fc96) C:\windows\system32\DRIVERS\klim6.sys
2011/03/13 14:23:27.0489 5088 klmouflt (9468d07e91ba136d82415f5dfc1fe168) C:\windows\system32\DRIVERS\klmouflt.sys
2011/03/13 14:23:33.0287 5088 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\windows\system32\Drivers\ksecdd.sys
2011/03/13 14:23:33.0434 5088 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\windows\system32\Drivers\ksecpkg.sys
2011/03/13 14:23:33.0591 5088 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
2011/03/13 14:23:33.0774 5088 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
2011/03/13 14:23:33.0930 5088 LPCFilter (41e122f6d1448c94cc05196bc41d6bfb) C:\windows\system32\DRIVERS\LPCFilter.sys
2011/03/13 14:23:34.0094 5088 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
2011/03/13 14:23:34.0241 5088 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
2011/03/13 14:23:34.0386 5088 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
2011/03/13 14:23:34.0545 5088 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
2011/03/13 14:23:34.0675 5088 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
2011/03/13 14:23:34.0818 5088 lvpopf64 (b2085e335f2b57077b0cbadb6f1245cd) C:\windows\system32\DRIVERS\lvpopf64.sys
2011/03/13 14:23:34.0940 5088 LVPr2M64 (ded333dbdbbcc3555a6e6244522e2f1a) C:\windows\system32\DRIVERS\LVPr2M64.sys
2011/03/13 14:23:34.0998 5088 LVPr2Mon (ded333dbdbbcc3555a6e6244522e2f1a) C:\windows\system32\DRIVERS\LVPr2M64.sys
2011/03/13 14:23:35.0136 5088 LVRS64 (986c1cb787a007baa5f74e7d316d7246) C:\windows\system32\DRIVERS\lvrs64.sys
2011/03/13 14:23:35.0388 5088 LVUVC64 (5747bc465abea2858c5d037252aed84e) C:\windows\system32\DRIVERS\lvuvc64.sys
2011/03/13 14:23:35.0637 5088 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
2011/03/13 14:23:35.0779 5088 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
2011/03/13 14:23:35.0924 5088 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
2011/03/13 14:23:36.0060 5088 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
2011/03/13 14:23:36.0186 5088 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
2011/03/13 14:23:36.0340 5088 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
2011/03/13 14:23:36.0475 5088 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\windows\system32\drivers\mountmgr.sys
2011/03/13 14:23:36.0601 5088 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\windows\system32\DRIVERS\mpio.sys
2011/03/13 14:23:36.0743 5088 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
2011/03/13 14:23:36.0871 5088 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\windows\system32\drivers\mrxdav.sys
2011/03/13 14:23:36.0985 5088 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\windows\system32\DRIVERS\mrxsmb.sys
2011/03/13 14:23:37.0124 5088 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\windows\system32\DRIVERS\mrxsmb10.sys
2011/03/13 14:23:37.0253 5088 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\windows\system32\DRIVERS\mrxsmb20.sys
2011/03/13 14:23:37.0371 5088 msahci (5c37497276e3b3a5488b23a326a754b7) C:\windows\system32\DRIVERS\msahci.sys
2011/03/13 14:23:37.0495 5088 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\windows\system32\DRIVERS\msdsm.sys
2011/03/13 14:23:37.0643 5088 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
2011/03/13 14:23:37.0793 5088 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
2011/03/13 14:23:37.0917 5088 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\DRIVERS\msisadrv.sys
2011/03/13 14:23:38.0092 5088 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
2011/03/13 14:23:38.0231 5088 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
2011/03/13 14:23:38.0365 5088 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
2011/03/13 14:23:44.0186 5088 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\windows\system32\drivers\MsRPC.sys
2011/03/13 14:23:44.0313 5088 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
2011/03/13 14:23:44.0449 5088 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
2011/03/13 14:23:44.0572 5088 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
2011/03/13 14:23:44.0697 5088 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
2011/03/13 14:23:44.0868 5088 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
2011/03/13 14:23:45.0023 5088 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\windows\system32\drivers\ndis.sys
2011/03/13 14:23:45.0162 5088 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
2011/03/13 14:23:45.0295 5088 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
2011/03/13 14:23:45.0422 5088 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\windows\system32\DRIVERS\ndisuio.sys
2011/03/13 14:23:45.0539 5088 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\windows\system32\DRIVERS\ndiswan.sys
2011/03/13 14:23:45.0663 5088 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\windows\system32\drivers\NDProxy.sys
2011/03/13 14:23:45.0798 5088 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
2011/03/13 14:23:45.0924 5088 NetBT (9162b273a44ab9dce5b44362731d062a) C:\windows\system32\DRIVERS\netbt.sys
2011/03/13 14:23:46.0102 5088 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
2011/03/13 14:23:46.0240 5088 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
2011/03/13 14:23:46.0385 5088 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
2011/03/13 14:23:46.0551 5088 Ntfs (356698a13c4630d5b31c37378d469196) C:\windows\system32\drivers\Ntfs.sys
2011/03/13 14:23:46.0682 5088 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
2011/03/13 14:23:46.0804 5088 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\windows\system32\DRIVERS\nvraid.sys
2011/03/13 14:23:46.0943 5088 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\windows\system32\DRIVERS\nvstor.sys
2011/03/13 14:23:47.0079 5088 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\DRIVERS\nv_agp.sys
2011/03/13 14:23:47.0229 5088 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\DRIVERS\ohci1394.sys
2011/03/13 14:23:47.0414 5088 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
2011/03/13 14:23:47.0543 5088 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\windows\system32\drivers\partmgr.sys
2011/03/13 14:23:47.0678 5088 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\windows\system32\DRIVERS\pci.sys
2011/03/13 14:23:47.0812 5088 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
2011/03/13 14:23:47.0939 5088 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
2011/03/13 14:23:48.0057 5088 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
2011/03/13 14:23:48.0184 5088 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
2011/03/13 14:23:48.0429 5088 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\windows\system32\DRIVERS\raspptp.sys
2011/03/13 14:23:48.0555 5088 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
2011/03/13 14:23:48.0718 5088 Psched (ee992183bd8eaefd9973f352e587a299) C:\windows\system32\DRIVERS\pacer.sys
2011/03/13 14:23:48.0846 5088 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\windows\system32\Drivers\PxHlpa64.sys
2011/03/13 14:23:49.0012 5088 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
2011/03/13 14:23:49.0152 5088 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
2011/03/13 14:23:54.0907 5088 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
2011/03/13 14:23:55.0098 5088 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
2011/03/13 14:23:55.0227 5088 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
2011/03/13 14:23:55.0389 5088 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\windows\system32\DRIVERS\rasl2tp.sys
2011/03/13 14:23:55.0528 5088 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
2011/03/13 14:23:55.0666 5088 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
2011/03/13 14:23:55.0791 5088 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\windows\system32\DRIVERS\rdbss.sys
2011/03/13 14:23:55.0906 5088 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
2011/03/13 14:23:56.0036 5088 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
2011/03/13 14:23:56.0181 5088 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
2011/03/13 14:23:56.0309 5088 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
2011/03/13 14:23:56.0454 5088 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\windows\system32\drivers\RDPWD.sys
2011/03/13 14:23:56.0620 5088 rdyboost (634b9a2181d98f15941236886164ec8b) C:\windows\system32\drivers\rdyboost.sys
2011/03/13 14:23:56.0818 5088 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
2011/03/13 14:23:56.0997 5088 RSUSBSTOR (8c22f21c924413d4e109995f748e18bb) C:\windows\system32\Drivers\RtsUStor.sys
2011/03/13 14:23:57.0140 5088 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\windows\system32\DRIVERS\Rt64win7.sys
2011/03/13 14:23:57.0283 5088 RTL8187B (945ab249d12cbe044782430c6013aa1a) C:\windows\system32\DRIVERS\RTL8187B.sys
2011/03/13 14:23:57.0525 5088 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\windows\system32\DRIVERS\sbp2port.sys
2011/03/13 14:23:57.0663 5088 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\windows\system32\DRIVERS\scfilter.sys
2011/03/13 14:23:57.0829 5088 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
2011/03/13 14:23:57.0976 5088 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
2011/03/13 14:23:58.0123 5088 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
2011/03/13 14:23:58.0246 5088 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
2011/03/13 14:23:58.0426 5088 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\DRIVERS\sffdisk.sys
2011/03/13 14:23:58.0574 5088 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\DRIVERS\sffp_mmc.sys
2011/03/13 14:23:58.0718 5088 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\windows\system32\DRIVERS\sffp_sd.sys
2011/03/13 14:23:58.0858 5088 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
2011/03/13 14:23:59.0004 5088 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
2011/03/13 14:23:59.0150 5088 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
2011/03/13 14:23:59.0288 5088 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
2011/03/13 14:23:59.0442 5088 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
2011/03/13 14:23:59.0646 5088 sptd (51de15ca5c05bca46d8b110cd00a02fb) C:\windows\system32\Drivers\sptd.sys
2011/03/13 14:23:59.0646 5088 Suspicious file (NoAccess): C:\windows\system32\Drivers\sptd.sys. md5: 51de15ca5c05bca46d8b110cd00a02fb
2011/03/13 14:23:59.0674 5088 sptd - detected Locked file (1)
2011/03/13 14:23:59.0807 5088 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\windows\system32\DRIVERS\srv.sys
2011/03/13 14:23:59.0959 5088 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\windows\system32\DRIVERS\srv2.sys
2011/03/13 14:24:05.0678 5088 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\windows\system32\DRIVERS\srvnet.sys
2011/03/13 14:24:05.0859 5088 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
2011/03/13 14:24:06.0011 5088 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
2011/03/13 14:24:06.0198 5088 SynTP (be7311da9d6833fa69ed04b744a1c8f8) C:\windows\system32\DRIVERS\SynTP.sys
2011/03/13 14:24:06.0429 5088 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\windows\system32\drivers\tcpip.sys
2011/03/13 14:24:06.0618 5088 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\windows\system32\DRIVERS\tcpip.sys
2011/03/13 14:24:06.0748 5088 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\windows\system32\drivers\tcpipreg.sys
2011/03/13 14:24:06.0865 5088 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
2011/03/13 14:24:06.0991 5088 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
2011/03/13 14:24:07.0124 5088 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
2011/03/13 14:24:07.0260 5088 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\windows\system32\DRIVERS\tdx.sys
2011/03/13 14:24:07.0388 5088 TermDD (c448651339196c0e869a355171875522) C:\windows\system32\DRIVERS\termdd.sys
2011/03/13 14:24:07.0612 5088 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys
2011/03/13 14:24:07.0783 5088 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\windows\system32\DRIVERS\tssecsrv.sys
2011/03/13 14:24:07.0917 5088 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\windows\system32\DRIVERS\tunnel.sys
2011/03/13 14:24:08.0044 5088 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
2011/03/13 14:24:08.0177 5088 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
2011/03/13 14:24:08.0335 5088 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\windows\system32\DRIVERS\udfs.sys
2011/03/13 14:24:08.0497 5088 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\DRIVERS\uliagpkx.sys
2011/03/13 14:24:08.0630 5088 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\windows\system32\DRIVERS\umbus.sys
2011/03/13 14:24:08.0755 5088 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
2011/03/13 14:24:08.0891 5088 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\windows\system32\drivers\usbaudio.sys
2011/03/13 14:24:09.0004 5088 usbccgp (b26afb54a534d634523c4fb66765b026) C:\windows\system32\DRIVERS\usbccgp.sys
2011/03/13 14:24:09.0231 5088 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\DRIVERS\usbcir.sys
2011/03/13 14:24:09.0354 5088 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\windows\system32\DRIVERS\usbehci.sys
2011/03/13 14:24:09.0491 5088 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\windows\system32\DRIVERS\usbhub.sys
2011/03/13 14:24:09.0618 5088 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\windows\system32\DRIVERS\usbohci.sys
2011/03/13 14:24:09.0748 5088 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
2011/03/13 14:24:09.0887 5088 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\windows\system32\DRIVERS\USBSTOR.SYS
2011/03/13 14:24:10.0027 5088 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\windows\system32\DRIVERS\usbuhci.sys
2011/03/13 14:24:10.0182 5088 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\windows\system32\Drivers\usbvideo.sys
2011/03/13 14:24:10.0339 5088 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\DRIVERS\vdrvroot.sys
2011/03/13 14:24:10.0489 5088 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
2011/03/13 14:24:10.0608 5088 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
2011/03/13 14:24:16.0417 5088 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\windows\system32\DRIVERS\vhdmp.sys
2011/03/13 14:24:16.0550 5088 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\DRIVERS\viaide.sys
2011/03/13 14:24:16.0681 5088 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\windows\system32\DRIVERS\volmgr.sys
2011/03/13 14:24:16.0810 5088 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\windows\system32\drivers\volmgrx.sys
2011/03/13 14:24:16.0949 5088 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\windows\system32\DRIVERS\volsnap.sys
2011/03/13 14:24:17.0099 5088 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
2011/03/13 14:24:17.0232 5088 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\System32\drivers\vwifibus.sys
2011/03/13 14:24:17.0350 5088 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
2011/03/13 14:24:17.0511 5088 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
2011/03/13 14:24:17.0653 5088 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
2011/03/13 14:24:17.0696 5088 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
2011/03/13 14:24:17.0872 5088 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
2011/03/13 14:24:18.0002 5088 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\windows\system32\DRIVERS\wdcsam64.sys
2011/03/13 14:24:18.0121 5088 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
2011/03/13 14:24:18.0314 5088 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
2011/03/13 14:24:18.0428 5088 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
2011/03/13 14:24:18.0636 5088 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\windows\system32\DRIVERS\WinUsb.sys
2011/03/13 14:24:18.0784 5088 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
2011/03/13 14:24:18.0954 5088 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
2011/03/13 14:24:19.0103 5088 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\windows\system32\drivers\WudfPf.sys
2011/03/13 14:24:19.0238 5088 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\windows\system32\DRIVERS\WUDFRd.sys
2011/03/13 14:24:19.0353 5088 ================================================================================
2011/03/13 14:24:19.0353 5088 Scan finished
2011/03/13 14:24:19.0353 5088 ================================================================================
2011/03/13 14:24:19.0374 3632 Detected object count: 1
2011/03/13 14:25:24.0541 3632 Locked file(sptd) - User select action: Skip
2011/03/13 14:25:50.0580 2480 Deinitialize success
Groffles
Regular Member
 
Posts: 18
Joined: November 22nd, 2008, 1:12 pm

Re: Computer Problems, maybe infected

Unread postby Groffles » March 13th, 2011, 2:30 am

Here is the disk check!


The type of the file system is NTFS.
Volume label is Main Drive.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
File verification completed.
444 large file records processed.

0 bad file records processed.

0 EA records processed.

50 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 3)...
Index verification completed.
0 unindexed files scanned.

0 unindexed files recovered.

CHKDSK is verifying security descriptors (stage 3 of 3)...
Security descriptor verification completed.
26227 data files processed.

CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
Windows has checked the file system and found no problems.

233239551 KB total disk space.
151963336 KB in 125761 files.
72404 KB in 26228 indexes.
0 KB in bad sectors.
270971 KB in use by the system.
65536 KB occupied by the log file.
80932840 KB available on disk.

4096 bytes in each allocation unit.
58309887 total allocation units on disk.
20233210 allocation units available on disk.
Groffles
Regular Member
 
Posts: 18
Joined: November 22nd, 2008, 1:12 pm

Re: Computer Problems, maybe infected

Unread postby askey127 » March 13th, 2011, 6:29 am

Groffles,
Did you set up the network proxies in Firefox? Looks like you did.

Your initial log also showed several sites in your trusted zone.
You should fix that so only Microsoft and/or your Internet Provider are allowed in that zone.

I would suggest a full scan with both Kaspersky and Malwarebytes (after updating it), but I don't see any malware on your system.

You do have a lot of toolbars and browser helpers loading down the system.
You could use WinPatrol to selectively control/disable any of those.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Computer Problems, maybe infected

Unread postby askey127 » March 16th, 2011, 6:58 am

this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 30 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware