OTL logfile created on: 8/25/2010 3:38:14 PM - Run 2 OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\Brandy\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 7.00% Memory free 6.00 Gb Paging File | 2.00 Gb Available in Paging File | 35.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 287.55 Gb Total Space | 152.55 Gb Free Space | 53.05% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: BRANDY-PC Current User Name: Brandy Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Standard Quick Scan [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2010/08/25 15:30:29 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Brandy\Downloads\OTL.exe PRC - [2010/08/12 00:49:02 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.2.183.29\GoogleCrashHandler.exe PRC - [2010/08/02 22:33:54 | 000,449,040 | ---- | M] () -- C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe PRC - [2010/06/28 16:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe PRC - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe PRC - [2009/07/29 00:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe PRC - [2009/07/14 23:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe PRC - [2009/07/13 19:24:00 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe PRC - [2009/03/10 22:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe PRC - [2007/06/05 14:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\SysWOW64\PSIService.exe PRC - [2005/11/30 05:47:52 | 000,013,888 | ---- | M] (ewido networks) -- C:\Program Files (x86)\ewido anti-malware\ewidoctrl.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2010/08/25 15:30:29 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Brandy\Downloads\OTL.exe MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner) SRV:[b]64bit:[/b] - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner) SRV:[b]64bit:[/b] - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV:[b]64bit:[/b] - [2009/09/17 16:41:36 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service) SRV:[b]64bit:[/b] - [2009/08/11 20:10:48 | 000,252,272 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service) SRV:[b]64bit:[/b] - [2009/08/05 18:20:12 | 000,488,800 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv) SRV:[b]64bit:[/b] - [2009/08/04 15:15:06 | 000,826,224 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv) SRV:[b]64bit:[/b] - [2009/07/28 19:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv) SRV:[b]64bit:[/b] - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2010/03/23 14:32:46 | 000,014,336 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\TestOut\Orbis\OrbisClient.Services.exe -- (OrbisClient.Services) SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/08/17 14:48:42 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo) SRV - [2009/08/10 23:55:58 | 000,248,688 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService) SRV - [2009/07/14 23:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service) SRV - [2009/03/10 22:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service) SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService) SRV - [2008/10/25 11:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) SRV - [2007/06/05 14:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PSIService.exe -- (ProtexisLicensing) SRV - [2005/12/18 13:41:35 | 000,151,616 | ---- | M] (ewido networks) [Disabled | Stopped] -- C:\Program Files (x86)\ewido anti-malware\ewidoguard.exe -- (ewido security suite guard) SRV - [2005/11/30 05:47:52 | 000,013,888 | ---- | M] (ewido networks) [Auto | Running] -- C:\Program Files (x86)\ewido anti-malware\ewidoctrl.exe -- (ewido security suite control) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\DRIVERS\RtsUCcid.sys -- (USBCCID) DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\DRIVERS\Rts516xIR.sys -- (RtsUIR) DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:[b]64bit:[/b] - [2010/06/28 16:33:00 | 000,061,008 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:[b]64bit:[/b] - [2010/04/26 17:23:08 | 001,103,904 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se) DRV:[b]64bit:[/b] - [2010/02/13 01:32:34 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin) DRV:[b]64bit:[/b] - [2009/12/19 10:11:40 | 000,314,400 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:[b]64bit:[/b] - [2009/11/04 03:58:42 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (HID) DRV:[b]64bit:[/b] - [2009/08/27 12:07:06 | 007,369,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:[b]64bit:[/b] - [2009/08/07 09:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:[b]64bit:[/b] - [2009/07/31 00:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst) DRV:[b]64bit:[/b] - [2009/07/24 19:57:08 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64) DRV:[b]64bit:[/b] - [2009/07/20 21:48:32 | 000,274,480 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:[b]64bit:[/b] - [2009/07/14 19:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ) DRV:[b]64bit:[/b] - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009/07/13 20:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM) DRV:[b]64bit:[/b] - [2009/07/09 07:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:[b]64bit:[/b] - [2009/07/07 12:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk) DRV:[b]64bit:[/b] - [2009/06/22 21:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect) DRV:[b]64bit:[/b] - [2009/06/19 23:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL) DRV:[b]64bit:[/b] - [2009/06/10 17:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem) DRV:[b]64bit:[/b] - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs) DRV:[b]64bit:[/b] - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:[b]64bit:[/b] - [2009/05/09 02:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr) DRV:[b]64bit:[/b] - [2007/03/07 14:13:20 | 000,017,920 | ---- | M] (June Fabrics Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pnetmdm64.sys -- (pnetmdm) DRV - [2004/11/22 10:15:15 | 000,003,072 | ---- | M] () [Kernel | System | Stopped] -- C:\Program Files (x86)\ewido anti-malware\guard.sys -- (ewido security suite driver) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA IE - HKLM\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - Reg Error: Key error. File not found IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig?brand=TSNA&bmod=TSNA IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?brand=TSNA&bmod=TSNA IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.selectedEngine: "Swagbucks.com" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig" FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3 FF - prefs.js..extensions.enabledItems: isreaditlater@ideashower.com:2.0.6 FF - prefs.js..extensions.enabledItems: NuvolaFF@paenglab.ch:1.9.3 FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files (x86)\Google\Google Gears\Firefox\ [2010/08/23 13:44:47 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/08/12 00:09:22 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/07/27 14:22:19 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Components: C:\Program Files (x86)\Mozilla Sunbird\components [2010/07/13 19:56:17 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Sunbird\plugins [2010/07/27 14:26:44 | 000,000,000 | ---D | M] -- C:\Users\Brandy\AppData\Roaming\Mozilla\Extensions [2010/07/27 14:26:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brandy\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010/07/13 17:22:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brandy\AppData\Roaming\Mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28} [2010/08/24 15:45:12 | 000,000,000 | ---D | M] -- C:\Users\Brandy\AppData\Roaming\Mozilla\Firefox\Profiles\lyume7aa.default\extensions [2010/08/23 13:44:56 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Users\Brandy\AppData\Roaming\Mozilla\Firefox\Profiles\lyume7aa.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} [2010/08/23 13:44:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brandy\AppData\Roaming\Mozilla\Firefox\Profiles\lyume7aa.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae} [2010/08/23 13:44:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brandy\AppData\Roaming\Mozilla\Firefox\Profiles\lyume7aa.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E} [2010/08/23 13:44:56 | 000,000,000 | ---D | M] -- C:\Users\Brandy\AppData\Roaming\Mozilla\Firefox\Profiles\lyume7aa.default\extensions\isreaditlater@ideashower.com [2010/08/23 13:44:56 | 000,000,000 | ---D | M] -- C:\Users\Brandy\AppData\Roaming\Mozilla\Firefox\Profiles\lyume7aa.default\extensions\NuvolaFF@paenglab.ch [2010/08/23 13:44:56 | 000,000,000 | ---D | M] -- C:\Users\Brandy\AppData\Roaming\Mozilla\Firefox\Profiles\lyume7aa.default\extensions\personas@christopher.beard [2010/07/13 17:22:06 | 000,000,000 | ---D | M] -- C:\Users\Brandy\AppData\Roaming\Mozilla\Sunbird\Profiles\j5p2e45j.default\extensions [2010/08/23 20:49:31 | 000,001,540 | ---- | M] () -- C:\Users\Brandy\AppData\Roaming\Mozilla\Firefox\Profiles\lyume7aa.default\searchplugins\swagbuckscom.xml [2010/02/12 23:08:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:[b]64bit:[/b] - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:[b]64bit:[/b] - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg64.dll (Google Inc.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.) O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O3:[b]64bit:[/b] - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:[b]64bit:[/b] - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O4:[b]64bit:[/b] - HKLM..\Run: [] File not found O4:[b]64bit:[/b] - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:[b]64bit:[/b] - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - Startup: C:\Users\Brandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk = C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} http://www.worldwinner.com/games/v57/wof/wof.cab (WoF Control) O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} http://www.worldwinner.com/games/v67/swapit/swapit.cab (SwapIt Control) O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 74.128.17.114 74.128.19.102 O18:[b]64bit:[/b] - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O22:[b]64bit:[/b] - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation) O22:[b]64bit:[/b] - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - Deskscapes - C:\Program Files (x86)\Stardock\Object Desktop\DeskScapes\deskscapes.dll (Stardock Corporation) O22:[b]64bit:[/b] - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - Stardock Vista ControlPanel Extension - C:\Program Files (x86)\Stardock\Object Desktop\DeskScapes\DesktopControlPanel.dll (Stardock) O22:[b]64bit:[/b] - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - StardockDreamController - C:\Program Files (x86)\Stardock\Object Desktop\DeskScapes\DreamControl.dll (Stardock) O28 - HKLM ShellExecuteHooks: {54D9498B-CF93-414F-8984-8CE7FDE0D391} - C:\Program Files (x86)\ewido anti-malware\shellhook.dll () O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{c4c4b157-1849-11df-94f5-00266c3cc660}\Shell - "" = AutoRun O33 - MountPoints2\{c4c4b157-1849-11df-94f5-00266c3cc660}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* Drivers32:[b]64bit:[/b] msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: vidc.tscc - C:\windows\SysWow64\TSCCVID.DLL (TechSmith Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point [color=#E56717]========== Files/Folders - Created Within 90 Days ==========[/color] [2010/08/23 14:43:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2010/08/23 14:43:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2010/08/23 14:37:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ewido anti-malware [2010/08/23 14:29:06 | 000,000,000 | ---D | C] -- C:\Users\Brandy\AppData\Roaming\Auslogics [2010/08/23 14:27:23 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2010/08/23 14:27:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Auslogics [2010/08/23 14:07:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro [2010/08/21 19:03:37 | 000,000,000 | ---D | C] -- C:\Users\Brandy\AppData\Roaming\ComodoGroup [2010/08/21 18:51:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\COMODO [2010/08/21 14:47:26 | 000,000,000 | ---D | C] -- C:\Users\Brandy\DoctorWeb [2010/08/16 23:00:29 | 000,000,000 | ---D | C] -- C:\Users\Brandy\Documents\My Digital Editions [2010/08/12 01:09:49 | 000,000,000 | ---D | C] -- C:\Users\Brandy\Documents\CCleaner [2010/08/12 00:53:58 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft [2010/08/11 23:33:09 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\windows\avastSS.scr [2010/08/11 19:34:57 | 000,000,000 | ---D | C] -- C:\Users\Brandy\Documents\SCHOOL INFO [2010/08/11 19:34:28 | 000,000,000 | ---D | C] -- C:\Users\Brandy\Documents\ENG 102 [2010/08/11 19:34:16 | 000,000,000 | ---D | C] -- C:\Users\Brandy\Documents\NIS 213 [2010/08/11 19:33:39 | 000,000,000 | ---D | C] -- C:\Users\Brandy\Documents\CIS 130 [2010/08/11 19:33:24 | 000,000,000 | ---D | C] -- C:\Users\Brandy\Documents\NIS 211 [2010/08/11 17:41:35 | 000,000,000 | ---D | C] -- C:\Users\Brandy\Documents\My Barnes & Noble eBooks [2010/08/11 17:41:35 | 000,000,000 | ---D | C] -- C:\Users\Brandy\AppData\Roaming\Apple Computer [2010/08/11 17:41:35 | 000,000,000 | ---D | C] -- C:\Users\Brandy\AppData\Local\Apple Computer [2010/08/11 17:41:01 | 000,000,000 | ---D | C] -- C:\Users\Brandy\AppData\Roaming\Barnes & Noble [2010/08/11 17:40:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Barnes & Noble [2010/08/11 17:15:25 | 000,000,000 | ---D | C] -- C:\Users\Brandy\AppData\Roaming\Windows Live Writer [2010/08/11 17:15:25 | 000,000,000 | ---D | C] -- C:\Users\Brandy\AppData\Local\Windows Live Writer [2010/08/11 16:32:44 | 000,017,920 | ---- | C] (June Fabrics Technology) -- C:\windows\SysNative\drivers\pnetmdm64.sys [2010/08/11 16:29:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PdaNet for Android [2010/08/03 19:49:07 | 000,000,000 | ---D | C] -- C:\Users\Brandy\AppData\Local\Relmtech [2010/08/03 19:44:49 | 000,000,000 | ---D | C] -- C:\Users\Brandy\AppData\Local\Downloaded Installations [2010/08/01 01:33:49 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallJammer Registry [2010/08/01 01:33:44 | 000,000,000 | ---D | C] -- C:\Users\Brandy\AppData\Roaming\Gmote [2010/08/01 01:32:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GmoteServer [2010/07/31 20:26:24 | 000,000,000 | ---D | C] -- C:\Program Files\SoftwareForMe Inc [2010/07/27 14:26:43 | 000,000,000 | ---D | C] -- C:\Users\Brandy\AppData\Local\Thunderbird [2010/07/27 14:26:42 | 000,000,000 | ---D | C] -- C:\Users\Brandy\AppData\Roaming\Thunderbird [2010/07/15 03:16:04 | 000,000,000 | ---D | C] -- C:\fdfc2539f47d369ddb7757945442 [2010/07/14 23:24:56 | 000,000,000 | ---D | C] -- C:\ProgramData\RoboForm [2010/07/13 19:55:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2010/07/13 19:55:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2010/07/13 19:55:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2010/07/13 19:54:52 | 000,000,000 | ---D | C] -- C:\Users\Brandy\AppData\Local\Apple [2010/07/13 19:54:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2010/07/13 19:54:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2010/07/13 17:21:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Sunbird [2010/05/29 01:37:16 | 000,000,000 | ---D | C] -- C:\Users\Brandy\AppData\Roaming\PhotoScape [2010/05/29 01:36:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PhotoScape [2010/02/13 01:32:34 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Brandy\AppData\Roaming\pcouffin.sys [1 C:\windows\SysNative\*.tmp files -> C:\windows\SysNative\*.tmp -> ] [color=#E56717]========== Files - Modified Within 90 Days ==========[/color] [2010/08/25 15:41:17 | 004,194,304 | -HS- | M] () -- C:\Users\Brandy\ntuser.dat [2010/08/25 15:22:28 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010/08/25 15:22:28 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010/08/25 15:14:30 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2010/08/25 15:14:28 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT [2010/08/25 15:14:23 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2010/08/25 15:14:19 | 2312,097,792 | -HS- | M] () -- C:\hiberfil.sys [2010/08/25 05:54:00 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2010/08/24 18:28:40 | 002,904,793 | -H-- | M] () -- C:\Users\Brandy\AppData\Local\IconCache.db [2010/08/24 15:42:59 | 000,000,000 | ---- | M] () -- C:\Users\Brandy\defogger_reenable [2010/08/24 15:39:01 | 000,050,477 | ---- | M] () -- C:\Users\Brandy\Desktop\Defogger.exe [2010/08/23 20:35:30 | 000,000,000 | ---- | M] () -- C:\Users\Brandy\AppData\Roaming\wklnhst.dat [2010/08/23 16:47:39 | 000,730,320 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2010/08/23 16:47:39 | 000,627,082 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2010/08/23 16:47:39 | 000,107,366 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2010/08/23 14:43:38 | 000,001,273 | ---- | M] () -- C:\Users\Brandy\Desktop\Spybot - Search & Destroy.lnk [2010/08/23 14:37:10 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ewido anti-malware.lnk [2010/08/23 14:27:05 | 000,001,146 | ---- | M] () -- C:\Users\Brandy\Desktop\Auslogics BoostSpeed.lnk [2010/08/23 14:07:17 | 000,002,108 | ---- | M] () -- C:\Users\Brandy\Desktop\HijackThis.lnk [2010/08/23 13:53:50 | 000,524,288 | -HS- | M] () -- C:\Users\Brandy\ntuser.dat{1df6ac40-aed9-11df-bd1e-00266c3cc660}.TMContainer00000000000000000002.regtrans-ms [2010/08/23 13:53:50 | 000,524,288 | -HS- | M] () -- C:\Users\Brandy\ntuser.dat{1df6ac40-aed9-11df-bd1e-00266c3cc660}.TMContainer00000000000000000001.regtrans-ms [2010/08/23 13:53:50 | 000,065,536 | -HS- | M] () -- C:\Users\Brandy\ntuser.dat{1df6ac40-aed9-11df-bd1e-00266c3cc660}.TM.blf [2010/08/23 13:51:00 | 000,001,863 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2010/08/23 13:50:56 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt [2010/08/21 18:51:39 | 000,001,123 | ---- | M] () -- C:\Users\Public\Desktop\COMODO System - Cleaner.lnk [2010/08/16 17:07:11 | 000,425,488 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2010/08/11 17:41:04 | 000,001,225 | ---- | M] () -- C:\Users\Brandy\Desktop\NOOKstudy.lnk [2010/08/11 16:34:15 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_WinUSB_01007.Wdf [2010/08/11 16:32:45 | 000,001,044 | ---- | M] () -- C:\Users\Brandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk [2010/08/06 21:23:03 | 000,000,671 | ---- | M] () -- C:\Users\Brandy\AppData\Roaming\vso_ts_preview.xml [2010/07/27 14:26:44 | 000,000,000 | ---- | M] () -- C:\windows\nsreg.dat [2010/07/27 14:22:22 | 000,001,954 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010/07/27 14:14:40 | 000,001,148 | ---- | M] () -- C:\Users\Brandy\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk [2010/07/27 09:05:35 | 000,743,534 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI [2010/07/25 03:12:41 | 000,001,158 | ---- | M] () -- C:\Users\Brandy\Desktop\Microsoft Works Task Launcher.lnk [2010/07/25 03:03:27 | 000,000,478 | ---- | M] () -- C:\windows\win.ini [2010/07/13 16:54:00 | 000,001,978 | ---- | M] () -- C:\Users\Brandy\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2010/06/28 16:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\windows\avastSS.scr [2010/06/28 16:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\windows\SysWow64\aswBoot.exe [2010/06/28 16:37:56 | 000,051,280 | ---- | M] (ALWIL Software) -- C:\windows\SysNative\drivers\aswTdi.sys [2010/06/28 16:37:36 | 000,121,936 | ---- | M] (ALWIL Software) -- C:\windows\SysNative\drivers\aswSP.sys [2010/06/28 16:33:17 | 000,028,752 | ---- | M] (ALWIL Software) -- C:\windows\SysNative\drivers\aswRdr.sys [2010/06/28 16:33:00 | 000,061,008 | ---- | M] (ALWIL Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys [2010/06/28 16:32:36 | 000,020,048 | ---- | M] (ALWIL Software) -- C:\windows\SysNative\drivers\aswFsBlk.sys [2010/05/29 01:36:53 | 000,001,046 | ---- | M] () -- C:\Users\Brandy\Desktop\PhotoScape.lnk [1 C:\windows\SysNative\*.tmp files -> C:\windows\SysNative\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010/08/24 16:07:11 | 000,293,376 | ---- | C] () -- C:\Users\Brandy\Documents\gmer.exe [2010/08/24 15:57:33 | 000,293,376 | ---- | C] () -- C:\Users\Brandy\Desktop\gmer.exe [2010/08/24 15:42:59 | 000,000,000 | ---- | C] () -- C:\Users\Brandy\defogger_reenable [2010/08/24 15:39:25 | 000,050,477 | ---- | C] () -- C:\Users\Brandy\Desktop\Defogger.exe [2010/08/23 20:35:30 | 000,000,000 | ---- | C] () -- C:\Users\Brandy\AppData\Roaming\wklnhst.dat [2010/08/23 14:43:38 | 000,001,273 | ---- | C] () -- C:\Users\Brandy\Desktop\Spybot - Search & Destroy.lnk [2010/08/23 14:37:10 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ewido anti-malware.lnk [2010/08/23 14:27:05 | 000,001,146 | ---- | C] () -- C:\Users\Brandy\Desktop\Auslogics BoostSpeed.lnk [2010/08/23 14:07:17 | 000,002,108 | ---- | C] () -- C:\Users\Brandy\Desktop\HijackThis.lnk [2010/08/23 13:53:50 | 000,524,288 | -HS- | C] () -- C:\Users\Brandy\ntuser.dat{1df6ac40-aed9-11df-bd1e-00266c3cc660}.TMContainer00000000000000000002.regtrans-ms [2010/08/23 13:53:50 | 000,524,288 | -HS- | C] () -- C:\Users\Brandy\ntuser.dat{1df6ac40-aed9-11df-bd1e-00266c3cc660}.TMContainer00000000000000000001.regtrans-ms [2010/08/23 13:53:50 | 000,065,536 | -HS- | C] () -- C:\Users\Brandy\ntuser.dat{1df6ac40-aed9-11df-bd1e-00266c3cc660}.TM.blf [2010/08/23 13:51:00 | 000,001,863 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2010/08/21 18:51:39 | 000,001,123 | ---- | C] () -- C:\Users\Public\Desktop\COMODO System - Cleaner.lnk [2010/08/11 17:41:04 | 000,001,225 | ---- | C] () -- C:\Users\Brandy\Desktop\NOOKstudy.lnk [2010/08/11 16:34:15 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_WinUSB_01007.Wdf [2010/08/11 16:32:45 | 000,001,044 | ---- | C] () -- C:\Users\Brandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk [2010/07/27 14:26:44 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat [2010/07/27 14:14:40 | 000,001,148 | ---- | C] () -- C:\Users\Brandy\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk [2010/07/27 09:05:35 | 000,743,534 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2010/07/13 16:54:00 | 000,001,978 | ---- | C] () -- C:\Users\Brandy\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2010/05/29 01:36:53 | 000,001,046 | ---- | C] () -- C:\Users\Brandy\Desktop\PhotoScape.lnk [2010/03/11 05:16:15 | 000,003,584 | ---- | C] () -- C:\Users\Brandy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/03/04 03:36:22 | 000,002,984 | -HS- | C] () -- C:\windows\SysWow64\KGyGaAvL.sys [2010/03/04 03:36:22 | 000,000,088 | RHS- | C] () -- C:\windows\SysWow64\A25C0F0407.sys [2010/02/13 01:33:32 | 000,000,671 | ---- | C] () -- C:\Users\Brandy\AppData\Roaming\vso_ts_preview.xml [2010/02/13 01:33:05 | 000,000,034 | ---- | C] () -- C:\Users\Brandy\AppData\Roaming\pcouffin.log [2010/02/13 01:32:34 | 000,099,384 | ---- | C] () -- C:\Users\Brandy\AppData\Roaming\inst.exe [2010/02/13 01:32:34 | 000,007,859 | ---- | C] () -- C:\Users\Brandy\AppData\Roaming\pcouffin.cat [2010/02/13 01:32:34 | 000,001,167 | ---- | C] () -- C:\Users\Brandy\AppData\Roaming\pcouffin.inf [2009/12/26 04:20:03 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI [2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll [2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll [color=#E56717]========== LOP Check ==========[/color] [2010/08/23 14:29:06 | 000,000,000 | ---D | M] -- C:\Users\Brandy\AppData\Roaming\Auslogics [2010/08/11 17:41:01 | 000,000,000 | ---D | M] -- C:\Users\Brandy\AppData\Roaming\Barnes & Noble [2010/08/23 13:44:55 | 000,000,000 | ---D | M] -- C:\Users\Brandy\AppData\Roaming\Gmote [2010/08/23 13:44:57 | 000,000,000 | ---D | M] -- C:\Users\Brandy\AppData\Roaming\PhotoScape [2010/02/20 22:16:56 | 000,000,000 | ---D | M] -- C:\Users\Brandy\AppData\Roaming\Serif [2010/08/23 13:44:57 | 000,000,000 | ---D | M] -- C:\Users\Brandy\AppData\Roaming\Thunderbird [2010/02/13 00:20:48 | 000,000,000 | ---D | M] -- C:\Users\Brandy\AppData\Roaming\Tific [2010/02/16 01:22:16 | 000,000,000 | ---D | M] -- C:\Users\Brandy\AppData\Roaming\Toshiba [2010/08/24 05:28:22 | 000,000,000 | ---D | M] -- C:\Users\Brandy\AppData\Roaming\uTorrent [2010/08/06 21:23:03 | 000,000,000 | ---D | M] -- C:\Users\Brandy\AppData\Roaming\Vso [2010/02/12 22:49:21 | 000,000,000 | ---D | M] -- C:\Users\Brandy\AppData\Roaming\WinBatch [2010/08/11 17:15:25 | 000,000,000 | ---D | M] -- C:\Users\Brandy\AppData\Roaming\Windows Live Writer [2010/04/30 15:20:54 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %SYSTEMDRIVE%\*.* >[/color] [2009/07/13 21:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr [2009/11/13 13:41:33 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK [2010/02/15 20:26:42 | 000,000,241 | ---- | M] () -- C:\CDFE.log [2010/08/25 15:14:19 | 2312,097,792 | -HS- | M] () -- C:\hiberfil.sys [2010/02/15 20:26:37 | 000,000,000 | ---- | M] () -- C:\lxcgfire.csv [2010/02/15 20:28:39 | 000,000,981 | ---- | M] () -- C:\LXCGINST.csv [2010/02/15 23:02:45 | 000,005,766 | ---- | M] () -- C:\lxcgUNST.csv [2010/08/21 20:01:21 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt [2010/08/25 15:14:21 | 3082,801,152 | -HS- | M] () -- C:\pagefile.sys [color=#A23BEC]< %systemroot%\Fonts\*.com >[/color] [2009/07/14 01:32:31 | 000,026,040 | ---- | M] () -- C:\windows\Fonts\GlobalMonospace.CompositeFont [2009/07/14 01:32:31 | 000,026,489 | ---- | M] () -- C:\windows\Fonts\GlobalSansSerif.CompositeFont [2009/07/14 01:32:31 | 000,029,779 | ---- | M] () -- C:\windows\Fonts\GlobalSerif.CompositeFont [2009/07/14 01:32:31 | 000,043,318 | ---- | M] () -- C:\windows\Fonts\GlobalUserInterface.CompositeFont [color=#A23BEC]< %systemroot%\Fonts\*.dll >[/color] [color=#A23BEC]< %systemroot%\Fonts\*.ini >[/color] [2009/06/10 16:49:50 | 000,000,065 | ---- | M] () -- C:\windows\Fonts\desktop.ini [color=#A23BEC]< %systemroot%\Fonts\*.ini2 >[/color] [color=#A23BEC]< %systemroot%\Fonts\*.exe >[/color] [color=#A23BEC]< %systemroot%\system32\spool\prtprocs\w32x86\*.* >[/color] [color=#A23BEC]< %systemroot%\REPAIR\*.bak1 >[/color] [color=#A23BEC]< %systemroot%\REPAIR\*.ini >[/color] [color=#A23BEC]< %systemroot%\system32\*.jpg >[/color] [color=#A23BEC]< %systemroot%\*.jpg >[/color] [color=#A23BEC]< %systemroot%\*.png >[/color] [color=#A23BEC]< %systemroot%\*.scr >[/color] [2010/06/28 16:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\Windows\avastSS.scr [2009/07/10 16:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR [color=#A23BEC]< %systemroot%\*._sy >[/color] [color=#A23BEC]< %APPDATA%\Adobe\Update\*.* >[/color] [color=#A23BEC]< %ALLUSERSPROFILE%\Favorites\*.* >[/color] [color=#A23BEC]< %APPDATA%\Microsoft\*.* >[/color] [color=#A23BEC]< %PROGRAMFILES%\*.* >[/color] [2009/07/14 00:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini [color=#A23BEC]< %APPDATA%\Update\*.* >[/color] [color=#A23BEC]< %systemroot%\*. /mp /s >[/color] [color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color] [color=#A23BEC]< %PROGRAMFILES%\bak. /s >[/color] [color=#A23BEC]< %systemroot%\system32\bak. /s >[/color] [color=#A23BEC]< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >[/color] [color=#A23BEC]< %systemroot%\system32\config\systemprofile\*.dat /x >[/color] [color=#A23BEC]< %systemroot%\*.config >[/color] [color=#A23BEC]< %systemroot%\system32\*.db >[/color] [color=#A23BEC]< %PROGRAMFILES%\Internet Explorer\*.dat >[/color] [color=#A23BEC]< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >[/color] [2010/02/12 23:00:33 | 000,000,221 | -HS- | M] () -- C:\Users\Brandy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini [color=#A23BEC]< %USERPROFILE%\Desktop\*.exe >[/color] [2010/08/24 15:39:01 | 000,050,477 | ---- | M] () -- C:\Users\Brandy\Desktop\Defogger.exe [2009/12/15 11:24:48 | 000,293,376 | ---- | M] () -- C:\Users\Brandy\Desktop\gmer.exe [color=#A23BEC]< %PROGRAMFILES%\Common Files\*.* >[/color] [color=#A23BEC]< %systemroot%\*.src >[/color] [color=#A23BEC]< %systemroot%\install\*.* >[/color] [color=#A23BEC]< %systemroot%\system32\DLL\*.* >[/color] [color=#A23BEC]< %systemroot%\system32\HelpFiles\*.* >[/color] [color=#A23BEC]< %systemroot%\system32\rundll\*.* >[/color] [color=#A23BEC]< %systemroot%\winn32\*.* >[/color] [color=#A23BEC]< %systemroot%\Java\*.* >[/color] [color=#A23BEC]< %systemroot%\system32\test\*.* >[/color] [color=#A23BEC]< %systemroot%\system32\Rundll32\*.* >[/color] [color=#A23BEC]< %systemroot%\AppPatch\Custom\*.* >[/color] [color=#A23BEC]< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >[/color] [color=#A23BEC]< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >[/color] [color=#A23BEC]< %PROGRAMFILES%\Internet Explorer\*.tmp >[/color] [color=#A23BEC]< %PROGRAMFILES%\Internet Explorer\*.dat >[/color] [color=#A23BEC]< %USERPROFILE%\My Documents\*.exe >[/color] [color=#A23BEC]< %USERPROFILE%\*.exe >[/color] [2010/02/07 16:03:16 | 005,036,848 | ---- | M] () -- C:\Users\Brandy\Paint.NET.3.5.3.Install.exe [color=#A23BEC]< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >[/color] [2010/07/22 22:06:53 | 000,910,296 | ---- | M] (Mozilla Corporation) MD5=BACCDA841C689D1CBA941F478E8ED24B -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [color=#A23BEC]< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >[/color] [2009/07/13 21:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=2C32E3E596CFE660353753EABEFB0540 -- C:\Program Files (x86)\Internet Explorer\iexplore.exe [color=#A23BEC]< %systemroot%\ADDINS\*.* >[/color] [2009/06/10 17:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf [color=#A23BEC]< %systemroot%\assembly\*.bak2 >[/color] [color=#A23BEC]< %systemroot%\Config\*.* >[/color] [color=#A23BEC]< %systemroot%\REPAIR\*.bak2 >[/color] [color=#A23BEC]< %systemroot%\SECURITY\Database\*.sdb /x >[/color] [color=#A23BEC]< %systemroot%\SYSTEM\*.bak2 >[/color] [color=#A23BEC]< %systemroot%\Web\*.bak2 >[/color] [color=#A23BEC]< %systemroot%\Driver Cache\*.* >[/color] [color=#A23BEC]< %PROGRAMFILES%\Mozilla Firefox\0*.exe >[/color] [color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >[/color] [color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:07BF512B < End of report >