Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer Virus? [Closed]

Started by OMGkorea , Apr 22 2009 11:34 AM

  • This topic is locked This topic is locked

#1
OMGkorea
Posted 22 April 2009 - 11:34 AM

OMGkorea

    Member

  • Member
  • PipPip
  • 15 posts
As my title states, I am unsure whether I truly have a virus or not. I am pretty sure I do but I can't locate it and neither can full computer scans (AVG Anti-Virus). I even used the Malwarebyte's Anti-Malware to scan my computer but no luck. My computer all of a sudden started lagging especially when gaming. I thought it might be an internet problem but I took my laptop to a LAN center and there is definitely something wrong with my computer. I have Windows Vista. Any help will be greatly appreciated.

Again, I don't know if it's a hardware problem but I need to make sure all my files are safe because this is my work computer.

Thanks,
James
  • 0

Advertisements

#2
Jimmy2012
Posted 28 April 2009 - 11:46 PM

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello OMGkorea,
Sorry about the delay.


Please read this topic, and post your logs back in this topic when you are done.
  • 0

#3
OMGkorea
Posted 29 April 2009 - 11:20 AM

OMGkorea

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
It's nice to meet you. Thanks for the reply :)

No problem about the delay. I know you guys are busy with other things too :)

After executing Steps #1-4, there was a small improvement in my laptop's performance.

Here are the three logs from the Rootkit detector and OLTI scan:




ROOTKIT DETECTOR

Microsoft Windows Vista Home Edition (6.0.6001) Service Pack 1

C:\ [Fixed] - NTFS - (Total:189277 Mo/Free:2461 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)

Wed 04/29/2009|13:18

----------------------\\ Processes..

--Locked-- [System Process]
--Locked-- System
---------- \SystemRoot\System32\smss.exe
---------- C:\Windows\system32\csrss.exe
---------- C:\Windows\system32\wininit.exe
---------- C:\Windows\system32\csrss.exe
---------- C:\Program Files\AVG\AVG8\avgrsx.exe
---------- C:\Windows\system32\services.exe
---------- C:\Windows\system32\lsass.exe
---------- C:\Windows\system32\lsm.exe
---------- C:\Windows\system32\winlogon.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\System32\svchost.exe
---------- C:\Windows\system32\Ati2evxx.exe
---------- C:\Windows\System32\svchost.exe
---------- C:\Windows\System32\svchost.exe
---------- C:\Windows\system32\svchost.exe
--Locked-- audiodg.exe
---------- C:\Windows\system32\SLsvc.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\system32\Ati2evxx.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\System32\spoolsv.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\system32\agrsmsvc.exe
---------- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
---------- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
---------- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
---------- C:\Toshiba\IVP\ISM\pinger.exe
---------- C:\Windows\System32\svchost.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\system32\svchost.exe
---------- c:\Toshiba\IVP\swupdate\swupdtmr.exe
---------- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
---------- C:\Windows\system32\TODDSrv.exe
---------- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
---------- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
---------- C:\Program Files\Viewpoint\Common\ViewpointService.exe
---------- C:\Windows\System32\svchost.exe
---------- C:\Windows\system32\SearchIndexer.exe
---------- C:\Windows\System32\alg.exe
---------- C:\Windows\system32\taskeng.exe
---------- C:\Windows\system32\Dwm.exe
---------- C:\Windows\Explorer.EXE
---------- C:\Windows\system32\taskeng.exe
---------- C:\Program Files\Windows Defender\MSASCui.exe
---------- C:\Windows\RtHDVCpl.exe
---------- C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
---------- C:\Program Files\Toshiba\SmoothView\SmoothView.exe
---------- C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
---------- C:\Program Files\Synaptics\SynTP\SynTPStart.exe
---------- C:\Program Files\AVG\AVG8\avgtray.exe
---------- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
---------- C:\Program Files\Windows Media Player\wmpnscfg.exe
---------- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
---------- C:\Program Files\Windows Media Player\wmpnetwk.exe
---------- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
---------- C:\Program Files\Synaptics\SynTP\SynToshiba.exe
---------- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
---------- C:\Windows\system32\conime.exe
---------- C:\Users\eunmitanner\Desktop\OTListIt2.exe
---------- C:\Windows\notepad.exe
---------- C:\Windows\notepad.exe
---------- C:\Program Files\Mozilla Firefox\firefox.exe
---------- C:\Windows\system32\DllHost.exe
---------- C:\Windows\system32\DllHost.exe
---------- C:\Windows\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!


----------------------\\ Cracks & Keygens..

C:\Users\EUNMIT~1\Documents\Macromedia Flash Pro 8 plus keygen\keygen.exe
C:\Users\EUNMIT~1\Documents\Macromedia Flash Pro 8 plus keygen\setup.exe


1 - "C:\Rooter$\Rooter_1.txt" - Wed 04/29/2009|12:55
2 - "C:\Rooter$\Rooter_2.txt" - Wed 04/29/2009|12:56
3 - "C:\Rooter$\Rooter_3.txt" - Wed 04/29/2009|13:18

----------------------\\ Scan completed at 13:18





OTLI LOGFILE


OTListIt logfile created on: 4/29/2009 1:10:10 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Users\eunmitanner\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 1.10 Gb Available Physical Memory | 58.89% Memory free
3.98 Gb Paging File | 3.03 Gb Available in Paging File | 76.16% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 184.84 Gb Total Space | 46.40 Gb Free Space | 25.10% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JAMES-PC
Current User Name: eunmitanner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Windows\system32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\Windows\system32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\Windows\system32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
PRC - C:\Toshiba\IVP\ISM\pinger.exe ()
PRC - c:\Toshiba\IVP\swupdate\swupdtmr.exe ()
PRC - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\system32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe ()
PRC - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc.)
PRC - C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynToshiba.exe (Synaptics, Inc.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.)
PRC - C:\Windows\system32\conime.exe (Microsoft Corporation)
PRC - C:\Users\eunmitanner\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (AgereModemAudio [Auto | Running]) -- C:\Windows\system32\agrsmsvc.exe (Agere Systems)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Ati External Event Utility [Auto | Running]) -- C:\Windows\system32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (avg8wd [Disabled | Stopped]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Bonjour Service [Disabled | Stopped]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (CFSvcs [Auto | Running]) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ehRecvr [Disabled | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [Disabled | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Disabled | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (FLEXnet Licensing Service [Disabled | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (FontCache3.0.0.0 [Disabled | Stopped]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [Disabled | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (npkcmsvc [Disabled | Stopped]) -- File not found
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (pinger [Auto | Running]) -- C:\Toshiba\IVP\ISM\pinger.exe ()
SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\Windows\system32\HPZipm12.dll (Hewlett-Packard)
SRV - (Steam Client Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Swupdtmr [Auto | Running]) -- c:\Toshiba\IVP\swupdate\swupdtmr.exe ()
SRV - (TNaviSrv [Auto | Running]) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (TODDSrv [Auto | Running]) -- C:\Windows\system32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (TosCoSrv [Auto | Running]) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (TOSHIBA Bluetooth Service [Auto | Running]) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (Viewpoint Manager Service [Auto | Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (WLSetupSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Running]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (adp94xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (adpahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (adpu160m [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (adpu320 [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (AgereSoftModem [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\AGRSM.sys (Agere Systems)
DRV - (aic78xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (aliide [Disabled | Stopped]) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (amdide [Boot | Running]) -- C:\Windows\system32\DRIVERS\amdide.sys (Advanced Micro Devices)
DRV - (arc [Disabled | Stopped]) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (arcsas [Disabled | Stopped]) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (athr [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\athr.sys (Atheros Communications, Inc.)
DRV - (atikmdag [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV - (AtiPcie [Boot | Running]) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV - (ATITool [System | Running]) -- C:\Windows\system32\DRIVERS\ATITool.sys ()
DRV - (AvgLdx86 [System | Running]) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86 [System | Running]) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgRkx86 [Boot | Running]) -- C:\Windows\System32\Drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX [System | Running]) -- C:\Windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (BrFiltLo [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (Brserid [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrSerWdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (cmdide [Disabled | Stopped]) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (E1G60 [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\E1G60I32.sys (Intel Corporation)
DRV - (elxstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (FwLnk [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\FwLnk.sys (TOSHIBA Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\Windows\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (ggflt [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (ggsemc [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (giveio [Boot | Running]) -- C:\Windows\system32\giveio.sys ()
DRV - (HpCISSs [Disabled | Stopped]) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (ialm [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (iaStorV [Disabled | Stopped]) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (iirsp [Disabled | Stopped]) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\Windows\system32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (iteatapi [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (iteraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (KR10I [Disabled | Stopped]) -- C:\Windows\system32\drivers\kr10i.sys (TOSHIBA CORPORATION)
DRV - (KR10N [Disabled | Stopped]) -- C:\Windows\system32\drivers\kr10n.sys (TOSHIBA CORPORATION)
DRV - (KR3NPXP [Disabled | Stopped]) -- C:\Windows\system32\drivers\kr3npxp.sys (TOSHIBA CORPORATION)
DRV - (LSI_FC [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (LSI_SAS [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (LSI_SCSI [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (megasas [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (Mraid35x [Disabled | Stopped]) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (nfrd960 [Disabled | Stopped]) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (ntrigdigi [Disabled | Stopped]) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (nvraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (NWUSBModem [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\nwusbmdm.sys (Novatel Wireless Inc.)
DRV - (NWUSBPort [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\nwusbser.sys (Novatel Wireless Inc.)
DRV - (NWUSBPort2 [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\nwusbser2.sys (Novatel Wireless Inc.)
DRV - (ql2300 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (ql40xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (rimmptsk [Auto | Running]) -- C:\Windows\system32\DRIVERS\rimmptsk.sys (REDC)
DRV - (rimsptsk [Auto | Running]) -- C:\Windows\system32\DRIVERS\rimsptsk.sys (REDC)
DRV - (rismxdp [Auto | Running]) -- C:\Windows\system32\DRIVERS\rixdptsk.sys (REDC)
DRV - (RMCAST [Auto | Running]) -- C:\Windows\system32\DRIVERS\RMCAST.sys (Microsoft Corporation)
DRV - (RTL8169 [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\Rtlh86.sys (Realtek Corporation )
DRV - (s616bus [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\s616bus.sys (MCCI Corporation)
DRV - (s616mdfl [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\s616mdfl.sys (MCCI Corporation)
DRV - (s616mdm [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\s616mdm.sys (MCCI Corporation)
DRV - (secdrv [Auto | Running]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SiSRaid2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (SiSRaid4 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (speedfan [Boot | Running]) -- C:\Windows\system32\speedfan.sys (Windows ® 2000 DDK provider)
DRV - (Symc8xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_hi [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Sym_u3 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (SynTP [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (tdcmdpst [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (tosrfec [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\tosrfec.sys (TOSHIBA Corporation)
DRV - (tos_sps32 [Boot | Running]) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
DRV - (TVALZ [Boot | Running]) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (uliahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (UlSata [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (ulsata2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (UVCFTR [On_Demand | Running]) -- C:\Windows\System32\Drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)
DRV - (viaide [Disabled | Stopped]) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (vsmraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (winbondcir [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\winbondcir.sys (Winbond Electronics Corporation)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\PROGRAM FILES\AVG\AVG8\FIREFOX [2009/01/08 21:25:35 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/04/24 19:49:46 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/28 19:43:57 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/28 19:43:57 | 00,000,000 | ---D | M]

[2009/03/07 00:20:45 | 00,000,000 | ---D | M] -- C:\Users\eunmitanner\AppData\Roaming\mozilla\Extensions
[2008/08/25 23:45:37 | 00,000,000 | ---D | M] -- C:\Users\eunmitanner\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/03/07 00:20:45 | 00,000,000 | ---D | M] -- C:\Users\eunmitanner\AppData\Roaming\mozilla\Extensions\[email protected]
[2009/04/29 13:03:10 | 00,000,000 | ---D | M] -- C:\Users\eunmitanner\AppData\Roaming\mozilla\Firefox\Profiles\n9tji2so.default\extensions
[2008/12/01 17:16:32 | 00,000,000 | ---D | M] -- C:\Users\eunmitanner\AppData\Roaming\mozilla\Firefox\Profiles\n9tji2so.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2008/12/01 17:16:32 | 00,000,000 | ---D | M] -- C:\Users\eunmitanner\AppData\Roaming\mozilla\Firefox\Profiles\n9tji2so.default\extensions\[email protected]
[2008/07/23 02:03:14 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/28 19:43:57 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/08/25 23:45:32 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\[email protected]
[2009/04/28 19:43:54 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/28 19:43:54 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/08/25 23:45:24 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/08/25 23:45:25 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/08/25 23:45:25 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/16 10:58:11 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/08/25 23:45:25 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/08/25 23:45:25 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/08/25 23:45:25 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide (Microsoft Corporation)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot (BillP Studios)
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [TOSCDSPD] TOSCDSPD.EXE File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Microsoft Excel로 내보내기(&X) - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] - C:\Windows\system32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] - C:\Windows\system32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {16579E07-2D08-48B0-8677-759ECF7017BF} http://www.more1004.com/PlusChat.cab (Reg Error: Key error.)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.4.1.cab (DLM Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\autoexec.bat () - [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/04/29 12:56:55 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Users\eunmitanner\Desktop\OTListIt2.exe
[2009/04/29 12:55:01 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/04/28 19:50:24 | 00,000,000 | ---D | C] -- C:\Program Files\ESEA
[2009/04/24 00:44:17 | 00,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2009/04/24 00:44:17 | 00,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2009/04/24 00:44:17 | 00,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2009/04/24 00:44:16 | 00,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2009/04/24 00:44:16 | 00,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2009/04/24 00:44:16 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2009/04/24 00:44:14 | 00,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2009/04/24 00:44:13 | 00,326,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2009/04/24 00:34:39 | 00,096,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfshim.dll
[2009/04/24 00:34:35 | 00,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscoree.dll
[2009/04/24 00:34:34 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2009/04/24 00:34:20 | 00,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2009/04/24 00:34:17 | 00,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2009/04/22 22:45:31 | 00,000,242 | ---- | C] () -- C:\Windows\System32\Ahmbed.gz
[2009/04/22 22:45:16 | 00,000,000 | ---D | C] -- C:\Program Files\BillP Studios
[2009/04/22 22:24:02 | 00,000,775 | ---- | C] () -- C:\Users\eunmitanner\Desktop\SpeedFan.lnk
[2009/04/22 22:24:01 | 00,000,000 | ---D | C] -- C:\Program Files\SpeedFan
[2009/04/22 22:23:47 | 00,000,045 | ---- | C] () -- C:\Windows\System32\initdebug.nfo
[2009/04/16 09:43:49 | 00,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winhttp.dll
[2009/04/16 09:43:46 | 00,562,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2009/04/16 09:43:46 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll
[2009/04/16 09:43:38 | 03,599,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2009/04/16 09:43:38 | 00,551,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpcss.dll
[2009/04/16 09:43:37 | 03,547,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2009/04/16 09:43:36 | 00,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2009/04/16 09:43:35 | 00,183,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2009/04/16 09:43:35 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2009/04/16 09:43:35 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2009/04/16 09:43:35 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2009/04/16 09:43:34 | 00,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2009/04/16 09:43:34 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
[2009/04/16 09:43:31 | 01,255,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2009/04/16 09:43:31 | 00,888,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll
[2009/04/16 09:43:30 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
[2009/04/16 09:43:30 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll
[2009/04/16 09:43:30 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll
[2009/04/16 09:43:25 | 03,580,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/04/16 09:43:24 | 06,068,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/04/16 09:43:23 | 01,166,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/04/16 09:43:22 | 00,827,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/04/16 09:43:22 | 00,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/04/16 09:43:22 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/04/16 09:43:22 | 00,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/04/16 09:43:21 | 00,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009/04/16 09:43:21 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/04/16 09:43:20 | 00,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009/04/16 09:43:20 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2009/04/16 09:43:20 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/04/16 09:43:19 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/04/16 09:43:17 | 01,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/04/16 09:43:17 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/04/11 16:19:12 | 00,000,000 | ---D | C] -- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/04/04 21:48:24 | 00,000,000 | ---D | C] -- C:\Program Files\Ventrilo
[2009/04/04 21:48:21 | 00,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/04/04 21:47:44 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/04/03 19:21:27 | 00,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\Setup1.exe
[2009/04/03 19:21:26 | 00,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE
[2008/09/07 23:47:47 | 00,000,105 | ---- | C] () -- C:\Windows\lexstat.ini
[2008/07/08 10:38:54 | 00,000,000 | ---- | C] () -- C:\Windows\PlusUnInstall.INI
[2008/05/20 00:55:47 | 00,000,024 | ---- | C] () -- C:\Windows\AUDIOVOLUME.INI
[2008/02/21 01:46:10 | 00,000,067 | ---- | C] () -- C:\Windows\swupdate.INI
[2008/02/21 01:04:43 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/02/21 00:37:33 | 00,000,016 | ---- | C] () -- C:\Windows\System32\winhcfg.ini
[2007/08/22 16:33:11 | 00,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007/08/22 16:18:54 | 00,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007/08/22 16:18:54 | 00,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007/08/22 16:18:54 | 00,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007/08/22 16:18:54 | 00,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007/08/22 16:18:54 | 00,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007/08/22 16:18:54 | 00,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007/08/22 15:49:10 | 00,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2007/08/22 15:49:10 | 00,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2007/08/22 15:49:10 | 00,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2007/08/22 15:49:10 | 00,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2007/08/22 15:45:08 | 00,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/07/28 02:26:30 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/12/05 16:05:04 | 00,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/10 09:08:50 | 00,024,064 | ---- | C] () -- C:\Windows\System32\drivers\ATITool.sys
[2006/11/02 08:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 06:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 03:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 13:58:00 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/07/23 00:30:18 | 00,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
[1996/04/03 15:33:26 | 00,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== Files - Modified Within 30 Days ==========

[1 C:\Windows\*.tmp files]
[2009/04/29 12:57:04 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Users\eunmitanner\Desktop\OTListIt2.exe
[2009/04/29 12:56:42 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/04/29 12:56:42 | 00,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/04/29 12:56:42 | 00,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/04/29 12:51:43 | 00,000,501 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2009/04/29 12:51:32 | 00,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/04/29 12:51:31 | 00,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/04/29 12:51:30 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/04/29 12:51:24 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/04/29 06:19:57 | 00,000,508 | ---- | M] () -- C:\Users\eunmitanner\Documents\My Sharing Folders.lnk
[2009/04/26 18:00:00 | 00,000,420 | ---- | M] () -- C:\Windows\tasks\Norton Security Scan for eunmitanner.job
[2009/04/24 21:07:06 | 00,089,088 | ---- | M] () -- C:\Users\eunmitanner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/23 22:40:06 | 00,122,136 | ---- | M] () -- C:\Windows\System32\GDIPFONTCACHEV1.DAT
[2009/04/23 20:41:25 | 90,132,496 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/04/23 06:34:32 | 35,336,148 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/04/23 06:34:32 | 00,025,904 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/04/22 22:45:31 | 00,000,242 | ---- | M] () -- C:\Windows\System32\Ahmbed.gz
[2009/04/22 22:24:02 | 00,000,775 | ---- | M] () -- C:\Users\eunmitanner\Desktop\SpeedFan.lnk
[2009/04/22 22:24:01 | 00,000,045 | ---- | M] () -- C:\Windows\System32\initdebug.nfo
[2009/04/19 19:25:42 | 00,434,673 | ---- | M] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2009/04/06 10:57:24 | 24,921,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe
[2009/04/04 21:48:27 | 00,000,262 | ---- | M] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/04/03 19:21:27 | 00,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\Setup1.exe
[2009/04/03 19:21:26 | 00,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE
< End of report >






OTLI EXTRAS

OTListIt Extras logfile created on: 4/29/2009 1:10:10 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Users\eunmitanner\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 1.10 Gb Available Physical Memory | 58.89% Memory free
3.98 Gb Paging File | 3.03 Gb Available in Paging File | 76.16% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 184.84 Gb Total Space | 46.40 Gb Free Space | 25.10% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JAMES-PC
Current User Name: eunmitanner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"DisableNotifications" = 0
"EnableFirewall" = 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine (TOSHIBA Corporation)
C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger ()

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D62890C-2061-E6EA-8E37-244BBC3B51EF}" = Catalyst Control Center Graphics Light
"{0F2A2D93-368F-C181-A127-1F55A8C79724}" = ccc-utility
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{18C9716F-C906-441F-BA66-CABAA5CB2DCE}" = Adobe XMP Panels CS4
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{21E0BFF2-F0C3-8966-394C-8382918E90E0}" = CCC Help English
"{236479EE-1E63-59DC-8E6B-293A393A135F}" = Catalyst Control Center InstallProxy
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{28773E11-6E44-46DC-90BD-273A3FA2CAC1}" = Adobe Setup
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{2BDF38E0-1A7F-4220-B4B7-118DD45E5E13}" = TOSHIBA Supervisor Password
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{523BD5B6-E904-493C-B902-1BC9B7D44DF4}" = Lexmark Photo Center
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5D87FB79-FEF9-E38A-B97A-528708049D9E}" = Catalyst Control Center Graphics Previews Vista
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}" = iTunes
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6D2993F4-0C04-739B-BC79-EC352410541F}" = Catalyst Control Center Graphics Previews Common
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{755F77D1-717E-4D7D-BF21-D3EB63906365}" = Winbond CIR Device Drivers
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{885A63EA-382B-4DD4-A755-14809B8557D6}" = Macromedia Flash Player 8
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{8F02E37B-1B3B-9724-FACA-1BB9025D6F82}" = Catalyst Control Center Graphics Full New
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A46AA50A-5A57-3A6B-B09E-628C09CB7679}" = ATI Catalyst Install Manager
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AB127B96-EF3F-72BE-79EF-42FAE103D817}" = Catalyst Control Center HydraVision Full
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AC76BA86-7AD7-5670-0000-900000000003}" = Korean Fonts Support For Adobe Reader 9
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BFC85CDC-BD7C-4FDD-9507-8D74B5A79404}" = TOSHIBA Hardware Setup
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{C5826071-79CE-444F-B983-09D2C838AACF}" = Sprint Mobile Broadband (Novatel Wireless)
"{CA9BE5A1-2D94-C203-75C6-71A3B621830E}" = ccc-core-static
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D97ADCC0-DE02-16BC-7F3E-870058269067}" = Catalyst Control Center Core Implementation
"{DE787736-66F0-4BD9-884B-E4BCA3661646}" = Adobe ExtendScript Toolkit CS4
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E96B4BD4-1D1D-5751-0913-1B8705D7B7E9}" = Skins
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F99891F5-181F-1C47-A017-0F562AD824E8}" = Catalyst Control Center Graphics Full Existing
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe_ccb135070a90ff24d6e7cc4bc5a59cb" = Adobe Fireworks CS4
"AIM_6" = AIM 6
"ATITool" = ATITool Overclocking Utility
"AVG8Uninstall" = AVG 8.5
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"ENTERPRISE" = Microsoft Office Enterprise 2007
"GoldWave v5.20" = GoldWave v5.20
"InstallShield_{523BD5B6-E904-493C-B902-1BC9B7D44DF4}" = Lexmark Photo Center
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"LimeWire" = LimeWire PRO 5.0.11
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"MovieConverterV3" = Movie Converter V3 (remove only)
"Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10)
"PC Pitstop Optimize_is1" = PC Pitstop Optimize 1.5
"Riva FLV Encoder 2.0_is1" = Riva FLV Encoder 2.0
"SpeedFan" = SpeedFan (remove only)
"Steam App 10" = Counter-Strike
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.6h
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinPatrol" = WinPatrol 2009
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ijji FireFox Launcher" = ijji FireFox Launcher 1.0
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/4/2009 7:07:24 PM | Computer Name = James-PC | Source = Application Error | ID = 1000
Description = Faulting application Explorer.EXE, version 6.0.6001.18164, time stamp
0x4907e242, faulting module wlanui.dll, version 6.0.6001.18000, time stamp 0x4791a7da,
exception code 0xc0000005, fault offset 0x0000d2f6, process id 0xc9c, application
start time 0x01c9b526c6ba25b5.

Error - 4/4/2009 10:31:23 PM | Computer Name = James-PC | Source = EventSystem | ID = 4621
Description =

Error - 4/5/2009 6:15:12 PM | Computer Name = James-PC | Source = Application Hang | ID = 1002
Description = The program hl.exe version 1.1.1.1 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 1438 Start Time: 01c9b63a92218483 Termination Time: 88

Error - 4/7/2009 4:16:56 PM | Computer Name = James-PC | Source = VSS | ID = 8194
Description =

Error - 4/8/2009 4:04:31 PM | Computer Name = James-PC | Source = VSS | ID = 8194
Description =

Error - 4/9/2009 8:42:26 PM | Computer Name = James-PC | Source = EventSystem | ID = 4621
Description =

Error - 4/9/2009 8:46:14 PM | Computer Name = James-PC | Source = Application Hang | ID = 1002
Description = The program hl.exe version 1.1.1.1 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 1124 Start Time: 01c9b975a544b110 Termination Time: 19

Error - 4/11/2009 8:45:00 PM | Computer Name = James-PC | Source = Application Error | ID = 1000
Description = Faulting application nfs.exe, version 1.0.0.1, time stamp 0x4903d933,
faulting module d3dx9_34.dll, version 6.0.6001.18000, time stamp 0x4791a7a6, exception
code 0xc0000135, fault offset 0x00009cac, process id 0x3ec, application start time
0x01c9bb07e6a7eb5b.

Error - 4/11/2009 8:45:05 PM | Computer Name = James-PC | Source = Application Error | ID = 1000
Description = Faulting application nfs.exe, version 1.0.0.1, time stamp 0x4903d933,
faulting module d3dx9_34.dll, version 6.0.6001.18000, time stamp 0x4791a7a6, exception
code 0xc0000135, fault offset 0x00009cac, process id 0x1114, application start time
0x01c9bb07eb17c89b.

Error - 4/11/2009 8:45:33 PM | Computer Name = James-PC | Source = Application Error | ID = 1000
Description = Faulting application nfs.exe, version 1.0.0.1, time stamp 0x4903d933,
faulting module d3dx9_34.dll, version 6.0.6001.18000, time stamp 0x4791a7a6, exception
code 0xc0000135, fault offset 0x00009cac, process id 0x17e8, application start time
0x01c9bb07fbc112ab.

[ Media Center Events ]
Error - 11/18/2008 4:29:32 PM | Computer Name = James-PC | Source = Media Center Guide | ID = 0
Description = Event Info: COMException trying to call ehepgdat. Process: DefaultDomain
Object
Name: Microsoft.Ehome.Epg.Helper.EhepgdatHelper

Error - 11/18/2008 4:29:32 PM | Computer Name = James-PC | Source = Media Center Guide | ID = 0
Description = Event Info: COMException trying to call ehepgdat. Process: DefaultDomain
Object
Name: Microsoft.Ehome.Epg.Helper.EhepgdatHelper

Error - 11/18/2008 4:29:33 PM | Computer Name = James-PC | Source = Media Center Guide | ID = 0
Description = Event Info: COMException trying to call ehepgdat. Process: DefaultDomain
Object
Name: Microsoft.Ehome.Epg.Helper.EhepgdatHelper

Error - 11/18/2008 4:29:33 PM | Computer Name = James-PC | Source = Media Center Guide | ID = 0
Description = Event Info: COMException trying to call ehepgdat. Process: DefaultDomain
Object
Name: Microsoft.Ehome.Epg.Helper.EhepgdatHelper

Error - 11/18/2008 4:29:33 PM | Computer Name = James-PC | Source = Media Center Guide | ID = 0
Description = Event Info: Error reprocessing guide: System.Runtime.InteropServices.COMException
(0x80070422): Retrieving the COM class factory for component with CLSID {4B635ECB-0887-4015-8CA6-D621362F98D1}
failed due to the following error: 80070422. at Microsoft.Ehome.Epg.Helper.EhepgdatHelper.GetEhepgdat()

at Microsoft.Ehome.Epg.Helper.EhepgdatBase.Retry(EhepgdatCall action) at Microsoft.Ehome.Epg.Guide.ReprocessGuideImp()
Process: DefaultDomain Object Name: Media Center Guide

[ System Events ]
Error - 4/28/2009 11:07:42 PM | Computer Name = James-PC | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 001B9E7B7C29. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 4/28/2009 11:08:00 PM | Computer Name = James-PC | Source = ipnathlp | ID = 31004
Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
may indicate that the system is low on virtual memory, or that the memory manager
has encountered an internal error.

Error - 4/28/2009 11:37:48 PM | Computer Name = James-PC | Source = ipnathlp | ID = 30005
Description = The DHCP allocator has detected a DHCP server with IP address 192.168.0.1
on the same network as the interface with IP address 192.168.0.2. The allocator
has disabled itself on the interface to avoid confusing DHCP clients.

Error - 4/29/2009 6:19:48 AM | Computer Name = James-PC | Source = ipnathlp | ID = 30013
Description = The DHCP allocator has disabled itself on IP address 169.254.251.14,
since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which
addresses are being allocated to DHCP clients. To enable the DHCP allocator on this
IP address, change the scope to include the IP address, or change the IP address
to fall within the scope.

Error - 4/29/2009 6:49:48 AM | Computer Name = James-PC | Source = ipnathlp | ID = 30005
Description = The DHCP allocator has detected a DHCP server with IP address 192.168.0.1
on the same network as the interface with IP address 192.168.0.2. The allocator
has disabled itself on the interface to avoid confusing DHCP clients.

Error - 4/29/2009 12:51:30 PM | Computer Name = James-PC | Source = HTTP | ID = 15016
Description =

Error - 4/29/2009 12:51:32 PM | Computer Name = James-PC | Source = Print | ID = 19
Description = The print spooler failed to share printer QuickBooks PDF Converter
with shared resource name QuickBooks PDF Converter. Error 2114. The printer cannot
be used by others on the network.

Error - 4/29/2009 12:51:40 PM | Computer Name = James-PC | Source = ipnathlp | ID = 34001
Description = The ICS_IPV6 failed to configure IPv6 stack.

Error - 4/29/2009 12:52:18 PM | Computer Name = James-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 4/29/2009 12:52:18 PM | Computer Name = James-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >
  • 0

#4
Jimmy2012
Posted 29 April 2009 - 02:33 PM

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello OMGkorea,

  • Please open OTListIt2.exe
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    :Files
C:\Users\EUNMIT~1\Documents\Macromedia Flash Pro 8 plus keygen

:Commands
[purity]
[emptytemp]
[reboot]
  • Return to OTListIt2, right click in the "Custom Scans/fixes" window (under the light blue bar) and choose Paste.
  • Click the Run Fix button.
  • Let the program run until it is finished, reboot when it is done.
  • It will produce a log for you on reboot, please post that log in your next reply.

  • 0

#5
OMGkorea
Posted 29 April 2009 - 03:44 PM

OMGkorea

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
========== FILES ==========
File/Folder C:\Users\EUNMIT~1\Documents\Macromedia Flash Pro 8 plus keygen not found.
========== COMMANDS ==========
User's Internet Explorer cache folder emptied.
Windows Temp folder emptied.
FireFox cache emptied.
Temp folders emptied.
Error: Unable to interpret <[reboot> in the current context!

OTListIt2 by OldTimer - Version 2.0.14.0 log created on 04292009_174345
  • 0

#6
Jimmy2012
Posted 29 April 2009 - 06:33 PM

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello OMGkorea,


  • Please start Malwarebytes' Anti-Malware and update it.
  • To update please do this, click Update and then click Check for Updates.
  • It will now install any updates it finds.
  • Once it is done updating please click Scanner and then click "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.








Please do an online scan with Kaspersky WebScanner
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.
~~~~~~~~~~~~~~~
In your next reply please have these logs.
The Malwarebytes log
And the Kaspersky log
  • 0

#7
Jimmy2012
Posted 04 May 2009 - 11:04 PM

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP