Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

System restore fails in safe mode but is successful after pc reboots?


  • Please log in to reply

#1
Chicken mania

Chicken mania

    Member

  • Member
  • PipPip
  • 69 posts
Am attempting to fix some issues on someone's laptop, so I loaded a system restore in safe mode(under well, repair mode, to be exact). It ran for some time and finally, said that it failed. However, when I rebooted into windows 7, the message was that it'd succeeded?

Any idea what's going on? I've never encountered this issue before. The laptop is usable though and it seems like Chrome, Firefox and other programs run okay. The only thing is some of the files which were transferred to other locations, didn't revert to their original location. I suspect the error might be 'cos I was backing up files from AppData/Local and the system restore failed 'cos of permission errors.

Btw, if a computer has multiple problems including malware(mostly solved) and high cpu usage issues and crashes and so on, would it be advisable to install Windows 7 sp1 before fixing most of these issues?


Thanks! :)

Edited by Chicken mania, 27 May 2011 - 01:38 PM.

  • 0

Advertisements


#2
Jacee

Jacee

    Malware Expert

  • Expert
  • 994 posts
  • MVP
Fix the issues first ... SP1, more than likely, will fail to install.
  • 0

#3
Chicken mania

Chicken mania

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
You're right. This pc has quite a few bsods, explorer crashes(caused by copying and pasting items) and so on.

I tried updating the graphics driver, not using the ones offered by Toshiba and installed the ones by Intel, as a test to see whether that'd fix anything as it seems this pc is unable to disable hardware acceleration. Then comes the bsod crash: bad_pool_header(which isn't listed under the dump files 'cos I was double-checking the Memory dump settings and accidentally unchecked the "overwrite existing file" option, when the pc crashed). I will be adding some OTL logs shortly for anyone who wants to take a look.

I've already scanned this pc with:

Malware bytes(latest version)
Avast(newly installed: found only 1 virus, some DRP stuff on some video file, about financial info. The owner didn't even install an antivirus software. *sighs* :) )
Super Anti Spyware(found nothing but cookies, which I disregarded for now 'cos most of those cookies appear to be for news sites and business sites and so on)
Spyware Blaster(protected it)

I also disabled Windows Defender to prevent any problems with antivirus applications. I've uninstalled as many other "non-needed" programs for now, choosing to leave only their database files and some other user data.

It also seems the partially successful system restore may have created further registry problems. I'm at a loss to fix this as the only registry backup I've is quite recent and was from a pc state that also had multiple problems. However, I quickly backed up the system using Erunt anyways as any modifications could corrupt the pc further. I don't think I should use regscrub or any of those registry modification programs. I've begun modifying the registry but only deleting entries for programs which can't uninstall(manual uninstall plus manual delete).

Going to run chkdisk now.

Bluscreen errors:

- driver power state failure(3rd time this has occurred. I was told this has to do with the Realtek drivers. Here's the tricky issue. Toshiba lists the wireless lan as Rtl8191se while Windows 7 automatically detects it as Rtl8187b. I've disabled wireless Lan for now while I figure out the issues.)
- bad_pool_header(not listed under minidmp folder.)
- kernel mode exception not handled

Edited by Chicken mania, 28 May 2011 - 04:26 AM.

  • 0

#4
Chicken mania

Chicken mania

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
OTL logfile created on: 5/28/2011 9:32:17 AM - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Florence\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Singapore | Language: ENE | Date Format: d/M/yyyy

1.87 Gb Total Physical Memory | 0.85 Gb Available Physical Memory | 45.45% Memory free
3.74 Gb Paging File | 2.16 Gb Available in Paging File | 57.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 286.34 Gb Total Space | 85.45 Gb Free Space | 29.84% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: FLORENCEPC | User Name: Florence | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/28 02:49:49 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Florence\Downloads\OTL.exe
PRC - [2011/05/23 23:00:06 | 002,424,192 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011/04/28 15:35:35 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Users\Florence\AppData\Local\Google\Update\1.3.21.53\GoogleCrashHandler.exe
PRC - [2011/04/21 03:02:04 | 000,327,472 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2011/03/27 19:12:18 | 000,052,736 | ---- | M] (NirSoft) -- C:\Program Files\NirSoft\BlueScreenView\BlueScreenView.exe
PRC - [2010/09/07 23:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 23:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009/08/12 07:09:54 | 000,185,712 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe
PRC - [2009/08/12 07:09:38 | 001,324,384 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TECO\TEco.exe
PRC - [2009/08/11 10:55:46 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
PRC - [2009/08/07 08:05:18 | 000,583,024 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
PRC - [2009/08/07 08:04:56 | 000,685,424 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
PRC - [2009/08/07 06:02:02 | 000,029,528 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
PRC - [2009/08/07 04:06:58 | 000,466,792 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
PRC - [2009/08/06 05:18:50 | 000,464,224 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2009/08/06 05:18:08 | 000,476,512 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2009/08/06 05:04:54 | 000,738,616 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2009/08/04 09:16:50 | 001,021,272 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
PRC - [2009/08/04 09:16:32 | 000,111,960 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
PRC - [2009/07/29 11:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/07/29 06:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2009/07/29 05:00:10 | 000,460,088 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2009/07/22 12:40:40 | 000,083,336 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
PRC - [2009/07/14 09:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 09:14:24 | 001,401,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mmc.exe
PRC - [2009/07/14 09:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/14 06:24:00 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2009/07/07 09:07:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009/03/11 09:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2009/02/21 00:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2009/02/05 11:51:12 | 000,388,768 | ---- | M] () -- C:\Windows\System32\atwtusb.exe
PRC - [2009/01/13 11:10:32 | 003,161,760 | ---- | M] () -- C:\Windows\System32\WTMKM.exe
PRC - [2008/01/23 01:35:52 | 000,103,808 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2007/11/13 12:16:02 | 000,079,136 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe


========== Modules (SafeList) ==========

MOD - [2011/05/28 02:49:49 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Florence\Downloads\OTL.exe
MOD - [2009/07/14 09:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/09/07 23:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 23:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 23:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/07/29 05:36:52 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2009/08/18 01:48:42 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/08/12 07:09:54 | 000,185,712 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV - [2009/08/11 10:55:46 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe -- (cfWiMAXService)
SRV - [2009/08/07 08:04:56 | 000,685,424 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV - [2009/08/06 05:18:50 | 000,464,224 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2009/08/04 09:16:32 | 000,111,960 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2009/07/30 20:20:04 | 000,144,752 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2009/07/29 06:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2009/07/14 09:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 09:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/03/11 09:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2009/02/21 00:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2009/02/05 11:51:12 | 000,388,768 | ---- | M] () [Auto | Running] -- C:\windows\System32\atwtusb.exe -- (WTService)
SRV - [2008/01/23 01:35:52 | 000,103,808 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)


========== Driver Services (SafeList) ==========

DRV - [2011/05/16 19:01:00 | 000,111,280 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2010/09/07 22:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 22:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 22:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 22:47:30 | 000,050,768 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010/09/07 22:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/05/11 02:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/18 02:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/11/20 16:26:50 | 000,025,984 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2009/11/12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/08/13 23:37:00 | 000,376,320 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2009/07/31 08:45:56 | 000,022,912 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2009/07/25 06:57:06 | 000,275,536 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2009/07/15 06:28:42 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2009/07/14 13:13:10 | 000,015,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2009/07/14 07:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 06:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/14 06:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel®
DRV - [2009/07/07 23:53:06 | 000,007,680 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2009/06/23 08:04:58 | 000,024,064 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PGEffect.sys -- (PGEffect)
DRV - [2009/06/20 10:31:08 | 000,012,920 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVALZFL.sys -- (TVALZFL)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSAS&bmod=TSAS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=TSAS&bmod=TSAS

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSAS&bmod=TSAS
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.singnet.com.sg:8080

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://shop.thefreev...n.com/home.php"
FF - prefs.js..extensions.enabledItems: [email protected]:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:3.9.1.14019
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
FF - prefs.js..network.proxy.http: "proxy.singnet.com.sg"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/03 03:05:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/11 15:45:28 | 000,000,000 | ---D | M]

[2010/07/04 01:32:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Florence\AppData\Roaming\Mozilla\Extensions
[2011/04/01 19:07:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Florence\AppData\Roaming\Mozilla\Firefox\Profiles\cfkf11dt.default\extensions
[2010/12/03 23:28:47 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Florence\AppData\Roaming\Mozilla\Firefox\Profiles\cfkf11dt.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/07/21 20:24:08 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Florence\AppData\Roaming\Mozilla\Firefox\Profiles\cfkf11dt.default\extensions\[email protected]
[2011/05/28 04:52:27 | 000,000,000 | ---D | M] ("Foxit PDF Creator Toolbar") -- C:\Users\Florence\AppData\Roaming\Mozilla\Firefox\Profiles\cfkf11dt.default\extensions\[email protected]
[2011/05/28 04:42:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/21 20:59:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/19 04:28:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/04/22 19:18:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
[2011/05/03 03:05:18 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/09/05 01:40:58 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2011/03/23 02:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2010/01/01 16:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/01/01 16:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010/01/01 16:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 16:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 16:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/06/11 05:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [MacrokeyManager] C:\windows\System32\WTMKM.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: kuaiche.com ([software] http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{9b1d3bbb-bf08-11df-b075-00266c6b4cfd}\Shell - "" = AutoRun
O33 - MountPoints2\{9b1d3bbb-bf08-11df-b075-00266c6b4cfd}\Shell\AutoRun\command - "" = G:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/28 07:28:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClearType Switch
[2011/05/28 07:28:46 | 000,000,000 | ---D | C] -- C:\Program Files\ClearType Switch
[2011/05/28 06:50:57 | 000,000,000 | ---D | C] -- C:\windows\System32\x64
[2011/05/28 06:50:57 | 000,000,000 | ---D | C] -- C:\windows\System32\Lang
[2011/05/28 06:45:52 | 000,000,000 | ---D | C] -- C:\Intel
[2011/05/28 06:26:16 | 000,000,000 | ---D | C] -- C:\Users\Florence\AppData\Roaming\SystemRequirementsLab
[2011/05/28 06:07:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
[2011/05/28 06:07:27 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2011/05/28 03:49:42 | 000,000,000 | ---D | C] -- C:\Users\Florence\AppData\Roaming\SUPERAntiSpyware.com
[2011/05/28 03:49:42 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/05/28 03:49:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/05/28 03:49:15 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/05/28 03:45:30 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2011/05/27 23:19:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhoCrashed
[2011/05/27 23:19:44 | 000,000,000 | ---D | C] -- C:\Program Files\WhoCrashed
[2011/05/27 21:55:10 | 000,000,000 | ---D | C] -- C:\windows\System32\SPReview
[2011/05/27 21:15:21 | 000,000,000 | ---D | C] -- C:\windows\System32\EventProviders
[2011/05/27 02:47:00 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/05/27 02:47:00 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/05/23 21:47:09 | 000,000,000 | ---D | C] -- C:\perflogs
[2011/05/23 20:45:41 | 000,000,000 | ---D | C] -- C:\Users\Florence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView
[2011/05/23 20:45:40 | 000,000,000 | ---D | C] -- C:\Program Files\NirSoft
[2011/05/18 15:51:27 | 000,000,000 | ---D | C] -- C:\Users\Florence\VirtualBox VMs
[2011/05/18 15:51:02 | 000,000,000 | ---D | C] -- C:\Users\Florence\.VirtualBox
[2011/05/09 23:47:07 | 000,000,000 | ---D | C] -- C:\Program Files\ASCII
[2011/04/29 05:30:16 | 000,000,000 | ---D | C] -- C:\Users\Florence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JustZIPit
[2011/04/29 05:30:12 | 000,000,000 | ---D | C] -- C:\Users\Florence\AppData\Roaming\Free-backup.info
[2011/04/29 05:21:13 | 000,000,000 | ---D | C] -- C:\Program Files\Hamster Soft
[2011/04/28 19:18:22 | 000,000,000 | ---D | C] -- C:\Users\Florence\AppData\Roaming\cYo
[2011/04/28 19:18:22 | 000,000,000 | ---D | C] -- C:\Users\Florence\AppData\Local\cYo
[2011/04/28 19:14:03 | 000,000,000 | ---D | C] -- C:\old
[2011/02/11 11:40:40 | 000,004,096 | ---- | C] ( ) -- C:\windows\System32\IGFXDEVLib.dll

========== Files - Modified Within 30 Days ==========

[2011/05/28 09:33:23 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/05/28 09:20:45 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/28 09:04:43 | 000,000,920 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-4038907-3774545379-3254938991-1005UA.job
[2011/05/28 08:20:30 | 000,016,080 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/28 08:20:30 | 000,016,080 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/28 08:13:12 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/28 08:12:42 | 1506,791,424 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/28 08:07:56 | 000,756,138 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/05/28 08:07:56 | 000,156,722 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011/05/28 07:28:46 | 000,001,023 | ---- | M] () -- C:\Users\Public\Desktop\ClearType Switch.lnk
[2011/05/28 06:53:49 | 000,014,744 | ---- | M] () -- C:\windows\System32\results.xml
[2011/05/28 06:07:29 | 000,000,904 | ---- | M] () -- C:\Users\Public\Desktop\Speccy.lnk
[2011/05/28 03:49:19 | 000,001,928 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/05/28 01:31:39 | 000,001,904 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/05/28 01:31:37 | 000,002,577 | ---- | M] () -- C:\windows\System32\config.nt
[2011/05/27 23:21:35 | 000,011,022 | ---- | M] () -- C:\Users\Florence\AppData\Local\Temp16.html
[2011/05/27 23:19:48 | 000,001,667 | ---- | M] () -- C:\Users\Florence\AppData\Local\Temp1.html
[2011/05/27 03:22:16 | 000,007,635 | ---- | M] () -- C:\Users\Florence\AppData\Local\Resmon.ResmonCfg
[2011/05/24 15:40:00 | 000,000,868 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-4038907-3774545379-3254938991-1005Core.job
[2011/05/23 21:32:39 | 222,838,264 | ---- | M] () -- C:\windows\MEMORY.DMP
[2011/05/13 18:50:34 | 000,002,420 | ---- | M] () -- C:\Users\Florence\Desktop\Google Chrome.lnk
[2011/05/09 23:54:57 | 000,442,128 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2011/05/09 23:29:28 | 000,084,360 | ---- | M] () -- C:\windows\gamedelete.exe
[2011/05/08 01:04:15 | 000,000,155 | ---- | M] () -- C:\Users\Florence\SecurityKISSTunnel.config
[2011/05/03 03:07:18 | 000,002,005 | ---- | M] () -- C:\Users\Florence\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/29 05:30:16 | 000,001,187 | ---- | M] () -- C:\Users\Florence\Application Data\Microsoft\Internet Explorer\Quick Launch\JustZIPit.lnk

========== Files Created - No Company Name ==========

[2011/05/28 07:28:46 | 000,001,023 | ---- | C] () -- C:\Users\Public\Desktop\ClearType Switch.lnk
[2011/05/28 06:07:29 | 000,000,904 | ---- | C] () -- C:\Users\Public\Desktop\Speccy.lnk
[2011/05/28 03:49:19 | 000,001,928 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/05/27 23:21:35 | 000,011,022 | ---- | C] () -- C:\Users\Florence\AppData\Local\Temp16.html
[2011/05/27 23:19:48 | 000,001,667 | ---- | C] () -- C:\Users\Florence\AppData\Local\Temp1.html
[2011/05/20 17:54:07 | 000,778,752 | ---- | C] () -- C:\windows\System32\RGSS102E.dll
[2011/05/20 17:54:07 | 000,758,272 | ---- | C] () -- C:\windows\System32\RGSS104E.dll
[2011/05/20 17:54:06 | 000,781,312 | ---- | C] () -- C:\windows\System32\RGSS102J.dll
[2011/05/20 17:54:06 | 000,761,856 | ---- | C] () -- C:\windows\System32\RGSS104J.dll
[2011/05/20 17:54:06 | 000,685,056 | ---- | C] () -- C:\windows\System32\RGSS103J.dll
[2011/05/20 17:54:05 | 000,771,584 | ---- | C] () -- C:\windows\System32\RGSS100J.dll
[2011/05/18 17:48:42 | 000,087,040 | ---- | C] () -- C:\windows\UnGins.exe
[2011/05/18 17:46:46 | 000,473,600 | ---- | C] () -- C:\windows\System32\Harmony.dll
[2011/05/18 17:46:46 | 000,237,568 | ---- | C] () -- C:\windows\System32\Unlha32.dll
[2011/05/09 23:37:40 | 000,084,360 | ---- | C] () -- C:\windows\gamedelete.exe
[2011/04/29 05:30:16 | 000,001,187 | ---- | C] () -- C:\Users\Florence\Application Data\Microsoft\Internet Explorer\Quick Launch\JustZIPit.lnk
[2011/04/28 15:35:37 | 000,000,920 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-4038907-3774545379-3254938991-1005UA.job
[2011/02/25 15:29:00 | 000,021,840 | ---- | C] () -- C:\windows\System32\SIntfNT.dll
[2011/02/25 15:29:00 | 000,017,212 | ---- | C] () -- C:\windows\System32\SIntf32.dll
[2011/02/25 15:29:00 | 000,012,067 | ---- | C] () -- C:\windows\System32\SIntf16.dll
[2011/02/25 15:12:49 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat
[2011/02/19 16:04:29 | 050,438,401 | ---- | C] () -- C:\Users\Florence\AppData\Roaming\.minecraft.7z
[2011/02/13 01:53:57 | 000,388,768 | ---- | C] () -- C:\windows\System32\atwtusb.exe
[2011/02/13 01:53:55 | 000,045,056 | ---- | C] () -- C:\windows\System32\InstallService.exe
[2011/02/13 01:53:51 | 003,161,760 | ---- | C] () -- C:\windows\System32\WTMKM.exe
[2011/02/13 01:53:51 | 000,180,224 | ---- | C] () -- C:\windows\System32\ATWTINK.DLL
[2011/02/13 01:53:51 | 000,102,048 | ---- | C] () -- C:\windows\RmTablet.exe
[2011/02/13 01:53:51 | 000,013,254 | ---- | C] () -- C:\windows\System32\Vista.ini
[2011/02/13 01:53:51 | 000,012,948 | ---- | C] () -- C:\windows\System32\XP_2000.ini
[2011/02/13 01:53:51 | 000,007,344 | ---- | C] () -- C:\windows\aiptbl.ini
[2011/02/13 01:53:51 | 000,000,593 | ---- | C] () -- C:\windows\System32\MKProfile.ini
[2011/02/11 12:10:52 | 000,439,308 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin
[2011/02/11 12:10:50 | 000,982,240 | ---- | C] () -- C:\windows\System32\igkrng500.bin
[2011/02/11 12:10:50 | 000,092,356 | ---- | C] () -- C:\windows\System32\igfcg500m.bin
[2011/02/11 11:38:44 | 000,000,151 | ---- | C] () -- C:\windows\System32\GfxUI.exe.config
[2011/01/02 05:15:11 | 000,007,635 | ---- | C] () -- C:\Users\Florence\AppData\Local\Resmon.ResmonCfg
[2010/11/22 03:24:56 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/09/13 15:27:51 | 000,007,168 | ---- | C] () -- C:\windows\System32\drivers\StarOpen.sys
[2010/09/13 03:20:34 | 000,000,025 | ---- | C] () -- C:\windows\libem.INI
[2010/09/12 19:00:14 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010/09/12 16:43:38 | 000,000,065 | ---- | C] () -- C:\windows\WININIT.INI
[2010/07/22 11:43:59 | 000,057,344 | ---- | C] () -- C:\windows\System32\ff_vfw.dll
[2010/07/22 10:04:25 | 000,758,018 | ---- | C] () -- C:\windows\System32\xvidcore.dll
[2010/07/22 10:04:25 | 000,180,224 | ---- | C] () -- C:\windows\System32\xvidvfw.dll
[2010/07/22 09:46:03 | 000,027,648 | ---- | C] () -- C:\windows\System32\AVSredirect.dll
[2010/07/20 17:35:45 | 000,000,412 | ---- | C] () -- C:\windows\MAXLINK.INI
[2010/04/17 09:38:31 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2010/04/17 09:27:41 | 000,000,520 | ---- | C] () -- C:\windows\System32\drivers\RTEQEX0.dat
[2010/04/17 09:27:41 | 000,000,176 | ---- | C] () -- C:\windows\System32\drivers\RTHDAEQ0.dat
[2010/04/17 09:26:56 | 000,073,728 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll
[2009/08/27 22:57:38 | 000,134,592 | ---- | C] () -- C:\windows\System32\igfcg500.bin
[2009/07/14 12:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 12:33:53 | 000,442,128 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/14 10:05:48 | 000,756,138 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/14 10:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/14 10:05:48 | 000,156,722 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/14 10:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/14 10:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/14 10:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/14 07:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/14 07:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/14 07:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/06/11 05:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat

========== LOP Check ==========

[2011/02/19 16:22:43 | 000,000,000 | ---D | M] -- C:\Users\Florence\AppData\Roaming\.minecraft
[2011/02/19 16:20:15 | 000,000,000 | ---D | M] -- C:\Users\Florence\AppData\Roaming\.minecraft server
[2011/05/28 06:41:42 | 000,000,000 | ---D | M] -- C:\Users\Florence\AppData\Roaming\Audacity
[2010/07/22 10:26:39 | 000,000,000 | ---D | M] -- C:\Users\Florence\AppData\Roaming\Aura4You
[2011/02/05 16:09:32 | 000,000,000 | ---D | M] -- C:\Users\Florence\AppData\Roaming\Azureus
[2010/09/13 12:36:34 | 000,000,000 | ---D | M] -- C:\Users\Florence\AppData\Roaming\BITS
[2010/09/13 15:35:35 | 000,000,000 | ---D | M] -- C:\Users\Florence\AppData\Roaming\Canneverbe Limited
[2010/08/04 15:49:30 | 000,000,000 | ---D | M] -- C:\Users\Florence\AppData\Roaming\Canon
[2010/07/21 20:26:56 | 000,000,000 | ---D | M] -- C:\Users\Florence\AppData\Roaming\CCTV
[2011/04/28 19:18:22 | 000,000,000 | ---D | M] -- C:\Users\Florence\AppData\Roaming\cYo
[2011/02/25 15:02:46 | 000,000,000 | ---D | M] -- C:\Users\Florence\AppData\Roaming\DAEMON Tools Lite
[2010/09/13 03:20:26 | 000,000,000 | ---D | M] -- C:\Users\Florence\AppData\Roaming\FlashGet
[2010/09/13 03:20:24 | 000,000,000 | ---D | M] -- C:\Users\Florence\AppData\Roaming\FlashGetBHO
[2010/09/05 01:41:34 | 000,000,000 | ---D | M] -- C:\Users\Florence\AppData\Roaming\Foxit
[2010/09/05 01:41:36 | 000,000,000 | ---D | M] -- C:\Users\Florence\AppData\Roaming\Foxit Software
[2011/04/29 05:30:12 | 000,000,000 | ---D | M] -- C:\Users\Florence\AppData\Roaming\Free-backup.info
[2010/07/22 11:51:05 | 000,000,000 | ---D | M] -- C:\Users\Florence\AppData\Roaming\GetRightToGo
[2011/02/25 15:18:55 | 000,000,000 | ---D | M] -- C:\Users\Florence\AppData\Roaming\gtk-2.0
[2011/02/20 01:07:12 | 000,000,000 | ---D | M] -- C:\Users\Florence\AppData\Roaming\JAM Software
[2011/05/25 02:52:54 | 000,000,000 | ---D | M] -- C:\Users\Florence\AppData\Roaming\RenPy
[2010/07/20 17:35:38 | 000,000,000 | ---D | M] -- C:\Users\Florence\AppData\Roaming\ScanSoft
[2011/05/28 06:26:16 | 000,000,000 | ---D | M] -- C:\Users\Florence\AppData\Roaming\SystemRequirementsLab
[2010/07/25 23:32:10 | 000,000,000 | ---D | M] -- C:\Users\Florence\AppData\Roaming\Toshiba
[2010/07/22 10:50:52 | 000,000,000 | ---D | M] -- C:\Users\Florence\AppData\Roaming\Ulead Systems
[2011/05/28 09:36:30 | 000,000,000 | ---D | M] -- C:\Users\Florence\AppData\Roaming\uTorrent
[2010/09/06 16:43:19 | 000,000,000 | ---D | M] -- C:\Users\Florence\AppData\Roaming\WildTangent
[2011/01/23 15:46:16 | 000,032,600 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 24 bytes -> C:\Windows:B8AF39A7DA4C2925

< End of report >
  • 0

#5
Jacee

Jacee

    Malware Expert

  • Expert
  • 994 posts
  • MVP
You need to start a new topic here ---> http://www.geekstogo...alware-removal/
Explain the problem, post your OTL log and follow instructions.
  • 0

#6
Chicken mania

Chicken mania

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts

You need to start a new topic here ---> http://www.geekstogo...alware-removal/
Explain the problem, post your OTL log and follow instructions.

Oh oops, you're right. It's been some time since I posted in this forum and I got a bit confused.

Meanwhile, ran chkdsk.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP