[Triskelion]

Iam a student in Geek U. My Aunt asked me to have look at her laptop because it takes forever and a day to boot up and in general performance. I ran a virus scan and ran malwarebytes.. which turned up nothing. I know as a student I'm not supposed to mess around others PC's until I have graduated so I thought I would let the experts take a look first, to see what you think.

Here is the OTL log:


OTL logfile created on: 29/05/2011 1:59:48 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Fred\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1013.69 Mb Total Physical Memory | 186.59 Mb Available Physical Memory | 18.41% Memory free
2.24 Gb Paging File | 0.71 Gb Available in Paging File | 31.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.36 Gb Total Space | 83.71 Gb Free Space | 61.39% Space Free | Partition Type: NTFS
Drive D: | 5.88 Gb Total Space | 4.89 Gb Free Space | 83.15% Space Free | Partition Type: NTFS

Computer Name: FRED-PC | User Name: Fred | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2011/01/26 20:48:43 | 000,918,184 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe
PRC - [2011/01/26 20:48:42 | 000,500,392 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Shaw Secure\Anti-Virus\fsgk32.exe
PRC - [2011/01/26 17:03:05 | 000,372,904 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe
PRC - [2011/01/02 10:40:52 | 000,063,992 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Shaw Secure\ORSP Client\fsorsp.exe
PRC - [2010/06/21 20:33:22 | 000,522,848 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Shaw Secure\FWES\program\fsdfwd.exe
PRC - [2009/08/05 09:58:52 | 000,186,976 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Shaw Secure\Common\FSMA32.EXE
PRC - [2009/08/05 09:58:50 | 000,199,264 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Shaw Secure\Common\FSM32.EXE
PRC - [2009/08/05 09:58:50 | 000,088,672 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Shaw Secure\Common\FSHDLL32.EXE
PRC - [2009/08/05 09:56:10 | 000,215,648 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 00:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008/01/19 01:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/19 01:33:19 | 000,192,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\p2phost.exe
PRC - [2007/09/19 12:01:12 | 000,077,824 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2007/09/03 03:39:22 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/07/26 23:36:38 | 000,200,704 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynToshiba.exe
PRC - [2007/06/15 23:01:58 | 000,448,080 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2007/05/22 18:32:52 | 000,538,744 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2007/05/17 18:03:24 | 004,813,312 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
PRC - [2007/04/10 18:40:28 | 000,413,696 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
PRC - [2007/03/29 12:39:20 | 000,427,576 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2007/03/29 12:39:18 | 000,411,192 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2007/01/22 09:59:08 | 000,417,792 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2007/01/08 23:23:04 | 000,191,552 | ---- | M] (Agere Systems) -- C:\Program Files\ltmoh\ltmoh.exe
PRC - [2006/11/14 23:02:36 | 001,372,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2006/11/14 22:19:42 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2006/11/14 21:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2006/11/06 18:14:44 | 000,034,352 | ---- | M] () -- C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
PRC - [2006/10/04 21:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/08/23 18:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2006/05/25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe


========== Modules (SafeList) ==========

MOD - [2010/08/31 09:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2009/08/05 09:59:08 | 000,256,608 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Shaw Secure\Spam Control\fsscoepl.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/01/02 10:40:52 | 000,063,992 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\Shaw Secure\ORSP Client\fsorsp.exe -- (FSORSPClient)
SRV - [2010/06/21 20:33:22 | 000,522,848 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe -- (FSDFWD)
SRV - [2009/08/05 09:58:52 | 000,186,976 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\Shaw Secure\Common\FSMA32.EXE -- (FSMA)
SRV - [2009/08/05 09:56:10 | 000,215,648 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)
SRV - [2008/01/19 01:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/19 12:01:12 | 000,077,824 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2007/03/29 12:39:20 | 000,427,576 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2006/11/14 21:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2006/10/04 21:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 18:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006/05/25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)


========== Driver Services (SafeList) ==========

DRV - [2011/01/02 10:57:06 | 000,073,160 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\fsdfw.sys -- (FSFW)
DRV - [2011/01/02 10:54:34 | 000,036,792 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\fses.sys -- (FSES)
DRV - [2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | Disabled | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/12/15 13:43:52 | 000,042,664 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\Drivers\fsbts.sys -- (fsbts)
DRV - [2010/12/05 10:29:11 | 000,130,728 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Shaw Secure\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2009/08/05 09:58:30 | 000,068,064 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys -- (F-Secure HIPS)
DRV - [2009/08/05 09:56:14 | 000,039,776 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files\Shaw Secure\Anti-Virus\win2k\fsfilter.sys -- (F-Secure Filter)
DRV - [2009/08/05 09:56:14 | 000,025,184 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files\Shaw Secure\Anti-Virus\win2k\fsrec.sys -- (F-Secure Recognizer)
DRV - [2009/08/05 09:56:12 | 000,012,384 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\Shaw Secure\Anti-Virus\minifilter\fsvista.sys -- (fsvista)
DRV - [2007/09/19 11:59:12 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2007/06/18 19:03:32 | 000,737,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/04/29 22:42:14 | 000,081,408 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/04/16 12:19:10 | 000,011,776 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007/01/23 23:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2006/11/28 00:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/10/18 12:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/10/06 00:22:14 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2006/07/28 17:25:26 | 000,019,456 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\LPCFilter.sys -- (LPCFilter)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - C:\Program Files\Games_Bar_1\tbGam1.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.calgaryflames.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?l...en-ca&OCID=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A3 EF 32 6E AB AA CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - C:\Program Files\Games_Bar_1\tbGam1.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Shaw Secure\NRS\[email protected] [2011/05/25 19:05:38 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2006/09/18 15:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (100% Free Checkers Toolbar Helper) - {4DB2FC48-DEBA-42A6-A9DF-D73820066C8E} - C:\Program Files\100% Free Checkers Toolbar\v3.3.0.1\100%_Free_Checkers_Toolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (Oryte Games 1 Toolbar) - {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - C:\Program Files\Games_Bar_1\tbGam1.dll (Conduit Ltd.)
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\Shaw Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\Shaw Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKLM\..\Toolbar: (100% Free Checkers Toolbar) - {85515A51-2258-4484-A76B-42D1B0288D30} - C:\Program Files\100% Free Checkers Toolbar\v3.3.0.1\100%_Free_Checkers_Toolbar.dll ()
O3 - HKLM\..\Toolbar: (Oryte Games 1 Toolbar) - {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - C:\Program Files\Games_Bar_1\tbGam1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (100% Free Checkers Toolbar) - {85515A51-2258-4484-A76B-42D1B0288D30} - C:\Program Files\100% Free Checkers Toolbar\v3.3.0.1\100%_Free_Checkers_Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Oryte Games 1 Toolbar) - {BC04B34E-5DD8-465A-A5E0-86F7C11BC009} - C:\Program Files\Games_Bar_1\tbGam1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\Shaw Secure\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files\Shaw Secure\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [HWSetup] File not found
O4 - HKLM..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe ()
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [CollaborationHost] C:\Windows\System32\p2phost.exe (Microsoft Corporation)
O4 - HKCU..\Run: [TOSCDSPD] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Shaw Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Shaw Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Shaw Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Shaw Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Shaw Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Shaw Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Shaw Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: internet ([]about in Local intranet)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.135.133 64.59.135.135 64.59.128.120
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\TOSHIBA\Wallpapers\wallpaper1.jpg
O24 - Desktop BackupWallPaper: C:\TOSHIBA\Wallpapers\wallpaper1.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{40fb1673-9eee-11dd-81be-001b384829d0}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\system.exe
O33 - MountPoints2\{40fb1673-9eee-11dd-81be-001b384829d0}\Shell\Explore\command - "" = H:\system.exe
O33 - MountPoints2\{40fb1673-9eee-11dd-81be-001b384829d0}\Shell\Open\command - "" = H:\system.exe
O33 - MountPoints2\{40fb1676-9eee-11dd-81be-001b384829d0}\Shell - "" = AutoRun
O33 - MountPoints2\{40fb1676-9eee-11dd-81be-001b384829d0}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{bb038047-cd2e-11dd-85ed-001b384829d0}\Shell - "" = AutoRun
O33 - MountPoints2\{bb038047-cd2e-11dd-85ed-001b384829d0}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{ea041e64-cfd8-11df-be99-001b384829d0}\Shell\AutoRun\command - "" = F:\start.exe
O33 - MountPoints2\{ff4a213c-fd71-11df-86aa-001b384829d0}\Shell - "" = AutoRun
O33 - MountPoints2\{ff4a213c-fd71-11df-86aa-001b384829d0}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/29 13:57:28 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Fred\Desktop\OTL.exe
[2011/05/29 12:51:00 | 000,000,000 | ---D | C] -- C:\Users\Fred\AppData\Local\{13831729-E37D-4067-830F-1333536ED241}
[2011/05/29 02:37:51 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/05/28 20:27:50 | 000,000,000 | ---D | C] -- C:\Users\Fred\AppData\Roaming\Malwarebytes
[2011/05/28 20:27:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/28 20:27:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/28 20:26:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/05/28 20:26:25 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/05/28 20:26:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/26 16:14:23 | 000,000,000 | ---D | C] -- C:\Users\Fred\Documents\The Learning Company
[2011/05/26 16:13:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Learning Company
[2011/05/26 16:12:36 | 000,000,000 | ---D | C] -- C:\Program Files\The Learning Company
[2011/05/26 16:12:31 | 000,274,432 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Windows\TLCUninstall.exe
[2011/05/25 13:57:46 | 000,000,000 | ---D | C] -- C:\Users\Fred\AppData\Local\{93E29528-F8F6-480B-99EE-448987D0F358}
[2011/05/25 13:19:27 | 000,000,000 | ---D | C] -- C:\Users\Fred\AppData\Local\{1FF7BFC2-1F62-40BF-A6EE-F9A322DF9154}
[2011/05/25 11:37:34 | 000,000,000 | ---D | C] -- C:\Users\Fred\AppData\Local\{3F788C1B-3F45-44BB-A5AD-C81515359C29}
[2011/05/25 08:58:26 | 000,000,000 | ---D | C] -- C:\Users\Fred\AppData\Local\{42C96F56-273D-46D5-B565-DE8A96E2408B}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/29 13:57:43 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Fred\Desktop\OTL.exe
[2011/05/29 13:27:07 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/29 12:42:29 | 000,000,954 | ---- | M] () -- C:\Users\Fred\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/29 12:40:54 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/29 12:38:30 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/29 12:38:30 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/29 12:35:04 | 000,398,800 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/05/29 12:34:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/29 02:40:08 | 000,608,644 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/29 02:40:08 | 000,109,372 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/29 02:11:42 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011/05/29 02:11:42 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011/05/29 02:08:57 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/05/29 00:00:15 | 000,000,508 | ---- | M] () -- C:\Windows\tasks\Scheduled scanning task.job
[2011/05/29 00:00:09 | 000,000,000 | ---- | M] () -- C:\infect.fstmp
[2011/05/29 00:00:09 | 000,000,000 | ---- | M] () -- C:\error.fstmp
[2011/05/28 20:27:06 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/26 16:13:09 | 000,000,208 | ---- | M] () -- C:\Windows\TLCAPPS.INI
[2011/05/25 19:34:59 | 000,000,410 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2011/05/25 19:34:59 | 000,000,026 | ---- | M] () -- C:\Windows\BRPP2KA.INI
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/29 12:42:28 | 000,000,966 | ---- | C] () -- C:\Users\Fred\AppData\Roaming\Microsoft\Windows\SendTo\Start Menu\Programs\Internet Explorer.lnk
[2011/05/29 02:08:57 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/05/28 20:27:06 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/26 16:13:09 | 000,000,208 | ---- | C] () -- C:\Windows\TLCAPPS.INI
[2011/05/11 11:58:56 | 000,000,000 | ---- | C] () -- C:\infect.fstmp
[2011/05/11 11:58:56 | 000,000,000 | ---- | C] () -- C:\error.fstmp
[2010/06/21 19:52:00 | 000,042,664 | ---- | C] () -- C:\Windows\System32\drivers\fsbts.sys
[2010/01/24 23:27:58 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/01/24 23:27:57 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/01/22 04:05:37 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/11/29 11:39:29 | 000,024,206 | ---- | C] () -- C:\Users\Fred\AppData\Roaming\UserTile.png
[2008/03/19 09:18:21 | 000,000,040 | ---- | C] () -- C:\Windows\opt_1435.ini
[2008/03/19 09:18:09 | 000,000,410 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2008/03/19 09:18:09 | 000,000,026 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2008/01/27 19:59:49 | 000,068,608 | ---- | C] () -- C:\Users\Fred\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/12/23 09:04:44 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007/12/23 09:04:44 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007/12/23 09:04:44 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007/12/23 09:04:44 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007/12/23 09:04:44 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007/12/23 09:04:44 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007/12/22 18:21:12 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2007/12/22 18:17:46 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2007/12/22 18:17:46 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2007/12/22 18:17:46 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2007/12/22 18:17:46 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2007/09/26 23:33:57 | 000,036,864 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll
[2007/09/26 23:15:57 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007/09/26 21:57:53 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/09/26 21:40:01 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ3.dat
[2007/09/26 21:40:01 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ2.dat
[2007/09/26 21:40:01 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
[2007/09/26 21:40:01 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2007/09/26 02:25:11 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/09/26 02:25:11 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007/09/26 02:25:11 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll
[2007/09/26 02:25:11 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2006/11/02 06:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:47:37 | 000,398,800 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:33:01 | 000,608,644 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 04:33:01 | 000,109,372 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005/11/23 15:55:42 | 000,024,576 | ---- | C] () -- C:\Windows\System32\SPCtl.dll

========== LOP Check ==========

[2010/01/22 01:00:04 | 000,000,000 | ---D | M] -- C:\Users\Fred\AppData\Roaming\F-Secure
[2008/11/29 11:39:28 | 000,000,000 | ---D | M] -- C:\Users\Fred\AppData\Roaming\PeerNetworking
[2010/01/21 21:52:56 | 000,000,000 | ---D | M] -- C:\Users\Fred\AppData\Roaming\TELUS
[2008/03/11 12:05:04 | 000,000,000 | ---D | M] -- C:\Users\Fred\AppData\Roaming\TOSHIBA
[2008/02/21 12:37:26 | 000,000,000 | ---D | M] -- C:\Users\Fred\AppData\Roaming\Ulead Systems
[2009/10/25 18:11:08 | 000,000,378 | ---- | M] () -- C:\Windows\Tasks\NSSstub.job
[2011/05/29 04:02:55 | 000,032,644 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/05/29 00:00:15 | 000,000,508 | ---- | M] () -- C:\Windows\Tasks\Scheduled scanning task.job

========== Purity Check ==========



< End of report >

[Advertisements]

Hello Triskelion

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:

• Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
• Absence of symptoms does not always mean the computer is clean
• Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
• Please DO NOT run any scans or fix on your own without my direction.
• Please read all of my response through at least once before attempting to follow the procedures described.
• If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
• Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
• You must reply within 3 days or your topic will be closed

Step 1

Please go to Control panel then Device manager

• From the list expand IDE ATA/ATAPI controllers
• Double click on first ATA channel (ATA shannel 0)
• Click on Advanced settings tab
• Check Enable DMA if it unchecked
• Do this with all ATA channels
• Restart you system after this

Step 2

• Right-clicking the My Computer icon
• Click the Advanced System Settings link then click the Settings button under Performance
• Click the Advanced tab
• "Check" Automatically manage paging file size for all drives option
• Confirm it with Apply/OK button(s)
• Restart you system after this

Step 3

Download and run Puran Disc Defragmenter
For the first run I would recommend a boot defrag and disk check



Step 4

Please close all running programs and Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  O33 - MountPoints2\{40fb1673-9eee-11dd-81be-001b384829d0}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\system.exe
  O33 - MountPoints2\{40fb1673-9eee-11dd-81be-001b384829d0}\Shell\Explore\command - "" = H:\system.exe
  O33 - MountPoints2\{40fb1673-9eee-11dd-81be-001b384829d0}\Shell\Open\command - "" = H:\system.exe
  O33 - MountPoints2\{40fb1676-9eee-11dd-81be-001b384829d0}\Shell - "" = AutoRun
  O33 - MountPoints2\{40fb1676-9eee-11dd-81be-001b384829d0}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
  O33 - MountPoints2\{bb038047-cd2e-11dd-85ed-001b384829d0}\Shell - "" = AutoRun
  O33 - MountPoints2\{bb038047-cd2e-11dd-85ed-001b384829d0}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
  O33 - MountPoints2\{ea041e64-cfd8-11df-be99-001b384829d0}\Shell\AutoRun\command - "" = F:\start.exe
  O33 - MountPoints2\{ff4a213c-fd71-11df-86aa-001b384829d0}\Shell - "" = AutoRun
  O33 - MountPoints2\{ff4a213c-fd71-11df-86aa-001b384829d0}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
  O33 - MountPoints2\G\Shell - "" = AutoRun
  O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 5

Test your system now and come back with results

Step 6

Please don't forget to include these items in your reply:

• OTL fix log

It would be helpful if you could post each log in separate post

[maliprog]

Hello Triskelion

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:

• Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
• Absence of symptoms does not always mean the computer is clean
• Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
• Please DO NOT run any scans or fix on your own without my direction.
• Please read all of my response through at least once before attempting to follow the procedures described.
• If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
• Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
• You must reply within 3 days or your topic will be closed

Step 1

Please go to Control panel then Device manager

• From the list expand IDE ATA/ATAPI controllers
• Double click on first ATA channel (ATA shannel 0)
• Click on Advanced settings tab
• Check Enable DMA if it unchecked
• Do this with all ATA channels
• Restart you system after this

Step 2

• Right-clicking the My Computer icon
• Click the Advanced System Settings link then click the Settings button under Performance
• Click the Advanced tab
• "Check" Automatically manage paging file size for all drives option
• Confirm it with Apply/OK button(s)
• Restart you system after this

Step 3

Download and run Puran Disc Defragmenter
For the first run I would recommend a boot defrag and disk check



Step 4

Please close all running programs and Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  O33 - MountPoints2\{40fb1673-9eee-11dd-81be-001b384829d0}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\system.exe
  O33 - MountPoints2\{40fb1673-9eee-11dd-81be-001b384829d0}\Shell\Explore\command - "" = H:\system.exe
  O33 - MountPoints2\{40fb1673-9eee-11dd-81be-001b384829d0}\Shell\Open\command - "" = H:\system.exe
  O33 - MountPoints2\{40fb1676-9eee-11dd-81be-001b384829d0}\Shell - "" = AutoRun
  O33 - MountPoints2\{40fb1676-9eee-11dd-81be-001b384829d0}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
  O33 - MountPoints2\{bb038047-cd2e-11dd-85ed-001b384829d0}\Shell - "" = AutoRun
  O33 - MountPoints2\{bb038047-cd2e-11dd-85ed-001b384829d0}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
  O33 - MountPoints2\{ea041e64-cfd8-11df-be99-001b384829d0}\Shell\AutoRun\command - "" = F:\start.exe
  O33 - MountPoints2\{ff4a213c-fd71-11df-86aa-001b384829d0}\Shell - "" = AutoRun
  O33 - MountPoints2\{ff4a213c-fd71-11df-86aa-001b384829d0}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
  O33 - MountPoints2\G\Shell - "" = AutoRun
  O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 5

Test your system now and come back with results

Step 6

Please don't forget to include these items in your reply:

• OTL fix log

It would be helpful if you could post each log in separate post

[Triskelion]

Hey mailprog;

thanks for the help. under Step 2, have one issue.

When I right click on "Computer" icon, there is no option for "Advanced System Settings"? any suggestions.

I'm going to move on to Step 3 and do the defrag.

[maliprog]

Hi Triskelion

Here is Step 2 again.

• Right-clicking the My Computer icon and click on Properties
• Click the Advanced System Settings link then click the Settings button under Performance
• Click the Advanced tab then click Change... button
• "Check" Automatically manage paging file size for all drives option
• Confirm it with Apply/OK button(s)
• Restart you system after this

[Triskelion]

Hey mailprog.. Here we go.


Step 1: Done. The settings were actually already set to your specifications.
Step 2: Thanks for the clarification. Settings were also set to your spcification.
Step 3: Defrag done.. Took a LONG LONG time.

Step 4: Here is the OTL Log

All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{40fb1673-9eee-11dd-81be-001b384829d0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40fb1673-9eee-11dd-81be-001b384829d0}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\system.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{40fb1673-9eee-11dd-81be-001b384829d0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40fb1673-9eee-11dd-81be-001b384829d0}\ not found.
File H:\system.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{40fb1673-9eee-11dd-81be-001b384829d0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40fb1673-9eee-11dd-81be-001b384829d0}\ not found.
File H:\system.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{40fb1676-9eee-11dd-81be-001b384829d0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40fb1676-9eee-11dd-81be-001b384829d0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{40fb1676-9eee-11dd-81be-001b384829d0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40fb1676-9eee-11dd-81be-001b384829d0}\ not found.
File I:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bb038047-cd2e-11dd-85ed-001b384829d0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bb038047-cd2e-11dd-85ed-001b384829d0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bb038047-cd2e-11dd-85ed-001b384829d0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bb038047-cd2e-11dd-85ed-001b384829d0}\ not found.
File G:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ea041e64-cfd8-11df-be99-001b384829d0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ea041e64-cfd8-11df-be99-001b384829d0}\ not found.
File F:\start.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff4a213c-fd71-11df-86aa-001b384829d0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ff4a213c-fd71-11df-86aa-001b384829d0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff4a213c-fd71-11df-86aa-001b384829d0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ff4a213c-fd71-11df-86aa-001b384829d0}\ not found.
File G:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File G:\LaunchU3.exe -a not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Fred
->Temp folder emptied: 10244077 bytes
->Temporary Internet Files folder emptied: 58512205 bytes
->Java cache emptied: 1823973 bytes
->Flash cache emptied: 29752 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 18439778 bytes
RecycleBin emptied: 313 bytes

Total Files Cleaned = 85.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Fred
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.23.0 log created on 06012011_100901

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\TMP00000054FDEDBF25F5EE17E6 not found!
File\Folder C:\Windows\temp\TMP000000550F87C3C3004D223E not found!
File\Folder C:\Windows\temp\TMP0000005624DEAB6BC192D5A8 not found!
File\Folder C:\Windows\temp\TMP0000005777380C8D68166F5C not found!
File\Folder C:\Windows\temp\TMP00000058BCB8A1515BBCC05D not found!

Registry entries deleted on Reboot...


Step 5: The laptop is booting up better, faster, but the system still lags and is slow still.
Overall there is a huge improvement, but the reaction time of the pc is still suspect.
Programs are slow to open and the internet is slow in performance.




..Sorry for the edit, but should I be looking at fixing these as well with OTL?

O2 - BHO: (100% Free Checkers Toolbar Helper) - {4DB2FC48-DEBA-42A6-A9DF-D73820066C8E} - C:\Program Files\100% Free Checkers Toolbar\v3.3.0.1\100%_Free_Checkers_Toolbar.dll ()
O3 - HKLM\..\Toolbar: (100% Free Checkers Toolbar) - {85515A51-2258-4484-A76B-42D1B0288D30} - C:\Program Files\100% Free Checkers Toolbar\v3.3.0.1\100%_Free_Checkers_Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (100% Free Checkers Toolbar) - {85515A51-2258-4484-A76B-42D1B0288D30} - C:\Program Files\100% Free Checkers Toolbar\v3.3.0.1\100%_Free_Checkers_Toolbar.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

Edited by Triskelion, 01 June 2011 - 10:41 AM.

[maliprog]

Hi Triskelion,

Why would you remove

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

The other entries are browser toolbars. We will take care of them soon.

Step 1

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan
On the first tab select all elements down to Computer and then select start scan
Confirm deletion to all infection AVP finds
Once it has finished select report and post that.

Do not close AVPTool or it will self uninstall, if it does uninstall - then just rerun the setup file on your desktop

Step 2

• Run OTL.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open notepad window. OTL.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of this file, and post it with your next reply.

[Triskelion]

Sorry for the delay mailprog..

Step1: AVP Log. This is all that came up. Not sure though, but if not what you need, I can do it again.

Autoscan: completed 53 minutes ago   (events: 2, objects: 738487, time: 03:32:57)	
03/06/2011 1:27:40 PM	Task completed			
03/06/2011 9:54:37 AM	Task started

Step 2: OTL Log

OTL logfile created on: 03/06/2011 2:36:32 PM - Run 2
OTL by OldTimer - Version 3.2.23.0     Folder = C:\Users\Fred\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
 
1013.69 Mb Total Physical Memory | 197.86 Mb Available Physical Memory | 19.52% Memory free
2.24 Gb Paging File | 0.85 Gb Available in Paging File | 38.03% Paging File free
Paging file location(s): ?:\pagefile.sys
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.36 Gb Total Space | 101.21 Gb Free Space | 74.22% Space Free | Partition Type: NTFS
Drive D: | 5.88 Gb Total Space | 4.89 Gb Free Space | 83.15% Space Free | Partition Type: NTFS
Drive F: | 499.72 Mb Total Space | 310.86 Mb Free Space | 62.21% Space Free | Partition Type: FAT
 
Computer Name: FRED-PC | User Name: Fred | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2011/05/29 13:57:43 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Fred\Desktop\OTL.exe
PRC - [2011/01/26 20:48:43 | 000,918,184 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe
PRC - [2011/01/26 20:48:42 | 000,500,392 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Shaw Secure\Anti-Virus\fsgk32.exe
PRC - [2011/01/26 17:03:05 | 000,372,904 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe
PRC - [2011/01/02 10:40:52 | 000,063,992 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Shaw Secure\ORSP Client\fsorsp.exe
PRC - [2010/06/21 20:33:22 | 000,522,848 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Shaw Secure\FWES\program\fsdfwd.exe
PRC - [2009/08/05 09:58:52 | 000,186,976 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Shaw Secure\Common\FSMA32.EXE
PRC - [2009/08/05 09:58:50 | 000,199,264 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Shaw Secure\Common\FSM32.EXE
PRC - [2009/08/05 09:58:50 | 000,088,672 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Shaw Secure\Common\FSHDLL32.EXE
PRC - [2009/08/05 09:56:10 | 000,215,648 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 00:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009/03/20 07:36:58 | 000,210,216 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynToshiba.exe
PRC - [2008/01/19 01:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/19 01:33:19 | 000,192,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\p2phost.exe
PRC - [2007/09/19 12:01:12 | 000,077,824 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2007/09/03 03:39:22 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/06/15 23:01:58 | 000,448,080 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2007/05/22 18:32:52 | 000,538,744 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2007/05/17 18:03:24 | 004,813,312 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
PRC - [2007/04/10 18:40:28 | 000,413,696 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
PRC - [2007/03/29 12:39:20 | 000,427,576 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2007/03/29 12:39:18 | 000,411,192 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2007/01/22 09:59:08 | 000,417,792 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2007/01/08 23:23:04 | 000,191,552 | ---- | M] (Agere Systems) -- C:\Program Files\ltmoh\ltmoh.exe
PRC - [2006/11/14 23:02:36 | 001,372,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2006/11/14 22:19:42 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2006/11/14 21:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2006/11/06 18:14:44 | 000,034,352 | ---- | M] () -- C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
PRC - [2006/10/04 21:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/08/23 18:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2006/05/25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - [2011/05/29 13:57:43 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Fred\Desktop\OTL.exe
MOD - [2010/08/31 09:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2009/08/05 09:59:08 | 000,256,608 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Shaw Secure\Spam Control\fsscoepl.dll
MOD - [2009/08/05 09:58:30 | 000,330,336 | ---- | M] () -- \\?\c:\program files\shaw secure\hips\fshook32.dll
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - [2011/01/02 10:40:52 | 000,063,992 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\Shaw Secure\ORSP Client\fsorsp.exe -- (FSORSPClient)
SRV - [2010/06/21 20:33:22 | 000,522,848 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe -- (FSDFWD)
SRV - [2009/08/05 09:58:52 | 000,186,976 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\Shaw Secure\Common\FSMA32.EXE -- (FSMA)
SRV - [2009/08/05 09:56:10 | 000,215,648 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)
SRV - [2008/01/19 01:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/19 12:01:12 | 000,077,824 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2007/03/29 12:39:20 | 000,427,576 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2006/11/14 21:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2006/10/04 21:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 18:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006/05/25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - File not found [File_System | Unknown | Running] --  -- (setup_9.0.0.722_03.06.2011_06-43drv)
DRV - File not found [Kernel | Unknown | Running] --  -- (87410212)
DRV - File not found [Kernel | Disabled | Running] --  -- (87410211)
DRV - [2011/01/02 10:57:06 | 000,073,160 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\fsdfw.sys -- (FSFW)
DRV - [2011/01/02 10:54:34 | 000,036,792 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\fses.sys -- (FSES)
DRV - [2010/12/15 13:43:52 | 000,042,664 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\Drivers\fsbts.sys -- (fsbts)
DRV - [2010/12/05 10:29:11 | 000,130,728 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Shaw Secure\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2009/10/22 13:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\42589152.sys -- (42589152)
DRV - [2009/09/25 17:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\42589151.sys -- (42589151)
DRV - [2009/08/05 09:58:30 | 000,068,064 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys -- (F-Secure HIPS)
DRV - [2009/08/05 09:56:14 | 000,039,776 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files\Shaw Secure\Anti-Virus\win2k\fsfilter.sys -- (F-Secure Filter)
DRV - [2009/08/05 09:56:14 | 000,025,184 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files\Shaw Secure\Anti-Virus\win2k\fsrec.sys -- (F-Secure Recognizer)
DRV - [2009/08/05 09:56:12 | 000,012,384 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\Shaw Secure\Anti-Virus\minifilter\fsvista.sys -- (fsvista)
DRV - [2008/07/29 05:05:04 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/11/09 05:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/09/19 11:59:12 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2007/04/29 22:42:14 | 000,081,408 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/04/16 12:19:10 | 000,011,776 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007/01/23 23:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2006/11/28 00:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/10/18 12:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/07/28 17:25:26 | 000,019,456 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\LPCFilter.sys -- (LPCFilter)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\..\URLSearchHook: {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - C:\Program Files\Games_Bar_1\tbGam1.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.calgaryflames.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?lang=en-ca&OCID=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A3 EF 32 6E AB AA CB 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - C:\Program Files\Games_Bar_1\tbGam1.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Shaw Secure\NRS\[email protected] [2011/05/30 19:38:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/02 23:46:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2011/06/02 23:50:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fred\AppData\Roaming\Mozilla\Extensions
[2011/06/02 23:46:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- 
[2011/05/30 19:38:14 | 000,000,000 | ---D | M] ("Browsing Protection") -- C:\PROGRAM FILES\SHAW SECURE\NRS\[email protected]
[2009/09/25 19:11:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/04/14 10:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 02:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
 
O1 HOSTS File: ([2006/09/18 15:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (100% Free Checkers Toolbar Helper) - {4DB2FC48-DEBA-42A6-A9DF-D73820066C8E} - C:\Program Files\100% Free Checkers Toolbar\v3.3.0.1\100%_Free_Checkers_Toolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (Oryte Games 1 Toolbar) - {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - C:\Program Files\Games_Bar_1\tbGam1.dll (Conduit Ltd.)
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\Shaw Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\Shaw Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKLM\..\Toolbar: (100% Free Checkers Toolbar) - {85515A51-2258-4484-A76B-42D1B0288D30} - C:\Program Files\100% Free Checkers Toolbar\v3.3.0.1\100%_Free_Checkers_Toolbar.dll ()
O3 - HKLM\..\Toolbar: (Oryte Games 1 Toolbar) - {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - C:\Program Files\Games_Bar_1\tbGam1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (100% Free Checkers Toolbar) - {85515A51-2258-4484-A76B-42D1B0288D30} - C:\Program Files\100% Free Checkers Toolbar\v3.3.0.1\100%_Free_Checkers_Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Oryte Games 1 Toolbar) - {BC04B34E-5DD8-465A-A5E0-86F7C11BC009} - C:\Program Files\Games_Bar_1\tbGam1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\Shaw Secure\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files\Shaw Secure\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [HWSetup]  File not found
O4 - HKLM..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe ()
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [NDSTray.exe]  File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [CollaborationHost] C:\Windows\System32\p2phost.exe (Microsoft Corporation)
O4 - HKCU..\Run: [TOSCDSPD]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Shaw Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Shaw Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Shaw Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Shaw Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Shaw Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Shaw Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Shaw Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: internet ([]about in Local intranet)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\TOSHIBA\Wallpapers\wallpaper1.jpg
O24 - Desktop BackupWallPaper: C:\TOSHIBA\Wallpapers\wallpaper1.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2011/06/03 00:18:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/06/03 00:18:34 | 000,000,000 | R--D | C] -- C:\Users\Fred\AppData\Roaming\Microsoft\Windows\SendTo\Start Menu\Programs\Startup
[2011/06/03 00:01:31 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\42589152.sys
[2011/06/03 00:01:30 | 000,311,312 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\4258915.sys
[2011/06/03 00:01:30 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\42589151.sys
[2011/06/03 00:01:07 | 000,000,000 | ---D | C] -- C:\Users\Fred\Desktop\Virus Removal Tool
[2011/06/02 23:48:31 | 000,000,000 | ---D | C] -- C:\Users\Fred\AppData\Local\Mozilla
[2011/06/02 23:48:29 | 000,000,000 | ---D | C] -- C:\Users\Fred\AppData\Roaming\Mozilla
[2011/06/02 23:46:11 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/06/02 23:30:14 | 000,000,000 | ---D | C] -- C:\Users\Fred\AppData\Local\{2548877F-E1B6-49E5-A35A-8F8E96C8252F}
[2011/06/01 10:21:52 | 000,000,000 | ---D | C] -- C:\Users\Fred\AppData\Local\{E0D701F5-46C7-4B20-9E98-11C09C077DF2}
[2011/06/01 10:09:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/01 10:01:40 | 000,000,000 | ---D | C] -- C:\Users\Fred\AppData\Local\{7D72C384-6F64-42A3-AE49-B861B3CDC0DB}
[2011/05/31 22:58:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Puran Defrag
[2011/05/31 22:58:08 | 000,000,000 | ---D | C] -- C:\Program Files\Puran Defrag
[2011/05/31 22:00:17 | 000,000,000 | ---D | C] -- C:\Users\Fred\AppData\Local\{3510F3B1-E18C-4F4A-B64A-C643C077E387}
[2011/05/30 21:20:01 | 000,000,000 | ---D | C] -- C:\Users\Fred\AppData\Local\{E8749A98-5C1D-48F9-BCFA-99C56AE5291E}
[2011/05/30 01:02:36 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2011/05/29 15:04:29 | 000,000,000 | ---D | C] -- C:\Users\Fred\Desktop\Autoruns
[2011/05/29 13:57:28 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Fred\Desktop\OTL.exe
[2011/05/29 12:51:00 | 000,000,000 | ---D | C] -- C:\Users\Fred\AppData\Local\{13831729-E37D-4067-830F-1333536ED241}
[2011/05/29 02:37:51 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/05/28 20:27:50 | 000,000,000 | ---D | C] -- C:\Users\Fred\AppData\Roaming\Malwarebytes
[2011/05/28 20:27:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/28 20:27:02 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/28 20:26:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/05/28 20:26:25 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/05/28 20:26:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/26 16:14:23 | 000,000,000 | ---D | C] -- C:\Users\Fred\Documents\The Learning Company
[2011/05/26 16:13:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Learning Company
[2011/05/26 16:12:36 | 000,000,000 | ---D | C] -- C:\Program Files\The Learning Company
[2011/05/26 16:12:31 | 000,274,432 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Windows\TLCUninstall.exe
[2011/05/25 13:57:46 | 000,000,000 | ---D | C] -- C:\Users\Fred\AppData\Local\{93E29528-F8F6-480B-99EE-448987D0F358}
[2011/05/25 13:19:27 | 000,000,000 | ---D | C] -- C:\Users\Fred\AppData\Local\{1FF7BFC2-1F62-40BF-A6EE-F9A322DF9154}
[2011/05/25 11:37:34 | 000,000,000 | ---D | C] -- C:\Users\Fred\AppData\Local\{3F788C1B-3F45-44BB-A5AD-C81515359C29}
[2011/05/25 08:58:26 | 000,000,000 | ---D | C] -- C:\Users\Fred\AppData\Local\{42C96F56-273D-46D5-B565-DE8A96E2408B}
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2011/06/03 14:27:13 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/03 14:10:14 | 000,621,844 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/03 14:10:14 | 000,113,974 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/03 13:34:51 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/03 13:34:51 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/03 09:35:09 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/03 09:35:04 | 000,000,410 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2011/06/03 09:35:04 | 000,000,026 | ---- | M] () -- C:\Windows\BRPP2KA.INI
[2011/06/03 09:34:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/03 01:30:40 | 000,000,508 | ---- | M] () -- C:\Windows\tasks\Scheduled scanning task.job
[2011/06/02 23:48:46 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2011/06/02 23:46:54 | 000,000,881 | ---- | M] () -- C:\Users\Fred\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/06/02 23:46:54 | 000,000,857 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/06/01 10:47:48 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/31 22:58:14 | 000,000,873 | ---- | M] () -- C:\Users\Fred\Desktop\Puran Defrag.lnk
[2011/05/30 21:39:53 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01007.Wdf
[2011/05/29 13:57:43 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Fred\Desktop\OTL.exe
[2011/05/29 12:42:29 | 000,000,954 | ---- | M] () -- C:\Users\Fred\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/29 12:35:04 | 000,398,800 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/05/29 02:11:42 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011/05/29 02:11:42 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011/05/29 02:08:57 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/05/26 16:13:09 | 000,000,208 | ---- | M] () -- C:\Windows\TLCAPPS.INI
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2011/06/02 23:48:46 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/06/02 23:46:54 | 000,000,881 | ---- | C] () -- C:\Users\Fred\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/06/02 23:46:54 | 000,000,857 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/06/02 23:46:48 | 000,000,869 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/31 22:58:14 | 000,000,873 | ---- | C] () -- C:\Users\Fred\Desktop\Puran Defrag.lnk
[2011/05/30 21:39:53 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01007.Wdf
[2011/05/29 12:42:28 | 000,000,966 | ---- | C] () -- C:\Users\Fred\AppData\Roaming\Microsoft\Windows\SendTo\Start Menu\Programs\Internet Explorer.lnk
[2011/05/29 02:08:57 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/05/28 20:27:06 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/26 16:13:09 | 000,000,208 | ---- | C] () -- C:\Windows\TLCAPPS.INI
[2010/06/21 19:52:00 | 000,042,664 | ---- | C] () -- C:\Windows\System32\drivers\fsbts.sys
[2010/01/24 23:27:58 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/01/24 23:27:57 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/01/22 04:05:37 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/11/29 11:39:29 | 000,024,206 | ---- | C] () -- C:\Users\Fred\AppData\Roaming\UserTile.png
[2008/03/19 09:18:21 | 000,000,040 | ---- | C] () -- C:\Windows\opt_1435.ini
[2008/03/19 09:18:09 | 000,000,410 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2008/03/19 09:18:09 | 000,000,026 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2008/01/27 19:59:49 | 000,068,608 | ---- | C] () -- C:\Users\Fred\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/12/23 09:04:44 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007/12/23 09:04:44 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007/12/23 09:04:44 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007/12/23 09:04:44 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007/12/23 09:04:44 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007/12/23 09:04:44 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007/12/22 18:21:12 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2007/12/22 18:17:46 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2007/12/22 18:17:46 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2007/12/22 18:17:46 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2007/12/22 18:17:46 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2007/09/26 23:33:57 | 000,036,864 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll
[2007/09/26 23:15:57 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007/09/26 21:57:53 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/09/26 21:40:01 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ3.dat
[2007/09/26 21:40:01 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ2.dat
[2007/09/26 21:40:01 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
[2007/09/26 21:40:01 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2007/09/26 02:25:11 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/09/26 02:25:11 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007/09/26 02:25:11 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll
[2007/09/26 02:25:11 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2006/11/02 06:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:47:37 | 000,398,800 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:33:01 | 000,621,844 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 04:33:01 | 000,113,974 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005/11/23 15:55:42 | 000,024,576 | ---- | C] () -- C:\Windows\System32\SPCtl.dll
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2010/01/22 01:00:04 | 000,000,000 | ---D | M] -- C:\Users\Fred\AppData\Roaming\F-Secure
[2008/11/29 11:39:28 | 000,000,000 | ---D | M] -- C:\Users\Fred\AppData\Roaming\PeerNetworking
[2010/01/21 21:52:56 | 000,000,000 | ---D | M] -- C:\Users\Fred\AppData\Roaming\TELUS
[2008/03/11 12:05:04 | 000,000,000 | ---D | M] -- C:\Users\Fred\AppData\Roaming\TOSHIBA
[2008/02/21 12:37:26 | 000,000,000 | ---D | M] -- C:\Users\Fred\AppData\Roaming\Ulead Systems
[2009/10/25 18:11:08 | 000,000,378 | ---- | M] () -- C:\Windows\Tasks\NSSstub.job
[2011/06/03 02:01:36 | 000,032,644 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/06/03 01:30:40 | 000,000,508 | ---- | M] () -- C:\Windows\Tasks\Scheduled scanning task.job
 
[color=#E56717]========== Purity Check ==========[/color]
 
 

< End of report >

[maliprog]

Hi Triskelion,

Step 1

You have two antivirus software installed on your machine Shaw Secure and F-Secure.

Anti-Virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

Please uninstall one and leave ONLY ONE antivirus on your system.

Step 2

Let's remove some leftovers from last OTL scan.

Please close all running programs and Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  DRV - [2010/12/15 13:43:52 | 000,042,664 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\Drivers\fsbts.sys -- (fsbts)
  O2 - BHO: (100% Free Checkers Toolbar Helper) - {4DB2FC48-DEBA-42A6-A9DF-D73820066C8E} - C:\Program Files\100% Free Checkers Toolbar\v3.3.0.1\100%_Free_Checkers_Toolbar.dll ()
  O3 - HKLM\..\Toolbar: (100% Free Checkers Toolbar) - {85515A51-2258-4484-A76B-42D1B0288D30} - C:\Program Files\100% Free Checkers Toolbar\v3.3.0.1\100%_Free_Checkers_Toolbar.dll ()
  O3 - HKCU\..\Toolbar\WebBrowser: (100% Free Checkers Toolbar) - {85515A51-2258-4484-A76B-42D1B0288D30} - C:\Program Files\100% Free Checkers Toolbar\v3.3.0.1\100%_Free_Checkers_Toolbar.dll ()
  [2011/06/02 23:46:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions File not found (No name found) --
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
  O4 - HKLM..\Run: [HWSetup] File not found
  O4 - HKCU..\Run: [TOSCDSPD] File not found
  [2010/06/21 19:52:00 | 000,042,664 | ---- | C] () -- C:\Windows\System32\drivers\fsbts.sys
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 3

Test your system after these two steps.

Step 4

Please don't forget to include these items in your reply:

• OTL fix log

It would be helpful if you could post each log in separate post

[Triskelion]

Hey mailprog; Things seem a lot better. I don't want to throw the computer everytime I boot it up anymore.

Okay here we go..
Step 1: F-Secure is actually part of shaw secure. F-Secure is the antivirus provided by the Shaw company, but I'm not fond of it and it does lag. So I uninstalled it and put on AVG.

Step 2: OTL Log

All processes killed
========== OTL ==========
Error: No service named fsbts was found to stop!
Service\Driver key fsbts not found.
File C:\Windows\system32\Drivers\fsbts.sys not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4DB2FC48-DEBA-42A6-A9DF-D73820066C8E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4DB2FC48-DEBA-42A6-A9DF-D73820066C8E}\ deleted successfully.
C:\Program Files\100% Free Checkers Toolbar\v3.3.0.1\100%_Free_Checkers_Toolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{85515A51-2258-4484-A76B-42D1B0288D30} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85515A51-2258-4484-A76B-42D1B0288D30}\ deleted successfully.
File C:\Program Files\100% Free Checkers Toolbar\v3.3.0.1\100%_Free_Checkers_Toolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{85515A51-2258-4484-A76B-42D1B0288D30} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85515A51-2258-4484-A76B-42D1B0288D30}\ not found.
File C:\Program Files\100% Free Checkers Toolbar\v3.3.0.1\100%_Free_Checkers_Toolbar.dll not found.
Folder C:\Program Files\Mozilla Firefox\extensions File not found (No name found) --\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HWSetup deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\TOSCDSPD deleted successfully.
File C:\Windows\System32\drivers\fsbts.sys not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Fred
->Temp folder emptied: 3270363 bytes
->Temporary Internet Files folder emptied: 19659098 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 42094171 bytes
->Flash cache emptied: 456 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2841245 bytes
RecycleBin emptied: 301656908 bytes

Total Files Cleaned = 352.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Fred
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.23.0 log created on 06032011_233418

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

[maliprog]

Hi Triskelion,

Glad to hear that! Let's do one more scan

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan
On the first tab select all elements down to Computer and then select start scan
Confirm deletion to all infection AVP finds
Once it has finished select report and post that.

COLOR=#ff0000]Do not close AVPTool or it will self uninstall, if it does uninstall - then just rerun the setup file on your desktop[/COLOR]

[Triskelion]

Did I give you the right report last time from AVP? or was I supposed to select a different one before posting?

Scan is 32% finished.. will post after that.

Scan is done.. Here is the AVP report.

Autoscan: completed 10 minutes ago   (events: 2, objects: 737909, time: 03:22:11)	
04/06/2011 12:27:45 PM	Task started							
04/06/2011 3:50:00 PM	Task completed

There is still something holding back the PC. Like I said it boots quicker, but where the laptop really struggles is closing programs and switching between tasks.
Doesn't seem like there are any virus issues according to AVP, yet there is still something clearly not right. Takes a long time to shut down as well.
- Just thought you might like an update.

Edited by Triskelion, 04 June 2011 - 04:06 PM.

[maliprog]

Hi Triskelion,

Let's try to scan e little deeper. I don't think it's malware related but we'll see.

Step 1

If you removed AVPTool download it from Here to your desktop and run it again.

Select the Manual Disinfection tab
Press the Gather System Information button
Once done Open the last report saved folder then attach the zip file to your next post zip
The file is located at C:\Users\your name\Desktop\Virus Removal Tool\setup_9.0.0.722_05.01.2011_20-34\LOG\avptool_sysinfo.zip



Step 2

• Run OTL.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open notepad window. OTL.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of this file, and post it with your next reply.

Step 3

Please don't forget to include these items in your reply:

• AVP analysis log
• OTL log

It would be helpful if you could post each log in separate post

[Triskelion]

Here is the AVP Log. I'll post the OTL Log after I do it.
 avptool_sysinfo.zip   15.26KB   203 downloads

Step 2: OTL Log

OTL logfile created on: 05/06/2011 4:59:12 PM - Run 3
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Fred\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1013.69 Mb Total Physical Memory | 291.74 Mb Available Physical Memory | 28.78% Memory free
2.24 Gb Paging File | 1.00 Gb Available in Paging File | 44.63% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.36 Gb Total Space | 99.50 Gb Free Space | 72.96% Space Free | Partition Type: NTFS
Drive D: | 5.88 Gb Total Space | 4.89 Gb Free Space | 83.15% Space Free | Partition Type: NTFS

Computer Name: FRED-PC | User Name: Fred | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/29 13:57:43 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Fred\Desktop\OTL.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/09 05:35:14 | 001,265,504 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgsrmax.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 00:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009/03/20 07:36:58 | 000,210,216 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynToshiba.exe
PRC - [2008/01/19 01:33:19 | 000,192,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\p2phost.exe
PRC - [2007/09/19 12:01:12 | 000,077,824 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2007/09/03 03:39:22 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/06/15 23:01:58 | 000,448,080 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2007/05/22 18:32:52 | 000,538,744 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2007/05/17 18:03:24 | 004,813,312 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
PRC - [2007/04/10 18:40:28 | 000,413,696 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
PRC - [2007/03/29 12:39:20 | 000,427,576 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2007/03/29 12:39:18 | 000,411,192 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2007/01/08 23:23:04 | 000,191,552 | ---- | M] (Agere Systems) -- C:\Program Files\ltmoh\ltmoh.exe
PRC - [2006/11/14 23:02:36 | 001,372,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2006/11/14 22:19:42 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2006/11/14 21:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2006/11/06 18:14:44 | 000,034,352 | ---- | M] () -- C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
PRC - [2006/10/04 21:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/08/23 18:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2006/05/25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe


========== Modules (SafeList) ==========

MOD - [2011/05/29 13:57:43 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Fred\Desktop\OTL.exe
MOD - [2010/08/31 09:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/05/30 11:33:54 | 001,025,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2008/01/19 01:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/19 12:01:12 | 000,077,824 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2007/03/29 12:39:20 | 000,427,576 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2006/11/14 21:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2006/10/04 21:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 18:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006/05/25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)


========== Driver Services (SafeList) ==========

DRV - File not found [File_System | Unknown | Running] -- -- (setup_9.0.0.722_06.06.2011_01-08drv)
DRV - File not found [Kernel | Unknown | Running] -- -- (11167882)
DRV - File not found [Kernel | Disabled | Running] -- -- (11167881)
DRV - [2011/04/14 21:28:18 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:12:38 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:30 | 000,028,624 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:28 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2009/10/22 13:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\42589152.sys -- (42589152)
DRV - [2009/10/22 13:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\01439812.sys -- (01439812)
DRV - [2009/10/09 23:31:02 | 000,311,312 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\0143981.sys -- (setup_9.0.0.722_04.06.2011_20-46drv)
DRV - [2009/09/25 17:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\42589151.sys -- (42589151)
DRV - [2009/09/25 17:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\01439811.sys -- (01439811)
DRV - [2008/07/29 05:05:04 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/11/09 05:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/09/19 11:59:12 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2007/04/29 22:42:14 | 000,081,408 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/04/16 12:19:10 | 000,011,776 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007/01/23 23:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2006/11/28 00:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/10/18 12:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/07/28 17:25:26 | 000,019,456 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\LPCFilter.sys -- (LPCFilter)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - C:\Program Files\Games_Bar_1\tbGam1.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.calgaryflames.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?l...en-ca&OCID=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A3 EF 32 6E AB AA CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKCU\..\URLSearchHook: {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - C:\Program Files\Games_Bar_1\tbGam1.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..keyword.URL: "http://search.avg.co...a&lng=en-US&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/06/03 23:13:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared [2011/06/03 23:15:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/02 23:46:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/06/02 23:50:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fred\AppData\Roaming\Mozilla\Extensions
[2011/06/04 00:06:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/04 00:06:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
[2011/06/03 23:13:59 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
[2011/06/03 23:15:11 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="avg@igeared" em:name="AVG Security Toolbar" em:version="7.005.030.004" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES\AVG\AVG10\TOOLBAR\FIREFOX\AVG@IGEARED
[2009/09/25 19:11:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/04/14 10:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 02:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2006/09/18 15:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (Oryte Games 1 Toolbar) - {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - C:\Program Files\Games_Bar_1\tbGam1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Oryte Games 1 Toolbar) - {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - C:\Program Files\Games_Bar_1\tbGam1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Oryte Games 1 Toolbar) - {BC04B34E-5DD8-465A-A5E0-86F7C11BC009} - C:\Program Files\Games_Bar_1\tbGam1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe ()
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [CollaborationHost] C:\Windows\System32\p2phost.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Fred\AppData\Roaming\Microsoft\Windows\SendTo\Start Menu\Programs\Startup\setup_9.0.0.722_04.06.2011_20-46.lnk = C:\Users\Fred\Desktop\Virus Removal Tool1\setup_9.0.0.722_04.06.2011_20-46\startup.exe ()
O4 - Startup: C:\Users\Fred\AppData\Roaming\Microsoft\Windows\SendTo\Start Menu\Programs\Startup\_uninst_setup_9.0.0.722_06.06.2011_01-08.exe.lnk = C:\Users\Fred\AppData\Local\Temp\_uninst_setup_9.0.0.722_06.06.2011_01-08.exe.bat ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: internet ([]about in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.135.133 64.59.135.135 64.59.128.120
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\TOSHIBA\Wallpapers\wallpaper1.jpg
O24 - Desktop BackupWallPaper: C:\TOSHIBA\Wallpapers\wallpaper1.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/05 16:21:30 | 000,000,000 | ---D | C] -- C:\Users\Fred\Desktop\Virus Removal Tool
[2011/06/05 15:59:59 | 000,000,000 | ---D | C] -- C:\Users\Fred\AppData\Local\{A8CC0D50-2952-4DFB-B52E-0322DB12B16F}
[2011/06/04 12:23:54 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\01439812.sys
[2011/06/04 12:23:53 | 000,311,312 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\0143981.sys
[2011/06/04 12:23:53 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\01439811.sys
[2011/06/04 12:23:52 | 000,000,000 | ---D | C] -- C:\Users\Fred\Desktop\Virus Removal Tool1
[2011/06/04 12:15:22 | 000,000,000 | ---D | C] -- C:\Users\Fred\AppData\Local\{3AD55875-8379-48B6-842E-F9A5261831FB}
[2011/06/03 23:31:31 | 000,000,000 | ---D | C] -- C:\Users\Fred\AppData\Local\AVG Security Toolbar
[2011/06/03 23:18:07 | 000,000,000 | ---D | C] -- C:\Users\Fred\AppData\Roaming\AVG10
[2011/06/03 23:15:12 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2011/06/03 23:14:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2011
[2011/06/03 23:11:38 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011/06/03 23:11:38 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2011/06/03 23:10:03 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/06/03 23:04:07 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/06/03 23:03:41 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/06/03 22:34:12 | 000,000,000 | ---D | C] -- C:\Users\Fred\AppData\Local\{80B47821-C4B7-46A6-B44B-ED7390A1EA77}
[2011/06/03 00:18:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/06/03 00:18:34 | 000,000,000 | R--D | C] -- C:\Users\Fred\AppData\Roaming\Microsoft\Windows\SendTo\Start Menu\Programs\Startup
[2011/06/03 00:01:31 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\42589152.sys
[2011/06/03 00:01:30 | 000,311,312 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\4258915.sys
[2011/06/03 00:01:30 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\42589151.sys
[2011/06/02 23:48:31 | 000,000,000 | ---D | C] -- C:\Users\Fred\AppData\Local\Mozilla
[2011/06/02 23:48:29 | 000,000,000 | ---D | C] -- C:\Users\Fred\AppData\Roaming\Mozilla
[2011/06/02 23:46:11 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/06/02 23:30:14 | 000,000,000 | ---D | C] -- C:\Users\Fred\AppData\Local\{2548877F-E1B6-49E5-A35A-8F8E96C8252F}
[2011/06/01 10:21:52 | 000,000,000 | ---D | C] -- C:\Users\Fred\AppData\Local\{E0D701F5-46C7-4B20-9E98-11C09C077DF2}
[2011/06/01 10:09:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/01 10:01:40 | 000,000,000 | ---D | C] -- C:\Users\Fred\AppData\Local\{7D72C384-6F64-42A3-AE49-B861B3CDC0DB}
[2011/05/31 22:58:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Puran Defrag
[2011/05/31 22:58:08 | 000,000,000 | ---D | C] -- C:\Program Files\Puran Defrag
[2011/05/31 22:00:17 | 000,000,000 | ---D | C] -- C:\Users\Fred\AppData\Local\{3510F3B1-E18C-4F4A-B64A-C643C077E387}
[2011/05/30 21:20:01 | 000,000,000 | ---D | C] -- C:\Users\Fred\AppData\Local\{E8749A98-5C1D-48F9-BCFA-99C56AE5291E}
[2011/05/30 01:02:36 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2011/05/29 15:04:29 | 000,000,000 | ---D | C] -- C:\Users\Fred\Desktop\Autoruns
[2011/05/29 13:57:28 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Fred\Desktop\OTL.exe
[2011/05/29 12:51:00 | 000,000,000 | ---D | C] -- C:\Users\Fred\AppData\Local\{13831729-E37D-4067-830F-1333536ED241}
[2011/05/28 20:27:50 | 000,000,000 | ---D | C] -- C:\Users\Fred\AppData\Roaming\Malwarebytes
[2011/05/28 20:27:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/28 20:27:02 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/28 20:26:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/05/28 20:26:25 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/05/28 20:26:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/26 16:14:23 | 000,000,000 | ---D | C] -- C:\Users\Fred\Documents\The Learning Company
[2011/05/26 16:13:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Learning Company
[2011/05/26 16:12:36 | 000,000,000 | ---D | C] -- C:\Program Files\The Learning Company
[2011/05/26 16:12:31 | 000,274,432 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Windows\TLCUninstall.exe
[2011/05/25 13:57:46 | 000,000,000 | ---D | C] -- C:\Users\Fred\AppData\Local\{93E29528-F8F6-480B-99EE-448987D0F358}
[2011/05/25 13:19:27 | 000,000,000 | ---D | C] -- C:\Users\Fred\AppData\Local\{1FF7BFC2-1F62-40BF-A6EE-F9A322DF9154}
[2011/05/25 11:37:34 | 000,000,000 | ---D | C] -- C:\Users\Fred\AppData\Local\{3F788C1B-3F45-44BB-A5AD-C81515359C29}
[2011/05/25 08:58:26 | 000,000,000 | ---D | C] -- C:\Users\Fred\AppData\Local\{42C96F56-273D-46D5-B565-DE8A96E2408B}

========== Files - Modified Within 30 Days ==========

[2011/06/05 16:58:57 | 000,001,091 | ---- | M] () -- C:\Users\Fred\AppData\Roaming\Microsoft\Windows\SendTo\Start Menu\Programs\Startup\_uninst_setup_9.0.0.722_06.06.2011_01-08.exe.lnk
[2011/06/05 16:27:42 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/05 16:05:21 | 117,308,668 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/06/05 15:57:12 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/05 15:57:11 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/05 15:56:36 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/05 15:56:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/04 12:26:44 | 000,002,204 | ---- | M] () -- C:\Users\Fred\AppData\Roaming\Microsoft\Windows\SendTo\Start Menu\Programs\Startup\setup_9.0.0.722_04.06.2011_20-46.lnk
[2011/06/03 23:14:42 | 000,000,841 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/06/03 22:59:00 | 000,604,132 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/03 22:59:00 | 000,107,342 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/03 09:35:04 | 000,000,410 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2011/06/03 09:35:04 | 000,000,026 | ---- | M] () -- C:\Windows\BRPP2KA.INI
[2011/06/02 23:48:46 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2011/06/02 23:46:54 | 000,000,881 | ---- | M] () -- C:\Users\Fred\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/06/02 23:46:54 | 000,000,857 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/06/01 10:47:48 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/31 22:58:14 | 000,000,873 | ---- | M] () -- C:\Users\Fred\Desktop\Puran Defrag.lnk
[2011/05/30 21:39:53 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01007.Wdf
[2011/05/29 13:57:43 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Fred\Desktop\OTL.exe
[2011/05/29 12:42:29 | 000,000,954 | ---- | M] () -- C:\Users\Fred\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/29 12:35:04 | 000,398,800 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/05/29 02:11:42 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011/05/29 02:11:42 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011/05/29 02:08:57 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/05/26 16:13:09 | 000,000,208 | ---- | M] () -- C:\Windows\TLCAPPS.INI

========== Files Created - No Company Name ==========

[2011/06/05 16:58:57 | 000,001,091 | ---- | C] () -- C:\Users\Fred\AppData\Roaming\Microsoft\Windows\SendTo\Start Menu\Programs\Startup\_uninst_setup_9.0.0.722_06.06.2011_01-08.exe.lnk
[2011/06/05 16:05:21 | 117,308,668 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/06/04 12:26:44 | 000,002,204 | ---- | C] () -- C:\Users\Fred\AppData\Roaming\Microsoft\Windows\SendTo\Start Menu\Programs\Startup\setup_9.0.0.722_04.06.2011_20-46.lnk
[2011/06/03 23:14:42 | 000,000,841 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/06/02 23:48:46 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/06/02 23:46:54 | 000,000,881 | ---- | C] () -- C:\Users\Fred\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/06/02 23:46:54 | 000,000,857 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/06/02 23:46:48 | 000,000,869 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/31 22:58:14 | 000,000,873 | ---- | C] () -- C:\Users\Fred\Desktop\Puran Defrag.lnk
[2011/05/30 21:39:53 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01007.Wdf
[2011/05/29 12:42:28 | 000,000,966 | ---- | C] () -- C:\Users\Fred\AppData\Roaming\Microsoft\Windows\SendTo\Start Menu\Programs\Internet Explorer.lnk
[2011/05/29 02:08:57 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/05/28 20:27:06 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/26 16:13:09 | 000,000,208 | ---- | C] () -- C:\Windows\TLCAPPS.INI
[2010/01/24 23:27:58 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/01/24 23:27:57 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/01/22 04:05:37 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/11/29 11:39:29 | 000,024,206 | ---- | C] () -- C:\Users\Fred\AppData\Roaming\UserTile.png
[2008/03/19 09:18:21 | 000,000,040 | ---- | C] () -- C:\Windows\opt_1435.ini
[2008/03/19 09:18:09 | 000,000,410 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2008/03/19 09:18:09 | 000,000,026 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2008/01/27 19:59:49 | 000,068,608 | ---- | C] () -- C:\Users\Fred\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/12/23 09:04:44 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007/12/23 09:04:44 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007/12/23 09:04:44 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007/12/23 09:04:44 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007/12/23 09:04:44 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007/12/23 09:04:44 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007/12/22 18:21:12 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2007/12/22 18:17:46 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2007/12/22 18:17:46 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2007/12/22 18:17:46 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2007/12/22 18:17:46 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2007/09/26 23:33:57 | 000,036,864 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll
[2007/09/26 23:15:57 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007/09/26 21:57:53 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/09/26 21:40:01 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ3.dat
[2007/09/26 21:40:01 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ2.dat
[2007/09/26 21:40:01 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
[2007/09/26 21:40:01 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2007/09/26 02:25:11 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/09/26 02:25:11 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007/09/26 02:25:11 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll
[2007/09/26 02:25:11 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2006/11/02 06:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:47:37 | 000,398,800 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:33:01 | 000,604,132 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 04:33:01 | 000,107,342 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005/11/23 15:55:42 | 000,024,576 | ---- | C] () -- C:\Windows\System32\SPCtl.dll

========== LOP Check ==========

[2011/06/03 23:18:07 | 000,000,000 | ---D | M] -- C:\Users\Fred\AppData\Roaming\AVG10
[2010/01/22 01:00:04 | 000,000,000 | ---D | M] -- C:\Users\Fred\AppData\Roaming\F-Secure
[2008/11/29 11:39:28 | 000,000,000 | ---D | M] -- C:\Users\Fred\AppData\Roaming\PeerNetworking
[2010/01/21 21:52:56 | 000,000,000 | ---D | M] -- C:\Users\Fred\AppData\Roaming\TELUS
[2008/03/11 12:05:04 | 000,000,000 | ---D | M] -- C:\Users\Fred\AppData\Roaming\TOSHIBA
[2008/02/21 12:37:26 | 000,000,000 | ---D | M] -- C:\Users\Fred\AppData\Roaming\Ulead Systems
[2009/10/25 18:11:08 | 000,000,378 | ---- | M] () -- C:\Windows\Tasks\NSSstub.job
[2011/06/04 16:27:49 | 000,032,644 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

Edited by Triskelion, 05 June 2011 - 05:20 PM.

[maliprog]

Hi Triskelion,

Let's try to check one more place...

Step 1

Please read carefully and follow these steps.

Download TDSSKiller.zip from Kaspersky and save it to your Desktop.

• Extract the zip file to its own folder.
• Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
• Click Start scan to start scanning.
• If infection is detected, the default setting for "action" should be Cure
  
  • (If suspicious file is detected please click on it and change it to Skip).
• Click Continue button
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

Step 2

Download aswMBR.exe ( 511KB ) to your desktop.

• Double click the aswMBR.exe to run it
• Click the "Scan" button to start scan
• On completion of the scan click save log, save it to your desktop and post in your next reply

Step 3

Can you do this step for my peace of mind.

• Turn off your notebook.
• Disconnect it from power supply.
• Remove battery from notebook.
• Connect power supply and turn it on.

How does it run without battery? Any changes?

[Triskelion]

Step 1: TdssKiller Log

2011/06/06 00:50:57.0740 4592 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/06/06 00:50:58.0520 4592 ================================================================================
2011/06/06 00:50:58.0520 4592 SystemInfo:
2011/06/06 00:50:58.0520 4592
2011/06/06 00:50:58.0520 4592 OS Version: 6.0.6002 ServicePack: 2.0
2011/06/06 00:50:58.0520 4592 Product type: Workstation
2011/06/06 00:50:58.0520 4592 ComputerName: FRED-PC
2011/06/06 00:50:58.0520 4592 UserName: Fred
2011/06/06 00:50:58.0520 4592 Windows directory: C:\Windows
2011/06/06 00:50:58.0520 4592 System windows directory: C:\Windows
2011/06/06 00:50:58.0520 4592 Processor architecture: Intel x86
2011/06/06 00:50:58.0520 4592 Number of processors: 2
2011/06/06 00:50:58.0520 4592 Page size: 0x1000
2011/06/06 00:50:58.0520 4592 Boot type: Normal boot
2011/06/06 00:50:58.0520 4592 ================================================================================
2011/06/06 00:51:00.0268 4592 Initialize success
2011/06/06 00:51:01.0968 5872 ================================================================================
2011/06/06 00:51:01.0968 5872 Scan started
2011/06/06 00:51:01.0968 5872 Mode: Manual;
2011/06/06 00:51:01.0968 5872 ================================================================================
2011/06/06 00:51:02.0686 5872 42589151 (7dd41b7ac1fbb1dbf20bb1f4e4fbe58c) C:\Windows\system32\DRIVERS\42589151.sys
2011/06/06 00:51:02.0873 5872 42589152 (a305fad3719c5db0c13d1c2bfd08a04d) C:\Windows\system32\DRIVERS\42589152.sys
2011/06/06 00:51:03.0060 5872 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/06/06 00:51:03.0278 5872 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/06/06 00:51:03.0934 5872 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/06/06 00:51:04.0230 5872 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/06/06 00:51:04.0417 5872 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/06/06 00:51:04.0651 5872 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/06/06 00:51:04.0901 5872 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
2011/06/06 00:51:05.0104 5872 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/06/06 00:51:05.0213 5872 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/06/06 00:51:05.0384 5872 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/06/06 00:51:05.0587 5872 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/06/06 00:51:05.0790 5872 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/06/06 00:51:05.0977 5872 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/06/06 00:51:06.0024 5872 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/06/06 00:51:06.0258 5872 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/06/06 00:51:06.0445 5872 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/06/06 00:51:06.0539 5872 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/06 00:51:06.0695 5872 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/06/06 00:51:06.0913 5872 athr (8be56f8300e1c37b578da23c71816b7a) C:\Windows\system32\DRIVERS\athr.sys
2011/06/06 00:51:07.0288 5872 AVGIDSDriver (97824e8c95d9717777abd46a7b632310) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
2011/06/06 00:51:07.0444 5872 AVGIDSEH (c59c9bc3f0612bd207ccdc5d8cb9ce39) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
2011/06/06 00:51:07.0537 5872 AVGIDSFilter (c5559de2ec66cede15a1664f6d183d8e) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
2011/06/06 00:51:07.0693 5872 AVGIDSShim (ae5e9667fa40206796d1bd5bd0427a8a) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
2011/06/06 00:51:07.0880 5872 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\Windows\system32\DRIVERS\avgldx86.sys
2011/06/06 00:51:07.0990 5872 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\Windows\system32\DRIVERS\avgmfx86.sys
2011/06/06 00:51:08.0255 5872 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\Windows\system32\DRIVERS\avgrkx86.sys
2011/06/06 00:51:08.0426 5872 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\Windows\system32\DRIVERS\avgtdix.sys
2011/06/06 00:51:08.0629 5872 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/06/06 00:51:08.0910 5872 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/06 00:51:09.0097 5872 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/06/06 00:51:09.0160 5872 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/06/06 00:51:09.0362 5872 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/06/06 00:51:09.0425 5872 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/06/06 00:51:09.0674 5872 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/06/06 00:51:09.0752 5872 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/06/06 00:51:09.0908 5872 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/06/06 00:51:10.0002 5872 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/06 00:51:10.0142 5872 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/06 00:51:10.0283 5872 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/06/06 00:51:10.0408 5872 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/06/06 00:51:10.0642 5872 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/06/06 00:51:10.0720 5872 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/06/06 00:51:10.0891 5872 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/06/06 00:51:11.0094 5872 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/06/06 00:51:11.0156 5872 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/06/06 00:51:11.0390 5872 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/06/06 00:51:11.0609 5872 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/06/06 00:51:11.0858 5872 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/06/06 00:51:12.0061 5872 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/06 00:51:12.0280 5872 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/06/06 00:51:12.0545 5872 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/06/06 00:51:12.0794 5872 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/06/06 00:51:13.0060 5872 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/06/06 00:51:13.0247 5872 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/06/06 00:51:13.0434 5872 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/06 00:51:13.0528 5872 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/06/06 00:51:13.0715 5872 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/06/06 00:51:13.0886 5872 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/06 00:51:13.0964 5872 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/06/06 00:51:14.0167 5872 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/06 00:51:14.0230 5872 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/06/06 00:51:14.0479 5872 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/06/06 00:51:14.0651 5872 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/06/06 00:51:14.0776 5872 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/06/06 00:51:14.0885 5872 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/06/06 00:51:15.0025 5872 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/06 00:51:15.0212 5872 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/06/06 00:51:15.0337 5872 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/06/06 00:51:15.0493 5872 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/06/06 00:51:15.0696 5872 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/06/06 00:51:15.0899 5872 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\DRIVERS\iaStor.sys
2011/06/06 00:51:16.0070 5872 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/06/06 00:51:16.0398 5872 igfx (038815297078d236d8cc064c295a74c6) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/06/06 00:51:16.0616 5872 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/06/06 00:51:16.0913 5872 IntcAzAudAddService (0f16d98c3af2138fabfa20adde4e01fe) C:\Windows\system32\drivers\RTKVHDA.sys
2011/06/06 00:51:17.0412 5872 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/06/06 00:51:17.0646 5872 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/06 00:51:17.0849 5872 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/06 00:51:17.0974 5872 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/06/06 00:51:18.0161 5872 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/06/06 00:51:18.0364 5872 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/06/06 00:51:18.0426 5872 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/06/06 00:51:18.0629 5872 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/06/06 00:51:18.0832 5872 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/06/06 00:51:19.0003 5872 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/06/06 00:51:19.0066 5872 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/06/06 00:51:19.0237 5872 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/06/06 00:51:19.0362 5872 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/06 00:51:19.0596 5872 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/06 00:51:19.0814 5872 LPCFilter (515fc18cabee0158a324b08b1c2667cf) C:\Windows\system32\DRIVERS\LPCFilter.sys
2011/06/06 00:51:20.0002 5872 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/06/06 00:51:20.0048 5872 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/06/06 00:51:20.0236 5872 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/06/06 00:51:20.0298 5872 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/06/06 00:51:20.0485 5872 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/06/06 00:51:20.0579 5872 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/06/06 00:51:20.0750 5872 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/06 00:51:20.0828 5872 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/06 00:51:21.0000 5872 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/06 00:51:21.0078 5872 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/06/06 00:51:21.0250 5872 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/06/06 00:51:21.0468 5872 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/06 00:51:21.0671 5872 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/06/06 00:51:21.0749 5872 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/06/06 00:51:21.0936 5872 mrxsmb (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/06 00:51:22.0092 5872 mrxsmb10 (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/06 00:51:22.0170 5872 mrxsmb20 (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/06 00:51:22.0342 5872 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/06/06 00:51:22.0388 5872 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/06/06 00:51:22.0607 5872 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/06/06 00:51:22.0794 5872 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/06/06 00:51:22.0997 5872 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/06 00:51:23.0059 5872 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/06 00:51:23.0231 5872 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/06/06 00:51:23.0309 5872 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/06/06 00:51:23.0512 5872 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/06/06 00:51:23.0683 5872 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/06/06 00:51:23.0761 5872 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/06/06 00:51:23.0964 5872 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/06 00:51:24.0167 5872 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/06/06 00:51:24.0354 5872 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/06 00:51:24.0541 5872 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/06 00:51:24.0744 5872 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/06 00:51:24.0822 5872 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/06/06 00:51:25.0009 5872 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/06 00:51:25.0087 5872 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/06 00:51:25.0290 5872 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/06/06 00:51:25.0430 5872 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/06/06 00:51:25.0555 5872 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/06 00:51:25.0727 5872 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/06/06 00:51:25.0898 5872 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/06/06 00:51:26.0070 5872 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/06/06 00:51:26.0148 5872 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/06/06 00:51:26.0320 5872 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/06/06 00:51:26.0444 5872 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/06/06 00:51:26.0678 5872 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/06/06 00:51:26.0912 5872 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/06/06 00:51:26.0990 5872 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/06/06 00:51:27.0178 5872 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/06/06 00:51:27.0380 5872 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/06/06 00:51:27.0474 5872 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
2011/06/06 00:51:27.0630 5872 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/06/06 00:51:27.0848 5872 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/06/06 00:51:28.0192 5872 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/06 00:51:28.0254 5872 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/06/06 00:51:28.0535 5872 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/06 00:51:28.0691 5872 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/06/06 00:51:28.0878 5872 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/06/06 00:51:29.0081 5872 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/06 00:51:29.0268 5872 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/06 00:51:29.0346 5872 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/06 00:51:29.0564 5872 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/06 00:51:29.0642 5872 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/06 00:51:29.0814 5872 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/06 00:51:29.0908 5872 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/06 00:51:30.0095 5872 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/06/06 00:51:30.0266 5872 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/06 00:51:30.0360 5872 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/06/06 00:51:30.0625 5872 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/06 00:51:30.0812 5872 RTL8169 (b8b159fa669c6386a458fcd468ebb1e6) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/06/06 00:51:30.0922 5872 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/06/06 00:51:31.0124 5872 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
2011/06/06 00:51:31.0312 5872 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/06/06 00:51:31.0405 5872 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/06/06 00:51:31.0577 5872 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/06/06 00:51:31.0670 5872 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/06/06 00:51:31.0873 5872 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/06/06 00:51:31.0936 5872 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/06/06 00:51:32.0107 5872 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/06/06 00:51:32.0201 5872 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/06/06 00:51:32.0357 5872 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/06/06 00:51:32.0466 5872 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/06/06 00:51:32.0622 5872 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/06/06 00:51:32.0731 5872 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/06/06 00:51:32.0934 5872 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/06/06 00:51:33.0028 5872 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/06/06 00:51:33.0215 5872 srv2 (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/06 00:51:33.0277 5872 srvnet (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/06 00:51:33.0511 5872 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/06/06 00:51:33.0605 5872 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/06/06 00:51:33.0776 5872 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/06/06 00:51:33.0886 5872 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/06/06 00:51:34.0042 5872 SynTP (5efcedcf3daf5c8d9e8b77a34a4eec99) C:\Windows\system32\DRIVERS\SynTP.sys
2011/06/06 00:51:34.0244 5872 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/06/06 00:51:34.0478 5872 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/06 00:51:34.0697 5872 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/06 00:51:34.0790 5872 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys
2011/06/06 00:51:34.0962 5872 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/06/06 00:51:35.0009 5872 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/06/06 00:51:35.0087 5872 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/06 00:51:35.0258 5872 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/06/06 00:51:35.0399 5872 tifm21 (e4c85c291ddb3dc5e4a2f227ca465ba6) C:\Windows\system32\drivers\tifm21.sys
2011/06/06 00:51:35.0680 5872 tos_sps32 (1ea5f27c29405bf49799feca77186da9) C:\Windows\system32\DRIVERS\tos_sps32.sys
2011/06/06 00:51:36.0163 5872 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/06 00:51:36.0350 5872 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/06/06 00:51:36.0444 5872 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/06 00:51:36.0647 5872 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
2011/06/06 00:51:36.0818 5872 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/06/06 00:51:36.0912 5872 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/06 00:51:37.0208 5872 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/06/06 00:51:37.0302 5872 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/06/06 00:51:37.0458 5872 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/06/06 00:51:37.0567 5872 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/06/06 00:51:37.0708 5872 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/06 00:51:37.0832 5872 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/06 00:51:37.0988 5872 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/06/06 00:51:38.0113 5872 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/06/06 00:51:38.0238 5872 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/06 00:51:38.0347 5872 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/06/06 00:51:38.0472 5872 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/06/06 00:51:38.0566 5872 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/06/06 00:51:38.0644 5872 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/06/06 00:51:38.0784 5872 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/06/06 00:51:38.0924 5872 UVCFTR (3b929a72aaea96dc0150d3a6da268c89) C:\Windows\system32\Drivers\UVCFTR_S.SYS
2011/06/06 00:51:39.0096 5872 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/06 00:51:39.0205 5872 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/06/06 00:51:39.0330 5872 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/06/06 00:51:39.0392 5872 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/06/06 00:51:39.0486 5872 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/06/06 00:51:39.0642 5872 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/06/06 00:51:39.0767 5872 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/06/06 00:51:39.0938 5872 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/06/06 00:51:40.0094 5872 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/06/06 00:51:40.0219 5872 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/06/06 00:51:40.0360 5872 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/06 00:51:40.0406 5872 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/06 00:51:40.0531 5872 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/06/06 00:51:40.0734 5872 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/06 00:51:41.0140 5872 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/06/06 00:51:41.0389 5872 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/06/06 00:51:41.0592 5872 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/06 00:51:41.0842 5872 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/06 00:51:41.0935 5872 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
2011/06/06 00:51:41.0966 5872 ================================================================================
2011/06/06 00:51:41.0966 5872 Scan finished
2011/06/06 00:51:41.0966 5872 ================================================================================
2011/06/06 00:51:41.0998 5788 Detected object count: 0
2011/06/06 00:51:41.0998 5788 Actual detected object count: 0