Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Hard Drive Failure Warning/Windows Recovery Virus

Started by dragonledak , Jun 03 2011 11:55 PM

  • This topic is locked This topic is locked

#1
dragonledak
Posted 03 June 2011 - 11:55 PM

dragonledak

    Member

  • Member
  • PipPip
  • 16 posts
idon

Member

Group:
Member Posts:
21 Joined:
29-October 08 Posted 28 May 2011 - 03:31 AM

started my computer, went to yahoo mail to delete spam, computer seemed slow then popped up a window saying critical error hard drive failure, then another window popped up supposedly from my vista recovery program did a fake scan and said my computer was severely infected with multiple issues and my hard drive was compromised and 33% data was unreadable. i rebooted and then it hijacked my entire screen, no icons showed up and continual warnings commenced stating my computer was infected and hard drive was now 39% unreadable. GAWD i hate people who make these programs!!!!

Please help and oh yeah a new warning came up saying windows was unable to save all the data for the file \\System32\\496A8300.The data has been lost.This error may be caused by a failure of your computer hardware.

==========================================================================================================================================================

I am having the same problem as this person and the solution sounds good but it asks for data to be posted and it said I cannot reply to someone elses topic so I am creating my own. The unhide thing worked but I need help from there.
  • 0

Advertisements

#2
dragonledak
Posted 04 June 2011 - 12:04 AM

dragonledak

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Okay I am following instructions from another post with the same probelem here is the info from the RKreport.txt

RogueKiller V5.2.1 [06/02/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User: Chad [Admin rights]
Mode: Scan -- Date : 06/04/2011 00:01:43

Bad processes: 1
[SUSP PATH] GDUjiwcDlsMLa.exe -- c:\programdata\gdujiwcdlsmla.exe -> KILLED

Registry Entries: 12
[SUSP PATH] HKCU\[...]\Run : GDUjiwcDlsMLa ("C:\ProgramData\GDUjiwcDlsMLa.exe") -> FOUND
[SUSP PATH] HKUS\S-1-5-21-3161015757-2683380795-3781861229-1000[...]\Run : GDUjiwcDlsMLa ("C:\ProgramData\GDUjiwcDlsMLa.exe") -> FOUND
[HJ] HKCU\[...]\ActiveDesktop : NoChangingWallPaper (1) -> FOUND
[WallPP] HKCU\[...]\Desktop : Wallpaper () -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

HOSTS File:
127.0.0.1 localhost
::1 localhost


Finished : << \RKreport[1].txt >>
RKreport[1].txt
  • 0

#3
dragonledak
Posted 04 June 2011 - 08:07 AM

dragonledak

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Here is the OTL.Txt and the Extras.Txt after it

OTL logfile created on: 6/4/2011 12:28:28 AM - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Chad
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 0.16 Gb Available Physical Memory | 4.15% Memory free
7.60 Gb Paging File | 4.47 Gb Available in Paging File | 58.83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582.67 Gb Total Space | 529.00 Gb Free Space | 90.79% Space Free | Partition Type: NTFS

Computer Name: CHAD-PC | User Name: Chad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/04 00:07:32 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Chad\OTL.exe
PRC - [2011/06/03 16:14:16 | 000,501,200 | R--- | M] (iS3, Inc.) -- C:\Program Files (x86)\STOPzilla!\SZOptions.exe
PRC - [2011/06/03 16:14:14 | 000,177,616 | R--- | M] (iS3, Inc.) -- C:\Program Files (x86)\STOPzilla!\STOPzilla.exe
PRC - [2011/06/03 16:14:08 | 000,267,728 | R--- | M] (iS3, Inc.) -- C:\Program Files (x86)\Common Files\iS3\Anti-Spyware\SZScanner.exe
PRC - [2011/06/03 16:14:08 | 000,062,928 | R--- | M] (iS3, Inc.) -- C:\Program Files (x86)\Common Files\iS3\Anti-Spyware\SZServer.exe
PRC - [2011/05/22 13:31:13 | 001,378,352 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe
PRC - [2011/05/22 13:31:10 | 003,276,136 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe
PRC - [2011/05/22 13:30:59 | 000,882,440 | ---- | M] (Webroot Software Inc) -- C:\Program Files (x86)\Webroot\Security\Current\Framework\WRFrame.exe
PRC - [2011/05/22 09:39:41 | 000,307,376 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2011/04/26 01:54:18 | 000,232,912 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10i_ActiveX.exe
PRC - [2011/04/18 18:04:58 | 003,900,032 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\AEI.exe
PRC - [2011/04/18 18:04:44 | 000,158,048 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\SSU.exe
PRC - [2011/04/16 18:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe
PRC - [2010/04/01 10:52:22 | 000,252,728 | ---- | M] (TOSHIBA) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
PRC - [2010/03/03 15:42:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/03/03 15:41:58 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/12/25 16:21:16 | 000,034,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe


========== Modules (SafeList) ==========

MOD - [2011/06/04 00:07:32 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Chad\OTL.exe
MOD - [2010/08/20 23:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/28 13:30:28 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/09/01 13:00:06 | 000,911,872 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe -- (WiMAXAppSrv)
SRV:64bit: - [2010/09/01 12:54:22 | 000,408,576 | ---- | M] (Red Bend Ltd.) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe -- (DMAgent)
SRV:64bit: - [2010/07/28 11:27:16 | 000,267,192 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2010/07/22 17:36:16 | 000,822,192 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2010/07/19 19:08:30 | 001,429,776 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2010/07/19 18:48:36 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2010/07/19 18:46:54 | 000,838,928 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2010/02/05 18:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/10/21 10:30:36 | 000,531,520 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
SRV:64bit: - [2009/07/28 16:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/06/03 16:14:08 | 000,062,928 | R--- | M] (iS3, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\iS3\Anti-Spyware\SZServer.exe -- (szserver)
SRV - [2011/05/22 13:31:10 | 003,276,136 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe -- (WRConsumerService)
SRV - [2011/04/18 18:04:58 | 003,900,032 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\AEI.exe -- (WebrootSpySweeperService)
SRV - [2011/04/16 18:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe -- (NIS)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 15:42:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/03/03 15:41:58 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009/10/06 10:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/05/21 07:31:30 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/04/18 18:05:08 | 000,137,760 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ssidrv.sys -- (ssidrv)
DRV:64bit: - [2011/04/18 18:05:06 | 000,058,480 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\ssfmonm.sys -- (ssfmonm)
DRV:64bit: - [2011/03/30 21:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/30 21:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/03/21 18:39:49 | 000,382,584 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/03/14 20:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/01/27 00:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symds64.sys -- (SymDS)
DRV:64bit: - [2011/01/26 23:07:06 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/07/29 06:10:42 | 010,610,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/07/28 12:46:18 | 007,821,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel®
DRV:64bit: - [2010/06/21 18:45:56 | 000,287,232 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2010/06/18 11:38:06 | 000,039,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2010/05/18 17:02:48 | 000,164,464 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2010/05/16 18:28:36 | 000,175,104 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpmp.sys -- (bpmp) Intel® Centrino®
DRV:64bit: - [2010/05/16 18:28:28 | 000,081,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpusb.sys -- (bpusb)
DRV:64bit: - [2010/05/16 18:28:26 | 000,071,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpenum.sys -- (bpenum)
DRV:64bit: - [2010/05/08 19:38:56 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2010/05/03 15:44:02 | 000,331,880 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/03/10 19:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/02/27 08:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/01/15 13:22:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/10/09 20:41:20 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/09/17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/07/30 22:02:36 | 000,044,912 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2009/07/30 21:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 19:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 19:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:00:24 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpials.sys -- (acpials)
DRV:64bit: - [2009/06/29 17:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2009/06/29 11:25:22 | 000,034,880 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)
DRV:64bit: - [2009/06/22 18:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/19 20:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/10 14:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2011/05/20 19:11:19 | 002,011,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110527.002\EX64.SYS -- (NAVEX15)
DRV - [2011/05/20 19:11:19 | 000,481,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/05/20 19:11:19 | 000,136,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/05/20 19:11:19 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110527.002\ENG64.SYS -- (NAVENG)
DRV - [2011/05/18 00:36:02 | 001,127,032 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110518.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011/03/14 12:58:28 | 000,476,792 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110526.002\IDSviA64.sys -- (IDSVia64)
DRV - [2010/01/15 16:22:22 | 000,074,768 | R--- | M] (iS3 Inc.) [Kernel | Boot | Running] -- C:\windows\SySWOW64\DRIVERS\szkg64.sys -- (szkg5)
DRV - [2010/01/15 16:22:22 | 000,074,768 | R--- | M] (iS3 Inc.) [Kernel | Boot | Stopped] -- C:\windows\SySWOW64\drivers\is3srv64.sys -- (is3srv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3161015757-2683380795-3781861229-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/g/
IE - HKU\S-1-5-21-3161015757-2683380795-3781861229-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3161015757-2683380795-3781861229-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.toshiba.com/g/
IE - HKU\S-1-5-21-3161015757-2683380795-3781861229-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3161015757-2683380795-3781861229-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011/05/22 09:28:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\ [2011/05/21 07:31:15 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/06/03 22:21:31 | 000,000,860 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll (Google Inc.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (STOPzilla Browser Helper Object) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files (x86)\STOPzilla!\SZIEBHO.dll (iS3, Inc.)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-21-3161015757-2683380795-3781861229-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-3161015757-2683380795-3781861229-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [IntelWirelessWiMAX] C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [ThpSrv] C:\windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TSleepSrv] File not found
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKLM..\Run: [WebrootTrayApp] C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe (Webroot Software, Inc. )
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3161015757-2683380795-3781861229-1000..\Run: [AROReminder] File not found
O4 - HKU\S-1-5-21-3161015757-2683380795-3781861229-1000..\Run: [GDUjiwcDlsMLa] C:\ProgramData\GDUjiwcDlsMLa.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O4 - Startup: C:\Users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Neverwinter Nights Registration.lnk = C:\NeverwinterNights\NWN\ereg\ATR1.EXE (Leader Technologies/Atari)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-3161015757-2683380795-3781861229-1000\Software\Policies\Microsoft\Internet Explorer\restrictions present
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 205.171.3.25 205.171.2.25
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-3161015757-2683380795-3781861229-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/06/04 00:07:30 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Chad\OTL.exe
[2011/06/04 00:01:42 | 000,000,000 | ---D | C] -- C:\Users\Chad\Desktop\RK_Quarantine
[2011/06/03 22:24:57 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2011/06/03 20:32:25 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery
[2011/06/03 20:21:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STOPzilla
[2011/06/03 20:21:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\STOPzilla!
[2011/06/03 20:21:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\iS3
[2011/06/03 20:21:37 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2011/06/03 20:03:27 | 000,418,816 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\GDUjiwcDlsMLa.exe
[2011/06/03 16:14:02 | 000,546,256 | R--- | C] (iS3, Inc.) -- C:\windows\SysWow64\SZComp5.dll
[2011/06/03 16:14:02 | 000,132,560 | R--- | C] (iS3, Inc.) -- C:\windows\SysWow64\IS3HTUI5.dll
[2011/06/03 16:14:02 | 000,022,992 | R--- | C] (iS3, Inc.) -- C:\windows\SysWow64\SZIO5.dll
[2011/06/03 16:14:00 | 000,456,144 | R--- | C] (iS3, Inc.) -- C:\windows\SysWow64\SZBase5.dll
[2011/06/03 16:14:00 | 000,398,800 | R--- | C] (iS3, Inc.) -- C:\windows\SysWow64\IS3DBA5.dll
[2011/06/03 16:14:00 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\windows\SysWow64\IS3Svc5.dll
[2011/06/03 16:14:00 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\windows\SysWow64\IS3Inet5.dll
[2011/06/03 16:14:00 | 000,067,024 | R--- | C] (iS3, Inc.) -- C:\windows\SysWow64\IS3Hks5.dll
[2011/06/03 16:14:00 | 000,028,624 | R--- | C] (iS3, Inc.) -- C:\windows\SysWow64\IS3XDat5.dll
[2011/06/03 16:13:58 | 000,738,768 | R--- | C] (iS3, Inc.) -- C:\windows\SysWow64\IS3Base5.dll
[2011/06/03 16:13:58 | 000,390,608 | R--- | C] (iS3, Inc.) -- C:\windows\SysWow64\IS3UI5.dll
[2011/06/03 16:13:58 | 000,230,864 | R--- | C] (iS3, Inc.) -- C:\windows\SysWow64\IS3Win325.dll
[2011/05/24 12:18:51 | 000,000,000 | ---D | C] -- C:\back up nwn executable
[2011/05/23 22:43:37 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/05/23 22:43:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/05/23 22:34:39 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/05/23 22:33:00 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Roaming\WinRAR
[2011/05/23 22:04:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ARO 2011
[2011/05/23 22:04:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ARO 2011
[2011/05/23 22:01:53 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Local\OpenCandy
[2011/05/23 22:01:50 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Roaming\OpenCandy
[2011/05/23 19:23:07 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Roaming\Leadertech
[2011/05/23 19:23:01 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade
[2011/05/23 19:23:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade
[2011/05/23 19:22:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GameSpy Arcade
[2011/05/23 19:18:06 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Neverwinter Nights
[2011/05/23 19:18:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Neverwinter Nights
[2011/05/23 19:05:48 | 000,000,000 | ---D | C] -- C:\NeverwinterNights
[2011/05/23 15:06:32 | 000,000,000 | ---D | C] -- C:\ProgramData\FileCure
[2011/05/22 20:31:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EasyInfo
[2011/05/22 20:26:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games
[2011/05/22 13:34:42 | 000,137,760 | ---- | C] (Webroot Software, Inc. (www.webroot.com)) -- C:\windows\SysNative\drivers\ssidrv.sys
[2011/05/22 13:34:42 | 000,058,480 | ---- | C] (Webroot Software, Inc. (www.webroot.com)) -- C:\windows\SysNative\drivers\ssfmonm.sys
[2011/05/22 13:31:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot
[2011/05/22 13:31:20 | 000,000,000 | ---D | C] -- C:\ProgramData\{3C707538-83E3-4DAC-9218-6D79F3B9FEA5}
[2011/05/22 13:30:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Webroot
[2011/05/22 13:29:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Webroot
[2011/05/22 13:29:22 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Local\PackageAware
[2011/05/22 13:17:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011/05/22 13:16:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2011/05/22 13:13:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011/05/22 13:13:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2011/05/22 13:13:18 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Local\Microsoft Help
[2011/05/22 13:13:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2011/05/22 13:13:03 | 000,000,000 | R--D | C] -- C:\MSOCache
[2011/05/22 12:38:01 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Local\Diagnostics
[2011/05/22 12:33:16 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Local\CrashDumps
[2011/05/22 09:34:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2011/05/22 09:25:20 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\Wat
[2011/05/22 09:25:20 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Wat
[2011/05/20 20:42:29 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Roaming\Google
[2011/05/20 20:42:28 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Local\Google
[2011/05/20 20:21:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2011/05/20 19:08:44 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2011/05/20 17:44:12 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Local\TOSHIBA_Corporation
[2011/05/20 17:38:58 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Roaming\Macromedia
[2011/05/20 17:38:56 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Roaming\Adobe
[2011/05/20 17:21:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EA Games
[2011/05/20 17:11:13 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Local\Toshiba
[2011/05/20 17:09:16 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Roaming\Toshiba
[2011/05/20 17:08:48 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Local\Apps
[2011/05/20 17:08:41 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Local\Deployment
[2011/05/20 17:08:13 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Roaming\Intel
[2011/05/20 17:06:29 | 000,000,000 | R--D | C] -- C:\Users\Chad\Searches
[2011/05/20 17:06:29 | 000,000,000 | R--D | C] -- C:\Users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/05/20 17:06:29 | 000,000,000 | ---D | C] -- C:\Users\Chad\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011/05/20 17:06:19 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Roaming\Identities
[2011/05/20 17:06:15 | 000,000,000 | R--D | C] -- C:\Users\Chad\Contacts
[2011/05/20 17:06:12 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Local\VirtualStore
[2011/05/20 17:05:22 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Roaming\WinBatch
[2011/05/20 17:04:36 | 000,000,000 | -HSD | C] -- C:\Users\Chad\AppData\Local\Temporary Internet Files
[2011/05/20 17:04:36 | 000,000,000 | -HSD | C] -- C:\Users\Chad\Templates
[2011/05/20 17:04:36 | 000,000,000 | -HSD | C] -- C:\Users\Chad\Start Menu
[2011/05/20 17:04:36 | 000,000,000 | -HSD | C] -- C:\Users\Chad\SendTo
[2011/05/20 17:04:36 | 000,000,000 | -HSD | C] -- C:\Users\Chad\Recent
[2011/05/20 17:04:36 | 000,000,000 | -HSD | C] -- C:\Users\Chad\PrintHood
[2011/05/20 17:04:36 | 000,000,000 | -HSD | C] -- C:\Users\Chad\NetHood
[2011/05/20 17:04:36 | 000,000,000 | -HSD | C] -- C:\Users\Chad\Documents\My Videos
[2011/05/20 17:04:36 | 000,000,000 | -HSD | C] -- C:\Users\Chad\Documents\My Pictures
[2011/05/20 17:04:36 | 000,000,000 | -HSD | C] -- C:\Users\Chad\Documents\My Music
[2011/05/20 17:04:36 | 000,000,000 | -HSD | C] -- C:\Users\Chad\My Documents
[2011/05/20 17:04:36 | 000,000,000 | -HSD | C] -- C:\Users\Chad\Local Settings
[2011/05/20 17:04:36 | 000,000,000 | -HSD | C] -- C:\Users\Chad\AppData\Local\History
[2011/05/20 17:04:36 | 000,000,000 | -HSD | C] -- C:\Users\Chad\Cookies
[2011/05/20 17:04:36 | 000,000,000 | -HSD | C] -- C:\Users\Chad\Application Data
[2011/05/20 17:04:36 | 000,000,000 | -HSD | C] -- C:\Users\Chad\AppData\Local\Application Data
[2011/05/20 17:04:30 | 000,000,000 | --SD | C] -- C:\Users\Chad\AppData\Roaming\Microsoft
[2011/05/20 17:04:30 | 000,000,000 | R--D | C] -- C:\Users\Chad\Videos
[2011/05/20 17:04:30 | 000,000,000 | R--D | C] -- C:\Users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/05/20 17:04:30 | 000,000,000 | R--D | C] -- C:\Users\Chad\Saved Games
[2011/05/20 17:04:30 | 000,000,000 | R--D | C] -- C:\Users\Chad\Pictures
[2011/05/20 17:04:30 | 000,000,000 | R--D | C] -- C:\Users\Chad\Music
[2011/05/20 17:04:30 | 000,000,000 | R--D | C] -- C:\Users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/05/20 17:04:30 | 000,000,000 | R--D | C] -- C:\Users\Chad\Links
[2011/05/20 17:04:30 | 000,000,000 | R--D | C] -- C:\Users\Chad\Favorites
[2011/05/20 17:04:30 | 000,000,000 | R--D | C] -- C:\Users\Chad\Downloads
[2011/05/20 17:04:30 | 000,000,000 | R--D | C] -- C:\Users\Chad\My Documents
[2011/05/20 17:04:30 | 000,000,000 | R--D | C] -- C:\Users\Chad\Desktop
[2011/05/20 17:04:30 | 000,000,000 | R--D | C] -- C:\Users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/05/20 17:04:30 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Local\Temp
[2011/05/20 17:04:30 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Local\Microsoft
[2011/05/20 17:04:30 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Roaming\Media Center Programs
[2011/05/20 17:04:30 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/04 00:13:09 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/04 00:07:32 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Chad\OTL.exe
[2011/06/03 23:38:55 | 000,003,832 | ---- | M] () -- C:\windows\SysNative\drivers\kgpcpy.cfg
[2011/06/03 23:11:22 | 000,016,304 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/03 23:11:22 | 000,016,304 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/03 23:03:16 | 000,000,096 | ---- | M] () -- C:\windows\SysNative\drivers\kgpfr2.cfg
[2011/06/03 23:03:13 | 000,726,316 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2011/06/03 23:03:13 | 000,624,178 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2011/06/03 23:03:13 | 000,106,522 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2011/06/03 22:56:24 | 000,000,336 | ---- | M] () -- C:\ProgramData\37084920
[2011/06/03 22:56:20 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/03 22:55:58 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/06/03 22:55:55 | 3059,748,864 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/03 22:52:24 | 000,000,336 | ---- | M] () -- C:\ProgramData\36495096
[2011/06/03 22:24:42 | 510,135,446 | ---- | M] () -- C:\windows\MEMORY.DMP
[2011/06/03 20:36:31 | 000,000,096 | ---- | M] () -- C:\windows\SysWow64\drivers\kgpfr2.cfg
[2011/06/03 20:32:34 | 000,000,646 | ---- | M] () -- C:\Users\Chad\Desktop\Windows 7 Recovery.lnk
[2011/06/03 16:14:02 | 000,546,256 | R--- | M] (iS3, Inc.) -- C:\windows\SysWow64\SZComp5.dll
[2011/06/03 16:14:02 | 000,132,560 | R--- | M] (iS3, Inc.) -- C:\windows\SysWow64\IS3HTUI5.dll
[2011/06/03 16:14:02 | 000,022,992 | R--- | M] (iS3, Inc.) -- C:\windows\SysWow64\SZIO5.dll
[2011/06/03 16:14:00 | 000,456,144 | R--- | M] (iS3, Inc.) -- C:\windows\SysWow64\SZBase5.dll
[2011/06/03 16:14:00 | 000,398,800 | R--- | M] (iS3, Inc.) -- C:\windows\SysWow64\IS3DBA5.dll
[2011/06/03 16:14:00 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\windows\SysWow64\IS3Svc5.dll
[2011/06/03 16:14:00 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\windows\SysWow64\IS3Inet5.dll
[2011/06/03 16:14:00 | 000,067,024 | R--- | M] (iS3, Inc.) -- C:\windows\SysWow64\IS3Hks5.dll
[2011/06/03 16:14:00 | 000,028,624 | R--- | M] (iS3, Inc.) -- C:\windows\SysWow64\IS3XDat5.dll
[2011/06/03 16:13:58 | 000,738,768 | R--- | M] (iS3, Inc.) -- C:\windows\SysWow64\IS3Base5.dll
[2011/06/03 16:13:58 | 000,390,608 | R--- | M] (iS3, Inc.) -- C:\windows\SysWow64\IS3UI5.dll
[2011/06/03 16:13:58 | 000,230,864 | R--- | M] (iS3, Inc.) -- C:\windows\SysWow64\IS3Win325.dll
[2011/05/29 19:07:48 | 000,001,092 | ---- | M] () -- C:\Users\Chad\Desktop\nwtoolset - Shortcut.lnk
[2011/05/27 10:30:34 | 000,342,720 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2011/05/24 19:24:19 | 001,604,352 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1206000.01D\Cat.DB
[2011/05/24 12:23:52 | 000,001,128 | ---- | M] () -- C:\Users\Chad\Desktop\nwmain-169-hg - Shortcut.lnk
[2011/05/23 22:05:38 | 000,001,883 | ---- | M] () -- C:\Users\Chad\Application Data\Microsoft\Internet Explorer\Quick Launch\Check PC For Errors.lnk
[2011/05/23 19:25:06 | 000,001,055 | ---- | M] () -- C:\Users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Neverwinter Nights Registration.lnk
[2011/05/21 07:31:30 | 000,174,200 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS
[2011/05/21 07:31:30 | 000,007,488 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT
[2011/05/21 07:31:30 | 000,000,855 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF
[2011/05/20 20:42:19 | 000,001,452 | ---- | M] () -- C:\Users\Chad\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/20 18:03:45 | 000,039,252 | ---- | M] () -- C:\windows\SysWow64\license.rtf
[2011/05/20 18:03:45 | 000,039,252 | ---- | M] () -- C:\windows\SysNative\license.rtf
[2011/05/20 17:05:47 | 000,000,013 | RHS- | M] () -- C:\windows\SysNative\drivers\fbd.sys
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/03 23:03:16 | 000,000,096 | ---- | C] () -- C:\windows\SysNative\drivers\kgpfr2.cfg
[2011/06/03 23:01:46 | 000,003,832 | ---- | C] () -- C:\windows\SysNative\drivers\kgpcpy.cfg
[2011/06/03 22:56:24 | 000,000,336 | ---- | C] () -- C:\ProgramData\37084920
[2011/06/03 22:52:24 | 000,000,336 | ---- | C] () -- C:\ProgramData\36495096
[2011/06/03 22:24:42 | 510,135,446 | ---- | C] () -- C:\windows\MEMORY.DMP
[2011/06/03 20:36:31 | 000,000,096 | ---- | C] () -- C:\windows\SysWow64\drivers\kgpfr2.cfg
[2011/06/03 20:32:32 | 000,000,646 | ---- | C] () -- C:\Users\Chad\Desktop\Windows 7 Recovery.lnk
[2011/05/29 19:07:48 | 000,001,092 | ---- | C] () -- C:\Users\Chad\Desktop\nwtoolset - Shortcut.lnk
[2011/05/24 12:23:52 | 000,001,128 | ---- | C] () -- C:\Users\Chad\Desktop\nwmain-169-hg - Shortcut.lnk
[2011/05/23 22:04:13 | 000,001,883 | ---- | C] () -- C:\Users\Chad\Application Data\Microsoft\Internet Explorer\Quick Launch\Check PC For Errors.lnk
[2011/05/23 19:25:06 | 000,001,055 | ---- | C] () -- C:\Users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Neverwinter Nights Registration.lnk
[2011/05/22 13:34:42 | 000,030,424 | ---- | C] () -- C:\windows\SysWow64\wrLZMA.dll
[2011/05/22 13:34:42 | 000,019,576 | ---- | C] () -- C:\windows\SysNative\SsiEfr.exe
[2011/05/20 20:42:19 | 000,001,452 | ---- | C] () -- C:\Users\Chad\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/20 17:06:32 | 000,001,458 | ---- | C] () -- C:\Users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/05/20 17:05:47 | 000,000,013 | RHS- | C] () -- C:\windows\SysNative\drivers\fbd.sys
[2011/05/20 17:04:30 | 000,000,290 | ---- | C] () -- C:\Users\Chad\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/05/20 17:04:30 | 000,000,272 | ---- | C] () -- C:\Users\Chad\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/07/29 06:08:46 | 000,127,868 | ---- | C] () -- C:\windows\SysWow64\igcompkrng575.bin
[2010/07/29 06:08:44 | 000,104,796 | ---- | C] () -- C:\windows\SysWow64\igfcg575m.bin
[2010/07/29 06:08:42 | 000,870,560 | ---- | C] () -- C:\windows\SysWow64\igkrng575.bin
[2010/07/29 05:14:38 | 000,208,896 | ---- | C] () -- C:\windows\SysWow64\iglhsip32.dll
[2010/07/29 05:14:38 | 000,143,360 | ---- | C] () -- C:\windows\SysWow64\iglhcp32.dll
[2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
[2009/04/28 05:37:00 | 000,028,672 | ---- | C] () -- C:\windows\SysWow64\SPCtl.dll

========== LOP Check ==========

[2011/05/23 19:23:07 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\Leadertech
[2011/05/23 22:01:50 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\OpenCandy
[2011/06/01 09:11:10 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\Toshiba
[2011/05/20 17:05:22 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\WinBatch
[2009/07/13 23:08:49 | 000,008,202 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2011/02/26 00:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011/02/26 00:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/25 23:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 19:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/25 23:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 23:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2010/11/20 06:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 00:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009/08/02 23:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 07:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/08/02 23:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/10/31 00:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009/08/03 00:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2009/07/13 19:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 00:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/10/31 00:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2011/02/26 00:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2011/02/26 00:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2009/10/30 23:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/25 23:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 06:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 19:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/13 19:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 19:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009/07/13 19:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 07:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/10/28 01:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 00:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009/10/28 00:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
[2010/11/20 07:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 19:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2011/05/19 23:54:14 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2011/05/19 23:54:14 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/05/19 23:54:14 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2011/05/19 23:54:14 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2009/07/13 19:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2009/07/13 19:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2009/07/13 19:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/02/23 23:32:52 | 000,673,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2011/02/23 23:32:52 | 000,673,040 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2011/05/19 23:54:14 | 001,010,232 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2011/05/19 23:54:14 | 001,010,232 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2011/05/19 23:54:14 | 001,010,232 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2011/05/19 23:54:14 | 001,010,232 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2009/07/13 19:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2009/07/13 19:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2009/07/13 19:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011/02/23 23:32:52 | 000,673,040 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2011/02/23 23:32:52 | 000,673,040 | ---- | M] (Microsoft Corporation)

< >

< >

< End of report >


OTL Extras logfile created on: 6/4/2011 12:08:20 AM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Chad
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 0.08 Gb Available Physical Memory | 2.15% Memory free
7.60 Gb Paging File | 4.63 Gb Available in Paging File | 60.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582.67 Gb Total Space | 529.12 Gb Free Space | 90.81% Space Free | Partition Type: NTFS

Computer Name: CHAD-PC | User Name: Chad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"{4327107B-E95E-415C-9194-458FCED6BF12}" = Intel® PROSet/Wireless WiFi Software
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4F26C164-9373-4974-8F43-E0F2176AF937}" = Intel WiMAX Tutorial
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{6548B189-BEA4-4041-80E0-AEB60548E046}" = Intel® PROSet/Wireless WiMAX Software
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"{C298FF86-AB23-4B58-AC53-A23383C07B3A}" = Intel® Wireless Display
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.01 beta 1 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = TOSHIBA Assist
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{39187A4B-7538-4BE7-8BAD-9E83303793AA}" = Toshiba Book Place
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{654F7484-88C5-46DC-AB32-C66BCB0E2102}" = TOSHIBA Sleep Utility
"{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}" = Command & Conquer The First Decade
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{795A3A1E-E06A-4214-A2EF-3DDF3BA05C2B}" = STOPzilla
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B287B75-DF8D-40C8-9620-8E4492C38EF1}" = Webroot Software
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{C1583439-B034-4881-819C-D52A0587662B}" = Neverwinter Nights
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}" = Toshiba App Place
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ARO 2011_is1" = ARO 2011
"GameSpy Arcade" = GameSpy Arcade
"Google Chrome" = Google Chrome
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Neverwinter Nights™ Kingmaker" = BioWare Premium Module: Neverwinter Nights™ Kingmaker
"NIS" = Norton Internet Security
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Webroot Software" = Webroot Software
"WinLiveSuite" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/30/2011 4:25:48 PM | Computer Name = Chad-PC | Source = Google Update | ID = 20
Description =

Error - 5/30/2011 5:13:07 PM | Computer Name = Chad-PC | Source = Google Update | ID = 20
Description =

Error - 5/30/2011 6:13:07 PM | Computer Name = Chad-PC | Source = Google Update | ID = 20
Description =

Error - 5/30/2011 7:14:16 PM | Computer Name = Chad-PC | Source = Google Update | ID = 20
Description =

Error - 5/30/2011 8:13:07 PM | Computer Name = Chad-PC | Source = Google Update | ID = 20
Description =

Error - 5/30/2011 9:13:07 PM | Computer Name = Chad-PC | Source = Google Update | ID = 20
Description =

Error - 5/30/2011 10:13:07 PM | Computer Name = Chad-PC | Source = Google Update | ID = 20
Description =

Error - 5/31/2011 12:44:05 AM | Computer Name = Chad-PC | Source = Google Update | ID = 20
Description =

Error - 5/31/2011 1:13:07 AM | Computer Name = Chad-PC | Source = Google Update | ID = 20
Description =

Error - 5/31/2011 4:59:15 PM | Computer Name = Chad-PC | Source = Toshiba App Place | ID = 0
Description =

[ System Events ]
Error - 5/22/2011 11:25:36 AM | Computer Name = Chad-PC | Source = Application Popup | ID = 877
Description = There was error [DATABASE OPEN FAILED] processing the driver database.

Error - 5/22/2011 11:27:43 AM | Computer Name = Chad-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Modules Installer service terminated with the following
error: %%16405

Error - 5/23/2011 8:41:20 AM | Computer Name = Chad-PC | Source = BROWSER | ID = 8032
Description =


< End of report >

Edited by dragonledak, 04 June 2011 - 08:10 AM.

  • 0

#4
Essexboy
Posted 04 June 2011 - 08:53 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi could you now run RogueKiller option 2 followed by option 6 and then do the following

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O4 - HKU\S-1-5-21-3161015757-2683380795-3781861229-1000..\Run: [GDUjiwcDlsMLa] C:\ProgramData\GDUjiwcDlsMLa.exe (Microsoft Corporation)

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#5
dragonledak
Posted 04 June 2011 - 09:32 AM

dragonledak

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
I did what you said and then I rebooted, now my screen is staying black with only the mouse icon, this was before login.
  • 0

#6
Essexboy
Posted 04 June 2011 - 10:46 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK this is the second time I have come across this - it appears the malware now has a new trick up its sleeve. Can you reboot your computer and immediately press and hold F8 when the menu appears select safe mode with networking and run a fresh OTL scan
  • 0

#7
Essexboy
Posted 04 June 2011 - 11:02 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK just heard back from the other Victim and when you are at the safe mode menu select Last Known Good then run a fresh OTL scan for me please
  • 0

#8
dragonledak
Posted 04 June 2011 - 11:07 AM

dragonledak

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Rescanned using the custom scan you said (was not sure if that is what you wanted right now though) I figured out to use the last known good config right before you told me :)

OTL logfile created on: 6/4/2011 10:59:20 AM - Run 3
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Chad
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.16 Gb Available Physical Memory | 56.90% Memory free
7.60 Gb Paging File | 5.97 Gb Available in Paging File | 78.64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582.67 Gb Total Space | 528.75 Gb Free Space | 90.74% Space Free | Partition Type: NTFS

Computer Name: CHAD-PC | User Name: Chad | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/04 00:07:32 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Chad\OTL.exe
PRC - [2011/05/22 13:31:10 | 003,276,136 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe
PRC - [2011/04/18 18:04:58 | 003,900,032 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\AEI.exe


========== Modules (SafeList) ==========

MOD - [2011/06/04 00:07:32 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Chad\OTL.exe
MOD - [2010/08/20 23:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/28 13:30:28 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/09/01 13:00:06 | 000,911,872 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe -- (WiMAXAppSrv)
SRV:64bit: - [2010/09/01 12:54:22 | 000,408,576 | ---- | M] (Red Bend Ltd.) [Auto | Stopped] -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe -- (DMAgent)
SRV:64bit: - [2010/07/28 11:27:16 | 000,267,192 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2010/07/22 17:36:16 | 000,822,192 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2010/07/19 19:08:30 | 001,429,776 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2010/07/19 18:48:36 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2010/07/19 18:46:54 | 000,838,928 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2010/02/05 18:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/10/21 10:30:36 | 000,531,520 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
SRV:64bit: - [2009/07/28 16:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\svchost.exe -- (gpsvc)
SRV - [2011/06/03 16:14:08 | 000,062,928 | R--- | M] (iS3, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\iS3\Anti-Spyware\SZServer.exe -- (szserver)
SRV - [2011/05/22 13:31:10 | 003,276,136 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe -- (WRConsumerService)
SRV - [2011/04/18 18:04:58 | 003,900,032 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\AEI.exe -- (WebrootSpySweeperService)
SRV - [2011/04/16 18:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Stopped] -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe -- (NIS)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 15:42:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/03/03 15:41:58 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009/10/06 10:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/05/21 07:31:30 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/04/18 18:05:08 | 000,137,760 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ssidrv.sys -- (ssidrv)
DRV:64bit: - [2011/04/18 18:05:06 | 000,058,480 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\ssfmonm.sys -- (ssfmonm)
DRV:64bit: - [2011/03/30 21:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/30 21:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/03/21 18:39:49 | 000,382,584 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/03/14 20:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/01/27 00:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symds64.sys -- (SymDS)
DRV:64bit: - [2011/01/26 23:07:06 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/07/29 06:10:42 | 010,610,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/07/28 12:46:18 | 007,821,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel®
DRV:64bit: - [2010/06/21 18:45:56 | 000,287,232 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2010/06/18 11:38:06 | 000,039,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2010/05/18 17:02:48 | 000,164,464 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2010/05/16 18:28:36 | 000,175,104 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bpmp.sys -- (bpmp) Intel® Centrino®
DRV:64bit: - [2010/05/16 18:28:28 | 000,081,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bpusb.sys -- (bpusb)
DRV:64bit: - [2010/05/16 18:28:26 | 000,071,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bpenum.sys -- (bpenum)
DRV:64bit: - [2010/05/08 19:38:56 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2010/05/03 15:44:02 | 000,331,880 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/03/10 19:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/02/27 08:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/01/15 13:22:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/10/09 20:41:20 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/09/17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/07/30 22:02:36 | 000,044,912 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2009/07/30 21:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 19:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 19:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:00:24 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpials.sys -- (acpials)
DRV:64bit: - [2009/06/29 17:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2009/06/29 11:25:22 | 000,034,880 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)
DRV:64bit: - [2009/06/22 18:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/19 20:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/10 14:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2011/05/20 19:11:19 | 002,011,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110603.038\EX64.SYS -- (NAVEX15)
DRV - [2011/05/20 19:11:19 | 000,481,912 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/05/20 19:11:19 | 000,136,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/05/20 19:11:19 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110603.038\ENG64.SYS -- (NAVENG)
DRV - [2011/05/18 00:36:02 | 001,127,032 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110518.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011/03/14 12:58:28 | 000,476,792 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110526.002\IDSviA64.sys -- (IDSVia64)
DRV - [2010/01/15 16:22:22 | 000,074,768 | R--- | M] (iS3 Inc.) [Kernel | Boot | Running] -- C:\windows\SySWOW64\DRIVERS\szkg64.sys -- (szkg5)
DRV - [2010/01/15 16:22:22 | 000,074,768 | R--- | M] (iS3 Inc.) [Kernel | Boot | Stopped] -- C:\windows\SySWOW64\drivers\is3srv64.sys -- (is3srv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3161015757-2683380795-3781861229-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/g/
IE - HKU\S-1-5-21-3161015757-2683380795-3781861229-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3161015757-2683380795-3781861229-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.toshiba.com/g/
IE - HKU\S-1-5-21-3161015757-2683380795-3781861229-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011/05/22 09:28:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\ [2011/05/21 07:31:15 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/06/03 22:21:31 | 000,000,860 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll (Google Inc.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (STOPzilla Browser Helper Object) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files (x86)\STOPzilla!\SZIEBHO.dll (iS3, Inc.)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-21-3161015757-2683380795-3781861229-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-3161015757-2683380795-3781861229-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [IntelWirelessWiMAX] C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [ThpSrv] C:\windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TSleepSrv] File not found
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKLM..\Run: [WebrootTrayApp] C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe (Webroot Software, Inc. )
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3161015757-2683380795-3781861229-1000..\Run: [AROReminder] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O4 - Startup: C:\Users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Neverwinter Nights Registration.lnk = C:\NeverwinterNights\NWN\ereg\ATR1.EXE (Leader Technologies/Atari)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-3161015757-2683380795-3781861229-1000\Software\Policies\Microsoft\Internet Explorer\restrictions present
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 205.171.3.25 205.171.2.25
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:64bit: - LSA: Authentication Packages - (ows\w) - File not found
O30 - LSA: Authentication Packages - (ows\w) - File not found
O30:64bit: - LSA: Security Packages - (椀渀搀漀眀猀) - File not found
O30:64bit: - LSA: Security Packages - (ᘀ堀㄀) - File not found
O30 - LSA: Security Packages - (椀渀搀漀眀猀) - File not found
O30 - LSA: Security Packages - (ᘀ堀㄀) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[CREATERESTOREPOINT]
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/06/04 09:10:02 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/04 00:07:30 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Chad\OTL.exe
[2011/06/04 00:01:42 | 000,000,000 | ---D | C] -- C:\Users\Chad\Desktop\RK_Quarantine
[2011/06/03 22:24:57 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2011/06/03 20:32:25 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery
[2011/06/03 20:21:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STOPzilla
[2011/06/03 20:21:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\STOPzilla!
[2011/06/03 20:21:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\iS3
[2011/06/03 20:21:37 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2011/06/03 16:14:02 | 000,546,256 | R--- | C] (iS3, Inc.) -- C:\windows\SysWow64\SZComp5.dll
[2011/06/03 16:14:02 | 000,132,560 | R--- | C] (iS3, Inc.) -- C:\windows\SysWow64\IS3HTUI5.dll
[2011/06/03 16:14:02 | 000,022,992 | R--- | C] (iS3, Inc.) -- C:\windows\SysWow64\SZIO5.dll
[2011/06/03 16:14:00 | 000,456,144 | R--- | C] (iS3, Inc.) -- C:\windows\SysWow64\SZBase5.dll
[2011/06/03 16:14:00 | 000,398,800 | R--- | C] (iS3, Inc.) -- C:\windows\SysWow64\IS3DBA5.dll
[2011/06/03 16:14:00 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\windows\SysWow64\IS3Svc5.dll
[2011/06/03 16:14:00 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\windows\SysWow64\IS3Inet5.dll
[2011/06/03 16:14:00 | 000,067,024 | R--- | C] (iS3, Inc.) -- C:\windows\SysWow64\IS3Hks5.dll
[2011/06/03 16:14:00 | 000,028,624 | R--- | C] (iS3, Inc.) -- C:\windows\SysWow64\IS3XDat5.dll
[2011/06/03 16:13:58 | 000,738,768 | R--- | C] (iS3, Inc.) -- C:\windows\SysWow64\IS3Base5.dll
[2011/06/03 16:13:58 | 000,390,608 | R--- | C] (iS3, Inc.) -- C:\windows\SysWow64\IS3UI5.dll
[2011/06/03 16:13:58 | 000,230,864 | R--- | C] (iS3, Inc.) -- C:\windows\SysWow64\IS3Win325.dll
[2011/05/24 12:18:51 | 000,000,000 | ---D | C] -- C:\back up nwn executable
[2011/05/23 22:43:37 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/05/23 22:43:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/05/23 22:34:39 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/05/23 22:33:00 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Roaming\WinRAR
[2011/05/23 22:04:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ARO 2011
[2011/05/23 22:04:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ARO 2011
[2011/05/23 22:01:53 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Local\OpenCandy
[2011/05/23 22:01:50 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Roaming\OpenCandy
[2011/05/23 19:23:07 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Roaming\Leadertech
[2011/05/23 19:23:01 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade
[2011/05/23 19:23:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade
[2011/05/23 19:22:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GameSpy Arcade
[2011/05/23 19:18:06 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Neverwinter Nights
[2011/05/23 19:18:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Neverwinter Nights
[2011/05/23 19:05:48 | 000,000,000 | ---D | C] -- C:\NeverwinterNights
[2011/05/23 15:06:32 | 000,000,000 | ---D | C] -- C:\ProgramData\FileCure
[2011/05/22 20:31:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EasyInfo
[2011/05/22 20:26:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games
[2011/05/22 13:34:42 | 000,137,760 | ---- | C] (Webroot Software, Inc. (www.webroot.com)) -- C:\windows\SysNative\drivers\ssidrv.sys
[2011/05/22 13:34:42 | 000,058,480 | ---- | C] (Webroot Software, Inc. (www.webroot.com)) -- C:\windows\SysNative\drivers\ssfmonm.sys
[2011/05/22 13:34:42 | 000,019,576 | ---- | C] (Webroot Software, Inc. (www.webroot.com)) -- C:\windows\SysNative\SsiEfr.exe
[2011/05/22 13:31:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot
[2011/05/22 13:31:20 | 000,000,000 | ---D | C] -- C:\ProgramData\{3C707538-83E3-4DAC-9218-6D79F3B9FEA5}
[2011/05/22 13:30:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Webroot
[2011/05/22 13:29:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Webroot
[2011/05/22 13:29:22 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Local\PackageAware
[2011/05/22 13:17:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011/05/22 13:16:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2011/05/22 13:13:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011/05/22 13:13:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2011/05/22 13:13:18 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Local\Microsoft Help
[2011/05/22 13:13:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2011/05/22 13:13:03 | 000,000,000 | R--D | C] -- C:\MSOCache
[2011/05/22 12:38:01 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Local\Diagnostics
[2011/05/22 12:33:16 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Local\CrashDumps
[2011/05/22 09:34:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2011/05/22 09:25:20 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\Wat
[2011/05/22 09:25:20 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Wat
[2011/05/20 20:42:29 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Roaming\Google
[2011/05/20 20:42:28 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Local\Google
[2011/05/20 20:21:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2011/05/20 19:08:44 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2011/05/20 17:44:12 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Local\TOSHIBA_Corporation
[2011/05/20 17:38:58 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Roaming\Macromedia
[2011/05/20 17:38:56 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Roaming\Adobe
[2011/05/20 17:21:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EA Games
[2011/05/20 17:11:13 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Local\Toshiba
[2011/05/20 17:09:16 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Roaming\Toshiba
[2011/05/20 17:08:48 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Local\Apps
[2011/05/20 17:08:41 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Local\Deployment
[2011/05/20 17:08:13 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Roaming\Intel
[2011/05/20 17:06:29 | 000,000,000 | R--D | C] -- C:\Users\Chad\Searches
[2011/05/20 17:06:29 | 000,000,000 | R--D | C] -- C:\Users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/05/20 17:06:29 | 000,000,000 | ---D | C] -- C:\Users\Chad\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011/05/20 17:06:19 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Roaming\Identities
[2011/05/20 17:06:15 | 000,000,000 | R--D | C] -- C:\Users\Chad\Contacts
[2011/05/20 17:06:12 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Local\VirtualStore
[2011/05/20 17:05:22 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Roaming\WinBatch
[2011/05/20 17:04:36 | 000,000,000 | -HSD | C] -- C:\Users\Chad\AppData\Local\Temporary Internet Files
[2011/05/20 17:04:36 | 000,000,000 | -HSD | C] -- C:\Users\Chad\Templates
[2011/05/20 17:04:36 | 000,000,000 | -HSD | C] -- C:\Users\Chad\Start Menu
[2011/05/20 17:04:36 | 000,000,000 | -HSD | C] -- C:\Users\Chad\SendTo
[2011/05/20 17:04:36 | 000,000,000 | -HSD | C] -- C:\Users\Chad\Recent
[2011/05/20 17:04:36 | 000,000,000 | -HSD | C] -- C:\Users\Chad\PrintHood
[2011/05/20 17:04:36 | 000,000,000 | -HSD | C] -- C:\Users\Chad\NetHood
[2011/05/20 17:04:36 | 000,000,000 | -HSD | C] -- C:\Users\Chad\Documents\My Videos
[2011/05/20 17:04:36 | 000,000,000 | -HSD | C] -- C:\Users\Chad\Documents\My Pictures
[2011/05/20 17:04:36 | 000,000,000 | -HSD | C] -- C:\Users\Chad\Documents\My Music
[2011/05/20 17:04:36 | 000,000,000 | -HSD | C] -- C:\Users\Chad\My Documents
[2011/05/20 17:04:36 | 000,000,000 | -HSD | C] -- C:\Users\Chad\Local Settings
[2011/05/20 17:04:36 | 000,000,000 | -HSD | C] -- C:\Users\Chad\AppData\Local\History
[2011/05/20 17:04:36 | 000,000,000 | -HSD | C] -- C:\Users\Chad\Cookies
[2011/05/20 17:04:36 | 000,000,000 | -HSD | C] -- C:\Users\Chad\Application Data
[2011/05/20 17:04:36 | 000,000,000 | -HSD | C] -- C:\Users\Chad\AppData\Local\Application Data
[2011/05/20 17:04:30 | 000,000,000 | --SD | C] -- C:\Users\Chad\AppData\Roaming\Microsoft
[2011/05/20 17:04:30 | 000,000,000 | R--D | C] -- C:\Users\Chad\Videos
[2011/05/20 17:04:30 | 000,000,000 | R--D | C] -- C:\Users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/05/20 17:04:30 | 000,000,000 | R--D | C] -- C:\Users\Chad\Saved Games
[2011/05/20 17:04:30 | 000,000,000 | R--D | C] -- C:\Users\Chad\Pictures
[2011/05/20 17:04:30 | 000,000,000 | R--D | C] -- C:\Users\Chad\Music
[2011/05/20 17:04:30 | 000,000,000 | R--D | C] -- C:\Users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/05/20 17:04:30 | 000,000,000 | R--D | C] -- C:\Users\Chad\Links
[2011/05/20 17:04:30 | 000,000,000 | R--D | C] -- C:\Users\Chad\Favorites
[2011/05/20 17:04:30 | 000,000,000 | R--D | C] -- C:\Users\Chad\Downloads
[2011/05/20 17:04:30 | 000,000,000 | R--D | C] -- C:\Users\Chad\My Documents
[2011/05/20 17:04:30 | 000,000,000 | R--D | C] -- C:\Users\Chad\Desktop
[2011/05/20 17:04:30 | 000,000,000 | R--D | C] -- C:\Users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/05/20 17:04:30 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Local\Temp
[2011/05/20 17:04:30 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Local\Microsoft
[2011/05/20 17:04:30 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Roaming\Media Center Programs
[2011/05/20 17:04:30 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/04 11:02:12 | 000,726,316 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2011/06/04 11:02:12 | 000,623,940 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2011/06/04 11:02:12 | 000,106,316 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2011/06/04 10:56:18 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/06/04 10:56:11 | 3059,748,864 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/04 10:54:05 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/04 09:13:02 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/04 09:06:39 | 000,508,928 | ---- | M] () -- C:\Users\Chad\RogueKiller.exe
[2011/06/04 00:07:32 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Chad\OTL.exe
[2011/06/03 23:11:22 | 000,016,304 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/03 23:11:22 | 000,016,304 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/03 22:24:42 | 510,135,446 | ---- | M] () -- C:\windows\MEMORY.DMP
[2011/06/03 20:36:31 | 000,000,096 | ---- | M] () -- C:\windows\SysWow64\drivers\kgpfr2.cfg
[2011/06/03 16:14:02 | 000,546,256 | R--- | M] (iS3, Inc.) -- C:\windows\SysWow64\SZComp5.dll
[2011/06/03 16:14:02 | 000,132,560 | R--- | M] (iS3, Inc.) -- C:\windows\SysWow64\IS3HTUI5.dll
[2011/06/03 16:14:02 | 000,022,992 | R--- | M] (iS3, Inc.) -- C:\windows\SysWow64\SZIO5.dll
[2011/06/03 16:14:00 | 000,456,144 | R--- | M] (iS3, Inc.) -- C:\windows\SysWow64\SZBase5.dll
[2011/06/03 16:14:00 | 000,398,800 | R--- | M] (iS3, Inc.) -- C:\windows\SysWow64\IS3DBA5.dll
[2011/06/03 16:14:00 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\windows\SysWow64\IS3Svc5.dll
[2011/06/03 16:14:00 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\windows\SysWow64\IS3Inet5.dll
[2011/06/03 16:14:00 | 000,067,024 | R--- | M] (iS3, Inc.) -- C:\windows\SysWow64\IS3Hks5.dll
[2011/06/03 16:14:00 | 000,028,624 | R--- | M] (iS3, Inc.) -- C:\windows\SysWow64\IS3XDat5.dll
[2011/06/03 16:13:58 | 000,738,768 | R--- | M] (iS3, Inc.) -- C:\windows\SysWow64\IS3Base5.dll
[2011/06/03 16:13:58 | 000,390,608 | R--- | M] (iS3, Inc.) -- C:\windows\SysWow64\IS3UI5.dll
[2011/06/03 16:13:58 | 000,230,864 | R--- | M] (iS3, Inc.) -- C:\windows\SysWow64\IS3Win325.dll
[2011/05/29 19:07:48 | 000,001,092 | ---- | M] () -- C:\Users\Chad\Desktop\nwtoolset - Shortcut.lnk
[2011/05/27 10:30:34 | 000,342,720 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2011/05/24 19:24:19 | 001,604,352 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1206000.01D\Cat.DB
[2011/05/24 12:23:52 | 000,001,128 | ---- | M] () -- C:\Users\Chad\Desktop\nwmain-169-hg - Shortcut.lnk
[2011/05/23 22:05:38 | 000,001,883 | ---- | M] () -- C:\Users\Chad\Application Data\Microsoft\Internet Explorer\Quick Launch\Check PC For Errors.lnk
[2011/05/23 19:25:06 | 000,001,055 | ---- | M] () -- C:\Users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Neverwinter Nights Registration.lnk
[2011/05/21 07:31:30 | 000,174,200 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS
[2011/05/21 07:31:30 | 000,007,488 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT
[2011/05/21 07:31:30 | 000,000,855 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF
[2011/05/20 20:42:19 | 000,001,452 | ---- | M] () -- C:\Users\Chad\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/20 18:03:45 | 000,039,252 | ---- | M] () -- C:\windows\SysWow64\license.rtf
[2011/05/20 18:03:45 | 000,039,252 | ---- | M] () -- C:\windows\SysNative\license.rtf
[2011/05/20 17:05:47 | 000,000,013 | RHS- | M] () -- C:\windows\SysNative\drivers\fbd.sys
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/04 09:08:06 | 000,508,928 | ---- | C] () -- C:\Users\Chad\RogueKiller.exe
[2011/06/03 22:24:42 | 510,135,446 | ---- | C] () -- C:\windows\MEMORY.DMP
[2011/06/03 20:36:31 | 000,000,096 | ---- | C] () -- C:\windows\SysWow64\drivers\kgpfr2.cfg
[2011/05/29 19:07:48 | 000,001,092 | ---- | C] () -- C:\Users\Chad\Desktop\nwtoolset - Shortcut.lnk
[2011/05/24 12:23:52 | 000,001,128 | ---- | C] () -- C:\Users\Chad\Desktop\nwmain-169-hg - Shortcut.lnk
[2011/05/23 22:04:13 | 000,001,883 | ---- | C] () -- C:\Users\Chad\Application Data\Microsoft\Internet Explorer\Quick Launch\Check PC For Errors.lnk
[2011/05/23 19:25:06 | 000,001,055 | ---- | C] () -- C:\Users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Neverwinter Nights Registration.lnk
[2011/05/22 13:34:42 | 000,030,424 | ---- | C] () -- C:\windows\SysWow64\wrLZMA.dll
[2011/05/20 20:42:19 | 000,001,452 | ---- | C] () -- C:\Users\Chad\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/20 17:06:32 | 000,001,458 | ---- | C] () -- C:\Users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/05/20 17:05:47 | 000,000,013 | RHS- | C] () -- C:\windows\SysNative\drivers\fbd.sys
[2011/05/20 17:04:30 | 000,000,290 | ---- | C] () -- C:\Users\Chad\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/05/20 17:04:30 | 000,000,272 | ---- | C] () -- C:\Users\Chad\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/07/29 06:08:46 | 000,127,868 | ---- | C] () -- C:\windows\SysWow64\igcompkrng575.bin
[2010/07/29 06:08:44 | 000,104,796 | ---- | C] () -- C:\windows\SysWow64\igfcg575m.bin
[2010/07/29 06:08:42 | 000,870,560 | ---- | C] () -- C:\windows\SysWow64\igkrng575.bin
[2010/07/29 05:14:38 | 000,208,896 | ---- | C] () -- C:\windows\SysWow64\iglhsip32.dll
[2010/07/29 05:14:38 | 000,143,360 | ---- | C] () -- C:\windows\SysWow64\iglhcp32.dll
[2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
[2009/04/28 05:37:00 | 000,028,672 | ---- | C] () -- C:\windows\SysWow64\SPCtl.dll

========== LOP Check ==========

[2011/05/23 19:23:07 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\Leadertech
[2011/05/23 22:01:50 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\OpenCandy
[2011/06/01 09:11:10 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\Toshiba
[2011/05/20 17:05:22 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\WinBatch
[2009/07/13 23:08:49 | 000,008,452 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< :OTL >

< O4 - HKU\S-1-5-21-3161015757-2683380795-3781861229-1000..\Run: [GDUjiwcDlsMLa] C:\ProgramData\GDUjiwcDlsMLa.exe (Microsoft Corporation) >

< >

< :Files >

< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.

< >

< :Commands >

< [purity] >

< [resethosts] >

< [EMPTYFLASH] >

< [Reboot] >

< >

< >

< >

< End of report >

Edited by dragonledak, 04 June 2011 - 11:09 AM.

  • 0

#9
Essexboy
Posted 04 June 2011 - 11:13 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I see that some folders are still hidden could you re-run RogueKiller please
Select option 6
On completion of the run post the report generated

Once that is complete could you let me know how your computer is behaving
  • 0

#10
dragonledak
Posted 04 June 2011 - 11:20 AM

dragonledak

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
RogueKiller V5.2.1 [06/02/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Safe mode with network support
User: Chad [Admin rights]
Mode: Shortcuts HJfix -- Date : 06/04/2011 11:18:42

Bad processes: 1
[SUSP PATH] OTL.exe -- c:\users\chad\otl.exe -> KILLED

File attributes restored:
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 104 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 23 / Fail 0
My documents: Success 0 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 1 / Fail 0
Backup: [FOUND] Success 0 / Fail 19

Finished : << \RKreport[5].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt
  • 0

Advertisements

#11
Essexboy
Posted 04 June 2011 - 11:27 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That looks better you should now have all your files and folders back could you confirm that please
  • 0

#12
dragonledak
Posted 04 June 2011 - 11:33 AM

dragonledak

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
It's running fine? I don't know still in safe mode, I was careful to not click on any onf the popups from the virus and I have not received any new ones since I was able to log back on after the problems with it being stuck on the black screen. All y files have been unhidden and usable since I ran the unhide program (forgot the name) so.. I think I am good. Will let you know if I have further issues.

Thank you so much. I will post a link to this site on my game forums becuase it has recently been hving virus issues.
  • 0

#13
dragonledak
Posted 04 June 2011 - 11:50 AM

dragonledak

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
I got all my connections back but for some reason when I restarted to run windows normally it goes black and will not conntinue, why is this?

P.S. I have to go to work soon so you can help other people for a while lol.
  • 0

#14
dragonledak
Posted 04 June 2011 - 11:56 AM

dragonledak

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Nevermind I went to last good config and all seems well, thank you again. All is good.
  • 0

#15
dragonledak
Posted 04 June 2011 - 12:10 PM

dragonledak

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Grr, okay some things are back but for example google chrome is missing and Microsoft office 2010 (which I payed for) and other programs.

Edited by dragonledak, 04 June 2011 - 12:10 PM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP