Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

High CPU usage and BSOD

Started by thamasta , Jul 24 2011 12:36 PM

  • This topic is locked This topic is locked

#1
thamasta
Posted 24 July 2011 - 12:36 PM

thamasta

    Member

  • Member
  • PipPip
  • 81 posts
Hi. Lately my computer (Windows 7 Home Premium x64) has been running kind of slow and getting blue screened. The blue screens generally occur when Java is running (ie. a game). Also, when I open task manager it says the CPU is 70%+ constantly, even though none of the processes listed have over 5%. I'm not sure if this is caused by malware or something else so I came here looking for help. Thanks.

OTL Log:

OTL logfile created on: 7/24/2011 2:21:58 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Ryan\Downloads\Programs
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.60 Gb Total Physical Memory | 1.14 Gb Available Physical Memory | 43.82% Memory free
5.20 Gb Paging File | 3.24 Gb Available in Paging File | 62.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454.06 Gb Total Space | 361.04 Gb Free Space | 79.51% Space Free | Partition Type: NTFS

Computer Name: BATMAN | User Name: Ryan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/24 14:21:32 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Ryan\Downloads\Programs\OTL.exe
PRC - [2011/07/15 23:18:44 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\firefox.exe
PRC - [2011/07/15 23:18:43 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\plugin-container.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgtray.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
PRC - [2011/01/06 15:56:50 | 000,689,464 | ---- | M] (Radialpoint Inc.) -- C:\Program Files (x86)\Bell\Internet Service Advisor\ServicepointService.exe
PRC - [2011/01/06 09:27:04 | 002,342,400 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
PRC - [2010/09/08 10:45:10 | 001,034,752 | ---- | M] () -- C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe
PRC - [2010/06/03 20:09:00 | 000,304,560 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
PRC - [2009/07/29 00:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2009/03/10 22:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe


========== Modules (SafeList) ==========

MOD - [2011/07/24 14:21:32 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Ryan\Downloads\Programs\OTL.exe
MOD - [2010/11/20 07:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/05/24 23:18:38 | 000,365,568 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/02/05 16:39:26 | 001,012,224 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Synergy\synergys.exe -- (Synergy Server)
SRV:64bit: - [2010/11/10 01:55:50 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/10/28 06:14:30 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2010/10/20 18:41:50 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/28 16:30:28 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/09/22 22:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/09/08 10:42:42 | 000,288,256 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV:64bit: - [2010/04/19 14:42:42 | 000,036,168 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2010/02/05 21:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2011/01/30 22:18:25 | 000,607,048 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2011/01/06 15:56:50 | 000,689,464 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files (x86)\Bell\Internet Service Advisor\ServicepointService.exe -- (ServicepointService)
SRV - [2010/12/14 18:45:00 | 003,994,768 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2010/09/08 10:45:10 | 001,034,752 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2010/09/08 10:44:42 | 000,485,376 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2010/07/01 14:59:02 | 000,051,576 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/04/19 14:47:24 | 001,401,672 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010/04/19 14:42:36 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/28 20:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/10 22:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/04/14 21:28:24 | 000,118,864 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/04/05 00:59:54 | 000,377,936 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/03/16 16:03:18 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/01 14:25:18 | 000,041,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/02/22 08:12:46 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/02/10 07:53:34 | 000,029,264 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/01/07 06:41:44 | 000,304,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2010/12/14 19:51:20 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/11 16:58:54 | 000,137,512 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010/11/10 02:34:04 | 008,013,312 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/11/10 01:18:54 | 000,287,232 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/10/21 18:37:46 | 001,306,240 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010/10/08 15:49:08 | 000,243,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/09/27 19:24:42 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/09/23 04:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/08/24 13:29:54 | 000,041,040 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2010/08/24 13:29:32 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2010/08/24 13:29:10 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2010/07/23 13:43:52 | 001,088,616 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/12/17 18:25:17 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2009/08/09 17:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2009/07/31 00:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 19:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/07 13:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2009/06/22 21:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2010/02/25 12:18:08 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2010/01/19 11:06:44 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/01/19 11:06:38 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2005/01/03 02:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.ca/welcome
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.ca/welcome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.ca/welcome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.ca/welcome

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.ca/welcome
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "google.ca"


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files (x86)\Bell\Internet Service Advisor\nprpspa.dll (Bell)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files (x86)\Bell\Internet Service Advisor\nprpspa.dll (Bell)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ryan\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ryan\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2011/07/12 11:45:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/07/09 14:17:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\components [2011/07/15 23:18:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/07/03 19:33:45 | 000,000,000 | ---D | M]

[2011/01/30 09:31:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ryan\AppData\Roaming\Mozilla\Extensions
[2011/07/15 19:06:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\rltkltgj.default\extensions
[2011/06/17 10:33:45 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\rltkltgj.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
File not found (No name found) --
() (No name found) -- C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLTKLTGJ.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI
() (No name found) -- C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLTKLTGJ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLTKLTGJ.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
() (No name found) -- C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLTKLTGJ.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
() (No name found) -- C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLTKLTGJ.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLTKLTGJ.DEFAULT\EXTENSIONS\[email protected]

O1 HOSTS File: ([2011/07/14 15:27:06 | 000,003,521 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
O1 - Hosts: 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobe.activate.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 125.252.224.90
O1 - Hosts: 24 more lines...
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [Rainlendar2] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9:64bit: - Extra Button: Add to TOSHIBA Bulletin Board - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9:64bit: - Extra 'Tools' menuitem : Add to TOSHIBA Bulletin Board - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9 - Extra Button: Add to TOSHIBA Bulletin Board - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9 - Extra 'Tools' menuitem : Add to TOSHIBA Bulletin Board - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{52e45bab-2c69-11e0-bd38-00266c9bda16}\Shell - "" = AutoRun
O33 - MountPoints2\{52e45bab-2c69-11e0-bd38-00266c9bda16}\Shell\AutoRun\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{52e45bab-2c69-11e0-bd38-00266c9bda16}\Shell\configure\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{52e45bab-2c69-11e0-bd38-00266c9bda16}\Shell\install\command - "" = E:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync) - C:\Program Files (x86)\AVG\AVG10\avgchsva.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart) - C:\Program Files (x86)\AVG\AVG10\avgrsa.exe (AVG Technologies CZ, s.r.o.)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/24 14:12:17 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\WinBatch
[2011/07/24 14:12:09 | 000,000,000 | ---D | C] -- C:\sc16v170
[2011/07/24 13:53:47 | 000,000,000 | ---D | C] -- C:\windows\LastGood
[2011/07/24 13:43:06 | 000,000,000 | ---D | C] -- C:\ProgramData\dbg
[2011/07/24 13:40:00 | 000,000,000 | ---D | C] -- C:\Symbols
[2011/07/24 13:36:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debugging Tools for Windows (x64)
[2011/07/24 13:36:25 | 000,000,000 | ---D | C] -- C:\Program Files\Debugging Tools for Windows (x64)
[2011/07/24 13:35:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Windows SDK v7.1
[2011/07/24 13:35:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2011/07/24 08:46:38 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{0963B2E0-68E3-42AD-A83E-CEA62F847C9C}
[2011/07/23 08:28:55 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{9CEF40B4-EB0B-43E7-92D6-47E1FBB1DEB3}
[2011/07/22 20:06:38 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{03DEA7CA-126D-4FB9-A374-7AA92D278318}
[2011/07/22 08:05:42 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{1B93B7FA-8719-4609-BF6D-32888D598038}
[2011/07/21 12:18:46 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{93AF96B5-8092-402C-A29C-A68509AA773B}
[2011/07/20 20:35:16 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{87864DE4-5C22-417A-943A-CE579B7DFB0A}
[2011/07/20 08:34:37 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{F6012C8C-3B0F-478A-8FB7-ECD0AEA25762}
[2011/07/19 20:33:39 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{43BED8FF-F6EC-4132-9BBE-1D83AF9F6DB6}
[2011/07/19 07:49:41 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{EAE5B270-42FA-4C2E-A631-F324DE3ED0E4}
[2011/07/18 08:04:51 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{398527A9-749D-42B7-962B-50511DAA0218}
[2011/07/17 20:04:10 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{D470A698-9764-4D8C-9DB4-960BB0B786E3}
[2011/07/17 08:03:15 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{466F5CFC-5581-4297-8A0C-BC068D55EECC}
[2011/07/16 10:34:39 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\Western_Digital
[2011/07/16 10:33:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Western Digital
[2011/07/16 10:32:23 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital
[2011/07/16 10:32:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Western Digital
[2011/07/16 10:32:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WD SmartWare
[2011/07/16 10:31:50 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\Western Digital
[2011/07/15 20:58:45 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{ED9A820A-18F2-4E40-9B52-78A5A5944E79}
[2011/07/15 15:14:32 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WiiBackupManager
[2011/07/15 15:14:26 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FAT32 GUI Formatter
[2011/07/15 15:14:24 | 000,000,000 | ---D | C] -- C:\ModMii
[2011/07/15 08:58:03 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{CD956F05-154D-4993-93A5-01BBBE7619B2}
[2011/07/14 20:57:20 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{FE8A591D-23B0-4F87-A8CB-62D52D49888C}
[2011/07/14 13:29:08 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\directx
[2011/07/14 07:31:16 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{7BD6D87F-FC5C-49EC-855D-EEA0A05BAA66}
[2011/07/13 16:16:58 | 000,000,000 | ---D | C] -- C:\Users\Ryan\FrostWire
[2011/07/13 16:16:45 | 000,000,000 | ---D | C] -- C:\Users\Ryan\.frostwire5
[2011/07/13 16:10:18 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Incomplete
[2011/07/13 16:09:47 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Documents\FrostWire
[2011/07/13 16:09:21 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\FrostWire
[2011/07/13 15:55:56 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{C91B3563-C481-4657-A504-A916C278E68C}
[2011/07/12 22:45:24 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{CB61C341-DF93-4E9A-9FA6-F378DAC1FB8F}
[2011/07/12 13:13:44 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\ICS
[2011/07/12 07:57:08 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{5C5767CF-BE48-4380-8E72-1235550E1D05}
[2011/07/11 17:04:29 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\AMD
[2011/07/11 17:03:31 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2011/07/11 15:43:25 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/07/11 15:43:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2011/07/11 15:42:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2011/07/11 15:37:28 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2011/07/11 15:36:15 | 000,000,000 | ---D | C] -- C:\ATI
[2011/07/11 15:34:47 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\Smart_PC_Utilities,_Ltd
[2011/07/11 15:33:25 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Documents\Smart PC Utilities
[2011/07/11 09:09:11 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{6B1F511C-6D02-4F2A-ADAE-EF6088BE8CA3}
[2011/07/10 21:08:26 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{88CC7580-4311-411F-AAF8-18D630FE051C}
[2011/07/10 13:28:32 | 000,000,000 | ---D | C] -- C:\Users\Ryan\.GalleryRemote
[2011/07/10 10:58:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
[2011/07/10 09:07:41 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{215F58E1-B7CC-49ED-A806-1329C7ABD73C}
[2011/07/09 14:22:33 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{3E28021C-C222-4F63-BE1E-F7E0DF402587}
[2011/07/09 07:46:32 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{F2DEB32D-275A-4377-B4A5-42224B7E35F5}
[2011/07/08 18:54:45 | 000,000,000 | ---D | C] -- C:\ProgramData\{BD70AC1D-6DA8-449B-8035-BA959EF5401D}
[2011/07/08 18:54:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Topaz Labs
[2011/07/08 18:54:18 | 000,000,000 | ---D | C] -- C:\ProgramData\{4B0F043C-7F75-4273-8BB4-DA0455DFBF5F}
[2011/07/08 18:54:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Topaz Labs
[2011/07/08 18:51:27 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\PackageAware
[2011/07/08 08:49:23 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{D7D690BF-2C6F-4D56-AF66-FBB5405759C2}
[2011/07/07 08:46:40 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{8A60E178-18A4-461B-8584-A5D60B2C1EB0}
[2011/07/06 20:45:58 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{74E147AA-1A6E-4D6F-BFD6-114D06D3669B}
[2011/07/06 08:45:14 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{B0464003-B287-41A2-883A-54EDBEA69EF3}
[2011/07/05 20:44:32 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{52336C1B-5DB7-48AE-A388-C96E25950613}
[2011/07/05 08:43:48 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{881553E2-7DE1-4284-BE35-A7A846107A7A}
[2011/07/04 13:06:05 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{30ECCC5D-E718-49F3-80BE-5E968BC077E0}
[2011/07/03 19:35:50 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\Thunderbird
[2011/07/03 19:35:49 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\Thunderbird
[2011/07/03 19:33:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2011/07/03 09:48:43 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{9B45A32D-EF76-4C4C-B559-31BF6CF7F604}
[2011/07/02 22:08:20 | 000,000,000 | ---D | C] -- C:\windows\SysNative\SPReview
[2011/07/02 22:06:27 | 000,000,000 | ---D | C] -- C:\windows\SysNative\EventProviders
[2011/07/02 21:47:41 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{593EE4FB-2877-4298-A461-0FF84157F231}
[2011/07/02 08:33:21 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{381D066B-0818-4EDB-AC2E-305B2D1EB9D1}
[2011/07/01 19:04:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[2011/07/01 19:04:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011/07/01 19:04:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2011/07/01 19:02:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2011/07/01 19:01:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Sync Framework
[2011/07/01 18:58:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2011/07/01 18:57:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011/07/01 18:57:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2011/07/01 18:55:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2011/07/01 18:55:05 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011/07/01 10:43:21 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{B7F98DF3-86D6-447A-A3BC-0AD3AB8258C8}
[2011/06/30 23:23:55 | 000,116,224 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\windows\SysNative\fms.dll
[2011/06/30 23:22:58 | 000,093,696 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\windows\SysWow64\fms.dll
[2011/06/30 22:42:40 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{5F7CC0D4-A706-4440-B09E-AC8B44F6548C}
[2011/06/30 10:41:59 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{F9B44E05-8D01-464E-AB13-C7934128060A}
[2011/06/29 22:41:19 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{00CA3DBC-F7A1-4E95-B9CF-66897F38FD33}
[2011/06/29 10:40:39 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{3D90C230-6F0E-4EC6-910A-F685BAB9D99F}
[2011/06/28 22:03:12 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{3D9D3D2F-3182-40F1-B74A-0DF33392F524}
[2011/06/28 09:43:57 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{18820C11-ECE9-445C-AE89-C6336254E23D}
[2011/06/27 21:43:10 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{62A0A0AE-4A70-4270-B9F4-DCAC2A513B5F}
[2011/06/27 09:36:30 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{92785D89-9D86-49CC-B2EC-014CB4B522AB}
[2011/06/26 21:35:50 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{0B06B574-32E7-49F7-A886-797C27B0EF9D}
[2011/06/26 07:02:03 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{B22891CA-19C8-4F77-AE3B-5D77F75EAB92}
[2011/06/25 15:04:52 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{9158E2E3-20FE-4C16-89D9-2AE98B5EC299}
[2011/06/24 23:01:58 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{14BCEDB4-936D-4AEB-83C4-44296F5AA2E9}
[6 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[12 C:\windows\SysNative\*.tmp files -> C:\windows\SysNative\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/24 14:16:11 | 000,016,304 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/24 14:16:11 | 000,016,304 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/24 13:37:01 | 000,000,904 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-495528468-2529788342-2210425311-1001UA.job
[2011/07/24 13:23:24 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/07/24 13:23:20 | 2094,161,920 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/24 08:51:53 | 125,221,200 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\incavi.avm
[2011/07/23 08:37:01 | 000,000,852 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-495528468-2529788342-2210425311-1001Core.job
[2011/07/20 15:34:12 | 000,000,132 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/07/18 13:45:34 | 000,000,067 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\RSBot_Accounts.ini
[2011/07/17 09:28:16 | 000,726,316 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2011/07/17 09:28:16 | 000,628,460 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2011/07/17 09:28:16 | 000,110,612 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2011/07/15 23:18:48 | 000,002,131 | ---- | M] () -- C:\Users\Ryan\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 4.0 Beta 10.lnk
[2011/07/13 21:02:24 | 004,996,680 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2011/07/13 16:10:20 | 000,072,822 | ---- | M] () -- C:\windows\SysWow64\ieuinit.inf
[2011/07/13 16:10:15 | 000,072,822 | ---- | M] () -- C:\windows\SysNative\ieuinit.inf
[2011/07/10 21:01:22 | 000,001,408 | ---- | M] () -- C:\Users\Ryan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/07/03 19:36:38 | 000,002,081 | ---- | M] () -- C:\Users\Ryan\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2011/07/01 18:27:06 | 000,000,600 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\winscp.rnd
[6 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[12 C:\windows\SysNative\*.tmp files -> C:\windows\SysNative\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/13 16:10:20 | 000,072,822 | ---- | C] () -- C:\windows\SysWow64\ieuinit.inf
[2011/07/13 16:10:15 | 000,072,822 | ---- | C] () -- C:\windows\SysNative\ieuinit.inf
[2011/07/09 14:26:35 | 000,001,205 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/07/03 19:33:53 | 000,002,081 | ---- | C] () -- C:\Users\Ryan\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2011/07/03 19:33:51 | 000,002,069 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2011/06/30 23:25:53 | 000,347,904 | ---- | C] () -- C:\windows\SysNative\systemsf.ebd
[2011/06/30 23:22:07 | 000,010,429 | ---- | C] () -- C:\windows\SysNative\ScavengeSpace.xml
[2011/06/30 23:21:36 | 000,105,559 | ---- | C] () -- C:\windows\SysWow64\RacRules.xml
[2011/06/30 23:21:36 | 000,105,559 | ---- | C] () -- C:\windows\SysNative\RacRules.xml
[2011/06/30 23:21:00 | 000,001,041 | ---- | C] () -- C:\windows\SysWow64\tcpbidi.xml
[2011/06/24 10:25:54 | 000,000,132 | ---- | C] () -- C:\Users\Ryan\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2011/05/24 23:44:26 | 000,059,904 | ---- | C] () -- C:\windows\SysWow64\OVDecode.dll
[2011/05/19 11:37:51 | 000,000,000 | ---- | C] () -- C:\Users\Ryan\AppData\Roaming\193334A8D1A6415994998556736BDFE0.dat
[2011/04/11 10:21:01 | 000,000,067 | ---- | C] () -- C:\Users\Ryan\AppData\Roaming\RSBot_Accounts.ini
[2011/04/04 14:54:02 | 000,000,262 | ---- | C] () -- C:\windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011/02/22 22:51:46 | 000,000,132 | ---- | C] () -- C:\Users\Ryan\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/01/30 10:11:04 | 000,000,600 | ---- | C] () -- C:\Users\Ryan\AppData\Roaming\winscp.rnd
[2010/12/18 09:11:15 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2010/12/18 09:08:24 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe
[2010/12/18 08:58:20 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2010/12/18 08:55:58 | 000,002,888 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2009/11/05 22:18:24 | 000,041,872 | ---- | C] () -- C:\windows\SysWow64\xfcodec.dll
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/01/30 08:33:06 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\AVG10
[2011/06/14 14:30:53 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Bell
[2011/07/13 16:16:43 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\FrostWire
[2011/03/20 12:09:25 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Leadertech
[2011/01/30 09:47:26 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\LolClient
[2011/02/10 13:54:23 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Maple
[2011/07/09 14:17:42 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Rainmeter
[2011/02/06 11:17:03 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/05/28 20:21:23 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\SystemRequirementsLab
[2011/05/19 11:37:51 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Technology Lighthouse
[2011/07/03 19:35:50 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Thunderbird
[2011/01/30 08:13:09 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Toshiba
[2011/01/30 22:18:11 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\TuneUp Software
[2011/07/24 13:49:18 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\uTorrent
[2011/07/24 14:12:17 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\WinBatch
[2011/06/29 10:39:30 | 000,032,540 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >


OTL Extras logfile created on: 7/24/2011 2:21:58 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Ryan\Downloads\Programs
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.60 Gb Total Physical Memory | 1.14 Gb Available Physical Memory | 43.82% Memory free
5.20 Gb Paging File | 3.24 Gb Available in Paging File | 62.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454.06 Gb Total Space | 361.04 Gb Free Space | 79.51% Space Free | Partition Type: NTFS

Computer Name: BATMAN | User Name: Ryan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{229C190B-7690-40B7-8680-42530179F3E9}" = TOSHIBA Bulletin Board
"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java™ 6 Update 24 (64-bit)
"{3156336D-8E44-3671-A6FE-AE51D3D6564E}" = Microsoft Windows SDK for Windows 7 (7.1)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{495ADF2E-6DDD-7C45-E02A-F9B4AF6F2175}" = AMD Drag and Drop Transcoding
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{51317AF5-D39F-49EC-A4B5-87451466B837}" = AMD Fuel
"{54E192A6-AA33-1963-C96A-26AA7A3B41B4}" = ccc-utility64
"{5857E7BE-2F6F-D41A-42B2-B668B19A5F30}" = AMD Media Foundation Decoders
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0160220}" = Java™ SE Development Kit 6 Update 22 (64-bit)
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6F482C75-174D-42EB-A2CF-B00A1F354F7B}" = WD SmartWare
"{77B8B4A5-EE79-4907-A318-2DA86325B8D7}" = iTunes
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B7D0C3BC-CB39-3CA1-9295-A23A93994893}" = Microsoft Windows SDK for Windows 7 Redistributable Components for Windows Debugging Tools (30514)
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CFF9D801-1EC4-B8F5-2CAB-4A1790C95A18}" = ATI Catalyst Install Manager
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DBFC6AAE-DCCB-4C23-B01C-3EDDDC03298B}" = Debugging Tools for Windows (x64)
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{E5C95CA5-4565-4B9D-97ED-05088D775614}" = Apple Mobile Device Support
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"{F991EC04-D713-466B-A70B-78D460AC85D8}" = AVG 2011
"{FA109F0F-122E-4D48-9DBF-14DC02EE85E4}" = AVG 2011
"AVG" = AVG 2011
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Elantech" = ETDWare PS/2-X64 8.0.8.0_R01
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SDKSetup_7.1.7600.0.30514" = Microsoft Windows SDK for Windows 7 (7.1)
"sp6" = Logitech SetPoint 6.20
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{073B89C3-BA88-41B5-965F-B35A88EAE838}" = TOSHIBA Supervisor Password
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 26
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2C303EE0-A595-3543-A71A-931C7AC40EDE}" = Microsoft Primary Interoperability Assemblies 2005
"{30D659E4-4405-6925-CDCF-EB8CD0C80DAC}" = Catalyst Control Center Graphics Previews Common
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{32939827-D8E5-470A-B126-870DB3C69FDF}" = Python 2.7.1
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3577E42B-3347-4EB8-BFDA-D36E8ED3C519}" = Windows 7 USB/DVD Download Tool
"{3A9D04F7-80CA-4755-97EC-6025B515A6B8}" = League of Legends
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5AB36A6C-27A8-4CB1-89A1-9D05F3F16625}" = Mobile Mouse Server
"{60DE7978-4F13-5584-5E53-DCEE1CB115A5}" = AMD VISION Engine Control Center
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80F696E0-AB85-433E-99E3-8CC6D98CF167}" = TOSHIBA ConfigFree
"{85268C72-C609-E50A-7AB3-9B3582DFEE66}" = CCC Help English
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}" = TOSHIBA Hardware Setup
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AFF8C8F4-E4BB-891F-8636-5E71F946C5B6}" = Catalyst Control Center InstallProxy
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE3997D3-6B56-4AC4-A99C-9DDFC45359BF}" = TuneUp Utilities Language Pack (en-US)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AFE37E47-37E7-435a-A665-729806B98AEF_is1" = PTFB Pro 4.1.4.0
"BellCanada" = Bell Internet Check-up
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.2
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{229C190B-7690-40B7-8680-42530179F3E9}" = TOSHIBA Bulletin Board
"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Maple 14" = Maple 14
"mIRC" = mIRC
"Mozilla Firefox 6.0 (x86 en-US)" = Mozilla Firefox 6.0 (x86 en-US)
"Mozilla Thunderbird (5.0)" = Mozilla Thunderbird (5.0)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PSXMemTool" = PSXMemTool 1.20b (remove only)
"RadialpointClientGateway_is1" = Bell Internet Service Advisor 3.7.44
"Rainlendar2" = Rainlendar2 (remove only)
"Rainmeter" = Rainmeter (remove only)
"Rohan_RBF" = Rohan_RBF
"ST6UNST #1" = Euchre
"Synergy" = Synergy
"TuneUp Utilities" = TuneUp Utilities
"uTorrent" = µTorrent
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 0.9.2
"WinISO_is1" = WinISO 5.3
"WinLiveSuite" = Windows Live Essentials
"winscp3_is1" = WinSCP 4.2.9
"Xfire" = Xfire (remove only)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"matplotlib-py2.7" = Python 2.7 matplotlib-1.0.1 (64-bit)
"numpy-py2.7" = Python 2.7 numpy-1.5.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/9/2011 2:28:17 PM | Computer Name = Batman | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 6.0.0.4203 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: fb8 Start
Time: 01cc3e65be157ad7 Termination Time: 31 Application Path: C:\Program Files (x86)\Mozilla
Firefox 4.0 Beta 10\firefox.exe Report Id: 2ff0f691-aa59-11e0-9569-00266c9bda16

Error - 7/10/2011 3:08:00 PM | Computer Name = Batman | Source = .NET Runtime Optimization Service | ID = 1101
Description =

Error - 7/11/2011 3:34:01 PM | Computer Name = Batman | Source = .NET Runtime Optimization Service | ID = 1101
Description =

Error - 7/11/2011 3:52:29 PM | Computer Name = Batman | Source = PerfNet | ID = 2004
Description =

Error - 7/12/2011 8:44:09 AM | Computer Name = Batman | Source = .NET Runtime Optimization Service | ID = 1101
Description =

Error - 7/12/2011 8:44:10 AM | Computer Name = Batman | Source = .NET Runtime Optimization Service | ID = 1101
Description =

Error - 7/14/2011 1:36:48 PM | Computer Name = Batman | Source = Application Error | ID = 1000
Description = Faulting application name: Rainmeter.exe, version: 1.3.0.560, time
stamp: 0x4cb21d8c Faulting module name: ole32.dll, version: 6.1.7601.17514, time
stamp: 0x4ce7c92c Exception code: 0xc0000005 Fault offset: 0x0000000000029fa9 Faulting
process id: 0x21c Faulting application start time: 0x01cc42459aaf6768 Faulting application
path: C:\Program Files\Rainmeter\Rainmeter.exe Faulting module path: C:\windows\system32\ole32.dll
Report
Id: d96e4995-ae3f-11e0-96b7-00266c9bda16

Error - 7/14/2011 3:27:59 PM | Computer Name = Batman | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 0.0.0.0, time stamp:
0x4e0401a8 Faulting module name: chrome.dll, version: 12.0.742.112, time stamp:
0x4e04015e Exception code: 0xc0000409 Fault offset: 0x0000c2d9 Faulting process id:
0x14dc Faulting application start time: 0x01cc425c1b8f2ec2 Faulting application path:
C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe Faulting module
path: C:\Users\Ryan\AppData\Local\Google\Chrome\Application\12.0.742.112\chrome.dll
Report
Id: 61e3080b-ae4f-11e0-96b7-00266c9bda16

Error - 7/14/2011 9:47:52 PM | Computer Name = Batman | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 7/16/2011 7:40:55 AM | Computer Name = Batman | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

[ System Events ]
Error - 7/23/2011 2:06:42 PM | Computer Name = Batman | Source = BugCheck | ID = 1001
Description =

Error - 7/23/2011 2:06:48 PM | Computer Name = Batman | Source = Service Control Manager | ID = 7024
Description = The Synergy Server service terminated with service-specific error
%%4.

Error - 7/23/2011 7:37:33 PM | Computer Name = Batman | Source = DCOM | ID = 10010
Description =

Error - 7/24/2011 8:46:11 AM | Computer Name = Batman | Source = Service Control Manager | ID = 7024
Description = The Synergy Server service terminated with service-specific error
%%4.

Error - 7/24/2011 10:31:38 AM | Computer Name = Batman | Source = EventLog | ID = 6008
Description = The previous system shutdown at 10:30:01 AM on ?24/?07/?2011 was unexpected.

Error - 7/24/2011 10:31:42 AM | Computer Name = Batman | Source = Service Control Manager | ID = 7024
Description = The Synergy Server service terminated with service-specific error
%%4.

Error - 7/24/2011 10:31:48 AM | Computer Name = Batman | Source = BugCheck | ID = 1001
Description =

Error - 7/24/2011 1:23:25 PM | Computer Name = Batman | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:21:41 PM on ?24/?07/?2011 was unexpected.

Error - 7/24/2011 1:23:30 PM | Computer Name = BATMAN | Source = BugCheck | ID = 1001
Description =

Error - 7/24/2011 1:23:38 PM | Computer Name = Batman | Source = Service Control Manager | ID = 7024
Description = The Synergy Server service terminated with service-specific error
%%4.


< End of report >
  • 0

Advertisements

#2
BlackOxide
Posted 28 July 2011 - 02:53 PM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Hi, thamasta! My name is BlackOxide and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :unsure:

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just incase you are unable to access this site.

Please note the following:
  • Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply, unless I specifically need you to attach them.
  • Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for me to analyse and fix your PC in the long run.
  • I will always try and respond to replies as soon as possible, but please be patient as some logs require more time than others to fully analyse.
  • If you are not sure of anything along the way, just ask.

OK, lets start :)

First of all, sorry for the delay in someone getting to you.

If you still have this problem, I'll take a look and see if I can help at all. It may be a tech issue, but we'll check for any malware, then try a few things to try and get this sorted :yes:


If you are still having this problem, please run through the following steps, then get back to me with the relevant logs please.



1)
OTL Quick Scan
  • Double click on the OTL icon to run it.
  • When the window appears, underneath Output at the top, make sure Standard Output is selected.
  • Copy and Paste the following into the Custom Scans/Fixes box at the bottom.

    C:\Windows\Minidump\*.*
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window.
  • Please post the contents of this log




2)
Download aswMBR.exe (1.8mb) to your desktop.

Double click aswMBR.exe to run it.

Click the "Scan" button to start the scan.

Posted Image


On completion of the scan click save log, save it to your desktop and post it in your next reply.

Posted Image




In your next reply
Please post the contents of...
OTL log
aswMBR log
  • 0

#3
thamasta
Posted 28 July 2011 - 05:36 PM

thamasta

    Member

  • Topic Starter
  • Member
  • PipPip
  • 81 posts
Hi thanks for your response. I am still experienceing the problems and infact when I tried to run aswMBR the computer BSOD. I just ran OTL again and I got a popup "The system requires a reboot to finish removing files. Click Ok to reboot now."

So I just restarted the computer and OTL deleted itself from the computer. Redownloaded and here is the OTL Log:

OTL logfile created on: 7/28/2011 7:09:55 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Ryan\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.60 Gb Total Physical Memory | 0.94 Gb Available Physical Memory | 35.96% Memory free
5.20 Gb Paging File | 3.16 Gb Available in Paging File | 60.84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454.06 Gb Total Space | 361.42 Gb Free Space | 79.60% Space Free | Partition Type: NTFS

Computer Name: BATMAN | User Name: Ryan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/28 19:09:06 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Ryan\Desktop\OTL.exe
PRC - [2011/07/26 12:51:43 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\firefox.exe
PRC - [2011/07/26 12:51:42 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\plugin-container.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgtray.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
PRC - [2011/01/06 15:56:50 | 000,689,464 | ---- | M] (Radialpoint Inc.) -- C:\Program Files (x86)\Bell\Internet Service Advisor\ServicepointService.exe
PRC - [2010/09/08 10:45:10 | 001,034,752 | ---- | M] () -- C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe
PRC - [2010/06/03 20:09:00 | 000,304,560 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
PRC - [2009/07/29 00:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2009/03/10 22:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe


========== Modules (SafeList) ==========

MOD - [2011/07/28 19:09:06 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Ryan\Desktop\OTL.exe
MOD - [2010/11/20 07:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/05/24 23:18:38 | 000,365,568 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/02/05 16:39:26 | 001,012,224 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Synergy\synergys.exe -- (Synergy Server)
SRV:64bit: - [2010/11/10 01:55:50 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/10/28 06:14:30 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2010/10/20 18:41:50 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/28 16:30:28 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/09/22 22:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/09/08 10:42:42 | 000,288,256 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV:64bit: - [2010/04/19 14:42:42 | 000,036,168 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2010/02/05 21:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2011/01/30 22:18:25 | 000,607,048 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2011/01/06 15:56:50 | 000,689,464 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files (x86)\Bell\Internet Service Advisor\ServicepointService.exe -- (ServicepointService)
SRV - [2010/12/14 18:45:00 | 003,994,768 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2010/09/08 10:45:10 | 001,034,752 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2010/09/08 10:44:42 | 000,485,376 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2010/07/01 14:59:02 | 000,051,576 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/04/19 14:47:24 | 001,401,672 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010/04/19 14:42:36 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/28 20:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/10 22:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/04/14 21:28:24 | 000,118,864 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/04/05 00:59:54 | 000,377,936 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/03/16 16:03:18 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/01 14:25:18 | 000,041,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/02/22 08:12:46 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/02/10 07:53:34 | 000,029,264 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/01/07 06:41:44 | 000,304,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2010/12/14 19:51:20 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/11 16:58:54 | 000,137,512 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010/11/10 02:34:04 | 008,013,312 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/11/10 01:18:54 | 000,287,232 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/10/21 18:37:46 | 001,306,240 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010/10/08 15:49:08 | 000,243,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/09/27 19:24:42 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/09/23 04:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/08/24 13:29:54 | 000,041,040 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2010/08/24 13:29:32 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2010/08/24 13:29:10 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2010/07/23 13:43:52 | 001,088,616 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/08/09 17:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2009/07/31 00:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 19:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/07 13:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2009/06/22 21:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2010/02/25 12:18:08 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2010/01/19 11:06:44 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/01/19 11:06:38 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2005/01/03 02:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.ca/welcome
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.ca/welcome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.ca/welcome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.ca/welcome

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.ca/welcome
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "google.ca"


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files (x86)\Bell\Internet Service Advisor\nprpspa.dll (Bell)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files (x86)\Bell\Internet Service Advisor\nprpspa.dll (Bell)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ryan\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ryan\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2011/07/12 11:45:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/07/09 14:17:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\components [2011/07/26 12:51:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/07/03 19:33:45 | 000,000,000 | ---D | M]

[2011/01/30 09:31:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ryan\AppData\Roaming\Mozilla\Extensions
[2011/07/15 19:06:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\rltkltgj.default\extensions
[2011/06/17 10:33:45 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\rltkltgj.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
File not found (No name found) --
() (No name found) -- C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLTKLTGJ.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI
() (No name found) -- C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLTKLTGJ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLTKLTGJ.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
() (No name found) -- C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLTKLTGJ.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
() (No name found) -- C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLTKLTGJ.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLTKLTGJ.DEFAULT\EXTENSIONS\[email protected]

O1 HOSTS File: ([2011/07/14 15:27:06 | 000,003,521 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
O1 - Hosts: 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobe.activate.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 125.252.224.90
O1 - Hosts: 24 more lines...
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [Rainlendar2] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe ()
O4 - Startup: C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9:64bit: - Extra Button: Add to TOSHIBA Bulletin Board - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9:64bit: - Extra 'Tools' menuitem : Add to TOSHIBA Bulletin Board - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9 - Extra Button: Add to TOSHIBA Bulletin Board - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9 - Extra 'Tools' menuitem : Add to TOSHIBA Bulletin Board - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O22:64bit: - SharedTaskScheduler: {1984D045-52CF-49cd-DB77-08F378FEA4DB} - ObjectDockShellExt - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{52e45bab-2c69-11e0-bd38-00266c9bda16}\Shell - "" = AutoRun
O33 - MountPoints2\{52e45bab-2c69-11e0-bd38-00266c9bda16}\Shell\AutoRun\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{52e45bab-2c69-11e0-bd38-00266c9bda16}\Shell\configure\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{52e45bab-2c69-11e0-bd38-00266c9bda16}\Shell\install\command - "" = E:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync) - C:\Program Files (x86)\AVG\AVG10\avgchsva.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart) - C:\Program Files (x86)\AVG\AVG10\avgrsa.exe (AVG Technologies CZ, s.r.o.)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/28 19:09:05 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Ryan\Desktop\OTL.exe
[2011/07/28 18:37:53 | 001,915,904 | ---- | C] (AVAST Software) -- C:\Users\Ryan\Desktop\aswMBR.exe
[2011/07/28 10:15:47 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{57B1CBF2-1B15-4676-834A-B62BACC5949E}
[2011/07/27 21:24:17 | 000,000,000 | ---D | C] -- C:\rads
[2011/07/27 20:40:33 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{45FFC474-131E-42E4-90F7-3DFA17F91E01}
[2011/07/27 12:41:58 | 000,000,000 | ---D | C] -- C:\Users\Ryan\riotsGamesLogs
[2011/07/27 08:40:03 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{450A3A7A-F81B-4ED9-9489-18970D82D4DB}
[2011/07/26 15:57:02 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\ODUI
[2011/07/26 15:56:47 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Documents\Stardock
[2011/07/26 15:56:46 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\Stardock
[2011/07/26 15:55:42 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\Stardock
[2011/07/26 15:54:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Stardock
[2011/07/26 15:53:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Stardock
[2011/07/26 15:20:36 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rainmeter
[2011/07/26 11:46:52 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{245580F1-2353-4B56-8415-5A86C8731E0A}
[2011/07/25 22:30:30 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{4BA6D221-4D9C-4E0A-A179-A5997446B050}
[2011/07/25 14:44:33 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{99FED6BF-2007-4867-A762-CA59925B49FD}
[2011/07/25 09:50:39 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{611507F0-1303-4F4B-BED6-8DFEF08B84E2}
[2011/07/24 21:49:54 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{686B10FE-F027-4920-AC6B-CA814D1602B0}
[2011/07/24 18:32:21 | 000,000,000 | ---D | C] -- C:\windows\AutoKMS
[2011/07/24 18:22:48 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\ElevatedDiagnostics
[2011/07/24 14:12:17 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\WinBatch
[2011/07/24 14:12:09 | 000,000,000 | ---D | C] -- C:\sc16v170
[2011/07/24 13:43:06 | 000,000,000 | ---D | C] -- C:\ProgramData\dbg
[2011/07/24 13:40:00 | 000,000,000 | ---D | C] -- C:\Symbols
[2011/07/24 13:36:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debugging Tools for Windows (x64)
[2011/07/24 13:36:25 | 000,000,000 | ---D | C] -- C:\Program Files\Debugging Tools for Windows (x64)
[2011/07/24 13:35:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Windows SDK v7.1
[2011/07/24 13:35:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2011/07/24 08:46:38 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{0963B2E0-68E3-42AD-A83E-CEA62F847C9C}
[2011/07/23 08:28:55 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{9CEF40B4-EB0B-43E7-92D6-47E1FBB1DEB3}
[2011/07/22 20:06:38 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{03DEA7CA-126D-4FB9-A374-7AA92D278318}
[2011/07/22 08:05:42 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{1B93B7FA-8719-4609-BF6D-32888D598038}
[2011/07/21 12:18:46 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{93AF96B5-8092-402C-A29C-A68509AA773B}
[2011/07/20 20:35:16 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{87864DE4-5C22-417A-943A-CE579B7DFB0A}
[2011/07/20 08:34:37 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{F6012C8C-3B0F-478A-8FB7-ECD0AEA25762}
[2011/07/19 20:33:39 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{43BED8FF-F6EC-4132-9BBE-1D83AF9F6DB6}
[2011/07/19 07:49:41 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{EAE5B270-42FA-4C2E-A631-F324DE3ED0E4}
[2011/07/18 08:04:51 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{398527A9-749D-42B7-962B-50511DAA0218}
[2011/07/17 20:04:10 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{D470A698-9764-4D8C-9DB4-960BB0B786E3}
[2011/07/17 08:03:15 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{466F5CFC-5581-4297-8A0C-BC068D55EECC}
[2011/07/16 10:34:39 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\Western_Digital
[2011/07/16 10:33:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Western Digital
[2011/07/16 10:32:23 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital
[2011/07/16 10:32:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Western Digital
[2011/07/16 10:32:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WD SmartWare
[2011/07/16 10:31:50 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\Western Digital
[2011/07/15 20:58:45 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{ED9A820A-18F2-4E40-9B52-78A5A5944E79}
[2011/07/15 15:14:32 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WiiBackupManager
[2011/07/15 15:14:26 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FAT32 GUI Formatter
[2011/07/15 15:14:24 | 000,000,000 | ---D | C] -- C:\ModMii
[2011/07/15 08:58:03 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{CD956F05-154D-4993-93A5-01BBBE7619B2}
[2011/07/14 20:57:20 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{FE8A591D-23B0-4F87-A8CB-62D52D49888C}
[2011/07/14 13:29:08 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\directx
[2011/07/14 07:31:16 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{7BD6D87F-FC5C-49EC-855D-EEA0A05BAA66}
[2011/07/13 16:16:58 | 000,000,000 | ---D | C] -- C:\Users\Ryan\FrostWire
[2011/07/13 16:16:45 | 000,000,000 | ---D | C] -- C:\Users\Ryan\.frostwire5
[2011/07/13 16:10:18 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Incomplete
[2011/07/13 16:09:47 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Documents\FrostWire
[2011/07/13 16:09:21 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\FrostWire
[2011/07/13 15:55:56 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{C91B3563-C481-4657-A504-A916C278E68C}
[2011/07/12 22:45:24 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{CB61C341-DF93-4E9A-9FA6-F378DAC1FB8F}
[2011/07/12 13:13:44 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\ICS
[2011/07/12 07:57:08 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{5C5767CF-BE48-4380-8E72-1235550E1D05}
[2011/07/11 17:04:29 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\AMD
[2011/07/11 17:03:31 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2011/07/11 15:43:25 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/07/11 15:43:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2011/07/11 15:42:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2011/07/11 15:37:28 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2011/07/11 15:36:15 | 000,000,000 | ---D | C] -- C:\ATI
[2011/07/11 15:34:47 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\Smart_PC_Utilities,_Ltd
[2011/07/11 15:33:25 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Documents\Smart PC Utilities
[2011/07/11 09:09:11 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{6B1F511C-6D02-4F2A-ADAE-EF6088BE8CA3}
[2011/07/10 21:08:26 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{88CC7580-4311-411F-AAF8-18D630FE051C}
[2011/07/10 13:28:32 | 000,000,000 | ---D | C] -- C:\Users\Ryan\.GalleryRemote
[2011/07/10 10:58:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
[2011/07/10 09:07:41 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{215F58E1-B7CC-49ED-A806-1329C7ABD73C}
[2011/07/09 14:22:33 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{3E28021C-C222-4F63-BE1E-F7E0DF402587}
[2011/07/09 07:46:32 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{F2DEB32D-275A-4377-B4A5-42224B7E35F5}
[2011/07/08 18:54:45 | 000,000,000 | ---D | C] -- C:\ProgramData\{BD70AC1D-6DA8-449B-8035-BA959EF5401D}
[2011/07/08 18:54:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Topaz Labs
[2011/07/08 18:54:18 | 000,000,000 | ---D | C] -- C:\ProgramData\{4B0F043C-7F75-4273-8BB4-DA0455DFBF5F}
[2011/07/08 18:54:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Topaz Labs
[2011/07/08 18:51:27 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\PackageAware
[2011/07/08 08:49:23 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{D7D690BF-2C6F-4D56-AF66-FBB5405759C2}
[2011/07/07 08:46:40 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{8A60E178-18A4-461B-8584-A5D60B2C1EB0}
[2011/07/06 20:45:58 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{74E147AA-1A6E-4D6F-BFD6-114D06D3669B}
[2011/07/06 08:45:14 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{B0464003-B287-41A2-883A-54EDBEA69EF3}
[2011/07/05 20:44:32 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{52336C1B-5DB7-48AE-A388-C96E25950613}
[2011/07/05 08:43:48 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{881553E2-7DE1-4284-BE35-A7A846107A7A}
[2011/07/04 13:06:05 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{30ECCC5D-E718-49F3-80BE-5E968BC077E0}
[2011/07/03 19:35:50 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\Thunderbird
[2011/07/03 19:35:49 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\Thunderbird
[2011/07/03 19:33:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2011/07/03 09:48:43 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{9B45A32D-EF76-4C4C-B559-31BF6CF7F604}
[2011/07/02 22:08:20 | 000,000,000 | ---D | C] -- C:\windows\SysNative\SPReview
[2011/07/02 22:06:27 | 000,000,000 | ---D | C] -- C:\windows\SysNative\EventProviders
[2011/07/02 21:47:41 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{593EE4FB-2877-4298-A461-0FF84157F231}
[2011/07/02 08:33:21 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{381D066B-0818-4EDB-AC2E-305B2D1EB9D1}
[2011/07/01 19:04:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[2011/07/01 19:04:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011/07/01 19:04:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2011/07/01 19:02:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2011/07/01 19:01:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Sync Framework
[2011/07/01 18:58:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2011/07/01 18:57:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011/07/01 18:57:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2011/07/01 18:55:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2011/07/01 18:55:05 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011/07/01 10:43:21 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{B7F98DF3-86D6-447A-A3BC-0AD3AB8258C8}
[2011/06/30 23:23:55 | 000,116,224 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\windows\SysNative\fms.dll
[2011/06/30 23:22:58 | 000,093,696 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\windows\SysWow64\fms.dll
[2011/06/30 22:42:40 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{5F7CC0D4-A706-4440-B09E-AC8B44F6548C}
[2011/06/30 10:41:59 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{F9B44E05-8D01-464E-AB13-C7934128060A}
[2011/06/29 22:41:19 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{00CA3DBC-F7A1-4E95-B9CF-66897F38FD33}
[2011/06/29 10:40:39 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{3D90C230-6F0E-4EC6-910A-F685BAB9D99F}
[2011/06/28 22:03:12 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{3D9D3D2F-3182-40F1-B74A-0DF33392F524}
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/28 19:14:05 | 000,016,304 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/28 19:14:05 | 000,016,304 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/28 19:11:36 | 000,726,316 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2011/07/28 19:11:36 | 000,628,460 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2011/07/28 19:11:36 | 000,110,612 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2011/07/28 19:09:06 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Ryan\Desktop\OTL.exe
[2011/07/28 19:05:09 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/07/28 19:05:05 | 2094,161,920 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/28 18:55:09 | 450,989,650 | ---- | M] () -- C:\windows\MEMORY.DMP
[2011/07/28 18:38:41 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Users\Ryan\Desktop\aswMBR.exe
[2011/07/28 18:37:00 | 000,000,904 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-495528468-2529788342-2210425311-1001UA.job
[2011/07/28 10:21:02 | 125,895,620 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\incavi.avm
[2011/07/26 16:50:56 | 004,996,704 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2011/07/26 15:43:05 | 000,000,132 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/07/26 15:20:43 | 000,001,741 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
[2011/07/26 12:51:47 | 000,002,131 | ---- | M] () -- C:\Users\Ryan\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 4.0 Beta 10.lnk
[2011/07/23 08:37:01 | 000,000,852 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-495528468-2529788342-2210425311-1001Core.job
[2011/07/18 13:45:34 | 000,000,067 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\RSBot_Accounts.ini
[2011/07/13 16:10:20 | 000,072,822 | ---- | M] () -- C:\windows\SysWow64\ieuinit.inf
[2011/07/13 16:10:15 | 000,072,822 | ---- | M] () -- C:\windows\SysNative\ieuinit.inf
[2011/07/10 21:01:22 | 000,001,408 | ---- | M] () -- C:\Users\Ryan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysWow64\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2011/07/03 19:36:38 | 000,002,081 | ---- | M] () -- C:\Users\Ryan\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2011/07/01 18:27:06 | 000,000,600 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\winscp.rnd
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/28 18:55:09 | 450,989,650 | ---- | C] () -- C:\windows\MEMORY.DMP
[2011/07/26 15:05:01 | 000,001,741 | ---- | C] () -- C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
[2011/07/13 16:10:20 | 000,072,822 | ---- | C] () -- C:\windows\SysWow64\ieuinit.inf
[2011/07/13 16:10:15 | 000,072,822 | ---- | C] () -- C:\windows\SysNative\ieuinit.inf
[2011/07/09 14:26:35 | 000,001,205 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/07/03 19:33:53 | 000,002,081 | ---- | C] () -- C:\Users\Ryan\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2011/07/03 19:33:51 | 000,002,069 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2011/06/30 23:25:53 | 000,347,904 | ---- | C] () -- C:\windows\SysNative\systemsf.ebd
[2011/06/30 23:22:07 | 000,010,429 | ---- | C] () -- C:\windows\SysNative\ScavengeSpace.xml
[2011/06/30 23:21:36 | 000,105,559 | ---- | C] () -- C:\windows\SysWow64\RacRules.xml
[2011/06/30 23:21:36 | 000,105,559 | ---- | C] () -- C:\windows\SysNative\RacRules.xml
[2011/06/30 23:21:00 | 000,001,041 | ---- | C] () -- C:\windows\SysWow64\tcpbidi.xml
[2011/06/24 10:25:54 | 000,000,132 | ---- | C] () -- C:\Users\Ryan\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2011/05/24 23:44:26 | 000,059,904 | ---- | C] () -- C:\windows\SysWow64\OVDecode.dll
[2011/05/19 11:37:51 | 000,000,000 | ---- | C] () -- C:\Users\Ryan\AppData\Roaming\193334A8D1A6415994998556736BDFE0.dat
[2011/04/11 10:21:01 | 000,000,067 | ---- | C] () -- C:\Users\Ryan\AppData\Roaming\RSBot_Accounts.ini
[2011/04/04 14:54:02 | 000,000,262 | ---- | C] () -- C:\windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011/02/22 22:51:46 | 000,000,132 | ---- | C] () -- C:\Users\Ryan\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/01/30 10:11:04 | 000,000,600 | ---- | C] () -- C:\Users\Ryan\AppData\Roaming\winscp.rnd
[2010/12/18 09:11:15 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2010/12/18 09:08:24 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe
[2010/12/18 08:58:20 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2010/12/18 08:55:58 | 000,002,888 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/01/30 08:33:06 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\AVG10
[2011/06/14 14:30:53 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Bell
[2011/07/13 16:16:43 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\FrostWire
[2011/03/20 12:09:25 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Leadertech
[2011/01/30 09:47:26 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\LolClient
[2011/02/10 13:54:23 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Maple
[2011/07/26 15:21:39 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Rainmeter
[2011/02/06 11:17:03 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/07/26 15:55:42 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Stardock
[2011/05/28 20:21:23 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\SystemRequirementsLab
[2011/05/19 11:37:51 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Technology Lighthouse
[2011/07/03 19:35:50 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Thunderbird
[2011/01/30 08:13:09 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Toshiba
[2011/01/30 22:18:11 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\TuneUp Software
[2011/07/28 10:42:50 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\uTorrent
[2011/07/24 14:12:17 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\WinBatch
[2011/06/29 10:39:30 | 000,032,540 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< C:\Windows\Minidump\*.* >
[2011/07/28 18:55:20 | 000,274,704 | ---- | M] () -- C:\Windows\Minidump\072811-34023-01.dmp

< End of report >


aswMBR Log:

aswMBR version 0.9.8.977 Copyright© 2011 AVAST Software
Run date: 2011-07-28 19:20:03
-----------------------------
19:20:03.593 OS Version: Windows x64 6.1.7601 Service Pack 1
19:20:03.594 Number of processors: 2 586 0x100
19:20:03.595 ComputerName: BATMAN UserName: Ryan
19:20:05.866 Initialize success
19:20:13.858 AVAST engine defs: 11072801
19:20:19.976 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:20:19.981 Disk 0 Vendor: ST9500325AS 0002SDM1 Size: 476940MB BusType: 11
19:20:20.002 Disk 0 MBR read successfully
19:20:20.007 Disk 0 MBR scan
19:20:20.027 Disk 0 Windows VISTA default MBR code
19:20:20.033 Service scanning
19:20:22.094 Modules scanning
19:20:22.106 Disk 0 trace - called modules:
19:20:22.213 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
19:20:22.221 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002f24060]
19:20:22.228 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8002a18680]
19:20:24.876 AVAST engine scan C:\windows
19:20:29.059 AVAST engine scan C:\windows\system32
19:23:16.809 AVAST engine scan C:\windows\system32\drivers
19:23:33.579 AVAST engine scan C:\Users\Ryan
19:32:39.263 AVAST engine scan C:\ProgramData
19:35:25.951 Scan finished successfully
19:35:54.147 Disk 0 MBR has been saved successfully to "C:\Users\Ryan\Desktop\MBR.dat"
19:35:54.159 The log file has been saved successfully to "C:\Users\Ryan\Desktop\aswMBR.txt"
  • 0

#4
BlackOxide
Posted 29 July 2011 - 12:34 PM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Thanks for the logs. Lets now perform a couple of scans to see if anything shows up in these. The OTL and aswMBR logs do not appear to show anything too significant.



1)
Run a Quick Scan with Malwarebytes Anti-Malware (MBAM) after updating...
  • Open MBAM
  • Click the Update tab, then click Check for Updates and let it install any updates if they are available
  • Click the Scanner tab, then make sure Quick Scan is selected and click Scan
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • Post the log that it produces in your next reply




2)
Kaspersky Virus Removal Tool

Click here to download the Kaspersky Virus Removal Tool.
  • Save it to your desktop.
  • Double click the setup file to run it.
  • Follow the onscreen prompts until it is installed
  • Click the Options button (the 'cog' icon), then make sure only the following are ticked:

  • System Memory
  • Hidden startup objects
  • Disk boot sectors
  • Local Disk (C:)
  • Also any other drives (Removable that you may have)


Leave the rest of the settings as they appear as default.

  • Then click on Automatic Scan
  • Now click the Start Scanning button, to run the scan
  • If a message appears asking how to handle an infection, tick the Apply to all objects box, then click Disinfection
  • If it says it cannot be Disinfected, then chooose the Delete option when prompted.
  • After the scan is complete, click the reports button ('Paper icon', next to the 'cog' icon) on the right hand side
  • Click Detected threats on the left
  • Now click the Save button, and save it as kaslog.txt to your Desktop
  • Please copy and paste the contents of kaslog.txt in your next reply.




3)
Could you let me know the following please...
  • When running a game, how long will it be before it blue screens, 2mins, 20mins, 1hr?
  • If you were to just leave the PC on, say overnight, would it likely blue screen or not?
  • Do you know what the Blue Screen error code is that appears. It should start with 0x




In your next reply
Please post the contents of...
MBAM log
Kaspersky log
Answers to the questions
  • 0

#5
thamasta
Posted 29 July 2011 - 05:50 PM

thamasta

    Member

  • Topic Starter
  • Member
  • PipPip
  • 81 posts
MBAM Log:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7321

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

29/07/2011 2:54:51 PM
mbam-log-2011-07-29 (14-54-51).txt

Scan type: Quick scan
Objects scanned: 168326
Time elapsed: 6 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Kaspersky log:


Status: Will be deleted when the computer is restarted (events: 2)
29/07/2011 3:48:34 PM Will be deleted when the computer is restarted Trojan program Trojan-Downloader.Win32.Delf.hdvm C:\Documents and Settings\Ryan\Downloads\Games\Wii\Hackz\ModMii\libWiiSharp.dll High
29/07/2011 6:45:06 PM Will be deleted when the computer is restarted Trojan program Trojan-Downloader.Win32.Delf.hdvm C:\Users\Ryan\Downloads\Games\Wii\Hackz\ModMii\libWiiSharp.dll High
Status: Deleted (events: 3)
29/07/2011 3:48:34 PM Deleted Trojan program Trojan-Downloader.Win32.Delf.hdvm C:\Documents and Settings\Ryan\Downloads\Games\Wii\Hackz\ModMii\ModMii.exe High
29/07/2011 3:48:34 PM Deleted Trojan program Trojan-Downloader.Win32.Delf.hdvm C:\Documents and Settings\Ryan\Downloads\Games\Wii\Hackz\ModMii\ModMii.exe//UPX High
29/07/2011 3:48:34 PM Deleted Trojan program Trojan-Downloader.Win32.Delf.hdvm C:\Documents and Settings\Ryan\Downloads\Games\Wii\Hackz\ModMii\ModMii.exe//UPX//libWiiSharp.dll High
Status: Disinfected (events: 1)
29/07/2011 7:33:27 PM Disinfected Trojan program Trojan.Win32.Hosts2.gen C:\Windows\System32\drivers\etc\hosts High


When running a game I've had it crash anywhere from under a minutre up to an hour later. However, it generally takes 30 mins.
I've left it on overnight and came back to the computer restarted, I don't know if it was because of a blue screen or not.
I'm not sure what error code it is because the screen generally isn't up long enough for me to read anything on it.

Thanks for you help so far.
  • 0

#6
BlackOxide
Posted 30 July 2011 - 07:06 AM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
No problem. We'll do a scan with ComboFix now, to see if it comes up with any malware. If the ComboFix and OTL logs are clean, then we may be looking at Hardware/Software issues here.


1)
Download ComboFix from one of these locations:

Link 1
Link 2


IMPORTANT !!! You need to Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you are still unsure on how to do this, see here
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you already have the Recovery Console preinstalled, it will not ask for the following. If it does prompt, allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click Yes, to continue scanning for malware. Please be patient and don't use the PC whilst it is scanning.

When finished, it shall produce a log for you. Please copy & paste the contents of this log (also found at C:\ComboFix.txt) in your next reply.




2)
OTL Quick Scan
  • Double click on the OTL icon to run it.
  • When the window appears, underneath Output at the top, make sure Standard Output is selected.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window.
  • Please post the contents of this log




In your next reply
Please post the contents of...
ComboFix log
OTL log
  • 0

#7
thamasta
Posted 30 July 2011 - 03:16 PM

thamasta

    Member

  • Topic Starter
  • Member
  • PipPip
  • 81 posts
Combofix Log:

ComboFix 11-07-31.01 - Ryan 30/07/2011 15:56:28.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.2663.1386 [GMT -4:00]
Running from: c:\users\Ryan\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((( Files Created from 2011-06-28 to 2011-07-30 )))))))))))))))))))))))))))))))
.
.
2011-07-30 20:16 . 2011-07-30 20:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-30 13:22 . 2011-07-30 19:54 -------- d-----w- C:\32788R22FWJFW
2011-07-29 19:01 . 2011-07-29 19:01 -------- d-----w- c:\programdata\Kaspersky Lab
2011-07-28 01:24 . 2011-07-28 01:25 -------- d-----w- C:\rads
2011-07-27 16:41 . 2011-07-30 10:39 -------- d-----w- c:\users\Ryan\riotsGamesLogs
2011-07-26 19:57 . 2011-07-26 19:57 -------- d-----w- c:\users\Ryan\AppData\Local\ODUI
2011-07-26 19:56 . 2011-07-26 19:56 -------- d-----w- c:\users\Ryan\AppData\Local\Stardock
2011-07-26 19:55 . 2011-07-26 19:55 -------- d-----w- c:\users\Ryan\AppData\Roaming\Stardock
2011-07-26 19:54 . 2011-07-26 19:59 -------- d-----w- c:\programdata\Stardock
2011-07-26 19:53 . 2011-07-26 19:55 -------- d-----w- c:\program files (x86)\Stardock
2011-07-24 22:32 . 2011-07-27 19:36 -------- d-----w- c:\windows\AutoKMS
2011-07-24 22:22 . 2011-07-28 00:44 -------- d-----w- c:\users\Ryan\AppData\Local\ElevatedDiagnostics
2011-07-24 18:12 . 2011-07-24 18:12 -------- d-----w- c:\users\Ryan\AppData\Roaming\WinBatch
2011-07-24 18:12 . 2011-07-24 18:12 -------- d-----w- C:\sc16v170
2011-07-24 17:43 . 2011-07-24 17:43 -------- d-----w- c:\programdata\dbg
2011-07-24 17:40 . 2011-07-24 17:43 -------- d-----w- C:\Symbols
2011-07-24 17:36 . 2011-07-24 17:36 -------- d-----w- c:\program files\Debugging Tools for Windows (x64)
2011-07-24 17:35 . 2011-07-24 17:35 -------- d-----w- c:\program files\Microsoft SDKs
2011-07-16 14:34 . 2011-07-16 14:34 -------- d-----w- c:\users\Ryan\AppData\Local\Western_Digital
2011-07-16 14:33 . 2011-07-16 14:33 -------- d-----w- c:\programdata\Western Digital
2011-07-16 14:32 . 2011-07-16 14:32 -------- d-----w- c:\program files\Western Digital
2011-07-16 14:32 . 2011-07-16 14:32 -------- d-----w- c:\program files (x86)\Western Digital
2011-07-16 14:31 . 2011-07-16 14:31 -------- d-----w- c:\users\Ryan\AppData\Local\Western Digital
2011-07-15 19:14 . 2011-07-15 19:14 -------- d-----w- C:\ModMii
2011-07-14 17:38 . 2007-10-22 07:40 411656 ----a-w- c:\windows\system32\xactengine2_10.dll
2011-07-14 17:34 . 2005-05-26 19:34 3767504 ----a-w- c:\windows\system32\d3dx9_26.dll
2011-07-14 17:34 . 2005-05-26 19:34 2297552 ----a-w- c:\windows\SysWow64\d3dx9_26.dll
2011-07-14 17:29 . 2011-07-14 17:36 -------- d--h--w- c:\windows\msdownld.tmp
2011-07-13 20:16 . 2011-07-13 20:17 -------- d-----w- c:\users\Ryan\FrostWire
2011-07-13 20:16 . 2011-07-13 20:19 -------- d-----w- c:\users\Ryan\.frostwire5
2011-07-13 20:09 . 2011-07-13 20:16 -------- d-----w- c:\users\Ryan\AppData\Roaming\FrostWire
2011-07-12 17:13 . 2011-07-12 17:13 -------- d-----w- c:\users\Ryan\AppData\Local\ICS
2011-07-11 21:04 . 2011-07-11 21:04 -------- d-----w- c:\users\Ryan\AppData\Local\AMD
2011-07-11 21:03 . 2011-07-11 21:03 -------- d-----w- c:\programdata\AMD
2011-07-11 19:43 . 2011-07-11 19:43 -------- d-----w- c:\programdata\ATI
2011-07-11 19:43 . 2011-07-11 19:43 -------- d-----w- c:\program files (x86)\AMD APP
2011-07-11 19:42 . 2010-02-18 13:18 46136 ----a-w- c:\windows\system32\drivers\amdiox64.sys
2011-07-11 19:37 . 2011-07-11 19:42 -------- d-----w- c:\program files\ATI Technologies
2011-07-11 19:36 . 2011-07-11 19:36 -------- d-----w- C:\ATI
2011-07-11 19:34 . 2011-07-11 19:34 -------- d-----w- c:\users\Ryan\AppData\Local\Smart_PC_Utilities,_Ltd
2011-07-10 17:28 . 2011-07-10 17:28 -------- d-----w- c:\users\Ryan\.GalleryRemote
2011-07-08 22:54 . 2011-07-09 18:17 -------- dc----w- c:\programdata\{BD70AC1D-6DA8-449B-8035-BA959EF5401D}
2011-07-08 22:54 . 2011-07-09 18:17 -------- d-----w- c:\program files\Common Files\Topaz Labs
2011-07-08 22:54 . 2011-07-09 18:17 -------- dc----w- c:\programdata\{4B0F043C-7F75-4273-8BB4-DA0455DFBF5F}
2011-07-08 22:54 . 2011-07-08 22:54 -------- d-----w- c:\program files (x86)\Topaz Labs
2011-07-08 22:51 . 2011-07-08 22:51 -------- d-----w- c:\users\Ryan\AppData\Local\PackageAware
2011-07-03 23:35 . 2011-07-03 23:35 -------- d-----w- c:\users\Ryan\AppData\Local\Thunderbird
2011-07-03 23:35 . 2011-07-03 23:35 -------- d-----w- c:\users\Ryan\AppData\Roaming\Thunderbird
2011-07-03 23:33 . 2011-07-03 23:33 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2011-07-03 02:08 . 2011-07-03 02:08 -------- d-----w- c:\windows\system32\SPReview
2011-07-03 02:06 . 2011-07-03 02:06 -------- d-----w- c:\windows\system32\EventProviders
2011-07-01 23:02 . 2011-07-01 23:02 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2011-07-01 23:01 . 2011-07-01 23:01 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework
2011-07-01 22:58 . 2011-07-01 22:58 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2011-07-01 22:57 . 2011-07-01 22:57 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2011-07-01 22:55 . 2011-07-01 22:55 -------- d-----r- C:\MSOCache
2011-07-01 03:27 . 2010-11-05 01:57 48976 ----a-w- c:\windows\system32\netfxperf.dll
2011-07-01 03:27 . 2010-11-05 01:57 1942856 ----a-w- c:\windows\system32\dfshim.dll
2011-07-01 03:25 . 2010-11-20 13:27 1753088 ----a-w- c:\windows\system32\vssapi.dll
2011-07-01 03:24 . 2010-11-20 13:27 695808 ----a-w- c:\windows\system32\wuapi.dll
2011-07-01 03:23 . 2010-11-20 13:44 1077248 ----a-w- c:\windows\system32\Narrator.exe
2011-07-01 03:22 . 2010-11-20 13:27 102400 ----a-w- c:\windows\system32\sppnp.dll
2011-07-01 03:21 . 2010-11-20 13:27 47104 ----a-w- c:\windows\system32\wshbth.dll
2011-07-01 03:20 . 2010-11-20 12:18 323072 ----a-w- c:\windows\SysWow64\drvstore.dll
2011-07-01 03:20 . 2010-11-20 12:18 257024 ----a-w- c:\windows\SysWow64\dpx.dll
2011-07-01 03:20 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll
2011-07-01 03:20 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
2011-07-01 03:16 . 2010-11-20 13:27 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-07-01 03:16 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2011-07-01 03:16 . 2010-11-20 13:27 1225216 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-07-01 03:15 . 2010-11-20 13:27 933376 ----a-w- c:\windows\system32\SmiEngine.dll
2011-07-01 03:15 . 2010-11-20 13:25 199168 ----a-w- c:\windows\system32\PkgMgr.exe
2011-07-01 03:14 . 2010-11-20 13:26 422912 ----a-w- c:\windows\system32\drvstore.dll
2011-07-01 03:14 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-06 23:52 . 2011-04-04 19:23 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-06 23:52 . 2011-04-04 19:23 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-03 02:27 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-07-03 02:27 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-06-21 17:18 . 2011-05-17 13:03 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-06 19:55 . 2011-06-06 19:55 53656 ----a-w- c:\windows\system32\AdobePDF.dll
2011-06-06 19:55 . 2011-06-06 19:55 24984 ----a-w- c:\windows\system32\AdobePDFUI.dll
2011-06-03 05:57 . 2011-07-13 11:16 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-05-25 03:44 . 2011-05-25 03:44 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2011-05-25 03:44 . 2011-05-25 03:44 59904 ----a-w- c:\windows\SysWow64\OVDecode.dll
2011-05-25 03:44 . 2011-05-25 03:44 53760 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-25 03:44 . 2011-05-25 03:44 51712 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-05-25 03:44 . 2011-05-25 03:44 16672768 ----a-w- c:\windows\system32\amdocl64.dll
2011-05-25 03:43 . 2011-05-25 03:43 12798976 ----a-w- c:\windows\SysWow64\amdocl.dll
2011-05-25 03:00 . 2011-05-25 03:00 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2011-05-25 02:59 . 2011-05-25 02:59 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-05-24 11:42 . 2011-06-29 14:50 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-05-24 10:40 . 2011-06-29 14:50 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2011-05-24 10:40 . 2011-06-29 14:50 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2011-05-24 10:39 . 2011-06-29 14:50 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2011-05-24 10:37 . 2011-06-29 14:50 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2011-05-08 01:11 . 2011-05-08 01:11 98304 ----a-r- c:\users\Ryan\AppData\Roaming\Microsoft\Installer\{3577E42B-3347-4EB8-BFDA-D36E8ED3C519}\icons.exe
2011-05-04 08:52 . 2010-11-11 09:56 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-05-04 05:25 . 2011-06-29 14:50 2315776 ----a-w- c:\windows\system32\tquery.dll
2011-05-04 05:22 . 2011-06-29 14:50 2223616 ----a-w- c:\windows\system32\mssrch.dll
2011-05-04 05:22 . 2011-06-29 14:50 778752 ----a-w- c:\windows\system32\mssvp.dll
2011-05-04 05:22 . 2011-06-29 14:50 491520 ----a-w- c:\windows\system32\mssph.dll
2011-05-04 05:22 . 2011-06-29 14:50 288256 ----a-w- c:\windows\system32\mssphtb.dll
2011-05-04 05:22 . 2011-06-29 14:50 75264 ----a-w- c:\windows\system32\msscntrs.dll
2011-05-04 05:19 . 2011-06-29 14:50 591872 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-05-04 05:19 . 2011-06-29 14:50 249856 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-05-04 05:19 . 2011-06-29 14:50 113664 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-05-04 04:34 . 2011-06-29 14:50 1549312 ----a-w- c:\windows\SysWow64\tquery.dll
2011-05-04 04:32 . 2011-06-29 14:50 666624 ----a-w- c:\windows\SysWow64\mssvp.dll
2011-05-04 04:32 . 2011-06-29 14:50 1401344 ----a-w- c:\windows\SysWow64\mssrch.dll
2011-05-04 04:32 . 2011-06-29 14:50 337408 ----a-w- c:\windows\SysWow64\mssph.dll
2011-05-04 04:32 . 2011-06-29 14:50 197120 ----a-w- c:\windows\SysWow64\mssphtb.dll
2011-05-04 04:32 . 2011-06-29 14:50 59392 ----a-w- c:\windows\SysWow64\msscntrs.dll
2011-05-04 04:28 . 2011-06-29 14:50 427520 ----a-w- c:\windows\SysWow64\SearchIndexer.exe
2011-05-04 04:28 . 2011-06-29 14:50 164352 ----a-w- c:\windows\SysWow64\SearchProtocolHost.exe
2011-05-04 04:28 . 2011-06-29 14:50 86528 ----a-w- c:\windows\SysWow64\SearchFilterHost.exe
2011-05-03 05:29 . 2011-06-15 22:36 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-05-03 04:30 . 2011-06-15 22:36 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Rainlendar2"="c:\program files (x86)\Rainlendar2\Rainlendar2.exe" [2011-01-06 2342400]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
"Google Update"="c:\users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe" [2011-01-30 136176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2010-07-01 1295224]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG10\avgtray.exe" [2011-04-18 2334560]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-25 336384]
.
c:\users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2011-7-24 102912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"BISA.exe"="c:\program files (x86)\Bell\Internet Service Advisor\BISA.exe" /AUTORUN
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 cpuz134;cpuz134;c:\users\Ryan\AppData\Local\Temp\Rar$EX01.438\pcwiz_x64.sys [x]
R3 dump_wmimmc;dump_wmimmc;c:\ynk\ROHAN_Blood_Feud_Hero\GameGuard\dump_wmimmc.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-07-01 51576]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-05-25 365568]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-04-18 7398752]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-29 249200]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2010-01-27 517632]
S2 ServicepointService;ServicepointService;c:\program files (x86)\Bell\Internet Service Advisor\ServicepointService.exe [2011-01-06 689464]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2010-04-19 1401672]
S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-09-08 288256]
S2 WDFME;WD File Management Engine;c:\program files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe [2010-09-08 1034752]
S2 WDSC;WD File Management Shadow Engine;c:\program files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe [2010-09-08 485376]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2010-02-25 11856]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-495528468-2529788342-2210425311-1001Core.job
- c:\users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-30 12:10]
.
2011-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-495528468-2529788342-2210425311-1001UA.job
- c:\users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-30 12:10]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.toshiba.ca/welcome
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to TOSHIBA Bulletin Board - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {{97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\rltkltgj.default\
FF - prefs.js: browser.startup.homepage - google.ca
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-(Default) - (no file)
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
SharedTaskScheduler-{1984D045-52CF-49cd-DB77-08F378FEA4DB} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\Motive\McciCMService.exe
c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
.
**************************************************************************
.
Completion time: 2011-07-30 17:03:04 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-30 21:02
.
Pre-Run: 393,263,300,608 bytes free
Post-Run: 393,211,990,016 bytes free
.
- - End Of File - - 228FF848340E3F990A4A64EB98432F0A


OTL Log:

OTL logfile created on: 7/30/2011 5:08:27 PM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Ryan\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.60 Gb Total Physical Memory | 1.03 Gb Available Physical Memory | 39.66% Memory free
5.20 Gb Paging File | 3.36 Gb Available in Paging File | 64.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454.06 Gb Total Space | 366.27 Gb Free Space | 80.67% Space Free | Partition Type: NTFS

Computer Name: BATMAN | User Name: Ryan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/28 19:09:06 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Ryan\Desktop\OTL.exe
PRC - [2011/07/26 12:51:43 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\firefox.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgtray.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
PRC - [2011/01/06 15:56:50 | 000,689,464 | ---- | M] (Radialpoint Inc.) -- C:\Program Files (x86)\Bell\Internet Service Advisor\ServicepointService.exe
PRC - [2011/01/06 09:27:04 | 002,342,400 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
PRC - [2010/09/08 10:45:10 | 001,034,752 | ---- | M] () -- C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe
PRC - [2010/06/03 20:09:00 | 000,304,560 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
PRC - [2009/07/29 00:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2009/03/10 22:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe


========== Modules (SafeList) ==========

MOD - [2011/07/28 19:09:06 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Ryan\Desktop\OTL.exe
MOD - [2010/11/20 07:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/05/24 23:18:38 | 000,365,568 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/02/05 16:39:26 | 001,012,224 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Synergy\synergys.exe -- (Synergy Server)
SRV:64bit: - [2010/11/10 01:55:50 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/10/28 06:14:30 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2010/10/20 18:41:50 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/28 16:30:28 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/09/22 22:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/09/08 10:42:42 | 000,288,256 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV:64bit: - [2010/04/19 14:42:42 | 000,036,168 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2010/02/05 21:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2011/01/30 22:18:25 | 000,607,048 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2011/01/06 15:56:50 | 000,689,464 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files (x86)\Bell\Internet Service Advisor\ServicepointService.exe -- (ServicepointService)
SRV - [2010/12/14 18:45:00 | 003,994,768 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2010/09/08 10:45:10 | 001,034,752 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2010/09/08 10:44:42 | 000,485,376 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2010/07/01 14:59:02 | 000,051,576 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/04/19 14:47:24 | 001,401,672 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010/04/19 14:42:36 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/28 20:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/10 22:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/04/14 21:28:24 | 000,118,864 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/04/05 00:59:54 | 000,377,936 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/03/16 16:03:18 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/01 14:25:18 | 000,041,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/02/22 08:12:46 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/02/10 07:53:34 | 000,029,264 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/01/07 06:41:44 | 000,304,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2010/12/14 19:51:20 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/11 16:58:54 | 000,137,512 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010/11/10 02:34:04 | 008,013,312 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/11/10 01:18:54 | 000,287,232 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/10/21 18:37:46 | 001,306,240 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010/10/08 15:49:08 | 000,243,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/09/27 19:24:42 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/09/23 04:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/08/24 13:29:54 | 000,041,040 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2010/08/24 13:29:32 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2010/08/24 13:29:10 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2010/07/23 13:43:52 | 001,088,616 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/08/09 17:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2009/07/31 00:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 19:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/07 13:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2009/06/22 21:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2010/02/25 12:18:08 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2010/01/19 11:06:44 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/01/19 11:06:38 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2005/01/03 02:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.ca/welcome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.ca/welcome

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "google.ca"


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files (x86)\Bell\Internet Service Advisor\nprpspa.dll (Bell)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files (x86)\Bell\Internet Service Advisor\nprpspa.dll (Bell)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ryan\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ryan\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2011/07/12 11:45:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/07/09 14:17:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\components [2011/07/26 12:51:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/07/03 19:33:45 | 000,000,000 | ---D | M]

[2011/01/30 09:31:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ryan\AppData\Roaming\Mozilla\Extensions
[2011/07/29 13:27:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\rltkltgj.default\extensions
[2011/06/17 10:33:45 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\rltkltgj.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
File not found (No name found) --
() (No name found) -- C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLTKLTGJ.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI
() (No name found) -- C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLTKLTGJ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLTKLTGJ.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
() (No name found) -- C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLTKLTGJ.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
() (No name found) -- C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLTKLTGJ.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RLTKLTGJ.DEFAULT\EXTENSIONS\[email protected]

O1 HOSTS File: ([2011/07/30 16:22:48 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [Rainlendar2] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe ()
O4 - Startup: C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9:64bit: - Extra Button: Add to TOSHIBA Bulletin Board - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9:64bit: - Extra 'Tools' menuitem : Add to TOSHIBA Bulletin Board - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9 - Extra Button: Add to TOSHIBA Bulletin Board - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9 - Extra 'Tools' menuitem : Add to TOSHIBA Bulletin Board - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O22:64bit: - SharedTaskScheduler: {1984D045-52CF-49cd-DB77-08F378FEA4DB} - ObjectDockShellExt - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync) - C:\Program Files (x86)\AVG\AVG10\avgchsva.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart) - C:\Program Files (x86)\AVG\AVG10\avgrsa.exe (AVG Technologies CZ, s.r.o.)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/30 17:03:41 | 000,000,000 | ---D | C] -- C:\windows\temp
[2011/07/30 16:22:57 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/07/30 09:22:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2011/07/30 09:22:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2011/07/30 09:22:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2011/07/30 09:22:20 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2011/07/30 09:22:12 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/30 09:22:00 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/07/30 09:19:49 | 004,158,851 | R--- | C] (Swearware) -- C:\Users\Ryan\Desktop\ComboFix.exe
[2011/07/30 05:13:33 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{798F9419-84BB-4FCB-9007-2CD0E4BD974A}
[2011/07/29 15:01:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/07/29 10:16:39 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{5EB8D7E1-5D5A-4C7C-832B-F4857903BD1B}
[2011/07/28 22:16:13 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{6B601957-72AE-433D-94E4-3FF502C975FC}
[2011/07/28 19:09:05 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Ryan\Desktop\OTL.exe
[2011/07/28 18:37:53 | 001,915,904 | ---- | C] (AVAST Software) -- C:\Users\Ryan\Desktop\aswMBR.exe
[2011/07/28 10:15:47 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{57B1CBF2-1B15-4676-834A-B62BACC5949E}
[2011/07/27 21:24:17 | 000,000,000 | ---D | C] -- C:\rads
[2011/07/27 20:40:33 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{45FFC474-131E-42E4-90F7-3DFA17F91E01}
[2011/07/27 12:41:58 | 000,000,000 | ---D | C] -- C:\Users\Ryan\riotsGamesLogs
[2011/07/27 08:40:03 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{450A3A7A-F81B-4ED9-9489-18970D82D4DB}
[2011/07/26 15:57:02 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\ODUI
[2011/07/26 15:56:47 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Documents\Stardock
[2011/07/26 15:56:46 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\Stardock
[2011/07/26 15:55:42 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\Stardock
[2011/07/26 15:54:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Stardock
[2011/07/26 15:53:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Stardock
[2011/07/26 15:20:36 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rainmeter
[2011/07/26 11:46:52 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{245580F1-2353-4B56-8415-5A86C8731E0A}
[2011/07/25 22:30:30 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{4BA6D221-4D9C-4E0A-A179-A5997446B050}
[2011/07/25 14:44:33 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{99FED6BF-2007-4867-A762-CA59925B49FD}
[2011/07/25 09:50:39 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{611507F0-1303-4F4B-BED6-8DFEF08B84E2}
[2011/07/24 21:49:54 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{686B10FE-F027-4920-AC6B-CA814D1602B0}
[2011/07/24 18:32:21 | 000,000,000 | ---D | C] -- C:\windows\AutoKMS
[2011/07/24 18:22:48 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\ElevatedDiagnostics
[2011/07/24 14:12:17 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\WinBatch
[2011/07/24 14:12:09 | 000,000,000 | ---D | C] -- C:\sc16v170
[2011/07/24 13:43:06 | 000,000,000 | ---D | C] -- C:\ProgramData\dbg
[2011/07/24 13:40:00 | 000,000,000 | ---D | C] -- C:\Symbols
[2011/07/24 13:36:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debugging Tools for Windows (x64)
[2011/07/24 13:36:25 | 000,000,000 | ---D | C] -- C:\Program Files\Debugging Tools for Windows (x64)
[2011/07/24 13:35:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Windows SDK v7.1
[2011/07/24 13:35:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2011/07/24 08:46:38 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{0963B2E0-68E3-42AD-A83E-CEA62F847C9C}
[2011/07/23 08:28:55 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{9CEF40B4-EB0B-43E7-92D6-47E1FBB1DEB3}
[2011/07/22 20:06:38 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{03DEA7CA-126D-4FB9-A374-7AA92D278318}
[2011/07/22 08:05:42 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{1B93B7FA-8719-4609-BF6D-32888D598038}
[2011/07/21 12:18:46 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{93AF96B5-8092-402C-A29C-A68509AA773B}
[2011/07/20 20:35:16 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{87864DE4-5C22-417A-943A-CE579B7DFB0A}
[2011/07/20 08:34:37 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{F6012C8C-3B0F-478A-8FB7-ECD0AEA25762}
[2011/07/19 20:33:39 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{43BED8FF-F6EC-4132-9BBE-1D83AF9F6DB6}
[2011/07/19 07:49:41 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{EAE5B270-42FA-4C2E-A631-F324DE3ED0E4}
[2011/07/18 08:04:51 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{398527A9-749D-42B7-962B-50511DAA0218}
[2011/07/17 20:04:10 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{D470A698-9764-4D8C-9DB4-960BB0B786E3}
[2011/07/17 08:03:15 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{466F5CFC-5581-4297-8A0C-BC068D55EECC}
[2011/07/16 10:34:39 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\Western_Digital
[2011/07/16 10:33:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Western Digital
[2011/07/16 10:32:23 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital
[2011/07/16 10:32:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Western Digital
[2011/07/16 10:32:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WD SmartWare
[2011/07/16 10:31:50 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\Western Digital
[2011/07/15 20:58:45 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{ED9A820A-18F2-4E40-9B52-78A5A5944E79}
[2011/07/15 15:14:32 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WiiBackupManager
[2011/07/15 15:14:26 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FAT32 GUI Formatter
[2011/07/15 15:14:24 | 000,000,000 | ---D | C] -- C:\ModMii
[2011/07/15 08:58:03 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{CD956F05-154D-4993-93A5-01BBBE7619B2}
[2011/07/14 20:57:20 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{FE8A591D-23B0-4F87-A8CB-62D52D49888C}
[2011/07/14 13:29:08 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\directx
[2011/07/14 07:31:16 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{7BD6D87F-FC5C-49EC-855D-EEA0A05BAA66}
[2011/07/13 16:16:58 | 000,000,000 | ---D | C] -- C:\Users\Ryan\FrostWire
[2011/07/13 16:16:45 | 000,000,000 | ---D | C] -- C:\Users\Ryan\.frostwire5
[2011/07/13 16:10:18 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Incomplete
[2011/07/13 16:09:47 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Documents\FrostWire
[2011/07/13 16:09:21 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\FrostWire
[2011/07/13 15:55:56 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{C91B3563-C481-4657-A504-A916C278E68C}
[2011/07/12 22:45:24 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{CB61C341-DF93-4E9A-9FA6-F378DAC1FB8F}
[2011/07/12 13:13:44 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\ICS
[2011/07/12 07:57:08 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{5C5767CF-BE48-4380-8E72-1235550E1D05}
[2011/07/11 17:04:29 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\AMD
[2011/07/11 17:03:31 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2011/07/11 15:43:25 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/07/11 15:43:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2011/07/11 15:42:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2011/07/11 15:37:28 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2011/07/11 15:36:15 | 000,000,000 | ---D | C] -- C:\ATI
[2011/07/11 15:34:47 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\Smart_PC_Utilities,_Ltd
[2011/07/11 15:33:25 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Documents\Smart PC Utilities
[2011/07/11 09:09:11 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{6B1F511C-6D02-4F2A-ADAE-EF6088BE8CA3}
[2011/07/10 21:08:26 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{88CC7580-4311-411F-AAF8-18D630FE051C}
[2011/07/10 13:28:32 | 000,000,000 | ---D | C] -- C:\Users\Ryan\.GalleryRemote
[2011/07/10 10:58:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
[2011/07/10 09:07:41 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{215F58E1-B7CC-49ED-A806-1329C7ABD73C}
[2011/07/09 14:22:33 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{3E28021C-C222-4F63-BE1E-F7E0DF402587}
[2011/07/09 07:46:32 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{F2DEB32D-275A-4377-B4A5-42224B7E35F5}
[2011/07/08 18:54:45 | 000,000,000 | ---D | C] -- C:\ProgramData\{BD70AC1D-6DA8-449B-8035-BA959EF5401D}
[2011/07/08 18:54:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Topaz Labs
[2011/07/08 18:54:18 | 000,000,000 | ---D | C] -- C:\ProgramData\{4B0F043C-7F75-4273-8BB4-DA0455DFBF5F}
[2011/07/08 18:54:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Topaz Labs
[2011/07/08 18:51:27 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\PackageAware
[2011/07/08 08:49:23 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{D7D690BF-2C6F-4D56-AF66-FBB5405759C2}
[2011/07/07 08:46:40 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{8A60E178-18A4-461B-8584-A5D60B2C1EB0}
[2011/07/06 20:45:58 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{74E147AA-1A6E-4D6F-BFD6-114D06D3669B}
[2011/07/06 08:45:14 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{B0464003-B287-41A2-883A-54EDBEA69EF3}
[2011/07/05 20:44:32 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{52336C1B-5DB7-48AE-A388-C96E25950613}
[2011/07/05 08:43:48 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{881553E2-7DE1-4284-BE35-A7A846107A7A}
[2011/07/04 13:06:05 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{30ECCC5D-E718-49F3-80BE-5E968BC077E0}
[2011/07/03 19:35:50 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\Thunderbird
[2011/07/03 19:35:49 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\Thunderbird
[2011/07/03 19:33:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2011/07/03 09:48:43 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{9B45A32D-EF76-4C4C-B559-31BF6CF7F604}
[2011/07/02 22:08:20 | 000,000,000 | ---D | C] -- C:\windows\SysNative\SPReview
[2011/07/02 22:06:27 | 000,000,000 | ---D | C] -- C:\windows\SysNative\EventProviders
[2011/07/02 21:47:41 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{593EE4FB-2877-4298-A461-0FF84157F231}
[2011/07/02 08:33:21 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{381D066B-0818-4EDB-AC2E-305B2D1EB9D1}
[2011/07/01 19:04:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[2011/07/01 19:04:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011/07/01 19:04:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2011/07/01 19:02:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2011/07/01 19:01:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Sync Framework
[2011/07/01 18:58:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2011/07/01 18:57:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011/07/01 18:57:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2011/07/01 18:55:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2011/07/01 18:55:05 | 000,000,000 | R--D | C] -- C:\MSOCache
[2011/07/01 10:43:21 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{B7F98DF3-86D6-447A-A3BC-0AD3AB8258C8}
[2011/06/30 23:23:55 | 000,116,224 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\windows\SysNative\fms.dll
[2011/06/30 23:22:58 | 000,093,696 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\windows\SysWow64\fms.dll
[2011/06/30 22:42:40 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{5F7CC0D4-A706-4440-B09E-AC8B44F6548C}
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/30 17:05:30 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/07/30 17:05:25 | 2094,161,920 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/30 16:42:02 | 000,000,904 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-495528468-2529788342-2210425311-1001UA.job
[2011/07/30 16:42:00 | 000,000,852 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-495528468-2529788342-2210425311-1001Core.job
[2011/07/30 16:29:55 | 000,016,304 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/30 16:29:55 | 000,016,304 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/30 16:22:48 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2011/07/30 15:54:19 | 004,158,851 | R--- | M] (Swearware) -- C:\Users\Ryan\Desktop\ComboFix.exe
[2011/07/30 15:51:15 | 126,233,448 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\incavi.avm
[2011/07/29 20:28:00 | 000,726,316 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2011/07/29 20:28:00 | 000,628,460 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2011/07/29 20:28:00 | 000,110,612 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2011/07/29 18:45:06 | 000,000,818 | -HS- | M] () -- C:\windows\4361479drv.spi
[2011/07/29 14:59:24 | 100,192,848 | ---- | M] () -- C:\Users\Ryan\Desktop\setup_11.0.0.1245.x01_2011_07_29_21_26.exe
[2011/07/28 20:06:29 | 000,000,132 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/07/28 19:35:54 | 000,000,512 | ---- | M] () -- C:\Users\Ryan\Desktop\MBR.dat
[2011/07/28 19:09:06 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Ryan\Desktop\OTL.exe
[2011/07/28 18:55:09 | 450,989,650 | ---- | M] () -- C:\windows\MEMORY.DMP
[2011/07/28 18:38:41 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Users\Ryan\Desktop\aswMBR.exe
[2011/07/26 16:50:56 | 004,996,704 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2011/07/26 15:20:43 | 000,001,741 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
[2011/07/26 12:51:47 | 000,002,131 | ---- | M] () -- C:\Users\Ryan\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 4.0 Beta 10.lnk
[2011/07/18 13:45:34 | 000,000,067 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\RSBot_Accounts.ini
[2011/07/13 16:10:20 | 000,072,822 | ---- | M] () -- C:\windows\SysWow64\ieuinit.inf
[2011/07/13 16:10:15 | 000,072,822 | ---- | M] () -- C:\windows\SysNative\ieuinit.inf
[2011/07/10 21:01:22 | 000,001,408 | ---- | M] () -- C:\Users\Ryan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysWow64\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2011/07/03 19:36:38 | 000,002,081 | ---- | M] () -- C:\Users\Ryan\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2011/07/01 18:27:06 | 000,000,600 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\winscp.rnd
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/30 09:22:28 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2011/07/30 09:22:28 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2011/07/30 09:22:28 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2011/07/30 09:22:28 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2011/07/30 09:22:28 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2011/07/29 15:48:03 | 000,000,818 | -HS- | C] () -- C:\windows\4361479drv.spi
[2011/07/29 14:57:23 | 100,192,848 | ---- | C] () -- C:\Users\Ryan\Desktop\setup_11.0.0.1245.x01_2011_07_29_21_26.exe
[2011/07/28 19:35:54 | 000,000,512 | ---- | C] () -- C:\Users\Ryan\Desktop\MBR.dat
[2011/07/28 18:55:09 | 450,989,650 | ---- | C] () -- C:\windows\MEMORY.DMP
[2011/07/26 15:05:01 | 000,001,741 | ---- | C] () -- C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
[2011/07/13 16:10:20 | 000,072,822 | ---- | C] () -- C:\windows\SysWow64\ieuinit.inf
[2011/07/13 16:10:15 | 000,072,822 | ---- | C] () -- C:\windows\SysNative\ieuinit.inf
[2011/07/09 14:26:35 | 000,001,205 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/07/03 19:33:53 | 000,002,081 | ---- | C] () -- C:\Users\Ryan\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2011/07/03 19:33:51 | 000,002,069 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2011/06/30 23:25:53 | 000,347,904 | ---- | C] () -- C:\windows\SysNative\systemsf.ebd
[2011/06/30 23:22:07 | 000,010,429 | ---- | C] () -- C:\windows\SysNative\ScavengeSpace.xml
[2011/06/30 23:21:36 | 000,105,559 | ---- | C] () -- C:\windows\SysWow64\RacRules.xml
[2011/06/30 23:21:36 | 000,105,559 | ---- | C] () -- C:\windows\SysNative\RacRules.xml
[2011/06/30 23:21:00 | 000,001,041 | ---- | C] () -- C:\windows\SysWow64\tcpbidi.xml
[2011/06/24 10:25:54 | 000,000,132 | ---- | C] () -- C:\Users\Ryan\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2011/05/24 23:44:26 | 000,059,904 | ---- | C] () -- C:\windows\SysWow64\OVDecode.dll
[2011/05/19 11:37:51 | 000,000,000 | ---- | C] () -- C:\Users\Ryan\AppData\Roaming\193334A8D1A6415994998556736BDFE0.dat
[2011/04/11 10:21:01 | 000,000,067 | ---- | C] () -- C:\Users\Ryan\AppData\Roaming\RSBot_Accounts.ini
[2011/04/04 14:54:02 | 000,000,262 | ---- | C] () -- C:\windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011/02/22 22:51:46 | 000,000,132 | ---- | C] () -- C:\Users\Ryan\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/01/30 10:11:04 | 000,000,600 | ---- | C] () -- C:\Users\Ryan\AppData\Roaming\winscp.rnd
[2010/12/18 09:11:15 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2010/12/18 09:08:24 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe
[2010/12/18 08:58:20 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2010/12/18 08:55:58 | 000,002,888 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/01/30 08:33:06 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\AVG10
[2011/06/14 14:30:53 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Bell
[2011/07/13 16:16:43 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\FrostWire
[2011/03/20 12:09:25 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Leadertech
[2011/01/30 09:47:26 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\LolClient
[2011/02/10 13:54:23 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Maple
[2011/07/26 15:21:39 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Rainmeter
[2011/02/06 11:17:03 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/07/26 15:55:42 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Stardock
[2011/05/28 20:21:23 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\SystemRequirementsLab
[2011/05/19 11:37:51 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Technology Lighthouse
[2011/07/03 19:35:50 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Thunderbird
[2011/01/30 08:13:09 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Toshiba
[2011/01/30 22:18:11 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\TuneUp Software
[2011/07/29 18:03:30 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\uTorrent
[2011/07/24 14:12:17 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\WinBatch
[2011/06/29 10:39:30 | 000,032,540 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

#8
BlackOxide
Posted 30 July 2011 - 04:00 PM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Those logs look good to me. There is one new file that has appeared, which is C:\windows\4361479drv.spi. Can't find much on this file, so could you get this scanned for me please using the instructions below...


  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:

    • C:\windows\4361479drv.spi
  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.

  • 0

#9
thamasta
Posted 31 July 2011 - 08:00 AM

thamasta

    Member

  • Topic Starter
  • Member
  • PipPip
  • 81 posts
I can't get that page to load up in any of my broswers.
  • 0

#10
BlackOxide
Posted 31 July 2011 - 08:45 AM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
It's not loading for me as well. It appears VirScan is down at the moment. Not to worry, could you go to VirusTotal for me and upload the file there for me please. Once it has been scanned with VirusTotal, click Compact, then in the popup window, click BBCode, then copy and paste this information into your next reply please.
  • 0

Advertisements

#11
thamasta
Posted 31 July 2011 - 11:47 AM

thamasta

    Member

  • Topic Starter
  • Member
  • PipPip
  • 81 posts
The file must have only been temporary for something, because I can't find it in the Windows folder.
  • 0

#12
BlackOxide
Posted 31 July 2011 - 12:02 PM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
This may be because it's hidden. Try clicking Start, then Computer. Then hold down the alt key and whilst holding it down, press T on the keyboard. This should bring up the tools menu. Click Folder Options, then the View tab, then click Show hidden files, folders and drives. Now press OK, then see if you can see the file.
  • 0

#13
thamasta
Posted 31 July 2011 - 12:30 PM

thamasta

    Member

  • Topic Starter
  • Member
  • PipPip
  • 81 posts
I still don't see it there.
  • 0

#14
BlackOxide
Posted 31 July 2011 - 12:58 PM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
No worries, it may well have disappeared by itself then. What we'll do now is remove the tools we have used for the hunt for malware, then we'll move on with some Hardware testing etc.

Can you do the 5 steps below please. After that, we'll give the Hard Drive a test to see if it comes back healthy :)



========== CLEANUP ==========

Remove the Tools used in this cleanup

1)
Tools on the Desktop:
You can now safely remove aswMBR from the Desktop (if present)

2)
Remove ComboFix
  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall (Notice the space between the "x" and "/") then click OK
    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

3)
Clear Old Restore Points
  • Run OTL, copy and paste the following into the Custom Scans/Fixes area at the bottom
    :Commands
[CLEARALLRESTOREPOINTS]
  • Then Click Run Fix

4)
OTL Cleanup
  • Open OTL
  • Click the CleanUp button at the top, it will ask to reboot your PC, please allow it to do so

5)
We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.






Hard Drive Test
We will use SeaTools to test your Hard Drive. You will need a blank CD for this process.

Click here to download the SeaTools disc image

Burning the ISO image to CD
  • Click here to download ImgBurn, a program which we will use to burn the .iso file onto a Blank CD
  • Once downloaded, double click the ImgBurn installation file and follow the prompts to install it
  • Open ImgBurn and click Write image file to disc
  • Insert a blank CD into your drive
  • Now click Browse for a file
Posted Image

  • Navigate to the SeaTools ISO file that you downloaded, select it, then click Open
  • Now click on the following button to start burning the image to disc

    Posted Image
  • Once the CD has been burnt, insert it back into the CD drive and shutdown your PC
  • Restart the PC and SeaTools should load up
  • If it doesn't automatically load, you will need to change the Boot Order in your BIOS, so that the PC looks at the CD Drive before booting into Windows. If you are unsure of how to do this, just let me know your Make and Model of PC/Laptop
  • When SeaTools has loaded, click I Agree on the License Agreement
  • Click Basic Tests at the top, then click on Long Test
  • It will then perform a full test on your Hard Drive
  • If no errors were found, at the end of the test it will display PASSED in the Test Results column
  • If a problem was detected on the Hard Drive it will alert you to it and you should see the number of errors detected in the Test Progress column. If there are any errors, please note down how many errors it found.
  • Once the scan has finished, just click Exit at the top and boot back into Windows
  • Report back on whether the drive passed or if any errors were detected

  • 0

#15
thamasta
Posted 01 August 2011 - 06:24 AM

thamasta

    Member

  • Topic Starter
  • Member
  • PipPip
  • 81 posts
The drive passed and there were no errors found.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP