Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google searches redirects to other search engines

Started by jtheod , Aug 03 2011 01:33 PM

  • This topic is locked This topic is locked

#1
jtheod
Posted 03 August 2011 - 01:33 PM

jtheod

    Member

  • Member
  • PipPip
  • 11 posts
Laptop which is a couple months old recently started redirecting google searches to other search engines and shopping sites. I have previously tried, AVG, MBAM, Superantispyware, Combofix, Smitfraud, Ad Aware, and nothing shows up. Have also followed instructions for removal on this site. I noticed this started to occur after a Java update. I deleted the update, but it continued. Google windows also open at random and ask if I want to delete "youtube", CNN etc. Recently was able to get something to come up when I did an AVG rootkit scan. It reads "";"<unknown>";"IRP hook, \Driver\iaStor IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xFFFFFA8002A37254";"Object is hidden". Attempted to scan in safe mode with AVG, and it said that a lot of items were not scanned because they were locked. Any help would be appreciated, as I have been working on this for over a week. OTM scan gives the following:

All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\DorianDionne\Desktop\cmd.bat deleted successfully.
C:\Users\DorianDionne\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: DorianDionne
->Temp folder emptied: 3796684 bytes
->Temporary Internet Files folder emptied: 6242782 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1930 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 10.00 mb

Restore point Set: OTM Restore Point

OTM by OldTimer - Version 3.1.18.0 log created on 08032011_135051

Files moved on Reboot...
C:\Users\DorianDionne\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File C:\Users\DorianDionne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9THXXO\ac3[3].htm not found!
File move failed. C:\Users\DorianDionne\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat scheduled to be moved on reboot.

Registry entries deleted on Reboot...
  • 0

Advertisements

#2
Essexboy
Posted 03 August 2011 - 02:46 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets have a look shall we :) aswMBR will offer you the choice of doing a full AV scan, that is up to you as it will download the full Avast definitions and scan your computer

Download aswMBR.exe ( 1.8mb ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

THEN

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#3
jtheod
Posted 03 August 2011 - 04:09 PM

jtheod

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
EXTRAS.txt

OTL Extras logfile created on: 8/3/2011 16:53:58 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\DorianDionne\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 0.68 Gb Available Physical Memory | 36.18% Memory free
3.74 Gb Paging File | 2.26 Gb Available in Paging File | 60.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 221.24 Gb Total Space | 182.63 Gb Free Space | 82.55% Space Free | Partition Type: NTFS
Drive D: | 749.45 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: DORIANDIONNE-PC | User Name: DorianDionne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP495_series" = Canon MP495 series MP Drivers
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{BCF07271-A853-4D3A-B668-4B752174CAA8}" = iTunes
"{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"{F991EC04-D713-466B-A70B-78D460AC85D8}" = AVG 2011
"{FA109F0F-122E-4D48-9DBF-14DC02EE85E4}" = AVG 2011
"AVG" = AVG 2011
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{073B89C3-BA88-41B5-965F-B35A88EAE838}" = TOSHIBA Supervisor Password
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = TOSHIBA Assist
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{39187A4B-7538-4BE7-8BAD-9E83303793AA}" = Toshiba Book Place
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}" = TOSHIBA Hardware Setup
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}" = Toshiba App Place
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Canon MP495 series User Registration" = Canon MP495 series User Registration
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"DVD Shrink_is1" = DVD Shrink 3.2
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ERUNT_is1" = ERUNT 1.1j
"FrostWire" = FrostWire 4.21.7
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
"InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"NortonPCCheckup" = Toshiba Laptop Checkup
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"TOSHIBA Game Console" = WildTangent ORB Game Console
"WildTangent toshiba Master Uninstall" = WildTangent Games
"WinASO Registry Optimizer_is1" = WinASO Registry Optimizer 4.7.2
"WinLiveSuite" = Windows Live Essentials
"WT088682" = Bejeweled 2 Deluxe
"WT088696" = Chuzzle Deluxe
"WT088750" = Jewel Quest - Heritage
"WT088759" = Polar Bowler
"WT089366" = Cake Mania - Lights, Camera, Action!™
"WT089368" = FATE - The Traitor Soul
"WT089379" = Mystery P.I. - The London Caper
"WT089381" = Slingo Supreme
"WT089386" = Governor of Poker 2 Premium Edition
"WT089395" = Plants vs. Zombies - Game of the Year

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2873062443-729546536-1506285949-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Juniper_Term_Services" = Juniper Terminal Services Client
"Neoteris_Host_Checker" = Juniper Networks Host Checker

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/24/2011 01:40:39 | Computer Name = DorianDionne-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7601.17514,
time stamp: 0x4ce7a313 Faulting module name: mshtml.dll, version: 8.0.7601.17622,
time stamp: 0x4de086c4 Exception code: 0xc0000005 Fault offset: 0x00000000000afe28
Faulting
process id: 0x1170 Faulting application start time: 0x01cc49c21bd323ed Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\System32\mshtml.dll
Report
Id: 7605bf55-b5b7-11e0-aaa4-00266cb31629

Error - 7/24/2011 02:38:35 | Computer Name = DorianDionne-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7601.17514,
time stamp: 0x4ce7a313 Faulting module name: mshtml.dll, version: 8.0.7601.17622,
time stamp: 0x4de086c4 Exception code: 0xc0000005 Fault offset: 0x00000000000afe28
Faulting
process id: 0x780 Faulting application start time: 0x01cc49ca3413caa6 Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\System32\mshtml.dll
Report
Id: 8defb949-b5bf-11e0-aaa4-00266cb31629

Error - 7/24/2011 02:53:15 | Computer Name = DorianDionne-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7601.17514,
time stamp: 0x4ce7a313 Faulting module name: mshtml.dll, version: 8.0.7601.17622,
time stamp: 0x4de086c4 Exception code: 0xc0000005 Fault offset: 0x00000000000afe28
Faulting
process id: 0xf18 Faulting application start time: 0x01cc49cd5a731fba Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\System32\mshtml.dll
Report
Id: 9a623246-b5c1-11e0-aaa4-00266cb31629

Error - 7/24/2011 12:36:20 | Computer Name = DorianDionne-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7601.17514,
time stamp: 0x4ce7a313 Faulting module name: mshtml.dll, version: 8.0.7601.17622,
time stamp: 0x4de086c4 Exception code: 0xc0000005 Fault offset: 0x00000000000afe28
Faulting
process id: 0x1028 Faulting application start time: 0x01cc4a1f5e74d009 Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\System32\mshtml.dll
Report
Id: 0f07c9b5-b613-11e0-aaa4-00266cb31629

Error - 7/24/2011 13:00:23 | Computer Name = DorianDionne-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7601.17514,
time stamp: 0x4ce7a313 Faulting module name: mshtml.dll, version: 8.0.7601.17622,
time stamp: 0x4de086c4 Exception code: 0xc0000005 Fault offset: 0x00000000000afe28
Faulting
process id: 0x1168 Faulting application start time: 0x01cc4a216da1b850 Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\System32\mshtml.dll
Report
Id: 6b1f95d8-b616-11e0-aaa4-00266cb31629

Error - 7/24/2011 14:05:15 | Computer Name = DorianDionne-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7601.17514,
time stamp: 0x4ce7a313 Faulting module name: mshtml.dll, version: 8.0.7601.17622,
time stamp: 0x4de086c4 Exception code: 0xc0000005 Fault offset: 0x000000000023f2b7
Faulting
process id: 0xe54 Faulting application start time: 0x01cc4a2b430519ca Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\System32\mshtml.dll
Report
Id: 7af034da-b61f-11e0-aaa4-00266cb31629

Error - 7/24/2011 14:25:00 | Computer Name = DorianDionne-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7601.17514,
time stamp: 0x4ce7a313 Faulting module name: mshtml.dll, version: 8.0.7601.17622,
time stamp: 0x4de086c4 Exception code: 0xc0000005 Fault offset: 0x00000000000afe28
Faulting
process id: 0x9ac Faulting application start time: 0x01cc4a2dbabcb54f Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\System32\mshtml.dll
Report
Id: 3d809bbf-b622-11e0-aaa4-00266cb31629

Error - 7/24/2011 15:44:36 | Computer Name = DorianDionne-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7601.17514,
time stamp: 0x4ce7a313 Faulting module name: mshtml.dll, version: 8.0.7601.17622,
time stamp: 0x4de086c4 Exception code: 0xc0000005 Fault offset: 0x00000000000afe28
Faulting
process id: 0x968 Faulting application start time: 0x01cc4a391ca4e2be Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\System32\mshtml.dll
Report
Id: 5bf91295-b62d-11e0-aaa4-00266cb31629

Error - 7/24/2011 16:06:09 | Computer Name = DorianDionne-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.1.7601.17567,
time stamp: 0x4d672ee4 Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x0000000001cf30ac Faulting process
id: 0xa34 Faulting application start time: 0x01cc49b86f27c218 Faulting application
path: C:\windows\Explorer.EXE Faulting module path: unknown Report Id: 5ea98378-b630-11e0-aaa4-00266cb31629

Error - 7/26/2011 10:57:05 | Computer Name = DorianDionne-PC | Source = Toshiba App Place | ID = 0
Description =

[ System Events ]
Error - 8/1/2011 16:41:01 | Computer Name = DorianDionne-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 8/1/2011 16:41:01 | Computer Name = DorianDionne-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 8/1/2011 17:05:30 | Computer Name = DorianDionne-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 8/1/2011 17:05:30 | Computer Name = DorianDionne-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 8/1/2011 17:05:31 | Computer Name = DorianDionne-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 8/1/2011 17:05:31 | Computer Name = DorianDionne-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 8/1/2011 17:05:31 | Computer Name = DorianDionne-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 8/1/2011 17:05:31 | Computer Name = DorianDionne-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 8/1/2011 17:05:31 | Computer Name = DorianDionne-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 8/1/2011 17:05:31 | Computer Name = DorianDionne-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068


< End of report >

OTL.txt

OTL logfile created on: 8/3/2011 16:53:58 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\DorianDionne\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 0.68 Gb Available Physical Memory | 36.18% Memory free
3.74 Gb Paging File | 2.26 Gb Available in Paging File | 60.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 221.24 Gb Total Space | 182.63 Gb Free Space | 82.55% Space Free | Partition Type: NTFS
Drive D: | 749.45 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: DORIANDIONNE-PC | User Name: DorianDionne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/03 16:43:19 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\DorianDionne\Desktop\OTL.exe
PRC - [2011/06/11 11:44:29 | 000,123,320 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.5.60\SymcPCCULaunchSvc.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgtray.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
PRC - [2010/04/24 01:10:34 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/04/24 01:10:28 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/04/05 14:55:01 | 000,116,104 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
PRC - [2009/08/24 17:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.5.60\ccSvcHst.exe


========== Modules (SafeList) ==========

MOD - [2011/08/03 16:43:19 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\DorianDionne\Desktop\OTL.exe
MOD - [2010/11/20 06:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/28 14:30:28 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/02/05 19:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/07/28 17:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/06/11 11:44:29 | 000,123,320 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.5.60\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2011/05/30 11:33:54 | 001,025,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/07/28 16:36:52 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/04/24 01:10:34 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/04/24 01:10:28 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/04/05 14:55:01 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/24 17:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.5.60\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/05/31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/04/14 21:28:24 | 000,118,864 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/04/05 00:59:54 | 000,377,936 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/03/16 16:03:18 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/01 14:25:18 | 000,041,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/02/22 08:12:46 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/02/10 07:53:34 | 000,029,264 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/01/07 06:41:44 | 000,304,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/04/24 01:10:32 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/04/24 01:10:28 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/04/24 01:10:28 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/04/24 01:10:20 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/03/31 16:50:16 | 000,724,536 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010/03/10 20:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/03/04 19:53:00 | 000,075,816 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/02/20 11:24:34 | 010,300,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/02/01 12:29:48 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/11/06 14:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/08/07 07:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/07/30 22:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 17:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/07 10:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2009/06/22 19:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2873062443-729546536-1506285949-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2873062443-729546536-1506285949-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
IE - HKU\S-1-5-21-2873062443-729546536-1506285949-1001\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-2873062443-729546536-1506285949-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2873062443-729546536-1506285949-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2011/07/27 21:44:28 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/08/03 13:50:55 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-2873062443-729546536-1506285949-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2873062443-729546536-1506285949-1001\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-21-2873062443-729546536-1506285949-1001\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2873062443-729546536-1506285949-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2873062443-729546536-1506285949-1001\Software\Policies\Microsoft\Internet Explorer\Recovery present
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://mobile.coair...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.87.85.102 68.87.69.150
O18:64bit: - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync) - C:\Program Files (x86)\AVG\AVG10\avgchsva.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart) - C:\Program Files (x86)\AVG\AVG10\avgrsa.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (0-a279-00266cb31629}\Shell\Autoplay\DropTarget\CLSID...) - File not found
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (־) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/08/03 16:43:11 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\DorianDionne\Desktop\OTL.exe
[2011/08/03 16:40:45 | 001,915,904 | ---- | C] (AVAST Software) -- C:\Users\DorianDionne\Desktop\aswMBR.exe
[2011/08/03 10:05:59 | 000,000,000 | ---D | C] -- C:\Users\DorianDionne\Desktop\tdsskiller
[2011/08/03 10:03:27 | 000,000,000 | ---D | C] -- C:\Users\DorianDionne\Desktop\GooredFix Backups
[2011/08/03 10:02:48 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\DorianDionne\Desktop\GooredFix.exe
[2011/08/03 09:46:18 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/08/03 09:43:11 | 000,522,752 | ---- | C] (OldTimer Tools) -- C:\Users\DorianDionne\Desktop\OTM.exe
[2011/08/03 09:40:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/08/03 09:40:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2011/08/03 09:31:21 | 000,000,000 | ---D | C] -- C:\Users\DorianDionne\Desktop\Registry backup
[2011/08/03 09:29:56 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\DorianDionne\Desktop\erunt-setup.exe
[2011/08/02 23:04:36 | 000,000,000 | ---D | C] -- C:\VundoFix Backups
[2011/08/01 21:23:23 | 000,039,192 | ---- | C] (Greatis Software) -- C:\windows\SysNative\Partizan.exe
[2011/08/01 21:19:45 | 000,000,000 | ---D | C] -- C:\Users\DorianDionne\Documents\RegRun2
[2011/08/01 21:19:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UnHackMe
[2011/08/01 19:36:32 | 000,055,384 | ---- | C] (Sunbelt Software) -- C:\windows\SysNative\drivers\SBREDrv.sys
[2011/08/01 19:34:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011/08/01 18:00:20 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/08/01 18:00:07 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2011/08/01 17:59:10 | 011,710,480 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\DorianDionne\Desktop\SUPERAntiSpyware.exe
[2011/08/01 17:33:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
[2011/08/01 16:29:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinASO
[2011/08/01 16:29:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinASO
[2011/08/01 16:28:32 | 005,794,920 | ---- | C] (X.M.Y International LLC ) -- C:\Users\DorianDionne\Desktop\WinASO_RO_v4.7.2.exe
[2011/08/01 15:34:46 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/08/01 15:09:11 | 000,289,144 | ---- | C] (S!Ri) -- C:\windows\SysWow64\VCCLSID.exe
[2011/08/01 15:09:11 | 000,288,417 | ---- | C] (S!Ri) -- C:\windows\SysWow64\SrchSTS.exe
[2011/08/01 15:09:11 | 000,135,168 | ---- | C] (SteelWerX) -- C:\windows\SysWow64\swreg.exe
[2011/08/01 15:09:11 | 000,087,552 | ---- | C] (S!Ri.URZ) -- C:\windows\SysWow64\VACFix.exe
[2011/08/01 15:09:11 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\windows\SysWow64\IEDFix.exe
[2011/08/01 15:09:11 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\windows\SysWow64\IEDFix.C.exe
[2011/08/01 15:09:11 | 000,082,432 | ---- | C] (S!Ri.URZ) -- C:\windows\SysWow64\404Fix.exe
[2011/08/01 15:09:11 | 000,080,384 | ---- | C] (S!Ri.URZ) -- C:\windows\SysWow64\o4Patch.exe
[2011/08/01 15:09:11 | 000,079,360 | ---- | C] (SteelWerX) -- C:\windows\SysWow64\swxcacls.exe
[2011/08/01 15:09:11 | 000,078,336 | ---- | C] (S!Ri.URZ) -- C:\windows\SysWow64\Agent.OMZ.Fix.exe
[2011/08/01 15:09:11 | 000,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\windows\SysWow64\Process.exe
[2011/08/01 14:51:13 | 000,000,000 | ---D | C] -- C:\windows\temp
[2011/08/01 13:32:29 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/08/01 11:41:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2011/08/01 11:41:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2011/08/01 11:41:08 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2011/08/01 11:39:58 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2011/08/01 11:35:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/28 17:23:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hewlett-Packard Company
[2011/07/28 17:23:13 | 000,000,000 | ---D | C] -- C:\DriveKey
[2011/07/28 15:40:47 | 000,000,000 | ---D | C] -- C:\Users\DorianDionne\Desktop\homecoming2010
[2011/07/28 02:23:33 | 000,200,976 | ---- | C] (Trend Micro Inc.) -- C:\windows\SysWow64\drivers\tmcomm.sys
[2011/07/27 21:55:05 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\drivers\AVG
[2011/07/27 21:47:04 | 000,000,000 | ---D | C] -- C:\Users\DorianDionne\AppData\Roaming\AVG10
[2011/07/27 21:44:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Standalone LinkScanner
[2011/07/27 21:44:16 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\AVG
[2011/07/20 22:24:28 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2011/07/20 22:22:47 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011/07/20 22:21:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2011/07/16 00:51:30 | 000,000,000 | ---D | C] -- C:\Users\DorianDionne\.jagex_cache_32
[2011/07/15 17:13:49 | 000,000,000 | ---D | C] -- C:\.jagex_cache_32
[2011/07/13 18:11:03 | 000,000,000 | -H-D | C] -- C:\ProgramData\DVD Shrink
[2011/07/13 18:11:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Shrink
[2011/07/13 18:11:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVD Shrink
[2011/07/08 17:33:18 | 000,000,000 | ---D | C] -- C:\Users\DorianDionne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2011/07/08 17:29:58 | 000,000,000 | -H-D | C] -- C:\Users\DorianDionne\AppData\Roaming\Leadertech
[2011/07/08 17:25:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Atari
[2011/07/08 17:21:02 | 000,000,000 | -H-D | C] -- C:\Users\DorianDionne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ValuSoft
[2011/07/08 17:21:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ValuSoft
[2011/07/08 17:15:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ValuSoft

========== Files - Modified Within 30 Days ==========

[2011/08/03 16:52:37 | 000,000,512 | ---- | M] () -- C:\Users\DorianDionne\Desktop\MBR.dat
[2011/08/03 16:43:19 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\DorianDionne\Desktop\OTL.exe
[2011/08/03 16:40:54 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Users\DorianDionne\Desktop\aswMBR.exe
[2011/08/03 16:25:55 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/03 16:25:55 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/03 16:17:49 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/08/03 16:17:45 | 1506,783,232 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/03 16:08:35 | 000,727,182 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2011/08/03 16:08:35 | 000,624,622 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2011/08/03 16:08:35 | 000,106,708 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2011/08/03 13:50:55 | 000,000,098 | ---- | M] () -- C:\windows\SysNative\drivers\etc\Hosts
[2011/08/03 10:27:23 | 000,000,436 | ---- | M] () -- C:\windows\SysWow64\PARLOGAN.EXE
[2011/08/03 10:05:16 | 001,388,094 | ---- | M] () -- C:\Users\DorianDionne\Desktop\tdsskiller.zip
[2011/08/03 10:02:51 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\DorianDionne\Desktop\GooredFix.exe
[2011/08/03 09:43:29 | 000,522,752 | ---- | M] (OldTimer Tools) -- C:\Users\DorianDionne\Desktop\OTM.exe
[2011/08/03 09:40:02 | 000,000,935 | ---- | M] () -- C:\Users\DorianDionne\Desktop\NTREGOPT.lnk
[2011/08/03 09:40:02 | 000,000,916 | ---- | M] () -- C:\Users\DorianDionne\Desktop\ERUNT.lnk
[2011/08/03 09:33:22 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\DorianDionne\Desktop\erunt-setup.exe
[2011/08/03 09:10:36 | 126,709,911 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\incavi.avm
[2011/08/01 21:23:23 | 000,039,192 | ---- | M] (Greatis Software) -- C:\windows\SysNative\Partizan.exe
[2011/08/01 21:19:48 | 000,000,002 | RHS- | M] () -- C:\windows\winstart.bat
[2011/08/01 21:19:48 | 000,000,002 | RHS- | M] () -- C:\windows\SysWow64\CONFIG.NT
[2011/08/01 21:19:48 | 000,000,002 | RHS- | M] () -- C:\windows\SysWow64\AUTOEXEC.NT
[2011/08/01 19:36:12 | 000,055,384 | ---- | M] (Sunbelt Software) -- C:\windows\SysNative\drivers\SBREDrv.sys
[2011/08/01 19:32:38 | 010,285,056 | ---- | M] () -- C:\Users\DorianDionne\Desktop\Ad-Aware90Install.msi
[2011/08/01 17:59:15 | 011,710,480 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\DorianDionne\Desktop\SUPERAntiSpyware.exe
[2011/08/01 17:30:08 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/01 16:29:34 | 000,001,191 | ---- | M] () -- C:\Users\DorianDionne\Desktop\WinASO Registry Optimizer.lnk
[2011/08/01 16:29:07 | 005,794,920 | ---- | M] (X.M.Y International LLC ) -- C:\Users\DorianDionne\Desktop\WinASO_RO_v4.7.2.exe
[2011/08/01 15:56:40 | 000,000,691 | ---- | M] () -- C:\Users\DorianDionne\AppData\Roaming\GetValue.vbs
[2011/08/01 15:56:40 | 000,000,035 | ---- | M] () -- C:\Users\DorianDionne\AppData\Roaming\SetValue.bat
[2011/08/01 15:56:35 | 000,003,788 | ---- | M] () -- C:\windows\SysWow64\tmp.reg
[2011/07/31 14:40:38 | 000,963,992 | ---- | M] () -- C:\Users\DorianDionne\AppData\Local\census.cache
[2011/07/31 14:39:26 | 000,089,017 | ---- | M] () -- C:\Users\DorianDionne\AppData\Local\ars.cache
[2011/07/28 02:22:02 | 000,000,036 | ---- | M] () -- C:\Users\DorianDionne\AppData\Local\housecall.guid.cache
[2011/07/27 21:55:05 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\drivers\AVG\incavi.avm
[2011/07/27 21:55:05 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\drivers\AVG\iavichjw.avm
[2011/07/27 21:44:48 | 000,000,964 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/07/20 06:22:19 | 000,274,320 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2011/07/19 23:37:37 | 000,000,240 | -H-- | M] () -- C:\ProgramData\~P1kAlMiG2Kb7Fz
[2011/07/19 23:37:37 | 000,000,184 | -H-- | M] () -- C:\ProgramData\~P1kAlMiG2Kb7Fzr
[2011/07/19 23:37:22 | 000,000,336 | -H-- | M] () -- C:\ProgramData\P1kAlMiG2Kb7Fz
[2011/07/19 06:23:34 | 000,000,129 | -H-- | M] () -- C:\Users\DorianDionne\jagex_runescape_preferences2.dat
[2011/07/19 03:15:37 | 000,000,034 | -H-- | M] () -- C:\Users\DorianDionne\jagex_runescape_preferences.dat
[2011/07/13 18:11:03 | 000,000,994 | ---- | M] () -- C:\Users\DorianDionne\Desktop\DVD Shrink 3.2.lnk
[2011/07/06 22:12:05 | 000,128,385 | -H-- | M] () -- C:\Users\DorianDionne\Desktop\Tent.jpg
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysWow64\drivers\mbamswissarmy.sys

========== Files Created - No Company Name ==========

[2011/08/03 16:52:37 | 000,000,512 | ---- | C] () -- C:\Users\DorianDionne\Desktop\MBR.dat
[2011/08/03 10:05:13 | 001,388,094 | ---- | C] () -- C:\Users\DorianDionne\Desktop\tdsskiller.zip
[2011/08/03 09:40:02 | 000,000,935 | ---- | C] () -- C:\Users\DorianDionne\Desktop\NTREGOPT.lnk
[2011/08/03 09:40:02 | 000,000,916 | ---- | C] () -- C:\Users\DorianDionne\Desktop\ERUNT.lnk
[2011/08/03 09:10:36 | 126,709,911 | ---- | C] () -- C:\windows\SysNative\drivers\AVG\incavi.avm
[2011/08/01 21:25:50 | 000,000,436 | ---- | C] () -- C:\windows\SysWow64\PARLOGAN.EXE
[2011/08/01 21:19:48 | 000,000,002 | RHS- | C] () -- C:\windows\winstart.bat
[2011/08/01 21:19:48 | 000,000,002 | RHS- | C] () -- C:\windows\SysWow64\CONFIG.NT
[2011/08/01 21:19:48 | 000,000,002 | RHS- | C] () -- C:\windows\SysWow64\AUTOEXEC.NT
[2011/08/01 19:32:03 | 010,285,056 | ---- | C] () -- C:\Users\DorianDionne\Desktop\Ad-Aware90Install.msi
[2011/08/01 16:29:34 | 000,001,191 | ---- | C] () -- C:\Users\DorianDionne\Desktop\WinASO Registry Optimizer.lnk
[2011/08/01 15:21:46 | 000,000,691 | ---- | C] () -- C:\Users\DorianDionne\AppData\Roaming\GetValue.vbs
[2011/08/01 15:21:46 | 000,000,035 | ---- | C] () -- C:\Users\DorianDionne\AppData\Roaming\SetValue.bat
[2011/08/01 15:21:38 | 000,003,788 | ---- | C] () -- C:\windows\SysWow64\tmp.reg
[2011/08/01 15:09:11 | 000,075,776 | ---- | C] () -- C:\windows\SysWow64\WS2Fix.exe
[2011/08/01 15:09:11 | 000,051,200 | ---- | C] () -- C:\windows\SysWow64\dumphive.exe
[2011/08/01 15:09:11 | 000,040,960 | ---- | C] () -- C:\windows\SysWow64\swsc.exe
[2011/08/01 11:41:08 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2011/08/01 11:41:08 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2011/08/01 11:41:08 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2011/08/01 11:41:08 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2011/08/01 11:41:08 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2011/07/28 15:41:30 | 000,438,272 | ---- | C] () -- C:\Users\DorianDionne\Desktop\Launch DT.exe
[2011/07/28 02:32:02 | 000,963,992 | ---- | C] () -- C:\Users\DorianDionne\AppData\Local\census.cache
[2011/07/28 02:31:32 | 000,089,017 | ---- | C] () -- C:\Users\DorianDionne\AppData\Local\ars.cache
[2011/07/28 02:22:02 | 000,000,036 | ---- | C] () -- C:\Users\DorianDionne\AppData\Local\housecall.guid.cache
[2011/07/27 21:55:05 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\drivers\AVG\incavi.avm
[2011/07/27 21:55:05 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\drivers\AVG\iavichjw.avm
[2011/07/27 21:44:48 | 000,000,964 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/07/19 23:37:37 | 000,000,240 | -H-- | C] () -- C:\ProgramData\~P1kAlMiG2Kb7Fz
[2011/07/19 23:37:37 | 000,000,184 | -H-- | C] () -- C:\ProgramData\~P1kAlMiG2Kb7Fzr
[2011/07/19 23:37:22 | 000,000,336 | -H-- | C] () -- C:\ProgramData\P1kAlMiG2Kb7Fz
[2011/07/15 17:16:39 | 000,000,129 | -H-- | C] () -- C:\Users\DorianDionne\jagex_runescape_preferences2.dat
[2011/07/15 17:14:09 | 000,000,034 | -H-- | C] () -- C:\Users\DorianDionne\jagex_runescape_preferences.dat
[2011/07/13 18:11:03 | 000,000,994 | ---- | C] () -- C:\Users\DorianDionne\Desktop\DVD Shrink 3.2.lnk
[2011/07/06 22:15:18 | 000,128,385 | -H-- | C] () -- C:\Users\DorianDionne\Desktop\Tent.jpg
[2011/06/15 09:15:51 | 000,000,017 | ---- | C] () -- C:\windows\SysWow64\shortcut_ex.dat
[2011/06/15 07:30:45 | 000,743,534 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/06/10 23:57:37 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/02/20 11:22:24 | 000,982,240 | ---- | C] () -- C:\windows\SysWow64\igkrng500.bin
[2010/02/20 11:22:24 | 000,439,308 | ---- | C] () -- C:\windows\SysWow64\igcompkrng500.bin
[2010/02/20 11:22:24 | 000,092,356 | ---- | C] () -- C:\windows\SysWow64\igfcg500m.bin
[2010/02/20 10:27:36 | 000,208,896 | ---- | C] () -- C:\windows\SysWow64\iglhsip32.dll
[2010/02/20 10:27:36 | 000,143,360 | ---- | C] () -- C:\windows\SysWow64\iglhcp32.dll
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:59:36 | 000,139,824 | ---- | C] () -- C:\windows\SysWow64\igfcg500.bin
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/07/27 21:47:04 | 000,000,000 | ---D | M] -- C:\Users\DorianDionne\AppData\Roaming\AVG10
[2011/07/22 22:29:40 | 000,000,000 | ---D | M] -- C:\Users\DorianDionne\AppData\Roaming\FrostWire
[2011/07/22 22:30:36 | 000,000,000 | ---D | M] -- C:\Users\DorianDionne\AppData\Roaming\Juniper Networks
[2011/07/08 17:29:58 | 000,000,000 | -H-D | M] -- C:\Users\DorianDionne\AppData\Roaming\Leadertech
[2011/06/11 00:00:48 | 000,000,000 | -H-D | M] -- C:\Users\DorianDionne\AppData\Roaming\ooVoo Details
[2011/06/19 23:20:15 | 000,000,000 | -H-D | M] -- C:\Users\DorianDionne\AppData\Roaming\Sammsoft
[2011/07/22 22:29:42 | 000,000,000 | ---D | M] -- C:\Users\DorianDionne\AppData\Roaming\SoftGrid Client
[2011/06/11 11:43:24 | 000,000,000 | -H-D | M] -- C:\Users\DorianDionne\AppData\Roaming\Tific
[2011/06/26 11:48:24 | 000,000,000 | -H-D | M] -- C:\Users\DorianDionne\AppData\Roaming\Toshiba
[2011/06/15 07:32:02 | 000,000,000 | -H-D | M] -- C:\Users\DorianDionne\AppData\Roaming\TP
[2011/06/11 00:07:30 | 000,000,000 | -H-D | M] -- C:\Users\DorianDionne\AppData\Roaming\WildTangent
[2011/06/10 23:15:36 | 000,000,000 | -H-D | M] -- C:\Users\DorianDionne\AppData\Roaming\WinBatch
[2009/07/14 00:08:49 | 000,012,638 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 01:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 01:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 01:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\windows\SysNative\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 02:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2010/11/20 07:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2010/11/20 07:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2010/11/20 07:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2010/11/20 07:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2010/11/20 07:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2009/07/13 20:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2009/07/13 20:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2009/07/13 20:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2010/11/20 07:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2010/11/20 07:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)

< End of report >
  • 0

#4
Essexboy
Posted 04 August 2011 - 11:26 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi could you post the aswMBR log please

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O3 - HKU\S-1-5-21-2873062443-729546536-1506285949-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O34 - HKLM BootExecute: (0-a279-00266cb31629}\Shell\Autoplay\DropTarget\CLSID...) - File not found
    [2011/07/19 23:37:37 | 000,000,240 | -H-- | M] () -- C:\ProgramData\~P1kAlMiG2Kb7Fz
    [2011/07/19 23:37:37 | 000,000,184 | -H-- | M] () -- C:\ProgramData\~P1kAlMiG2Kb7Fzr
    [2011/07/19 23:37:22 | 000,000,336 | -H-- | M] () -- C:\ProgramData\P1kAlMiG2Kb7Fz

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#5
jtheod
Posted 04 August 2011 - 11:45 AM

jtheod

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I apologize. The Avast Scan was:

aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-08-03 16:41:32
-----------------------------
16:41:32.933 OS Version: Windows x64 6.1.7601 Service Pack 1
16:41:32.933 Number of processors: 1 586 0x170A
16:41:32.933 ComputerName: DORIANDIONNE-PC UserName: DorianDionne
16:41:34.275 Initialize success
16:42:13.575 AVAST engine defs: 11080301
16:42:17.210 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:42:17.210 Disk 0 Vendor: TOSHIBA_ GJ00 Size: 238475MB BusType: 3
16:42:17.241 Disk 0 MBR read successfully
16:42:17.241 Disk 0 MBR scan
16:42:17.256 Disk 0 MBR:Alureon-I [Rtk]
16:42:17.256 Disk 0 TDL4@MBR code has been found
16:42:17.256 Disk 0 MBR hidden
16:42:17.256 Disk 0 MBR [TDL4] **ROOTKIT**
16:42:17.272 Disk 0 trace - called modules:
16:42:17.272 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8002638254]<<
16:42:17.272 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800261d060]
16:42:17.288 3 CLASSPNP.SYS[fffff88001b7643f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80020ef050]
16:42:17.288 \Driver\iaStor[0xfffffa80020dda70] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8002638254
16:42:20.829 AVAST engine scan C:\windows
16:42:24.994 AVAST engine scan C:\windows\system32
16:45:17.740 AVAST engine scan C:\windows\system32\drivers
16:45:33.574 AVAST engine scan C:\Users\DorianDionne
16:48:22.195 AVAST engine scan C:\ProgramData
16:50:09.445 Scan finished successfully
16:52:37.700 Disk 0 MBR has been saved successfully to "C:\Users\DorianDionne\Desktop\MBR.dat"
16:52:37.716 The log file has been saved successfully to "C:\Users\DorianDionne\Desktop\aswMBR.txt"
  • 0

#6
Essexboy
Posted 04 August 2011 - 11:51 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No problem - it happens :)

OK could you run the OTL fix first please and then download a fresh copy of TDSSKiller

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

  • 0

#7
jtheod
Posted 04 August 2011 - 12:02 PM

jtheod

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
2011/08/04 13:00:14.0051 1036 TDSS rootkit removing tool 2.5.13.0 Jul 29 2011 17:24:11
2011/08/04 13:00:14.0434 1036 ================================================================================
2011/08/04 13:00:14.0434 1036 SystemInfo:
2011/08/04 13:00:14.0434 1036
2011/08/04 13:00:14.0434 1036 OS Version: 6.1.7601 ServicePack: 1.0
2011/08/04 13:00:14.0434 1036 Product type: Workstation
2011/08/04 13:00:14.0434 1036 ComputerName: DORIANDIONNE-PC
2011/08/04 13:00:14.0434 1036 UserName: DorianDionne
2011/08/04 13:00:14.0434 1036 Windows directory: C:\windows
2011/08/04 13:00:14.0434 1036 System windows directory: C:\windows
2011/08/04 13:00:14.0434 1036 Running under WOW64
2011/08/04 13:00:14.0434 1036 Processor architecture: Intel x64
2011/08/04 13:00:14.0434 1036 Number of processors: 1
2011/08/04 13:00:14.0434 1036 Page size: 0x1000
2011/08/04 13:00:14.0434 1036 Boot type: Normal boot
2011/08/04 13:00:14.0434 1036 ================================================================================
2011/08/04 13:00:14.0743 1036 Initialize success
2011/08/04 13:00:18.0698 4384 ================================================================================
2011/08/04 13:00:18.0698 4384 Scan started
2011/08/04 13:00:18.0698 4384 Mode: Manual;
2011/08/04 13:00:18.0698 4384 ================================================================================
2011/08/04 13:00:19.0114 4384 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
2011/08/04 13:00:19.0261 4384 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
2011/08/04 13:00:19.0368 4384 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
2011/08/04 13:00:19.0523 4384 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
2011/08/04 13:00:19.0623 4384 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
2011/08/04 13:00:19.0684 4384 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
2011/08/04 13:00:19.0869 4384 AFD (d5b031c308a409a0a576bff4cf083d30) C:\windows\system32\drivers\afd.sys
2011/08/04 13:00:20.0020 4384 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
2011/08/04 13:00:20.0158 4384 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
2011/08/04 13:00:20.0206 4384 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
2011/08/04 13:00:20.0325 4384 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
2011/08/04 13:00:20.0431 4384 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
2011/08/04 13:00:20.0543 4384 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
2011/08/04 13:00:20.0653 4384 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
2011/08/04 13:00:20.0757 4384 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
2011/08/04 13:00:20.0887 4384 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
2011/08/04 13:00:21.0090 4384 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
2011/08/04 13:00:21.0198 4384 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
2011/08/04 13:00:21.0314 4384 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
2011/08/04 13:00:21.0447 4384 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
2011/08/04 13:00:21.0621 4384 athr (d6cad7e5b05055bb8226bdcb1644da27) C:\windows\system32\DRIVERS\athrx.sys
2011/08/04 13:00:21.0834 4384 AVGIDSDriver (eee718457f24f2154f23a7fad1a0cea3) C:\windows\system32\DRIVERS\AVGIDSDriver.Sys
2011/08/04 13:00:21.0968 4384 AVGIDSEH (1553b388e0f0462c25ad8f30c3c29e83) C:\windows\system32\DRIVERS\AVGIDSEH.Sys
2011/08/04 13:00:22.0080 4384 AVGIDSFilter (dca426a66739e75f51a72160dfb945ad) C:\windows\system32\DRIVERS\AVGIDSFilter.Sys
2011/08/04 13:00:22.0208 4384 Avgldx64 (ff7383388a7d2283dae5831abc2b0720) C:\windows\system32\DRIVERS\avgldx64.sys
2011/08/04 13:00:22.0338 4384 Avgmfx64 (997d002827d3e3dcbbb25bf46db161ab) C:\windows\system32\DRIVERS\avgmfx64.sys
2011/08/04 13:00:22.0466 4384 Avgrkx64 (bccfe3374c887075cde2ac8fdb1cb2f8) C:\windows\system32\DRIVERS\avgrkx64.sys
2011/08/04 13:00:22.0621 4384 Avgtdia (0d49adcebe243b79366ea523b647519a) C:\windows\system32\DRIVERS\avgtdia.sys
2011/08/04 13:00:22.0800 4384 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
2011/08/04 13:00:22.0916 4384 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
2011/08/04 13:00:23.0054 4384 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
2011/08/04 13:00:23.0194 4384 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
2011/08/04 13:00:23.0325 4384 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
2011/08/04 13:00:23.0458 4384 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
2011/08/04 13:00:23.0595 4384 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
2011/08/04 13:00:23.0720 4384 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
2011/08/04 13:00:23.0828 4384 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
2011/08/04 13:00:23.0951 4384 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
2011/08/04 13:00:23.0998 4384 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
2011/08/04 13:00:24.0094 4384 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
2011/08/04 13:00:24.0270 4384 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
2011/08/04 13:00:24.0392 4384 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\drivers\cdrom.sys
2011/08/04 13:00:24.0528 4384 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
2011/08/04 13:00:24.0622 4384 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
2011/08/04 13:00:24.0768 4384 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
2011/08/04 13:00:24.0853 4384 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
2011/08/04 13:00:24.0960 4384 CNG (d5fea92400f12412b3922087c09da6a5) C:\windows\system32\Drivers\cng.sys
2011/08/04 13:00:25.0112 4384 CnxtHdAudService (25c58ee97be0416a373e3e4f855206b5) C:\windows\system32\drivers\CHDRT64.sys
2011/08/04 13:00:25.0227 4384 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
2011/08/04 13:00:25.0338 4384 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys
2011/08/04 13:00:25.0458 4384 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
2011/08/04 13:00:25.0663 4384 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
2011/08/04 13:00:25.0802 4384 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
2011/08/04 13:00:25.0913 4384 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
2011/08/04 13:00:26.0058 4384 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
2011/08/04 13:00:26.0151 4384 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
2011/08/04 13:00:26.0339 4384 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
2011/08/04 13:00:26.0506 4384 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
2011/08/04 13:00:26.0612 4384 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
2011/08/04 13:00:26.0750 4384 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
2011/08/04 13:00:26.0863 4384 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
2011/08/04 13:00:26.0967 4384 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
2011/08/04 13:00:27.0088 4384 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
2011/08/04 13:00:27.0174 4384 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
2011/08/04 13:00:27.0272 4384 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
2011/08/04 13:00:27.0404 4384 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
2011/08/04 13:00:27.0523 4384 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
2011/08/04 13:00:27.0607 4384 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
2011/08/04 13:00:27.0736 4384 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
2011/08/04 13:00:27.0872 4384 FwLnk (60acb128e64c35c2b4e4aab1b0a5c293) C:\windows\system32\DRIVERS\FwLnk.sys
2011/08/04 13:00:27.0988 4384 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
2011/08/04 13:00:28.0138 4384 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
2011/08/04 13:00:28.0256 4384 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
2011/08/04 13:00:28.0395 4384 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
2011/08/04 13:00:28.0500 4384 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys
2011/08/04 13:00:28.0617 4384 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
2011/08/04 13:00:28.0710 4384 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
2011/08/04 13:00:28.0755 4384 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
2011/08/04 13:00:28.0908 4384 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\drivers\hidusb.sys
2011/08/04 13:00:29.0069 4384 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
2011/08/04 13:00:29.0209 4384 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
2011/08/04 13:00:29.0334 4384 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
2011/08/04 13:00:29.0472 4384 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\drivers\i8042prt.sys
2011/08/04 13:00:29.0640 4384 iaStor (bbb3b6df1abb0fe35802ede85cc1c011) C:\windows\system32\DRIVERS\iaStor.sys
2011/08/04 13:00:29.0833 4384 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
2011/08/04 13:00:30.0258 4384 igfx (898ab5bfed7040d7ab07af01885eb944) C:\windows\system32\DRIVERS\igdkmd64.sys
2011/08/04 13:00:30.0610 4384 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
2011/08/04 13:00:30.0768 4384 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
2011/08/04 13:00:30.0880 4384 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
2011/08/04 13:00:31.0009 4384 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
2011/08/04 13:00:31.0136 4384 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
2011/08/04 13:00:31.0240 4384 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
2011/08/04 13:00:31.0353 4384 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
2011/08/04 13:00:31.0405 4384 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
2011/08/04 13:00:31.0514 4384 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
2011/08/04 13:00:31.0649 4384 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\drivers\kbdclass.sys
2011/08/04 13:00:31.0740 4384 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
2011/08/04 13:00:31.0853 4384 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\windows\system32\Drivers\ksecdd.sys
2011/08/04 13:00:31.0971 4384 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\windows\system32\Drivers\ksecpkg.sys
2011/08/04 13:00:32.0073 4384 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
2011/08/04 13:00:32.0200 4384 L1C (48686c29856f46443952a831424f8d6f) C:\windows\system32\DRIVERS\L1C62x64.sys
2011/08/04 13:00:32.0359 4384 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
2011/08/04 13:00:32.0608 4384 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
2011/08/04 13:00:32.0718 4384 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
2011/08/04 13:00:32.0819 4384 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
2011/08/04 13:00:32.0931 4384 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
2011/08/04 13:00:33.0050 4384 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
2011/08/04 13:00:33.0161 4384 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
2011/08/04 13:00:33.0262 4384 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
2011/08/04 13:00:33.0376 4384 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
2011/08/04 13:00:33.0410 4384 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
2011/08/04 13:00:33.0596 4384 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\drivers\mouclass.sys
2011/08/04 13:00:33.0716 4384 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
2011/08/04 13:00:33.0839 4384 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
2011/08/04 13:00:33.0971 4384 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
2011/08/04 13:00:34.0090 4384 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
2011/08/04 13:00:34.0227 4384 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
2011/08/04 13:00:34.0323 4384 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
2011/08/04 13:00:34.0428 4384 mrxsmb10 (2086d463bd371d8a37d153897430916d) C:\windows\system32\DRIVERS\mrxsmb10.sys
2011/08/04 13:00:34.0536 4384 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
2011/08/04 13:00:34.0640 4384 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
2011/08/04 13:00:34.0752 4384 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
2011/08/04 13:00:34.0880 4384 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
2011/08/04 13:00:34.0987 4384 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
2011/08/04 13:00:35.0100 4384 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
2011/08/04 13:00:35.0237 4384 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
2011/08/04 13:00:35.0342 4384 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
2011/08/04 13:00:35.0459 4384 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
2011/08/04 13:00:35.0531 4384 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
2011/08/04 13:00:35.0653 4384 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys
2011/08/04 13:00:35.0760 4384 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
2011/08/04 13:00:35.0861 4384 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
2011/08/04 13:00:35.0908 4384 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
2011/08/04 13:00:36.0053 4384 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
2011/08/04 13:00:36.0205 4384 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
2011/08/04 13:00:36.0314 4384 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
2011/08/04 13:00:36.0430 4384 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
2011/08/04 13:00:36.0577 4384 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
2011/08/04 13:00:36.0681 4384 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
2011/08/04 13:00:36.0771 4384 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
2011/08/04 13:00:36.0884 4384 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
2011/08/04 13:00:36.0996 4384 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
2011/08/04 13:00:37.0182 4384 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
2011/08/04 13:00:37.0326 4384 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
2011/08/04 13:00:37.0423 4384 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
2011/08/04 13:00:37.0530 4384 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
2011/08/04 13:00:37.0637 4384 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
2011/08/04 13:00:37.0767 4384 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
2011/08/04 13:00:37.0881 4384 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
2011/08/04 13:00:38.0015 4384 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
2011/08/04 13:00:38.0118 4384 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
2011/08/04 13:00:38.0250 4384 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
2011/08/04 13:00:38.0363 4384 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys
2011/08/04 13:00:38.0473 4384 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
2011/08/04 13:00:38.0583 4384 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
2011/08/04 13:00:38.0695 4384 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
2011/08/04 13:00:38.0805 4384 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
2011/08/04 13:00:38.0925 4384 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
2011/08/04 13:00:39.0140 4384 PGEffect (663962900e7fea522126ba287715bb4a) C:\windows\system32\DRIVERS\pgeffect.sys
2011/08/04 13:00:39.0327 4384 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
2011/08/04 13:00:39.0446 4384 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
2011/08/04 13:00:39.0633 4384 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
2011/08/04 13:00:39.0831 4384 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
2011/08/04 13:00:39.0987 4384 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
2011/08/04 13:00:40.0118 4384 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
2011/08/04 13:00:40.0237 4384 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
2011/08/04 13:00:40.0338 4384 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
2011/08/04 13:00:40.0490 4384 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
2011/08/04 13:00:40.0635 4384 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
2011/08/04 13:00:40.0737 4384 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
2011/08/04 13:00:40.0884 4384 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
2011/08/04 13:00:40.0988 4384 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
2011/08/04 13:00:41.0098 4384 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
2011/08/04 13:00:41.0218 4384 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
2011/08/04 13:00:41.0325 4384 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
2011/08/04 13:00:41.0426 4384 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\windows\system32\drivers\RDPWD.sys
2011/08/04 13:00:41.0564 4384 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
2011/08/04 13:00:41.0715 4384 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
2011/08/04 13:00:41.0843 4384 RSUSBSTOR (907c4464381b5ebdfdc60f6c7d0dedfc) C:\windows\system32\Drivers\RtsUStor.sys
2011/08/04 13:00:41.0955 4384 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
2011/08/04 13:00:42.0064 4384 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
2011/08/04 13:00:42.0188 4384 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
2011/08/04 13:00:42.0298 4384 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
2011/08/04 13:00:42.0408 4384 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
2011/08/04 13:00:42.0534 4384 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
2011/08/04 13:00:42.0665 4384 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
2011/08/04 13:00:42.0764 4384 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
2011/08/04 13:00:42.0856 4384 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
2011/08/04 13:00:42.0970 4384 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
2011/08/04 13:00:43.0096 4384 Sftfs (72cd52403efc137290cb5a328510ebca) C:\windows\system32\DRIVERS\Sftfslh.sys
2011/08/04 13:00:43.0235 4384 Sftplay (31a36ef71af36eabcc4b4f8ab8f76465) C:\windows\system32\DRIVERS\Sftplaylh.sys
2011/08/04 13:00:43.0338 4384 Sftredir (2d969194fcc8eb41ed1d52863bfe7f52) C:\windows\system32\DRIVERS\Sftredirlh.sys
2011/08/04 13:00:43.0445 4384 Sftvol (08b36d2f63af3ca2248458a4280c0c50) C:\windows\system32\DRIVERS\Sftvollh.sys
2011/08/04 13:00:43.0605 4384 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
2011/08/04 13:00:43.0714 4384 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
2011/08/04 13:00:43.0828 4384 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
2011/08/04 13:00:43.0957 4384 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
2011/08/04 13:00:44.0078 4384 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
2011/08/04 13:00:44.0233 4384 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
2011/08/04 13:00:44.0364 4384 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
2011/08/04 13:00:44.0490 4384 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
2011/08/04 13:00:44.0608 4384 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys
2011/08/04 13:00:44.0734 4384 SynTP (470c47daba9ca3966f0ab3f835d7d135) C:\windows\system32\DRIVERS\SynTP.sys
2011/08/04 13:00:44.0903 4384 Tcpip (92ce29d95ac9dd2d0ee9061d551ba250) C:\windows\system32\drivers\tcpip.sys
2011/08/04 13:00:45.0070 4384 TCPIP6 (92ce29d95ac9dd2d0ee9061d551ba250) C:\windows\system32\DRIVERS\tcpip.sys
2011/08/04 13:00:45.0182 4384 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
2011/08/04 13:00:45.0300 4384 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
2011/08/04 13:00:45.0390 4384 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
2011/08/04 13:00:45.0495 4384 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
2011/08/04 13:00:45.0616 4384 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
2011/08/04 13:00:45.0716 4384 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys
2011/08/04 13:00:45.0948 4384 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
2011/08/04 13:00:46.0088 4384 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
2011/08/04 13:00:46.0208 4384 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
2011/08/04 13:00:46.0317 4384 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
2011/08/04 13:00:46.0419 4384 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
2011/08/04 13:00:46.0527 4384 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
2011/08/04 13:00:46.0676 4384 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
2011/08/04 13:00:46.0783 4384 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
2011/08/04 13:00:46.0889 4384 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
2011/08/04 13:00:47.0005 4384 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\windows\system32\Drivers\usbaapl64.sys
2011/08/04 13:00:47.0119 4384 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
2011/08/04 13:00:47.0226 4384 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
2011/08/04 13:00:47.0337 4384 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
2011/08/04 13:00:47.0459 4384 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
2011/08/04 13:00:47.0587 4384 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
2011/08/04 13:00:47.0704 4384 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
2011/08/04 13:00:47.0819 4384 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
2011/08/04 13:00:47.0928 4384 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
2011/08/04 13:00:48.0041 4384 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\DRIVERS\usbuhci.sys
2011/08/04 13:00:48.0159 4384 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\System32\Drivers\usbvideo.sys
2011/08/04 13:00:48.0298 4384 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\windows\system32\DRIVERS\usb8023x.sys
2011/08/04 13:00:48.0420 4384 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
2011/08/04 13:00:48.0539 4384 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
2011/08/04 13:00:48.0643 4384 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
2011/08/04 13:00:48.0735 4384 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
2011/08/04 13:00:48.0849 4384 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
2011/08/04 13:00:48.0947 4384 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
2011/08/04 13:00:49.0061 4384 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
2011/08/04 13:00:49.0166 4384 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
2011/08/04 13:00:49.0284 4384 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
2011/08/04 13:00:49.0434 4384 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
2011/08/04 13:00:49.0547 4384 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
2011/08/04 13:00:49.0615 4384 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
2011/08/04 13:00:49.0746 4384 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
2011/08/04 13:00:49.0781 4384 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
2011/08/04 13:00:49.0948 4384 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
2011/08/04 13:00:50.0054 4384 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
2011/08/04 13:00:50.0235 4384 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
2011/08/04 13:00:50.0325 4384 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
2011/08/04 13:00:50.0541 4384 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
2011/08/04 13:00:50.0665 4384 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
2011/08/04 13:00:50.0815 4384 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
2011/08/04 13:00:50.0976 4384 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
2011/08/04 13:00:51.0096 4384 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
2011/08/04 13:00:51.0210 4384 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
2011/08/04 13:00:51.0250 4384 Boot (0x1200) (f0dd1e264c067963ab34e1dd5ea255a7) \Device\Harddisk0\DR0\Partition0
2011/08/04 13:00:51.0264 4384 ================================================================================
2011/08/04 13:00:51.0264 4384 Scan finished
2011/08/04 13:00:51.0264 4384 ================================================================================
2011/08/04 13:00:51.0291 1428 Detected object count: 0
2011/08/04 13:00:51.0291 1428 Actual detected object count: 0
  • 0

#8
jtheod
Posted 04 August 2011 - 12:06 PM

jtheod

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
OTL logfile created on: 8/4/2011 13:03:41 - Run 3
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\DorianDionne\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 0.61 Gb Available Physical Memory | 32.86% Memory free
3.74 Gb Paging File | 2.11 Gb Available in Paging File | 56.48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 221.24 Gb Total Space | 182.62 Gb Free Space | 82.55% Space Free | Partition Type: NTFS
Drive D: | 749.45 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: DORIANDIONNE-PC | User Name: DorianDionne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/03 16:43:19 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\DorianDionne\Desktop\OTL.exe
PRC - [2011/06/11 11:44:29 | 000,123,320 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.5.60\SymcPCCULaunchSvc.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgtray.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
PRC - [2010/04/24 01:10:34 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/04/24 01:10:28 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/04/05 14:55:01 | 000,116,104 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
PRC - [2010/04/02 10:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2009/08/24 17:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.5.60\ccSvcHst.exe


========== Modules (SafeList) ==========

MOD - [2011/08/03 16:43:19 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\DorianDionne\Desktop\OTL.exe
MOD - [2010/11/20 06:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/28 14:30:28 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/02/05 19:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/07/28 17:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/06/11 11:44:29 | 000,123,320 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.5.60\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2011/05/30 11:33:54 | 001,025,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/07/28 16:36:52 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/04/24 01:10:34 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/04/24 01:10:28 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/04/05 14:55:01 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/24 17:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.5.60\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/05/31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/04/14 21:28:24 | 000,118,864 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/04/05 00:59:54 | 000,377,936 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/03/16 16:03:18 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/01 14:25:18 | 000,041,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/02/22 08:12:46 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/02/10 07:53:34 | 000,029,264 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/01/07 06:41:44 | 000,304,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/04/24 01:10:32 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/04/24 01:10:28 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/04/24 01:10:28 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/04/24 01:10:20 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/03/31 16:50:16 | 000,724,536 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010/03/10 20:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/03/04 19:53:00 | 000,075,816 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/02/20 11:24:34 | 010,300,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/02/01 12:29:48 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/11/06 14:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/08/07 07:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/07/30 22:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 17:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/07 10:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2009/06/22 19:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2873062443-729546536-1506285949-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2873062443-729546536-1506285949-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
IE - HKU\S-1-5-21-2873062443-729546536-1506285949-1001\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-2873062443-729546536-1506285949-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2873062443-729546536-1506285949-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2011/07/27 21:44:28 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/08/04 12:34:41 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2873062443-729546536-1506285949-1001\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-21-2873062443-729546536-1506285949-1001\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2873062443-729546536-1506285949-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2873062443-729546536-1506285949-1001\Software\Policies\Microsoft\Internet Explorer\Recovery present
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://mobile.coair...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.87.85.102 68.87.69.150
O18:64bit: - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync) - C:\Program Files (x86)\AVG\AVG10\avgchsva.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart) - C:\Program Files (x86)\AVG\AVG10\avgrsa.exe (AVG Technologies CZ, s.r.o.)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/04 12:34:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/03 16:43:11 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\DorianDionne\Desktop\OTL.exe
[2011/08/03 16:40:45 | 001,915,904 | ---- | C] (AVAST Software) -- C:\Users\DorianDionne\Desktop\aswMBR.exe
[2011/08/03 10:05:59 | 000,000,000 | ---D | C] -- C:\Users\DorianDionne\Desktop\tdsskiller
[2011/08/03 10:03:27 | 000,000,000 | ---D | C] -- C:\Users\DorianDionne\Desktop\GooredFix Backups
[2011/08/03 10:02:48 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\DorianDionne\Desktop\GooredFix.exe
[2011/08/03 09:46:18 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/08/03 09:43:11 | 000,522,752 | ---- | C] (OldTimer Tools) -- C:\Users\DorianDionne\Desktop\OTM.exe
[2011/08/03 09:40:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/08/03 09:40:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2011/08/03 09:31:21 | 000,000,000 | ---D | C] -- C:\Users\DorianDionne\Desktop\Registry backup
[2011/08/03 09:29:56 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\DorianDionne\Desktop\erunt-setup.exe
[2011/08/02 23:04:36 | 000,000,000 | ---D | C] -- C:\VundoFix Backups
[2011/08/01 21:23:23 | 000,039,192 | ---- | C] (Greatis Software) -- C:\windows\SysNative\Partizan.exe
[2011/08/01 21:19:45 | 000,000,000 | ---D | C] -- C:\Users\DorianDionne\Documents\RegRun2
[2011/08/01 21:19:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UnHackMe
[2011/08/01 19:36:32 | 000,055,384 | ---- | C] (Sunbelt Software) -- C:\windows\SysNative\drivers\SBREDrv.sys
[2011/08/01 19:34:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011/08/01 18:00:20 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/08/01 18:00:07 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2011/08/01 17:59:10 | 011,710,480 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\DorianDionne\Desktop\SUPERAntiSpyware.exe
[2011/08/01 17:33:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
[2011/08/01 16:29:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinASO
[2011/08/01 16:29:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinASO
[2011/08/01 16:28:32 | 005,794,920 | ---- | C] (X.M.Y International LLC ) -- C:\Users\DorianDionne\Desktop\WinASO_RO_v4.7.2.exe
[2011/08/01 15:34:46 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/08/01 15:09:11 | 000,289,144 | ---- | C] (S!Ri) -- C:\windows\SysWow64\VCCLSID.exe
[2011/08/01 15:09:11 | 000,288,417 | ---- | C] (S!Ri) -- C:\windows\SysWow64\SrchSTS.exe
[2011/08/01 15:09:11 | 000,135,168 | ---- | C] (SteelWerX) -- C:\windows\SysWow64\swreg.exe
[2011/08/01 15:09:11 | 000,087,552 | ---- | C] (S!Ri.URZ) -- C:\windows\SysWow64\VACFix.exe
[2011/08/01 15:09:11 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\windows\SysWow64\IEDFix.exe
[2011/08/01 15:09:11 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\windows\SysWow64\IEDFix.C.exe
[2011/08/01 15:09:11 | 000,082,432 | ---- | C] (S!Ri.URZ) -- C:\windows\SysWow64\404Fix.exe
[2011/08/01 15:09:11 | 000,080,384 | ---- | C] (S!Ri.URZ) -- C:\windows\SysWow64\o4Patch.exe
[2011/08/01 15:09:11 | 000,079,360 | ---- | C] (SteelWerX) -- C:\windows\SysWow64\swxcacls.exe
[2011/08/01 15:09:11 | 000,078,336 | ---- | C] (S!Ri.URZ) -- C:\windows\SysWow64\Agent.OMZ.Fix.exe
[2011/08/01 15:09:11 | 000,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\windows\SysWow64\Process.exe
[2011/08/01 14:51:13 | 000,000,000 | ---D | C] -- C:\windows\temp
[2011/08/01 13:32:29 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/08/01 11:41:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2011/08/01 11:41:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2011/08/01 11:41:08 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2011/08/01 11:39:58 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2011/08/01 11:35:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/28 17:23:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hewlett-Packard Company
[2011/07/28 17:23:13 | 000,000,000 | ---D | C] -- C:\DriveKey
[2011/07/28 15:40:47 | 000,000,000 | ---D | C] -- C:\Users\DorianDionne\Desktop\homecoming2010
[2011/07/28 02:23:33 | 000,200,976 | ---- | C] (Trend Micro Inc.) -- C:\windows\SysWow64\drivers\tmcomm.sys
[2011/07/27 21:55:05 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\drivers\AVG
[2011/07/27 21:47:04 | 000,000,000 | ---D | C] -- C:\Users\DorianDionne\AppData\Roaming\AVG10
[2011/07/27 21:44:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Standalone LinkScanner
[2011/07/27 21:44:16 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\AVG
[2011/07/20 22:24:28 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2011/07/20 22:22:47 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011/07/20 22:21:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2011/07/16 00:51:30 | 000,000,000 | ---D | C] -- C:\Users\DorianDionne\.jagex_cache_32
[2011/07/15 17:13:49 | 000,000,000 | ---D | C] -- C:\.jagex_cache_32
[2011/07/13 18:11:03 | 000,000,000 | -H-D | C] -- C:\ProgramData\DVD Shrink
[2011/07/13 18:11:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Shrink
[2011/07/13 18:11:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVD Shrink
[2011/07/08 17:33:18 | 000,000,000 | ---D | C] -- C:\Users\DorianDionne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2011/07/08 17:29:58 | 000,000,000 | -H-D | C] -- C:\Users\DorianDionne\AppData\Roaming\Leadertech
[2011/07/08 17:25:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Atari
[2011/07/08 17:21:02 | 000,000,000 | -H-D | C] -- C:\Users\DorianDionne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ValuSoft
[2011/07/08 17:21:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ValuSoft
[2011/07/08 17:15:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ValuSoft

========== Files - Modified Within 30 Days ==========

[2011/08/04 12:57:24 | 001,388,094 | ---- | M] () -- C:\Users\DorianDionne\Desktop\tdsskiller.zip
[2011/08/04 12:47:49 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/04 12:47:49 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/04 12:39:59 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/08/04 12:39:57 | 1506,783,232 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/04 12:35:00 | 000,000,964 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/08/04 12:34:41 | 000,000,098 | ---- | M] () -- C:\windows\SysNative\drivers\etc\Hosts
[2011/08/04 12:31:33 | 126,853,854 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\incavi.avm
[2011/08/04 12:26:19 | 000,727,182 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2011/08/04 12:26:19 | 000,624,622 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2011/08/04 12:26:19 | 000,106,708 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2011/08/03 16:52:37 | 000,000,512 | ---- | M] () -- C:\Users\DorianDionne\Desktop\MBR.dat
[2011/08/03 16:43:19 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\DorianDionne\Desktop\OTL.exe
[2011/08/03 16:40:54 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Users\DorianDionne\Desktop\aswMBR.exe
[2011/08/03 10:27:23 | 000,000,436 | ---- | M] () -- C:\windows\SysWow64\PARLOGAN.EXE
[2011/08/03 10:02:51 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\DorianDionne\Desktop\GooredFix.exe
[2011/08/03 09:43:29 | 000,522,752 | ---- | M] (OldTimer Tools) -- C:\Users\DorianDionne\Desktop\OTM.exe
[2011/08/03 09:40:02 | 000,000,935 | ---- | M] () -- C:\Users\DorianDionne\Desktop\NTREGOPT.lnk
[2011/08/03 09:40:02 | 000,000,916 | ---- | M] () -- C:\Users\DorianDionne\Desktop\ERUNT.lnk
[2011/08/03 09:33:22 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\DorianDionne\Desktop\erunt-setup.exe
[2011/08/01 21:23:23 | 000,039,192 | ---- | M] (Greatis Software) -- C:\windows\SysNative\Partizan.exe
[2011/08/01 21:19:48 | 000,000,002 | RHS- | M] () -- C:\windows\winstart.bat
[2011/08/01 21:19:48 | 000,000,002 | RHS- | M] () -- C:\windows\SysWow64\CONFIG.NT
[2011/08/01 21:19:48 | 000,000,002 | RHS- | M] () -- C:\windows\SysWow64\AUTOEXEC.NT
[2011/08/01 19:36:12 | 000,055,384 | ---- | M] (Sunbelt Software) -- C:\windows\SysNative\drivers\SBREDrv.sys
[2011/08/01 19:32:38 | 010,285,056 | ---- | M] () -- C:\Users\DorianDionne\Desktop\Ad-Aware90Install.msi
[2011/08/01 17:59:15 | 011,710,480 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\DorianDionne\Desktop\SUPERAntiSpyware.exe
[2011/08/01 17:30:08 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/01 16:29:34 | 000,001,191 | ---- | M] () -- C:\Users\DorianDionne\Desktop\WinASO Registry Optimizer.lnk
[2011/08/01 16:29:07 | 005,794,920 | ---- | M] (X.M.Y International LLC ) -- C:\Users\DorianDionne\Desktop\WinASO_RO_v4.7.2.exe
[2011/08/01 15:56:40 | 000,000,691 | ---- | M] () -- C:\Users\DorianDionne\AppData\Roaming\GetValue.vbs
[2011/08/01 15:56:40 | 000,000,035 | ---- | M] () -- C:\Users\DorianDionne\AppData\Roaming\SetValue.bat
[2011/08/01 15:56:35 | 000,003,788 | ---- | M] () -- C:\windows\SysWow64\tmp.reg
[2011/07/31 14:40:38 | 000,963,992 | ---- | M] () -- C:\Users\DorianDionne\AppData\Local\census.cache
[2011/07/31 14:39:26 | 000,089,017 | ---- | M] () -- C:\Users\DorianDionne\AppData\Local\ars.cache
[2011/07/28 02:22:02 | 000,000,036 | ---- | M] () -- C:\Users\DorianDionne\AppData\Local\housecall.guid.cache
[2011/07/27 21:55:05 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\drivers\AVG\incavi.avm
[2011/07/27 21:55:05 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\drivers\AVG\iavichjw.avm
[2011/07/20 06:22:19 | 000,274,320 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2011/07/19 06:23:34 | 000,000,129 | -H-- | M] () -- C:\Users\DorianDionne\jagex_runescape_preferences2.dat
[2011/07/19 03:15:37 | 000,000,034 | -H-- | M] () -- C:\Users\DorianDionne\jagex_runescape_preferences.dat
[2011/07/13 18:11:03 | 000,000,994 | ---- | M] () -- C:\Users\DorianDionne\Desktop\DVD Shrink 3.2.lnk
[2011/07/06 22:12:05 | 000,128,385 | -H-- | M] () -- C:\Users\DorianDionne\Desktop\Tent.jpg
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysWow64\drivers\mbamswissarmy.sys

========== Files Created - No Company Name ==========

[2011/08/04 12:31:33 | 126,853,854 | ---- | C] () -- C:\windows\SysNative\drivers\AVG\incavi.avm
[2011/08/03 16:52:37 | 000,000,512 | ---- | C] () -- C:\Users\DorianDionne\Desktop\MBR.dat
[2011/08/03 10:05:13 | 001,388,094 | ---- | C] () -- C:\Users\DorianDionne\Desktop\tdsskiller.zip
[2011/08/03 09:40:02 | 000,000,935 | ---- | C] () -- C:\Users\DorianDionne\Desktop\NTREGOPT.lnk
[2011/08/03 09:40:02 | 000,000,916 | ---- | C] () -- C:\Users\DorianDionne\Desktop\ERUNT.lnk
[2011/08/01 21:25:50 | 000,000,436 | ---- | C] () -- C:\windows\SysWow64\PARLOGAN.EXE
[2011/08/01 21:19:48 | 000,000,002 | RHS- | C] () -- C:\windows\winstart.bat
[2011/08/01 21:19:48 | 000,000,002 | RHS- | C] () -- C:\windows\SysWow64\CONFIG.NT
[2011/08/01 21:19:48 | 000,000,002 | RHS- | C] () -- C:\windows\SysWow64\AUTOEXEC.NT
[2011/08/01 19:32:03 | 010,285,056 | ---- | C] () -- C:\Users\DorianDionne\Desktop\Ad-Aware90Install.msi
[2011/08/01 16:29:34 | 000,001,191 | ---- | C] () -- C:\Users\DorianDionne\Desktop\WinASO Registry Optimizer.lnk
[2011/08/01 15:21:46 | 000,000,691 | ---- | C] () -- C:\Users\DorianDionne\AppData\Roaming\GetValue.vbs
[2011/08/01 15:21:46 | 000,000,035 | ---- | C] () -- C:\Users\DorianDionne\AppData\Roaming\SetValue.bat
[2011/08/01 15:21:38 | 000,003,788 | ---- | C] () -- C:\windows\SysWow64\tmp.reg
[2011/08/01 15:09:11 | 000,075,776 | ---- | C] () -- C:\windows\SysWow64\WS2Fix.exe
[2011/08/01 15:09:11 | 000,051,200 | ---- | C] () -- C:\windows\SysWow64\dumphive.exe
[2011/08/01 15:09:11 | 000,040,960 | ---- | C] () -- C:\windows\SysWow64\swsc.exe
[2011/08/01 11:41:08 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2011/08/01 11:41:08 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2011/08/01 11:41:08 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2011/08/01 11:41:08 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2011/08/01 11:41:08 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2011/07/28 15:41:30 | 000,438,272 | ---- | C] () -- C:\Users\DorianDionne\Desktop\Launch DT.exe
[2011/07/28 02:32:02 | 000,963,992 | ---- | C] () -- C:\Users\DorianDionne\AppData\Local\census.cache
[2011/07/28 02:31:32 | 000,089,017 | ---- | C] () -- C:\Users\DorianDionne\AppData\Local\ars.cache
[2011/07/28 02:22:02 | 000,000,036 | ---- | C] () -- C:\Users\DorianDionne\AppData\Local\housecall.guid.cache
[2011/07/27 21:55:05 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\drivers\AVG\incavi.avm
[2011/07/27 21:55:05 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\drivers\AVG\iavichjw.avm
[2011/07/27 21:44:48 | 000,000,964 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/07/15 17:16:39 | 000,000,129 | -H-- | C] () -- C:\Users\DorianDionne\jagex_runescape_preferences2.dat
[2011/07/15 17:14:09 | 000,000,034 | -H-- | C] () -- C:\Users\DorianDionne\jagex_runescape_preferences.dat
[2011/07/13 18:11:03 | 000,000,994 | ---- | C] () -- C:\Users\DorianDionne\Desktop\DVD Shrink 3.2.lnk
[2011/07/06 22:15:18 | 000,128,385 | -H-- | C] () -- C:\Users\DorianDionne\Desktop\Tent.jpg
[2011/06/15 09:15:51 | 000,000,017 | ---- | C] () -- C:\windows\SysWow64\shortcut_ex.dat
[2011/06/15 07:30:45 | 000,743,534 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/06/10 23:57:37 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/02/20 11:22:24 | 000,982,240 | ---- | C] () -- C:\windows\SysWow64\igkrng500.bin
[2010/02/20 11:22:24 | 000,439,308 | ---- | C] () -- C:\windows\SysWow64\igcompkrng500.bin
[2010/02/20 11:22:24 | 000,092,356 | ---- | C] () -- C:\windows\SysWow64\igfcg500m.bin
[2010/02/20 10:27:36 | 000,208,896 | ---- | C] () -- C:\windows\SysWow64\iglhsip32.dll
[2010/02/20 10:27:36 | 000,143,360 | ---- | C] () -- C:\windows\SysWow64\iglhcp32.dll
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:59:36 | 000,139,824 | ---- | C] () -- C:\windows\SysWow64\igfcg500.bin
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/07/27 21:47:04 | 000,000,000 | ---D | M] -- C:\Users\DorianDionne\AppData\Roaming\AVG10
[2011/07/22 22:29:40 | 000,000,000 | ---D | M] -- C:\Users\DorianDionne\AppData\Roaming\FrostWire
[2011/07/22 22:30:36 | 000,000,000 | ---D | M] -- C:\Users\DorianDionne\AppData\Roaming\Juniper Networks
[2011/07/08 17:29:58 | 000,000,000 | -H-D | M] -- C:\Users\DorianDionne\AppData\Roaming\Leadertech
[2011/06/11 00:00:48 | 000,000,000 | -H-D | M] -- C:\Users\DorianDionne\AppData\Roaming\ooVoo Details
[2011/06/19 23:20:15 | 000,000,000 | -H-D | M] -- C:\Users\DorianDionne\AppData\Roaming\Sammsoft
[2011/07/22 22:29:42 | 000,000,000 | ---D | M] -- C:\Users\DorianDionne\AppData\Roaming\SoftGrid Client
[2011/06/11 11:43:24 | 000,000,000 | -H-D | M] -- C:\Users\DorianDionne\AppData\Roaming\Tific
[2011/06/26 11:48:24 | 000,000,000 | -H-D | M] -- C:\Users\DorianDionne\AppData\Roaming\Toshiba
[2011/06/15 07:32:02 | 000,000,000 | -H-D | M] -- C:\Users\DorianDionne\AppData\Roaming\TP
[2011/06/11 00:07:30 | 000,000,000 | -H-D | M] -- C:\Users\DorianDionne\AppData\Roaming\WildTangent
[2011/06/10 23:15:36 | 000,000,000 | -H-D | M] -- C:\Users\DorianDionne\AppData\Roaming\WinBatch
[2009/07/14 00:08:49 | 000,012,888 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

#9
Essexboy
Posted 04 August 2011 - 12:31 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK so TDSSKiller is not seeing it, what we will do next is use aswMBR to try and kill it. But, it may be a new variant so first we need to determine whether or not you have the windows 7 disc as we may need to use that at some stage. If you do not have one we can burn the recovery console to a cd and use that. The reason we need to do this is that certain variants will corrupt the MBR as it is being repaired, but with the recovery console disc we can fix it

If you do not have the windows CD then we will first try tio use windows to create one

Create a Windows 7 System Repair Disc

Note: the below can only be done if your machine has a a type of CD/R or DVD/R optical drive installed. Also depending on the exact type of OEM your machine has you may be unable to actually create a SRD.

  • Click on Start(Windows 7 Orb) >> Run...(or the Windows key and R together) to bring up the Run box, then copy/paste the following command into the box and click on OK:

    recdisc.exe

  • Allow the UAC(User Account Control) prompt via selecting Yes.
  • You should now see a menu like the below:-
Posted Image

  • Put a blank rewritable CD/DVD in your optical(CD/DVD) drive and then click on Create disc.
  • Note: If a AutoPlay window pops up, just close it.
  • When the SRD has been created you will see the below:-
Posted Image

  • Now click on Close >> OK. Leave the disc in the drive as we will be using it shortly.
  • You now have a Windows 7 System Repair Disc.

Once you have created it we will then run aswMBR

Re-Run aswMBR

Click Scan

On completion of the scan

Click the Fix Button

Posted Image


Save the log as before and post in your next reply
  • 0

#10
jtheod
Posted 04 August 2011 - 01:40 PM

jtheod

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
This is the 3rd time it restarted and it is still atempting to repair.
  • 0

Advertisements

#11
jtheod
Posted 04 August 2011 - 03:19 PM

jtheod

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Computer is still stuck in the "startup Repair" screen. Constantly going back to that screen...for over an hour now.
  • 0

#12
jtheod
Posted 04 August 2011 - 03:19 PM

jtheod

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Computer is still stuck in the "startup Repair" screen. Constantly going back to that screen...for over an hour now.
  • 0

#13
Essexboy
Posted 05 August 2011 - 11:29 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Sorry for the delay but my motherboard failed last night - I am on a loan computer at the moment

OK using the disc you created.

Insert the disc and select start from CD

  • Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
When you reboot you will see this although yours will say windows 7.
Click repair my computer
Posted Image
Select your operating system
Posted Image
Select Command prompt
Posted Image
At the command prompt type the following
  • Bootrec.exe /FixMbr
  • Once finished type Exit

Reboot to normal windows and run aswMBR again please
  • 0

#14
jtheod
Posted 05 August 2011 - 02:42 PM

jtheod

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Trying it now....working from another laptop.
  • 0

#15
jtheod
Posted 05 August 2011 - 03:13 PM

jtheod

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-08-03 16:41:32
-----------------------------
16:41:32.933 OS Version: Windows x64 6.1.7601 Service Pack 1
16:41:32.933 Number of processors: 1 586 0x170A
16:41:32.933 ComputerName: DORIANDIONNE-PC UserName: DorianDionne
16:41:34.275 Initialize success
16:42:13.575 AVAST engine defs: 11080301
16:42:17.210 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:42:17.210 Disk 0 Vendor: TOSHIBA_ GJ00 Size: 238475MB BusType: 3
16:42:17.241 Disk 0 MBR read successfully
16:42:17.241 Disk 0 MBR scan
16:42:17.256 Disk 0 MBR:Alureon-I [Rtk]
16:42:17.256 Disk 0 TDL4@MBR code has been found
16:42:17.256 Disk 0 MBR hidden
16:42:17.256 Disk 0 MBR [TDL4] **ROOTKIT**
16:42:17.272 Disk 0 trace - called modules:
16:42:17.272 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8002638254]<<
16:42:17.272 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800261d060]
16:42:17.288 3 CLASSPNP.SYS[fffff88001b7643f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80020ef050]
16:42:17.288 \Driver\iaStor[0xfffffa80020dda70] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8002638254
16:42:20.829 AVAST engine scan C:\windows
16:42:24.994 AVAST engine scan C:\windows\system32
16:45:17.740 AVAST engine scan C:\windows\system32\drivers
16:45:33.574 AVAST engine scan C:\Users\DorianDionne
16:48:22.195 AVAST engine scan C:\ProgramData
16:50:09.445 Scan finished successfully
16:52:37.700 Disk 0 MBR has been saved successfully to "C:\Users\DorianDionne\Desktop\MBR.dat"
16:52:37.716 The log file has been saved successfully to "C:\Users\DorianDionne\Desktop\aswMBR.txt"


aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-08-05 16:00:43
-----------------------------
16:00:43.857 OS Version: Windows x64 6.1.7601 Service Pack 1
16:00:43.857 Number of processors: 1 586 0x170A
16:00:43.858 ComputerName: DORIANDIONNE-PC UserName: DorianDionne
16:00:45.535 Initialize success
16:00:51.585 AVAST engine defs: 11080400
16:01:00.448 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:01:00.450 Disk 0 Vendor: TOSHIBA_ GJ00 Size: 238475MB BusType: 3
16:01:00.469 Disk 0 MBR read successfully
16:01:00.472 Disk 0 MBR scan
16:01:00.477 Disk 0 Windows 7 default MBR code
16:01:00.482 Service scanning
16:01:03.178 Modules scanning
16:01:03.181 Disk 0 trace - called modules:
16:01:03.202 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys
16:01:03.206 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002615060]
16:01:03.211 3 CLASSPNP.SYS[fffff88001b5d43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80020e7050]
16:01:04.436 AVAST engine scan C:\windows
16:01:09.882 AVAST engine scan C:\windows\system32
16:04:41.370 AVAST engine scan C:\windows\system32\drivers
16:04:58.114 AVAST engine scan C:\Users\DorianDionne
16:07:50.035 AVAST engine scan C:\ProgramData
16:09:38.008 Scan finished successfully
16:10:06.863 Disk 0 MBR has been saved successfully to "C:\Users\DorianDionne\Desktop\MBR.dat"
16:10:06.868 The log file has been saved successfully to "C:\Users\DorianDionne\Desktop\aswMBR.txt"
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP