Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trouble malware on vista


  • This topic is locked This topic is locked

#16
Daclivont

Daclivont

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
ESET is currently running. The only thing I notice right now it that I get a BSOD on normal boots. :) I've had this happen before though and fixed it with a vista repair disk from Toshiba for the laptop though if it turns out to be a side effect from the virus that doesn't go away on its own.

Edited by Daclivont, 27 September 2011 - 03:05 PM.

  • 0

Advertisements


#17
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Okay. Lets see what the ESET scan finds.
  • 0

#18
Daclivont

Daclivont

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
Here's ESET's log:

C:\Documents and Settings\Lovyna\Desktop\Photoshop CS4\Adobe.Keygen.And.Patch\Any Product Activation\CS4MCLG.EXE probably a variant of Win32/Spy.Agent.FFETUNH trojan
C:\Qoobox\Quarantine\C\ProgramData\KeyboardBackupPolicy.dll.vir a variant of Win32/Kryptik.TGT trojan
C:\Qoobox\Quarantine\C\Windows\system32\Drivers\cdrom.sys.vir a variant of Win32/Olmarik.AXN trojan
C:\Users\Lovyna\Desktop\Photoshop CS4\Adobe.Keygen.And.Patch\Any Product Activation\CS4MCLG.EXE probably a variant of Win32/Spy.Agent.FFETUNH trojan
C:\_OTL\MovedFiles\09252011_234343\C_ProgramData\AbEVEEVRbhjjV.exe Win32/Kryptik.TDV trojan
C:\_OTL\MovedFiles\09252011_234343\C_Users\Lovyna\AppData\Roaming\Microsoft\conhost.exe Win32/Cycbot.AF trojan
C:\_OTL\MovedFiles\09252011_235659\C_Users\Lovyna\AppData\Roaming\dwm.exe a variant of Win32/Kryptik.TEV trojan



And SecurityCheck:

Results of screen317's Security Check version 0.99.18
Windows Vista Service Pack 2 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
avast! Free Antivirus
ESET Online Scanner v3
Norton 360
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java™ 6 Update 22
Java™ 6 Update 3
Out of date Java installed!
Adobe Flash Player 10.3.183.5
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````


Both ran in safe mode.


Thanks for all your help so far!

Edited by Daclivont, 27 September 2011 - 04:57 PM.

  • 0

#19
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi Dadclivont!

These threat(s) below are currently in Quarantine/System Restore and shall be removed when we clean up our tools later on.

C:\Qoobox\Quarantine\C\ProgramData\KeyboardBackupPolicy.dll.vir a variant of Win32/Kryptik.TGT trojan
C:\Qoobox\Quarantine\C\Windows\system32\Drivers\cdrom.sys.vir a variant of Win32/Olmarik.AXN trojan
C:\_OTL\MovedFiles\09252011_234343\C_ProgramData\AbEVEEVRbhjjV.exe Win32/Kryptik.TDV trojan
C:\_OTL\MovedFiles\09252011_234343\C_Users\Lovyna\AppData\Roaming\Microsoft\conhost.exe Win32/Cycbot.AF trojan
C:\_OTL\MovedFiles\09252011_235659\C_Users\Lovyna\AppData\Roaming\dwm.exe a variant of Win32/Kryptik.TEV trojan


These threat(s) below will be removed very shortly:

C:\Documents and Settings\Lovyna\Desktop\Photoshop CS4\Adobe.Keygen.And.Patch\Any Product Activation\CS4MCLG.EXE probably a variant of Win32/Spy.Agent.FFETUNH trojan
C:\Users\Lovyna\Desktop\Photoshop CS4\Adobe.Keygen.And.Patch\Any Product Activation\CS4MCLG.EXE probably a variant of Win32/Spy.Agent.FFETUNH trojan


____________________________________________________

From the looks of your SecurityCheck log, I can see that we have some outdated programs that need to be updated.

Lets address those programs that need updating now!

Java Outdated

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform:
    • 32-bit Select: Windows x86 Offline.
    • 64-bit Select: Windows x64.
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7-windows-i586.exe to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.


NEXT:



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :OTL
    
    :Reg
    
    :Files
    C:\Documents and Settings\Lovyna\Desktop\Photoshop CS4\Adobe.Keygen.And.Patch\
    C:\Users\Lovyna\Desktop\Photoshop CS4\Adobe.Keygen.And.Patch\
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



OTL Custom Scan

We need to run an OTL Custom Scan
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.


    netsvcs
    drivers32
    hklm\software\clients\startmenuinternet|command /rs
    %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Push the Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.


NEXT:



What outstanding issues (if any) are you still experiencing with your computer?
  • 0

#20
Daclivont

Daclivont

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
I can't install the new JRE until I can get it to boot normally should I continue on with the next steps?
  • 0

#21
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Please hold up on those previous instructions.

Do the following:

OTL Custom Scan
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under Extra Registry select Use Safe List
  • Under Custom Scan paste this in


    netsvcs
    drivers32
    %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %USERPROFILE%\Favorites\*.url /x
    %USERPROFILE%\Cookies\*.txt /x
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
  • You may need two posts to fit them both in.

Edited by SweetTech, 28 September 2011 - 09:06 AM.
edited custom scan options.

  • 0

#22
Daclivont

Daclivont

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
Here's OTL.txt, but, there was no Extras.txt generated that I could find.

And I noticed now that one of the svchost.eve processes is eating up every spare amount of cpu power and 1.1gigs of ram.



AOTL logfile created on: 9/28/2011 1:41:04 PM - Run 4
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Lovyna\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.21 Gb Available Physical Memory | 42.19% Memory free
5.99 Gb Paging File | 4.50 Gb Available in Paging File | 75.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 184.84 Gb Total Space | 106.07 Gb Free Space | 57.38% Space Free | Partition Type: NTFS

Computer Name: LOVYNA-PC | User Name: Lovyna | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Lovyna\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - (CLTNetCnService) -- File not found
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe ()
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (TNaviSrv) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TosCoSrv) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (TOSHIBA SMART Log Service) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (jswpsapi) -- C:\Program Files\Jumpstart\jswpsapi.exe (Atheros Communications, Inc.)
SRV - (Swupdtmr) -- c:\Toshiba\IVP\swupdate\swupdtmr.exe ()
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (GameConsoleService) -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (pinger) -- C:\Toshiba\IVP\ISM\pinger.exe ()
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)


========== Driver Services (SafeList) ==========

DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek )
DRV - (WSDScan) -- C:\Windows\System32\drivers\WSDScan.sys (Microsoft Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (UVCFTR) -- C:\Windows\System32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)
DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (jswpslwf) -- C:\Windows\System32\drivers\jswpslwf.sys (Atheros Communications, Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation)
DRV - (ATITool) -- C:\Windows\System32\drivers\ATITool.sys ()
DRV - (KR10I) -- C:\Windows\system32\drivers\kr10i.sys (TOSHIBA CORPORATION)
DRV - (KR10N) -- C:\Windows\system32\drivers\kr10n.sys (TOSHIBA CORPORATION)
DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://mysbu.sbuniv...on=0&formdir=3"
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 50687
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/09/24 20:22:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/28 13:28:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/06/29 16:08:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lovyna\AppData\Roaming\Mozilla\Extensions
[2011/09/28 13:18:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lovyna\AppData\Roaming\Mozilla\Firefox\Profiles\7hpkn9su.default\extensions
[2011/09/28 13:18:18 | 000,000,000 | ---D | M] (WebMail Notifier) -- C:\Users\Lovyna\AppData\Roaming\Mozilla\Firefox\Profiles\7hpkn9su.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}
[2011/09/24 14:54:26 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Lovyna\AppData\Roaming\Mozilla\Firefox\Profiles\7hpkn9su.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2011/07/08 21:24:38 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Lovyna\AppData\Roaming\Mozilla\Firefox\Profiles\7hpkn9su.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/09/07 21:14:56 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Lovyna\AppData\Roaming\Mozilla\Firefox\Profiles\7hpkn9su.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/07/03 08:49:49 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Lovyna\AppData\Roaming\Mozilla\Firefox\Profiles\7hpkn9su.default\extensions\[email protected]
[2011/09/01 19:13:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/01 19:13:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/09/24 20:22:50 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
() (No name found) -- C:\USERS\LOVYNA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7HPKN9SU.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI
() (No name found) -- C:\USERS\LOVYNA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7HPKN9SU.DEFAULT\EXTENSIONS\{DCBD1271-D228-4082-9FBC-36D9B7660B03}.XPI
() (No name found) -- C:\USERS\LOVYNA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7HPKN9SU.DEFAULT\EXTENSIONS\[email protected]
[2011/07/04 03:08:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/09/28 13:28:22 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========


O1 HOSTS File: ([2011/09/26 19:26:38 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe ()
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PCMAgent] C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Lovyna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{662D9419-05B0-444A-B459-569214287EA8}: DhcpNameServer = 192.168.254.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Lovyna\Desktop\Photos\Jenn's stuff\Sleep-With-A-Teddy-Bear.jpg
O24 - Desktop BackupWallPaper: C:\Users\Lovyna\Desktop\Photos\Jenn's stuff\Sleep-With-A-Teddy-Bear.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/09/27 15:22:59 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/09/27 00:30:03 | 000,000,000 | ---D | C] -- C:\Users\Lovyna\AppData\Roaming\Malwarebytes
[2011/09/27 00:29:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/27 00:29:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/09/27 00:29:56 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/09/27 00:29:56 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/09/27 00:15:32 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Lovyna\Desktop\mbam-setup-1.51.2.1300.exe
[2011/09/27 00:15:28 | 000,066,896 | ---- | C] (Malwarebytes Corporation) -- C:\Users\Lovyna\Desktop\mbam-clean.exe
[2011/09/26 19:33:23 | 000,000,000 | ---D | C] -- C:\Users\Lovyna\AppData\Local\temp
[2011/09/26 19:31:58 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/09/26 12:19:44 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/09/26 12:19:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/09/26 12:19:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/09/26 12:19:37 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/09/26 12:19:29 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/09/26 12:18:51 | 004,228,783 | R--- | C] (Swearware) -- C:\Users\Lovyna\Desktop\ComboFix.exe
[2011/09/25 12:53:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/25 12:48:50 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Lovyna\Desktop\OTL.exe
[2011/09/24 20:23:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/09/24 20:23:12 | 000,320,856 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/09/24 20:23:12 | 000,020,568 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/09/24 19:58:44 | 000,034,392 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/09/24 19:58:42 | 000,052,568 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/09/24 19:39:24 | 000,442,200 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/09/24 19:39:23 | 000,054,616 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/09/24 19:38:55 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/09/24 19:38:55 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/09/24 19:11:49 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2011/09/12 14:51:18 | 000,000,000 | ---D | C] -- C:\Users\Lovyna\Documents\My Games
[2011/09/12 14:40:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
[2011/09/12 14:05:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
[2011/09/12 14:05:16 | 000,000,000 | ---D | C] -- C:\Program Files\Elaborate Bytes
[2011/09/08 19:02:34 | 000,000,000 | ---D | C] -- C:\Users\Lovyna\AppData\Roaming\TOSHIBA
[2011/09/07 16:52:31 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/09/01 19:21:45 | 000,000,000 | ---D | C] -- C:\Users\Lovyna\AppData\Roaming\OpenOffice.org
[2011/09/01 19:15:37 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.3
[2011/09/01 19:14:30 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2011/09/01 19:13:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/09/01 19:09:56 | 000,000,000 | ---D | C] -- C:\Users\Lovyna\Desktop\OpenOffice.org 3.3 (en-US) Installation Files

========== Files - Modified Within 30 Days ==========

[2011/09/27 19:42:01 | 000,000,680 | ---- | M] () -- C:\Users\Lovyna\AppData\Local\d3d9caps.dat
[2011/09/27 19:07:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/27 19:06:49 | 224,652,017 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/09/27 19:05:48 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/27 19:05:48 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/27 00:29:59 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/27 00:12:58 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Lovyna\Desktop\mbam-setup-1.51.2.1300.exe
[2011/09/27 00:11:34 | 000,066,896 | ---- | M] (Malwarebytes Corporation) -- C:\Users\Lovyna\Desktop\mbam-clean.exe
[2011/09/26 19:26:38 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/09/26 12:18:06 | 004,228,783 | R--- | M] (Swearware) -- C:\Users\Lovyna\Desktop\ComboFix.exe
[2011/09/24 21:44:34 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Lovyna\Desktop\OTL.exe
[2011/09/24 21:39:32 | 003,772,904 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/09/24 20:23:13 | 000,001,840 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/09/24 20:23:07 | 000,000,000 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/09/12 14:40:19 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Fable - The Lost Chapters.lnk
[2011/09/12 14:09:17 | 000,598,588 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/09/12 14:09:17 | 000,102,194 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/09/12 14:05:49 | 000,001,054 | ---- | M] () -- C:\Users\Public\Desktop\Virtual CloneDrive.lnk
[2011/09/06 15:45:29 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/09/06 15:45:29 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/09/06 15:38:05 | 000,442,200 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/09/06 15:37:53 | 000,320,856 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/09/06 15:36:38 | 000,034,392 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/09/06 15:36:36 | 000,052,568 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/09/06 15:36:26 | 000,054,616 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/09/06 15:36:12 | 000,020,568 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/09/01 19:22:06 | 000,001,039 | ---- | M] () -- C:\Users\Lovyna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
[2011/09/01 19:15:38 | 000,000,985 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk
[2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2011/09/27 00:29:59 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/26 12:19:44 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/09/26 12:19:43 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/09/26 12:19:43 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/09/26 12:19:43 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/09/26 12:19:43 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/09/26 00:13:24 | 000,302,592 | ---- | C] () -- C:\Users\Lovyna\Desktop\gmer.exe
[2011/09/24 20:23:13 | 000,001,840 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/09/12 14:40:19 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Fable - The Lost Chapters.lnk
[2011/09/12 14:27:17 | 2316,290,048 | ---- | C] () -- C:\Users\Lovyna\Desktop\Fable The Lost Chapters.iso
[2011/09/12 14:05:49 | 000,001,054 | ---- | C] () -- C:\Users\Public\Desktop\Virtual CloneDrive.lnk
[2011/09/01 19:22:06 | 000,001,039 | ---- | C] () -- C:\Users\Lovyna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
[2011/09/01 19:15:38 | 000,000,985 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk
[2011/08/03 14:54:51 | 000,008,351 | ---- | C] () -- C:\Users\Lovyna\AppData\Roaming\PStrip.bko
[2011/08/03 14:19:59 | 000,009,591 | ---- | C] () -- C:\Users\Lovyna\AppData\Roaming\PStrip.bk!
[2011/08/03 14:19:53 | 000,009,568 | ---- | C] () -- C:\Users\Lovyna\AppData\Roaming\PStrip.bak
[2011/08/03 14:18:03 | 000,009,591 | ---- | C] () -- C:\Users\Lovyna\AppData\Roaming\PStrip.ini
[2011/08/03 14:15:48 | 000,000,063 | ---- | C] () -- C:\Windows\wininit.ini
[2011/07/06 20:37:19 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/07/06 20:36:50 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/07/06 20:36:50 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/07/06 19:51:08 | 000,000,680 | ---- | C] () -- C:\Users\Lovyna\AppData\Local\d3d9caps.dat
[2011/07/02 19:24:38 | 000,008,704 | ---- | C] () -- C:\Users\Lovyna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/29 18:08:49 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2011/06/29 18:08:49 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2011/06/29 18:08:49 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2011/06/29 18:08:49 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2011/06/29 17:55:29 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2011/06/29 17:55:29 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2011/06/29 17:55:29 | 000,144,773 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/06/29 15:51:37 | 000,000,067 | ---- | C] () -- C:\Windows\swupdate.INI
[2011/06/29 15:35:52 | 000,000,016 | RHS- | C] () -- C:\Windows\System32\drivers\fbd.sys
[2011/06/29 15:35:51 | 000,000,007 | RHS- | C] () -- C:\Windows\System32\drivers\taishop.sys
[2009/03/05 06:54:58 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2008/02/13 01:34:21 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/02/13 01:00:09 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008/02/13 01:00:09 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008/02/13 01:00:09 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008/02/13 01:00:09 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008/02/13 01:00:09 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008/02/13 01:00:09 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008/02/13 00:38:47 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/02/13 00:35:26 | 000,000,852 | ---- | C] () -- C:\Windows\System32\drivers\RTKHDRC1.dat
[2008/02/13 00:35:26 | 000,000,852 | ---- | C] () -- C:\Windows\System32\drivers\RTKHDRC0.dat
[2008/02/13 00:35:26 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2008/02/13 00:35:26 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2008/02/13 00:35:26 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
[2008/02/13 00:35:26 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2008/02/13 00:12:13 | 000,157,040 | ---- | C] () -- C:\Windows\fdbpinger.exe
[2008/01/28 20:01:42 | 000,057,344 | ---- | C] () -- C:\Windows\System32\SmartFaceVCapt.dll
[2008/01/28 20:01:06 | 000,471,040 | ---- | C] () -- C:\Windows\System32\SmartFaceVCP.dll
[2008/01/28 19:53:02 | 006,701,056 | ---- | C] () -- C:\Windows\System32\FaceHI.dll
[2008/01/28 19:53:02 | 000,995,328 | ---- | C] () -- C:\Windows\System32\FaceRec.dll
[2008/01/28 19:53:02 | 000,126,976 | ---- | C] () -- C:\Windows\System32\SmartFaceVCtrl.dll
[2008/01/28 19:52:28 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IppLib.dll
[2007/12/21 19:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/10 08:08:50 | 000,024,064 | ---- | C] () -- C:\Windows\System32\drivers\ATITool.sys
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 003,772,904 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,598,588 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,102,194 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 12:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/07/23 00:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

========== LOP Check ==========

[2011/07/05 19:04:49 | 000,000,000 | ---D | M] -- C:\Users\Lovyna\AppData\Roaming\BitTorrent
[2011/07/01 20:04:48 | 000,000,000 | ---D | M] -- C:\Users\Lovyna\AppData\Roaming\Blender Foundation
[2011/07/02 12:08:00 | 000,000,000 | ---D | M] -- C:\Users\Lovyna\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/06/30 12:39:10 | 000,000,000 | ---D | M] -- C:\Users\Lovyna\AppData\Roaming\gtk-2.0
[2011/09/01 19:21:45 | 000,000,000 | ---D | M] -- C:\Users\Lovyna\AppData\Roaming\OpenOffice.org
[2011/09/08 19:02:34 | 000,000,000 | ---D | M] -- C:\Users\Lovyna\AppData\Roaming\TOSHIBA
[2011/06/29 15:58:57 | 000,000,000 | ---D | M] -- C:\Users\Lovyna\AppData\Roaming\WildTangent
[2011/09/24 15:29:00 | 000,032,574 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >
[2011/07/03 08:49:52 | 000,000,000 | ---- | M] () -- C:\Users\Lovyna\AppData\Local\Google\Chrome\User Data\Default\Preferences

< %systemroot%\*. /mp /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/07/03 17:08:01 | 000,000,221 | -HS- | M] () -- C:\Users\Lovyna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %USERPROFILE%\Favorites\*.url /x >
[2011/06/29 15:36:36 | 000,000,402 | -HS- | M] () -- C:\Users\Lovyna\Favorites\desktop.ini

< %USERPROFILE%\Cookies\*.txt /x >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-09-24 08:01:26

< End of report >
  • 0

#23
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi!

Did you ensure that this setting was set: Under Extra Registry select Use Safe List ?

I'll have you run these instructions instead:

Re-Running OTL

We need to create a New FULL OTL Report
  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized

  • 0

#24
Daclivont

Daclivont

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
I'm pretty sure I did but I may have messed up.

Here's the OTL log:

OTL logfile created on: 9/28/2011 10:58:09 PM - Run 5
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Lovyna\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.20 Gb Available Physical Memory | 41.95% Memory free
5.99 Gb Paging File | 4.53 Gb Available in Paging File | 75.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 184.84 Gb Total Space | 106.06 Gb Free Space | 57.38% Space Free | Partition Type: NTFS

Computer Name: LOVYNA-PC | User Name: Lovyna | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Lovyna\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Users\Lovyna\AppData\Roaming\Mozilla\Firefox\Profiles\7hpkn9su.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko7.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files\File Shredder\fsshell.dll ()


========== Win32 Services (SafeList) ==========

SRV - (CLTNetCnService) -- File not found
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe ()
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (TNaviSrv) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TosCoSrv) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (TOSHIBA SMART Log Service) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (jswpsapi) -- C:\Program Files\Jumpstart\jswpsapi.exe (Atheros Communications, Inc.)
SRV - (Swupdtmr) -- c:\Toshiba\IVP\swupdate\swupdtmr.exe ()
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (GameConsoleService) -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (pinger) -- C:\Toshiba\IVP\ISM\pinger.exe ()
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)


========== Driver Services (SafeList) ==========

DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek )
DRV - (WSDScan) -- C:\Windows\System32\drivers\WSDScan.sys (Microsoft Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (UVCFTR) -- C:\Windows\System32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)
DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (jswpslwf) -- C:\Windows\System32\drivers\jswpslwf.sys (Atheros Communications, Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation)
DRV - (ATITool) -- C:\Windows\System32\drivers\ATITool.sys ()
DRV - (KR10I) -- C:\Windows\system32\drivers\kr10i.sys (TOSHIBA CORPORATION)
DRV - (KR10N) -- C:\Windows\system32\drivers\kr10n.sys (TOSHIBA CORPORATION)
DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1660640921-3098085042-3961922972-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\S-1-5-21-1660640921-3098085042-3961922972-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1660640921-3098085042-3961922972-1000\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1660640921-3098085042-3961922972-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://mysbu.sbuniv...on=0&formdir=3"
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 50687
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/09/24 20:22:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/28 13:28:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/06/29 16:08:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lovyna\AppData\Roaming\Mozilla\Extensions
[2011/09/28 13:18:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lovyna\AppData\Roaming\Mozilla\Firefox\Profiles\7hpkn9su.default\extensions
[2011/09/28 13:18:18 | 000,000,000 | ---D | M] (WebMail Notifier) -- C:\Users\Lovyna\AppData\Roaming\Mozilla\Firefox\Profiles\7hpkn9su.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}
[2011/09/24 14:54:26 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Lovyna\AppData\Roaming\Mozilla\Firefox\Profiles\7hpkn9su.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2011/07/08 21:24:38 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Lovyna\AppData\Roaming\Mozilla\Firefox\Profiles\7hpkn9su.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/09/07 21:14:56 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Lovyna\AppData\Roaming\Mozilla\Firefox\Profiles\7hpkn9su.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/07/03 08:49:49 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Lovyna\AppData\Roaming\Mozilla\Firefox\Profiles\7hpkn9su.default\extensions\[email protected]
[2011/09/01 19:13:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/01 19:13:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/09/24 20:22:50 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
() (No name found) -- C:\USERS\LOVYNA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7HPKN9SU.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI
() (No name found) -- C:\USERS\LOVYNA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7HPKN9SU.DEFAULT\EXTENSIONS\{DCBD1271-D228-4082-9FBC-36D9B7660B03}.XPI
() (No name found) -- C:\USERS\LOVYNA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7HPKN9SU.DEFAULT\EXTENSIONS\[email protected]
[2011/07/04 03:08:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/09/28 13:28:22 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========


O1 HOSTS File: ([2011/09/26 19:26:38 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-1660640921-3098085042-3961922972-1000\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe ()
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PCMAgent] C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Lovyna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1660640921-3098085042-3961922972-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1660640921-3098085042-3961922972-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{662D9419-05B0-444A-B459-569214287EA8}: DhcpNameServer = 192.168.254.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Lovyna\Desktop\Photos\Jenn's stuff\Sleep-With-A-Teddy-Bear.jpg
O24 - Desktop BackupWallPaper: C:\Users\Lovyna\Desktop\Photos\Jenn's stuff\Sleep-With-A-Teddy-Bear.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/28 22:57:41 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Lovyna\Desktop\OTL.exe
[2011/09/27 19:00:29 | 020,196,744 | ---- | C] (Oracle Corporation) -- C:\Users\Lovyna\Desktop\jre-7-windows-i586.exe
[2011/09/27 15:22:59 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/09/27 00:30:03 | 000,000,000 | ---D | C] -- C:\Users\Lovyna\AppData\Roaming\Malwarebytes
[2011/09/27 00:29:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/27 00:29:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/09/27 00:29:56 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/09/27 00:29:56 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/09/27 00:15:32 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Lovyna\Desktop\mbam-setup-1.51.2.1300.exe
[2011/09/27 00:15:28 | 000,066,896 | ---- | C] (Malwarebytes Corporation) -- C:\Users\Lovyna\Desktop\mbam-clean.exe
[2011/09/26 19:33:23 | 000,000,000 | ---D | C] -- C:\Users\Lovyna\AppData\Local\temp
[2011/09/26 19:31:58 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/09/26 12:19:44 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/09/26 12:19:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/09/26 12:19:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/09/26 12:19:37 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/09/26 12:19:29 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/09/26 12:18:51 | 004,228,783 | R--- | C] (Swearware) -- C:\Users\Lovyna\Desktop\ComboFix.exe
[2011/09/25 12:53:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/24 20:23:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/09/24 20:23:12 | 000,320,856 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/09/24 20:23:12 | 000,020,568 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/09/24 19:58:44 | 000,034,392 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/09/24 19:58:42 | 000,052,568 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/09/24 19:39:24 | 000,442,200 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/09/24 19:39:23 | 000,054,616 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/09/24 19:38:55 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/09/24 19:38:55 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/09/24 19:11:49 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2011/09/12 14:51:18 | 000,000,000 | ---D | C] -- C:\Users\Lovyna\Documents\My Games
[2011/09/12 14:40:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
[2011/09/12 14:40:16 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll
[2011/09/12 14:05:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
[2011/09/12 14:05:16 | 000,000,000 | ---D | C] -- C:\Program Files\Elaborate Bytes
[2011/09/08 19:02:34 | 000,000,000 | ---D | C] -- C:\Users\Lovyna\AppData\Roaming\TOSHIBA
[2011/09/07 16:52:31 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/09/01 19:21:45 | 000,000,000 | ---D | C] -- C:\Users\Lovyna\AppData\Roaming\OpenOffice.org
[2011/09/01 19:15:37 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.3
[2011/09/01 19:14:30 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2011/09/01 19:13:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/09/01 19:13:21 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/09/01 19:13:21 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/09/01 19:13:20 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/09/01 19:13:20 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/09/01 19:09:56 | 000,000,000 | ---D | C] -- C:\Users\Lovyna\Desktop\OpenOffice.org 3.3 (en-US) Installation Files

========== Files - Modified Within 30 Days ==========

[2011/09/28 22:57:42 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Lovyna\Desktop\OTL.exe
[2011/09/28 14:08:56 | 000,000,680 | ---- | M] () -- C:\Users\Lovyna\AppData\Local\d3d9caps.dat
[2011/09/27 19:07:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/27 19:06:49 | 224,652,017 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/09/27 19:05:48 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/27 19:05:48 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/27 19:01:20 | 020,196,744 | ---- | M] (Oracle Corporation) -- C:\Users\Lovyna\Desktop\jre-7-windows-i586.exe
[2011/09/27 00:29:59 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/27 00:12:58 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Lovyna\Desktop\mbam-setup-1.51.2.1300.exe
[2011/09/27 00:11:34 | 000,066,896 | ---- | M] (Malwarebytes Corporation) -- C:\Users\Lovyna\Desktop\mbam-clean.exe
[2011/09/26 19:26:38 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/09/26 12:18:06 | 004,228,783 | R--- | M] (Swearware) -- C:\Users\Lovyna\Desktop\ComboFix.exe
[2011/09/24 21:39:32 | 003,772,904 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/09/24 20:23:13 | 000,001,840 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/09/24 20:23:07 | 000,000,000 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/09/12 14:40:19 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Fable - The Lost Chapters.lnk
[2011/09/12 14:09:17 | 000,598,588 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/09/12 14:09:17 | 000,102,194 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/09/12 14:05:49 | 000,001,054 | ---- | M] () -- C:\Users\Public\Desktop\Virtual CloneDrive.lnk
[2011/09/06 15:45:29 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/09/06 15:45:29 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/09/06 15:38:05 | 000,442,200 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/09/06 15:37:53 | 000,320,856 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/09/06 15:36:38 | 000,034,392 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/09/06 15:36:36 | 000,052,568 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/09/06 15:36:26 | 000,054,616 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/09/06 15:36:12 | 000,020,568 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/09/01 19:22:06 | 000,001,039 | ---- | M] () -- C:\Users\Lovyna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
[2011/09/01 19:15:38 | 000,000,985 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk
[2011/09/01 19:12:57 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/09/01 19:12:57 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/09/01 19:12:57 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/09/01 19:12:57 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2011/09/27 00:29:59 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/26 12:19:44 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/09/26 12:19:43 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/09/26 12:19:43 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/09/26 12:19:43 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/09/26 12:19:43 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/09/26 00:13:24 | 000,302,592 | ---- | C] () -- C:\Users\Lovyna\Desktop\gmer.exe
[2011/09/24 20:23:13 | 000,001,840 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/09/12 14:40:19 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Fable - The Lost Chapters.lnk
[2011/09/12 14:27:17 | 2316,290,048 | ---- | C] () -- C:\Users\Lovyna\Desktop\Fable The Lost Chapters.iso
[2011/09/12 14:05:49 | 000,001,054 | ---- | C] () -- C:\Users\Public\Desktop\Virtual CloneDrive.lnk
[2011/09/01 19:22:06 | 000,001,039 | ---- | C] () -- C:\Users\Lovyna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
[2011/09/01 19:15:38 | 000,000,985 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk
[2011/08/03 14:54:51 | 000,008,351 | ---- | C] () -- C:\Users\Lovyna\AppData\Roaming\PStrip.bko
[2011/08/03 14:19:59 | 000,009,591 | ---- | C] () -- C:\Users\Lovyna\AppData\Roaming\PStrip.bk!
[2011/08/03 14:19:53 | 000,009,568 | ---- | C] () -- C:\Users\Lovyna\AppData\Roaming\PStrip.bak
[2011/08/03 14:18:03 | 000,009,591 | ---- | C] () -- C:\Users\Lovyna\AppData\Roaming\PStrip.ini
[2011/08/03 14:15:48 | 000,000,063 | ---- | C] () -- C:\Windows\wininit.ini
[2011/07/06 20:37:19 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/07/06 20:36:50 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/07/06 20:36:50 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/07/06 19:51:08 | 000,000,680 | ---- | C] () -- C:\Users\Lovyna\AppData\Local\d3d9caps.dat
[2011/07/02 19:24:38 | 000,008,704 | ---- | C] () -- C:\Users\Lovyna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/29 18:08:49 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2011/06/29 18:08:49 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2011/06/29 18:08:49 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2011/06/29 18:08:49 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2011/06/29 17:55:29 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2011/06/29 17:55:29 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2011/06/29 17:55:29 | 000,144,773 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/06/29 15:51:37 | 000,000,067 | ---- | C] () -- C:\Windows\swupdate.INI
[2011/06/29 15:35:52 | 000,000,016 | RHS- | C] () -- C:\Windows\System32\drivers\fbd.sys
[2011/06/29 15:35:51 | 000,000,007 | RHS- | C] () -- C:\Windows\System32\drivers\taishop.sys
[2009/03/05 06:54:58 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2008/02/13 01:34:21 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/02/13 01:00:09 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008/02/13 01:00:09 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008/02/13 01:00:09 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008/02/13 01:00:09 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008/02/13 01:00:09 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008/02/13 01:00:09 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008/02/13 00:38:47 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/02/13 00:35:26 | 000,000,852 | ---- | C] () -- C:\Windows\System32\drivers\RTKHDRC1.dat
[2008/02/13 00:35:26 | 000,000,852 | ---- | C] () -- C:\Windows\System32\drivers\RTKHDRC0.dat
[2008/02/13 00:35:26 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2008/02/13 00:35:26 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2008/02/13 00:35:26 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
[2008/02/13 00:35:26 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2008/02/13 00:12:13 | 000,157,040 | ---- | C] () -- C:\Windows\fdbpinger.exe
[2008/01/28 20:01:42 | 000,057,344 | ---- | C] () -- C:\Windows\System32\SmartFaceVCapt.dll
[2008/01/28 20:01:06 | 000,471,040 | ---- | C] () -- C:\Windows\System32\SmartFaceVCP.dll
[2008/01/28 19:53:02 | 006,701,056 | ---- | C] () -- C:\Windows\System32\FaceHI.dll
[2008/01/28 19:53:02 | 000,995,328 | ---- | C] () -- C:\Windows\System32\FaceRec.dll
[2008/01/28 19:53:02 | 000,126,976 | ---- | C] () -- C:\Windows\System32\SmartFaceVCtrl.dll
[2008/01/28 19:52:28 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IppLib.dll
[2007/12/21 19:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/10 08:08:50 | 000,024,064 | ---- | C] () -- C:\Windows\System32\drivers\ATITool.sys
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 003,772,904 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,598,588 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,102,194 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 12:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/07/23 00:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

< End of report >
  • 0

#25
Daclivont

Daclivont

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
And the Extras:

OTL Extras logfile created on: 9/28/2011 10:58:09 PM - Run 5
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Lovyna\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.20 Gb Available Physical Memory | 41.95% Memory free
5.99 Gb Paging File | 4.53 Gb Available in Paging File | 75.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 184.84 Gb Total Space | 106.06 Gb Free Space | 57.38% Space Free | Partition Type: NTFS

Computer Name: LOVYNA-PC | User Name: Lovyna | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1660640921-3098085042-3961922972-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- ()


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A3A4721F-BE5F-474C-A93C-198C277FA9F1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{D9EA707F-F813-452B-BE74-176793365C63}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{F1580E65-45E8-454D-B4CA-13ED1672E7AC}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1A99E1DC-1D79-4087-97E2-8D3488419D53}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{1FE144A0-CF7E-4600-8502-557BB1C76958}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{25355C04-5610-4559-9C75-E55AF5F16E1F}" = protocol=17 | dir=in | app=c:\nexon\dragonnest\dragonnest.exe |
"{336F459C-DD0C-47FB-B671-E96E07F75E4A}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{49329B9E-8558-4AE2-8C88-4348587AEEA7}" = protocol=6 | dir=in | app=c:\nexon\dragonnest\dragonnest.exe |
"{548C2620-C10C-4F68-929D-201941E2123C}" = protocol=6 | dir=in | app=c:\nexon\dragonnest\dragonnest.exe |
"{5519375F-7C88-40B2-98D9-91FC8276C938}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{702FD9C0-2CB0-4664-89B2-099478065770}" = protocol=17 | dir=in | app=c:\nexon\dragonnest\dragonnest.exe |
"{707EEB27-A9B0-4A0D-AFCB-A78DB8DEE588}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{7DE3F918-8D69-41D4-99C3-88D389826E89}" = dir=in | app=c:\program files\cyberlink\powercinema for toshiba\kernel\dms\clmsservice.exe |
"{806D78B3-015C-4722-9DB5-A35C81FBB93D}" = dir=in | app=c:\program files\cyberlink\powercinema for toshiba\powercinema.exe |
"{83746B81-08E5-4D7C-B92C-71490DB0B799}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{8490E4C0-4E01-47B9-A492-FBA04035FFA9}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{88B27F11-CED9-4317-9A2E-E99D2221FE34}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{97F605A1-696C-4D04-9CA5-0BF4750DC9A5}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{D330AA29-AFA5-473D-A2B3-EEBA8FD180C8}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{D65BA80A-4847-49F9-8154-3AAD5008E39B}" = dir=in | app=c:\program files\cyberlink\powercinema for toshiba\pcmservice.exe |
"{DCA8A43A-DE32-453F-A9E9-3AA68B70DDE3}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{E5A432BE-8D07-4FAB-AAA5-71594CA7E939}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{FB9826A3-C8DD-40FC-8CA4-24624870C415}" = dir=in | app=c:\program files\cyberlink\powercinema for toshiba\kernel\dmp\clbrowserengine.exe |
"{FF4926E6-FDC3-462B-8AB4-92B5DFAA2425}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"TCP Query User{75397071-B3A0-490D-98C7-376636A2C2CA}C:\program files\steam\steamapps\lovynaa\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\lovynaa\team fortress 2\hl2.exe |
"UDP Query User{47E245B5-28C5-4AD4-A5F6-2384C409F2DD}C:\program files\steam\steamapps\lovynaa\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\lovynaa\team fortress 2\hl2.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{062ABD24-47F8-D865-BCB6-A724A94BC9A5}" = CCC Help Japanese
"{06F2B3DC-74F4-300D-D41A-B21B46101CA2}" = Skins
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0A573F30-FB63-9A85-2E6E-39E1AC5366D0}" = Catalyst Control Center Localization Hungarian
"{0A9F311E-A4B9-4808-1D1C-0B2E7705A735}" = Catalyst Control Center Localization Spanish
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F15A965-99BA-BC9D-5A00-D7E1E7B2AE7F}" = Catalyst Control Center Localization French
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{14FEF8C7-0EB1-47F2-6A13-D43171D4DFBB}" = Catalyst Control Center Localization Greek
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{1D4D4C5C-6771-A416-0FC9-167F47C4D977}" = Catalyst Control Center Localization Polish
"{1E32C2AB-9722-5F41-7BDE-24B5AFD2BCE6}" = CCC Help Spanish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{21AEC16B-1C21-81B4-DA88-2235CC1F7E39}" = Catalyst Control Center Localization Japanese
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema for TOSHIBA
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 22
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{288306FF-D5B5-7398-0617-E52F625C6797}" = CCC Help Norwegian
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{2E295B5B-1AD4-4d36-97C2-A316084722CF}" = Python 2.7.2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{397AC65E-CB4A-29C2-ACF9-D04444438971}" = Catalyst Control Center Localization Thai
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B96A467-811C-F9FE-B8D6-3BC952025F44}" = Catalyst Control Center Localization Dutch
"{3BEEC9AD-FA8F-B413-6BBC-8B5DC7C8E08F}" = Catalyst Control Center Localization Portuguese
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{45ECDC05-71AC-6372-2A17-4139B6296F4F}" = ccc-core-static
"{480C3278-56A7-3F05-3829-6DC5D4B0CB06}" = CCC Help Portuguese
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{4CA4D9FC-212C-9F69-E760-DB4BEB34FEB5}" = CCC Help Thai
"{4DE0D937-FEB0-0D89-C8D6-35F600300BD4}" = CCC Help French
"{526B6DD3-0C43-2C13-7DF8-44D20D4E9853}" = CCC Help English
"{544587B1-B057-F0B3-7B19-6898ADBED9AC}" = Catalyst Control Center Localization Czech
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{571C0874-A931-EEFE-E89D-8F912F633B9F}" = CCC Help Danish
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5D90E53A-BD7C-8F32-9B82-7733D0F0BC8E}" = Adobe Download Assistant
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{63427619-C918-6F3C-7318-11DDA4975241}" = ATI Catalyst Install Manager
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{648B4A01-F609-1D4E-556C-0F18B54E9E1C}" = Catalyst Control Center Localization Italian
"{64F18837-72CE-DC38-899C-260AF20F979A}" = CCC Help Swedish
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{69C82DDB-3FBC-EBEC-AE0A-3ABF1F3BD39B}" = CCC Help Polish
"{6C530FF7-F6F2-FD4C-0CFC-49AD3E7244A9}" = Catalyst Control Center Localization Turkish
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6CA2BE46-A562-8CA4-1C33-CC2681B2DDA1}" = CCC Help Finnish
"{6DBBEC03-716B-7954-873A-B782100831C5}" = Catalyst Control Center Graphics Full New
"{70BCBA77-83D9-2075-1F99-69D65C44B422}" = Catalyst Control Center Graphics Full Existing
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{78E6BC53-F765-2629-C028-9F3CD49F70D4}" = CCC Help Chinese Standard
"{7ECE1045-66CB-2A70-7EAE-BE508AF95CF2}" = Catalyst Control Center Graphics Previews Vista
"{81F93FA5-BA87-322F-2166-4D1F0FFE196E}" = CCC Help Greek
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{8376FC56-5456-DFF9-5C36-FAB3DE39F5DF}" = Catalyst Control Center Localization Norwegian
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{85B3880D-F0D2-A50C-1464-7EF646A1D21D}" = Catalyst Control Center Localization Danish
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D0957A4-8EE7-E273-0BFC-9B235BEAA41A}" = CCC Help Dutch
"{8D44F868-DA59-B1BF-CC33-58B0AF8E2E39}" = Catalyst Control Center Localization Chinese Traditional
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A3F65CA-78FA-4749-004B-23743CF642D1}" = Catalyst Control Center Localization Korean
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A5B13934-D1C9-D33B-982E-BB09A19C0F90}" = Catalyst Control Center Localization Finnish
"{A60F4402-4CCE-E695-64C6-F0636ACC347F}" = CCC Help Italian
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A91A0484-8087-A838-9BA6-03374BE3F2CE}" = Catalyst Control Center Localization Russian
"{AA725670-A7B4-D1B0-4EF5-F4B2E418C9F4}" = Catalyst Control Center Localization German
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{ADBE6E56-60E7-7FC3-467A-827987BE09CE}" = Catalyst Control Center Localization Swedish
"{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}" = Atheros Wi-Fi Protected Setup Library
"{B1819DF7-D6B1-27AA-3A3B-6560C348C386}" = Catalyst Control Center Core Implementation
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B9CD69C2-D14E-C499-C18B-7342E5FE245E}" = Catalyst Control Center Localization Chinese Standard
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D58A1E94-9EEA-4C6E-B9FB-D7C63DC6C941}" = Catalyst Control Center - Branding
"{D8F9F4CB-41A1-CF15-39A2-75F28E0B9991}" = CCC Help Korean
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DDA258BA-57D9-A76C-84CB-F19571A45FC8}" = ccc-utility
"{DF73BEDD-8A09-A6E2-462B-3BDF398BAFB2}" = CCC Help Czech
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E70A3EE1-067D-8C6C-1C89-9F3A1BA4CF2C}" = Catalyst Control Center Graphics Light
"{E87A8D96-5795-A788-18A2-3BCC20B09E7C}" = CCC Help Chinese Traditional
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EB295AF7-C2D1-D911-9E62-F288874B96F4}" = CCC Help Turkish
"{EBCD5E4C-F14A-B147-39FE-906F75AC4ACE}" = CCC Help Russian
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F36D6137-FD4C-1F67-7B2A-815BB05BB825}" = CCC Help German
"{F84C1DC6-4B39-1A34-AD6E-A6EE49A3DD78}" = CCC Help Hungarian
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"7-Zip" = 7-Zip 9.20
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"ATITool" = ATITool Overclocking Utility
"avast" = avast! Free Antivirus
"BitTorrent" = BitTorrent
"BitTorrentBar Toolbar" = BitTorrentBar Toolbar
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"conduitEngine" = Conduit Engine
"DragonNest" = DragonNest
"ESET Online Scanner" = ESET Online Scanner v3
"File Shredder_is1" = File Shredder 2.0
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema for TOSHIBA
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 7.0 (x86 en-US)" = Mozilla Firefox 7.0 (x86 en-US)
"Picasa2" = Picasa 2
"PROHYBRIDR" = 2007 Microsoft Office system
"Steam App 440" = Team Fortress 2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"VirtualCloneDrive" = VirtualCloneDrive
"WildTangent toshiba Master Uninstall" = TOSHIBA Games
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinGimp-2.0_is1" = GIMP 2.6.11

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/24/2011 8:34:29 PM | Computer Name = Lovyna-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 9/24/2011 8:34:30 PM | Computer Name = Lovyna-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 9/24/2011 8:34:30 PM | Computer Name = Lovyna-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 9/24/2011 8:34:30 PM | Computer Name = Lovyna-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 9/24/2011 8:34:30 PM | Computer Name = Lovyna-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 9/24/2011 8:34:30 PM | Computer Name = Lovyna-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 9/24/2011 8:34:30 PM | Computer Name = Lovyna-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 9/24/2011 8:34:31 PM | Computer Name = Lovyna-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 9/24/2011 8:34:31 PM | Computer Name = Lovyna-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 9/24/2011 8:52:51 PM | Computer Name = Lovyna-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 7/20/2011 11:48:16 AM | Computer Name = Lovyna-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 7/20/2011 11:48:16 AM | Computer Name = Lovyna-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 7/20/2011 11:48:16 AM | Computer Name = Lovyna-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 7/20/2011 11:48:19 AM | Computer Name = Lovyna-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 7/20/2011 11:48:19 AM | Computer Name = Lovyna-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 7/20/2011 11:48:19 AM | Computer Name = Lovyna-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 7/20/2011 11:48:19 AM | Computer Name = Lovyna-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 7/20/2011 11:48:19 AM | Computer Name = Lovyna-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 7/20/2011 11:49:36 AM | Computer Name = Lovyna-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 7/20/2011 11:49:36 AM | Computer Name = Lovyna-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =


< End of report >
  • 0

Advertisements


#26
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Would you mind reminding me what happens when you attempt to boot normally?
  • 0

#27
Daclivont

Daclivont

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
I get to the log in screen then when I choose the account I get a BSOD.
  • 0

#28
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi!

Thanks for the reminder. Let me give you an OTL fix to run for me, then I'd like to have you grab the BSOD information for me.

OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    SRV - (CLTNetCnService) -- File not found
    FF - prefs.js..network.proxy.http: "127.0.0.1"
    FF - prefs.js..network.proxy.http_port: 50687
    FF - prefs.js..network.proxy.type: 0
    [2011/09/01 19:13:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1660640921-3098085042-3961922972-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
    
    :Reg
    
    :Files
    echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



We Need to Diagnose Your BlueScreen
  • When you boot your machine, press F8 to list the startup options, exactly as you would if you were trying to enter Safe Mode
  • Select "Disable Automatic Restart on System Failure", as shown here:
    Posted Image
  • When your system BSODs, write down the STOP error code, as well as any written out error message back here. The STOP error will always appear, but the message may not. You are looking for this:
    Posted Image

  • 0

#29
Daclivont

Daclivont

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
Here's the results of the OTL fix.

All processes killed
========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
========== OTL ==========
Service CLTNetCnService stopped successfully!
Service CLTNetCnService deleted successfully!
File File not found not found.
Prefs.js: "127.0.0.1" removed from network.proxy.http
Prefs.js: 50687 removed from network.proxy.http_port
Prefs.js: 0 removed from network.proxy.type
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
Folder move failed. C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale scheduled to be moved on reboot.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\content folder moved successfully.
Folder move failed. C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeCS5.5ServiceManager deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-21-1660640921-3098085042-3961922972-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
========== REGISTRY ==========
========== FILES ==========
< echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c >
Are you sure (Y/N)?processed file: C:\Windows\system32\drivers\etc\hosts
C:\Users\Lovyna\Desktop\cmd.bat deleted successfully.
C:\Users\Lovyna\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Lovyna\Desktop\cmd.bat deleted successfully.
C:\Users\Lovyna\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Lovyna
->Temp folder emptied: 93538 bytes
->Temporary Internet Files folder emptied: 398700 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 51087588 bytes
->Flash cache emptied: 792 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 66623515 bytes
RecycleBin emptied: 582656 bytes

Total Files Cleaned = 113.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: Lovyna
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.29.1 log created on 09282011_231919
  • 0

#30
Daclivont

Daclivont

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
And the BSOD only gave the Stop code of 0x0000008E
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP