Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

HELP! Trojan horse Dropper.Generic5.BPL


  • Please log in to reply

#1
tornto

tornto

    New Member

  • Member
  • Pip
  • 3 posts
Hi, I was hoping someone here would be able to help me. I was away for a few weeks and let my brother use my laptop and when I came back I went to clear his junk and scan my system and 2 Trojan horse Dropper.Generic5.BPL came up, named
C:\Windows\SysWOW64\tqquery.dll
C:\Windows\SysWOW64\NlsLeexicons000d.ddl

Ive tried googling it but nothing has come up at all. Im worried that if I try to erase them it will crash my system. Does anyone know if these can safely be removed without damage to my startup/computer?

Im not very computer savvy so basic terms only please. lol

Hoping someone out there can help me
  • 0

Advertisements


#2
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hello tornto and welcome to GeeksToGo :)

I'm GLeobas and I'm going to help you fix your problem.

Please note that I'm currently in training and my posts have to be approved by an expert before I reply.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
  • Please do not try to fix anything without being asked
  • I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread.
  • I am currently reviewing your logs.

  • 0

#3
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • In Extra Registry, select Use SafeList
  • Under the Custom Scan box paste this in
    netsvcs
    msconfig
    %SYSTEMDRIVE%\*.*
    %systemdrive%\drivers\*.exe
    %systemroot%\system32\drivers\*.* /90
    %PROGRAMFILES%\*.*
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    C:\Windows\assembly\tmp\U /s
    HKLM\SOFTWARE\CLIENTS\Startmenuinternet|command /rs
    HKLM\SOFTWARE\CLIENTS\Startmenuinternet|command /64 /rs
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

  • 0

#4
tornto

tornto

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
OTL Extras logfile created on: 1/23/2012 8:04:16 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Lulu\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.60 Gb Total Physical Memory | 1.85 Gb Available Physical Memory | 51.35% Memory free
7.20 Gb Paging File | 4.99 Gb Available in Paging File | 69.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 435.74 Gb Total Space | 161.82 Gb Free Space | 37.14% Space Free | Partition Type: NTFS
Drive E: | 35.03 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 1.89 Gb Total Space | 0.52 Gb Free Space | 27.51% Space Free | Partition Type: FAT

Computer Name: LULU-PC | User Name: Lulu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2965203062-2431539423-359020578-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{07717286-5B65-DB40-FC03-4C5DD8B8DB20}" = WMV9/VC-1 Video Playback
"{0AFFEA39-60AF-4C4F-BB47-4A1F7CB12129}" = HP Deskjet F4500 All-in-One Driver Software 14.0 Rel. 6
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1A096498-9B17-44AD-CA91-C59D6A71FD3F}" = ccc-utility64
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety
"{229C190B-7690-40B7-8680-42530179F3E9}" = TOSHIBA Bulletin Board
"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"{41B19F41-8A6F-4422-AD69-CF3B408F382C}" = AVG 2012
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6D830209-41C2-4D6B-BA25-4EF98807D9FB}" = AVG 2012
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9545E9DB-6F4C-4404-BF25-E221BE8B44C5}" = iTunes
"{B31259CC-9A89-49BA-BB4F-3C4136A071E3}" = IconHandler 64 bit
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer
"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{EA90572A-D706-112F-F821-D49F337B9A7B}" = ATI Catalyst Install Manager
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"781745E87AFF80C0C1388CFF79D19ECAB2E9BB47" = Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
"AVG" = AVG 2012
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Elantech" = ETDWare PS/2-X64 8.0.8.0_R01
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"Shop for HP Supplies" = Shop for HP Supplies

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{EAB6F4ED-B18D-4BF5-B18E-3C7921560EC4}" = Corel Painter Sketch Pad
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{00D6C191-50A2-4D9C-9285-1817D8420FB6}" = IPM
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{073B89C3-BA88-41B5-965F-B35A88EAE838}" = TOSHIBA Supervisor Password
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{11E0AC7D-6822-4F67-865F-EE1C13D28C38}" = QuickBooks Pro 2011
"{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}" = BlackBerry Device Software Updater
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{190A9F41-85D0-CDB3-AA2D-A076D30953C9}" = Catalyst Control Center Graphics Previews Common
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1CC59E4A-A43D-FA88-E26E-568632554FDC}" = CCC Help Thai
"{1D70AABC-CB59-4700-A708-EA56D1CA07B0}" = QuickBooks
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2376AAB2-F4D9-48D7-A42B-4E80B8967A8B}" = F4500
"{2437DF07-D3CB-4D85-8397-ED8AE9ED26D5}" = LeapFrog Tag Junior Plugin
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v1.5.1.2903
"{268D11DC-41C8-02BC-A2F7-A127A7BB5CE3}" = Catalyst Control Center Localization All
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2C303EE0-A595-3543-A71A-931C7AC40EDE}" = Microsoft Primary Interoperability Assemblies 2005
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{30B5D9AB-BBEF-204C-3358-3F9D975E59A7}" = CCC Help Dutch
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{32316F59-00E5-FEED-D70C-7A5BA05E5608}" = ccc-core-static
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{342126E1-173C-4585-BFBE-3EBDD20E3E9E}" = Mobipocket Reader 6.2
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3EE9FFB6-F2FD-3A11-27E7-6A86A5A08EC0}" = CCC Help Spanish
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A38D588-649B-1EB1-6A57-75B45C33B7F3}" = CCC Help French
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5BD093B2-58E6-467D-99E4-E88A5FFC412C}" = Painter Sketch Pad
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{61B3CAF9-0C8A-4390-AE72-D6B90FB71C17}" = Serif CraftArtist Professional
"{63DEFBAD-3265-AD54-E29E-9D2862F2A549}" = CCC Help Chinese Traditional
"{66A722B4-C3A4-4599-A1AF-AAF8E808AF5D}" = calibre
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{72F6D9F1-98C4-473F-A540-ECDCEB6D3D76}" = Registration
"{73833816-D0FB-A4A0-1E8D-26B1ABE12836}" = CCC Help Portuguese
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{75157F34-02C6-4831-BD66-3BC49E7A8394}" = BlackBerry Desktop Software 6.1
"{75396B8A-2911-D9A1-A608-B4EB3A2CD37C}" = CCC Help Danish
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{80F696E0-AB85-433E-99E3-8CC6D98CF167}" = TOSHIBA ConfigFree
"{81230599-8908-7D96-2B59-91B13738CC0D}" = CCC Help Finnish
"{8328BF7C-818B-9D36-BA79-0D5BE45620F0}" = CCC Help Chinese Standard
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{85498904-0748-45AA-9482-6DB8EA971B91}" = DJ_AIO_06_F4500_SW_MIN
"{8932E88F-DD0E-9AD4-1C7F-B3A570A02EB6}" = CCC Help Korean
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8C7D5970-4345-91BA-1581-167DEB552F65}" = CCC Help German
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8DE03F6E-FCD2-4497-A8FF-F6C4430618B6}" = BlackBerry App World Browser Plugin
"{8E95E884-5F00-3046-02CA-ABC28C6BBD44}" = CCC Help Greek
"{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}" = TOSHIBA Hardware Setup
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FD03154-3788-0AB2-9BE7-3F62A860F38F}" = CCC Help Japanese
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B76FA03-3D4A-81A1-1868-10E00020260F}" = CCC Help Hungarian
"{9BE466FF-70B7-4DA8-807C-DB4C3610FDAA}" = Copy
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A0DB4A2B-5AD0-310D-FFA3-50E749FF8305}" = CCC Help Norwegian
"{A3BB948E-71DF-F10D-2441-16BC8A61E225}" = CCC Help English
"{A5E85D15-785C-518C-B32C-EE2F70AFF121}" = CCC Help Italian
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B3CBABCC-5027-F2AD-B26F-3CA1500DAEE2}" = CCC Help Polish
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8B57F0F-1582-CA83-A51D-26B5A542623A}" = CCC Help Russian
"{C98C1CA9-FF57-CA5F-84A8-F2F270F3735B}" = CCC Help Swedish
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D52D6149-26AE-13D4-8ED8-BE6913136D77}" = Catalyst Control Center InstallProxy
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.12.327
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E7562F88-BDCC-44D3-9C6B-313FC43052B7}" = IconHandler 32 bit
"{EAB6F4ED-B18D-4BF5-B18E-3C7921560EC4}" = Corel SketchPad - ICA
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0BACABE-F496-5F33-6E36-80D7A9FC2FE6}" = CCC Help Czech
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F9D59E62-845F-49A2-8B75-DDB00661673C}" = LeapFrog Connect
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FB90923E-F94F-4343-A084-F0AB39305C8B}" = Catalyst Control Center - Branding
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"70DBDBEB-13B3-4415-8616-7CA65C44EEF6_is1" = DownloadX ActiveX Download Control 1.5.2
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"BitTorrent" = BitTorrent
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
"Comical_is1" = Comical 0.8
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"DivX Setup.divx.com" = DivX Setup
"Free Disc Burner_is1" = Free Disc Burner version 3.0.7.1123
"HP Photo Creations" = HP Photo Creations
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{229C190B-7690-40B7-8680-42530179F3E9}" = TOSHIBA Bulletin Board
"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"InterActual Player" = InterActual Player
"jZip" = jZip
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.7.0 (Basic)
"Mozilla Firefox (3.6.14)" = Mozilla Firefox (3.6.14)
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"PhotoScape" = PhotoScape
"RealPlayer 12.0" = RealPlayer
"Screen Clean Screensaver" = Screen Clean Screensaver
"Sure Cuts A Lot 2_is1" = Sure Cuts A Lot 2.043
"TagJuniorPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Junior Plugin)
"UPCShell" = LeapFrog Connect
"WIND" = WIND
"WinLiveSuite" = Windows Live Essentials
"Xvid_is1" = Xvid 1.2.2 final uninstall

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2965203062-2431539423-359020578-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/22/2012 12:56:24 PM | Computer Name = Lulu-PC | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 1/22/2012 12:56:50 PM | Computer Name = Lulu-PC | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro Plus 2011": LicenseUtility::`anonymous-namespace'::LicenseUtilityImp::getProductMode:
Product mode not fou

Error - 1/23/2012 5:26:01 AM | Computer Name = Lulu-PC | Source = Application Error | ID = 1000
Description = Faulting application name: plugin-container.exe, version: 1.9.2.4066,
time stamp: 0x4d5f1fa5 Faulting module name: ntdll.dll, version: 6.1.7600.16695,
time stamp: 0x4cc7ab86 Exception code: 0xc0000005 Fault offset: 0x00022262 Faulting
process id: 0x93c Faulting application start time: 0x01ccd974a774d2aa Faulting application
path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe Faulting module
path: C:\windows\SysWOW64\ntdll.dll Report Id: 439aaaa4-45a4-11e1-aa3f-001e101f8924

Error - 1/23/2012 10:25:35 AM | Computer Name = Lulu-PC | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 1/23/2012 10:25:35 AM | Computer Name = Lulu-PC | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 1/23/2012 10:25:35 AM | Computer Name = Lulu-PC | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 1/23/2012 10:25:57 AM | Computer Name = Lulu-PC | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro Plus 2011": LicenseUtility::`anonymous-namespace'::LicenseUtilityImp::getProductMode:
Product mode not fou

Error - 1/23/2012 12:56:25 PM | Computer Name = Lulu-PC | Source = Application Error | ID = 1000
Description = Faulting application name: ICQ7.exe, version: 14.0.0.162, time stamp:
0x4626b2f4 Faulting module name: MoveIt.dll_unloaded, version: 0.0.0.0, time stamp:
0x4ee6373f Exception code: 0xc0000005 Fault offset: 0x7428cf4e Faulting process id:
0xf50 Faulting application start time: 0x01ccd9efca659696 Faulting application path:
C:\Users\Lulu\AppData\Local\Temp\{C3EE92ED-FC8B-4B7E-875A-73CB14DBAEF2}\ICQ7.exe
Faulting
module path: MoveIt.dll Report Id: 2f063a72-45e3-11e1-8390-001e101fa1f5

Error - 1/23/2012 3:29:16 PM | Computer Name = Lulu-PC | Source = Application Hang | ID = 1002
Description = The program FreeDiscBurner.exe version 3.0.7.1123 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 944 Start
Time: 01ccda03c9aebe43 Termination Time: 27 Application Path: C:\Program Files (x86)\DVDVideoSoft\Free
Disc Burner\FreeDiscBurner.exe Report Id: 7fbb240f-45f8-11e1-8390-001e101fa1f5

Error - 1/23/2012 4:27:14 PM | Computer Name = Lulu-PC | Source = Application Hang | ID = 1002
Description = The program FreeDiscBurner.exe version 3.0.7.1123 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: a8c Start
Time: 01ccda099452e82d Termination Time: 15 Application Path: C:\Program Files (x86)\DVDVideoSoft\Free
Disc Burner\FreeDiscBurner.exe Report Id: 9e4169eb-4600-11e1-8390-001e101fa1f5

[ Media Center Events ]
Error - 4/30/2011 10:11:32 AM | Computer Name = Lulu-PC | Source = MCUpdate | ID = 0
Description = 10:11:20 AM - Error connecting to the internet. 10:11:21 AM - Unable
to contact server..

Error - 5/9/2011 4:44:17 PM | Computer Name = Lulu-PC | Source = MCUpdate | ID = 0
Description = 4:44:17 PM - Failed to retrieve MCEClientUX (Error: Unable to connect
to the remote server)

Error - 5/9/2011 4:44:29 PM | Computer Name = Lulu-PC | Source = MCUpdate | ID = 0
Description = 4:44:29 PM - Failed to retrieve SportsSchedule (Error: The remote
name could not be resolved: 'data.tvdownload.microsoft.com')

Error - 5/9/2011 4:44:45 PM | Computer Name = Lulu-PC | Source = MCUpdate | ID = 0
Description = 4:44:41 PM - Failed to retrieve SportsV2 (Error: The remote name could
not be resolved: 'data.tvdownload.microsoft.com')

Error - 5/11/2011 4:43:40 AM | Computer Name = Lulu-PC | Source = MCUpdate | ID = 0
Description = 4:43:36 AM - Error connecting to the internet. 4:43:36 AM - Unable
to contact server..

Error - 5/17/2011 8:19:07 PM | Computer Name = Lulu-PC | Source = MCUpdate | ID = 0
Description = 8:19:07 PM - Failed to retrieve Directory (Error: The remote name
could not be resolved: 'data.tvdownload.microsoft.com')

Error - 6/5/2011 5:41:11 PM | Computer Name = Lulu-PC | Source = MCUpdate | ID = 0
Description = 5:40:50 PM - Failed to retrieve SportsV2 (Error: Unable to connect
to the remote server)

Error - 6/20/2011 11:01:02 AM | Computer Name = Lulu-PC | Source = MCUpdate | ID = 0
Description = 11:00:54 AM - Error connecting to the internet. 11:00:54 AM - Unable
to contact server..

Error - 6/21/2011 2:06:57 PM | Computer Name = Lulu-PC | Source = MCUpdate | ID = 0
Description = 2:06:48 PM - Error connecting to the internet. 2:06:48 PM - Unable
to contact server..

Error - 6/24/2011 4:53:17 AM | Computer Name = Lulu-PC | Source = MCUpdate | ID = 0
Description = 4:53:11 AM - Error connecting to the internet. 4:53:11 AM - Unable
to contact server..

[ System Events ]
Error - 1/23/2012 6:18:20 PM | Computer Name = Lulu-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR4.

Error - 1/23/2012 6:18:20 PM | Computer Name = Lulu-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR4.

Error - 1/23/2012 6:18:20 PM | Computer Name = Lulu-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR4.

Error - 1/23/2012 6:18:20 PM | Computer Name = Lulu-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR4.

Error - 1/23/2012 6:18:20 PM | Computer Name = Lulu-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR4.

Error - 1/23/2012 6:18:20 PM | Computer Name = Lulu-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR4.

Error - 1/23/2012 6:18:20 PM | Computer Name = Lulu-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR4.

Error - 1/23/2012 6:18:20 PM | Computer Name = Lulu-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR4.

Error - 1/23/2012 6:18:20 PM | Computer Name = Lulu-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR4.

Error - 1/23/2012 6:18:20 PM | Computer Name = Lulu-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR4.


< End of report >
  • 0

#5
tornto

tornto

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
OTL logfile created on: 1/23/2012 8:04:16 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Lulu\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.60 Gb Total Physical Memory | 1.85 Gb Available Physical Memory | 51.35% Memory free
7.20 Gb Paging File | 4.99 Gb Available in Paging File | 69.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 435.74 Gb Total Space | 161.82 Gb Free Space | 37.14% Space Free | Partition Type: NTFS
Drive E: | 35.03 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 1.89 Gb Total Space | 0.52 Gb Free Space | 27.51% Space Free | Partition Type: FAT

Computer Name: LULU-PC | User Name: Lulu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/23 19:50:23 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Lulu\Desktop\OTL.exe
PRC - [2012/01/19 15:41:15 | 000,909,152 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
PRC - [2012/01/19 15:41:13 | 000,939,872 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2011/12/03 01:22:12 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2011/11/12 12:04:12 | 000,268,640 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2011/11/12 11:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/04/20 20:07:58 | 000,514,048 | ---- | M] () -- C:\Program Files (x86)\WIND\WIND.exe
PRC - [2011/04/20 20:07:45 | 000,218,624 | ---- | M] () -- C:\ProgramData\WIND\OnlineUpdate\ouc.exe
PRC - [2011/03/21 13:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/03/14 00:55:32 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2011/03/02 00:25:36 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/02/18 10:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2010/11/16 08:37:30 | 000,230,912 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
PRC - [2010/11/02 15:01:58 | 002,475,384 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\Toshiba\TOSHIBA Web Camera Application\TWebCamera.exe
PRC - [2010/09/30 16:51:58 | 001,156,384 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2010/09/30 16:51:04 | 001,178,400 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE
PRC - [2010/09/30 10:52:42 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2010/09/17 16:04:30 | 001,251,840 | ---- | M] () -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
PRC - [2010/09/14 05:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/09/14 05:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/08/31 23:26:04 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010/06/03 19:09:00 | 000,304,560 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
PRC - [2010/02/28 05:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
PRC - [2009/07/28 23:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2009/03/10 21:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2007/07/24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/19 15:41:13 | 000,939,872 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2011/09/14 09:19:06 | 008,500,224 | ---- | M] () -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtGui4.dll
MOD - [2011/09/14 09:19:06 | 002,348,544 | ---- | M] () -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtCore4.dll
MOD - [2011/04/20 20:07:58 | 000,514,048 | ---- | M] () -- C:\Program Files (x86)\WIND\WIND.exe
MOD - [2011/04/20 20:07:46 | 009,515,520 | ---- | M] () -- C:\Program Files (x86)\WIND\QtGui4.dll
MOD - [2011/04/20 20:07:46 | 002,415,104 | ---- | M] () -- C:\Program Files (x86)\WIND\QtCore4.dll
MOD - [2011/04/20 20:07:46 | 001,148,416 | ---- | M] () -- C:\Program Files (x86)\WIND\QtNetwork4.dll
MOD - [2011/04/20 20:07:46 | 000,781,824 | ---- | M] () -- C:\Program Files (x86)\WIND\SMSUIPlugin.dll
MOD - [2011/04/20 20:07:46 | 000,670,720 | ---- | M] () -- C:\Program Files (x86)\WIND\SmsAppPlugin.dll
MOD - [2011/04/20 20:07:46 | 000,545,280 | ---- | M] () -- C:\Program Files (x86)\WIND\PluginContainer.dll
MOD - [2011/04/20 20:07:46 | 000,449,536 | ---- | M] () -- C:\Program Files (x86)\WIND\NetInfoUIExPlugin.dll
MOD - [2011/04/20 20:07:46 | 000,379,392 | ---- | M] () -- C:\Program Files (x86)\WIND\Proxy.dll
MOD - [2011/04/20 20:07:46 | 000,370,176 | ---- | M] () -- C:\Program Files (x86)\WIND\plugins\imageformats\qtiff4.dll
MOD - [2011/04/20 20:07:46 | 000,350,720 | ---- | M] () -- C:\Program Files (x86)\WIND\plugins\imageformats\qmng4.dll
MOD - [2011/04/20 20:07:46 | 000,319,488 | ---- | M] () -- C:\Program Files (x86)\WIND\StatusBarMgrPlugin.dll
MOD - [2011/04/20 20:07:46 | 000,275,456 | ---- | M] () -- C:\Program Files (x86)\WIND\NetInfoSrvPlugin.dll
MOD - [2011/04/20 20:07:46 | 000,258,560 | ---- | M] () -- C:\Program Files (x86)\WIND\sdk.dll
MOD - [2011/04/20 20:07:46 | 000,229,376 | ---- | M] () -- C:\Program Files (x86)\WIND\ToolBarMgrPlugin.dll
MOD - [2011/04/20 20:07:46 | 000,225,280 | ---- | M] () -- C:\Program Files (x86)\WIND\NetSrvPlugin.dll
MOD - [2011/04/20 20:07:46 | 000,217,600 | ---- | M] () -- C:\Program Files (x86)\WIND\SmsSrvPlugin.dll
MOD - [2011/04/20 20:07:46 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\WIND\plugins\imageformats\qjpeg4.dll
MOD - [2011/04/20 20:07:46 | 000,185,856 | ---- | M] () -- C:\Program Files (x86)\WIND\XFramePlugin.dll
MOD - [2011/04/20 20:07:46 | 000,159,232 | ---- | M] () -- C:\Program Files (x86)\WIND\XCodec.dll
MOD - [2011/04/20 20:07:46 | 000,156,672 | ---- | M] () -- C:\Program Files (x86)\WIND\STKSrvPlugin.dll
MOD - [2011/04/20 20:07:46 | 000,142,336 | ---- | M] () -- C:\Program Files (x86)\WIND\USSDSrvPlugin.dll
MOD - [2011/04/20 20:07:46 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\WIND\Trace.dll
MOD - [2011/04/20 20:07:46 | 000,133,120 | ---- | M] () -- C:\Program Files (x86)\WIND\OSDialup.dll
MOD - [2011/04/20 20:07:46 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\WIND\OSNDIS.dll
MOD - [2011/04/20 20:07:46 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\WIND\Win7Support.dll
MOD - [2011/04/20 20:07:46 | 000,101,376 | ---- | M] () -- C:\Program Files (x86)\WIND\OSAdapt.dll
MOD - [2011/04/20 20:07:46 | 000,093,184 | ---- | M] () -- C:\Program Files (x86)\WIND\NotifyServicePlugin.dll
MOD - [2011/04/20 20:07:46 | 000,082,944 | ---- | M] () -- C:\Program Files (x86)\WIND\plugins\imageformats\qgif4.dll
MOD - [2011/04/20 20:07:46 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\WIND\plugins\imageformats\qico4.dll
MOD - [2011/04/20 20:07:46 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\WIND\OSPowerMgr.dll
MOD - [2011/04/20 20:07:46 | 000,062,976 | ---- | M] () -- C:\Program Files (x86)\WIND\OSCall.dll
MOD - [2011/04/20 20:07:45 | 001,101,824 | ---- | M] () -- C:\Program Files (x86)\WIND\NDISAPI.dll
MOD - [2011/04/20 20:07:45 | 001,077,248 | ---- | M] () -- C:\Program Files (x86)\WIND\AddrBookPlugin.dll
MOD - [2011/04/20 20:07:45 | 000,739,840 | ---- | M] () -- C:\Program Files (x86)\WIND\AddrBookUIPlugin.dll
MOD - [2011/04/20 20:07:45 | 000,550,400 | ---- | M] () -- C:\Program Files (x86)\WIND\CallAppPlugin.dll
MOD - [2011/04/20 20:07:45 | 000,547,840 | ---- | M] () -- C:\Program Files (x86)\WIND\CallLogSrvPlugin.dll
MOD - [2011/04/20 20:07:45 | 000,495,104 | ---- | M] () -- C:\Program Files (x86)\WIND\DeviceMgrUIPlugin.dll
MOD - [2011/04/20 20:07:45 | 000,414,720 | ---- | M] () -- C:\Program Files (x86)\WIND\DialupUIPlugin.dll
MOD - [2011/04/20 20:07:45 | 000,352,768 | ---- | M] () -- C:\Program Files (x86)\WIND\core.dll
MOD - [2011/04/20 20:07:45 | 000,337,408 | ---- | M] () -- C:\Program Files (x86)\WIND\DeviceAppPlugin.dll
MOD - [2011/04/20 20:07:45 | 000,331,776 | ---- | M] () -- C:\Program Files (x86)\WIND\NetConnectPlugin.dll
MOD - [2011/04/20 20:07:45 | 000,300,544 | ---- | M] () -- C:\Program Files (x86)\WIND\DeviceSrvPlugin.dll
MOD - [2011/04/20 20:07:45 | 000,264,704 | ---- | M] () -- C:\Program Files (x86)\WIND\AddrBookSrvPlugin.dll
MOD - [2011/04/20 20:07:45 | 000,245,760 | ---- | M] () -- C:\Program Files (x86)\WIND\MenuMgrPlugin.dll
MOD - [2011/04/20 20:07:45 | 000,239,104 | ---- | M] () -- C:\Program Files (x86)\WIND\LiveUpdateInterface.dll
MOD - [2011/04/20 20:07:45 | 000,238,592 | ---- | M] () -- C:\Program Files (x86)\WIND\AtCodec.dll
MOD - [2011/04/20 20:07:45 | 000,218,112 | ---- | M] () -- C:\Program Files (x86)\WIND\Common.dll
MOD - [2011/04/20 20:07:45 | 000,211,456 | ---- | M] () -- C:\Program Files (x86)\WIND\DialUpPlugin.dll
MOD - [2011/04/20 20:07:45 | 000,179,712 | ---- | M] () -- C:\Program Files (x86)\WIND\NDISPlugin.dll
MOD - [2011/04/20 20:07:45 | 000,175,104 | ---- | M] () -- C:\Program Files (x86)\WIND\CallSrvPlugin.dll
MOD - [2011/04/20 20:07:45 | 000,158,720 | ---- | M] () -- C:\Program Files (x86)\WIND\NetConnectSrvPlugin.dll
MOD - [2011/04/20 20:07:45 | 000,157,184 | ---- | M] () -- C:\Program Files (x86)\WIND\DataServicePlugin.dll
MOD - [2011/04/20 20:07:45 | 000,123,392 | ---- | M] () -- C:\Program Files (x86)\WIND\ATR2SMgr.dll
MOD - [2011/04/20 20:07:45 | 000,117,760 | ---- | M] () -- C:\Program Files (x86)\WIND\LayoutPlugin.dll
MOD - [2011/04/20 20:07:45 | 000,043,008 | ---- | M] () -- C:\Program Files (x86)\WIND\libgcc_s_dw2-1.dll
MOD - [2011/04/20 20:07:45 | 000,011,362 | ---- | M] () -- C:\Program Files (x86)\WIND\mingwm10.dll
MOD - [2011/03/21 13:57:34 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/03/21 13:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/03/02 00:25:36 | 001,016,280 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\js3250.dll
MOD - [2011/02/16 21:49:28 | 006,053,536 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/02/06 10:32:14 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/09/30 16:51:32 | 000,124,704 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2011\QBMAPILibrary.dll
MOD - [2010/09/30 16:51:30 | 000,020,256 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2011\QBCompressor.DLL
MOD - [2010/09/30 16:51:22 | 000,041,248 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2011\mbpopup.dll
MOD - [2010/09/30 16:51:12 | 000,175,904 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2011\boost_serialization-vc90-mt-p-1_33.dll
MOD - [2010/09/30 16:51:10 | 000,337,184 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2011\BackupLib.dll
MOD - [2010/09/30 16:51:10 | 000,268,064 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2011\boost_regex-vc90-mt-p-1_33.dll
MOD - [2010/02/28 05:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
MOD - [2005/07/19 22:18:00 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2011\zlib1.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/11/10 00:55:50 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/10/20 17:41:50 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/28 15:30:28 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/02/05 20:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/01/19 15:41:15 | 000,909,152 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011/11/12 11:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/04/20 20:07:45 | 000,218,624 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\WIND\UpdateDog\ouc.exe -- (WIND. RunOuc)
SRV - [2010/10/22 16:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/09/30 10:52:42 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2010/09/17 16:04:30 | 001,251,840 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
SRV - [2010/09/14 05:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/14 05:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/07/01 13:59:02 | 000,051,576 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/01/28 19:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009/07/23 20:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/10 21:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2007/07/24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/11/12 11:18:20 | 000,024,576 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FlyUsb.sys -- (FlyUsb)
DRV:64bit: - [2011/10/07 06:23:46 | 000,283,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2011/09/13 06:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/08/08 06:08:58 | 000,046,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/07/11 01:14:36 | 000,375,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/07/11 01:14:08 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/07/11 01:14:06 | 000,120,400 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/07/11 01:14:06 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/04/26 14:58:17 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2011/04/20 20:07:46 | 000,256,000 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2011/04/20 20:07:46 | 000,121,600 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2011/04/20 20:07:46 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2011/04/20 20:07:46 | 000,085,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2011/03/18 12:46:20 | 000,074,376 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2011/03/18 12:46:06 | 000,085,384 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2011/02/18 15:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/02/16 17:23:46 | 000,074,240 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2010/11/11 15:58:54 | 000,137,512 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010/11/10 01:34:04 | 008,013,312 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/11/10 00:18:54 | 000,287,232 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/10/21 17:37:46 | 001,306,240 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010/10/08 14:49:08 | 000,243,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/09/27 18:24:42 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/09/23 03:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/09/14 05:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/09/14 05:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/09/14 05:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/09/14 05:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/07/23 12:43:52 | 001,088,616 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010/05/12 03:37:32 | 000,107,912 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/05/12 03:37:32 | 000,027,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/30 23:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 18:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/07 12:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2009/06/22 20:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/01/09 19:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.ca/welcome
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.ca/welcome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.ca/welcome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.ca/welcome


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2965203062-2431539423-359020578-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.ca/welcome
IE - HKU\S-1-5-21-2965203062-2431539423-359020578-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKU\S-1-5-21-2965203062-2431539423-359020578-1001\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-2965203062-2431539423-359020578-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKLM\Software\MozillaPlugins\@photoproduct.rocketlife.com/RocketLife App Viewer;version=0.8: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.633: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.633: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.633: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.633: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Lulu\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Lulu\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/02/23 02:31:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/03/14 00:55:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/06/26 21:45:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2011/12/23 11:08:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG Secure Search\10.0.0.7\ [2012/01/19 15:41:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.14\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/03/25 00:09:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.14\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/03/25 00:09:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/02/23 02:31:54 | 000,000,000 | ---D | M]

[2011/04/16 13:16:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lulu\AppData\Roaming\mozilla\Extensions
[2011/04/16 13:16:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lulu\AppData\Roaming\mozilla\Extensions\[email protected]
[2011/12/04 17:22:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lulu\AppData\Roaming\mozilla\Firefox\Profiles\iuf9k2by.default\extensions
[2011/02/15 23:36:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2009/11/06 11:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2009/11/06 11:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/01/19 15:41:12 | 000,003,766 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml

========== Chrome ==========

CHR - default_search_provider: ICQ Search (Enabled)
CHR - default_search_provider: search_url = http://search.icq.co...ms}&icid=chrome
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Lulu\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50917.0\npctrl.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Lulu\AppData\Local\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Lulu\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Live\\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Lulu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google Search = C:\Users\Lulu\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Lulu\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3_0\
CHR - Extension: AVG Safe Search = C:\Users\Lulu\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
CHR - Extension: DivX Plus Web Player HTML5 \\u003Cvideo\\u003E = C:\Users\Lulu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\
CHR - Extension: Gmail = C:\Users\Lulu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {4D986A0F-6366-6992-6BAD-35FC2ABF7019} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2965203062-2431539423-359020578-1001\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2965203062-2431539423-359020578-1001..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-2965203062-2431539423-359020578-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O8:64bit: - Extra context menu item: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O9:64bit: - Extra Button: Add to TOSHIBA Bulletin Board - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9:64bit: - Extra 'Tools' menuitem : Add to TOSHIBA Bulletin Board - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9 - Extra Button: Add to TOSHIBA Bulletin Board - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9 - Extra 'Tools' menuitem : Add to TOSHIBA Bulletin Board - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CE8589C3-2356-462A-B74E-356A54BE48BD}: NameServer = 74.115.197.69 74.115.197.68
O18:64bit: - Protocol\Handler\intu-help-qb4 - No CLSID value found
O18:64bit: - Protocol\Handler\intu-tt2010 - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\intu-help-qb4 {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\intu-tt2010 {97A0575E-2309-4e75-8509-B1F9390C4DE7} - C:\Program Files (x86)\TurboTax 2010\ic2010pp.dll File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/11/27 12:53:58 | 000,142,336 | R--- | M] () - E:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2010/11/27 12:53:56 | 000,000,047 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{c776d7bd-6bb2-11e0-b323-00266c9bc493}\Shell - "" = AutoRun
O33 - MountPoints2\{c776d7bd-6bb2-11e0-b323-00266c9bc493}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010/11/27 12:53:58 | 000,142,336 | R--- | M] ()
O33 - MountPoints2\{c776d7e5-6bb2-11e0-b323-00266c9bc493}\Shell - "" = AutoRun
O33 - MountPoints2\{c776d7e5-6bb2-11e0-b323-00266c9bc493}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010/11/27 12:53:58 | 000,142,336 | R--- | M] ()
O33 - MountPoints2\{ff5c2974-6c23-11e0-970b-00266c9bc493}\Shell - "" = AutoRun
O33 - MountPoints2\{ff5c2974-6c23-11e0-970b-00266c9bc493}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010/11/27 12:53:58 | 000,142,336 | R--- | M] ()
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010/11/27 12:53:58 | 000,142,336 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*



CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/01/23 19:50:03 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Lulu\Desktop\OTL.exe
[2012/01/23 15:31:48 | 000,000,000 | ---D | C] -- C:\Users\Lulu\AppData\Roaming\HPAppData
[2012/01/23 13:38:23 | 000,000,000 | ---D | C] -- C:\Users\Lulu\Desktop\audiobooks
[2012/01/23 12:02:59 | 000,033,800 | ---- | C] (Panda Security, S.L.) -- C:\windows\SysNative\drivers\pavboot64.sys
[2012/01/23 11:56:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
[2012/01/23 04:15:05 | 000,000,000 | ---D | C] -- C:\Users\Lulu\AppData\Local\{BC93E34A-A067-4EA4-94F3-E1C987404FEF}
[2012/01/23 04:14:59 | 000,000,000 | ---D | C] -- C:\Users\Lulu\AppData\Local\{64CF7EA5-0EB6-4866-B6E1-CE17CA923607}
[2012/01/22 11:56:56 | 000,000,000 | ---D | C] -- C:\Users\Lulu\AppData\Local\{67CC4166-21EF-404F-8745-B0752E46FB55}
[2012/01/21 15:44:23 | 000,000,000 | ---D | C] -- C:\Users\Lulu\AppData\Local\{80840E23-33F7-4AF4-8794-76DCD602D1C6}
[2012/01/21 15:44:13 | 000,000,000 | ---D | C] -- C:\Users\Lulu\AppData\Local\{95AACB11-96A1-4FFA-AEFE-6EE48F6AFBA7}
[2012/01/21 15:05:46 | 000,000,000 | ---D | C] -- C:\Users\Lulu\Desktop\royaltyfree
[2012/01/21 15:02:05 | 000,000,000 | ---D | C] -- C:\Users\Lulu\AppData\Local\{2C6A411C-6DAA-4EB2-96D9-CB04EF10EFBD}
[2012/01/20 20:52:01 | 000,000,000 | ---D | C] -- C:\Users\Lulu\AppData\Local\{9686FCD1-BD3B-468B-AAD8-7B29A5AFD302}
[2012/01/20 06:23:12 | 000,000,000 | ---D | C] -- C:\Users\Lulu\AppData\Local\{3DCF000D-CDAE-46B0-8D40-67A1E343334E}
[2012/01/20 06:21:20 | 000,000,000 | ---D | C] -- C:\Users\Lulu\AppData\Local\{2DD90C3F-9D34-4B20-A3CC-AC5A7CFA859B}
[2012/01/19 15:58:33 | 000,000,000 | ---D | C] -- C:\Users\Lulu\AppData\Local\{71F16597-E453-4FAE-8F8E-9C5E29088770}
[2012/01/19 15:58:26 | 000,000,000 | ---D | C] -- C:\Users\Lulu\AppData\Local\{10A93B60-3D3C-4383-9617-A7A22C6A8390}
[2012/01/19 01:49:12 | 000,000,000 | ---D | C] -- C:\Users\Lulu\AppData\Local\{E08749C5-8B5D-4864-BAC3-F5294DDAC2F3}
[2012/01/19 01:49:05 | 000,000,000 | ---D | C] -- C:\Users\Lulu\AppData\Local\{F904E531-A2E5-4E35-B079-1CBE01AC91E1}
[2012/01/18 05:29:03 | 000,000,000 | ---D | C] -- C:\Users\Lulu\AppData\Local\{764F6F35-9321-49DF-B513-50C927728813}
[2012/01/18 05:26:34 | 000,000,000 | ---D | C] -- C:\Users\Lulu\AppData\Local\{821A7E1E-8379-4485-A2A2-5AE98850BB60}
[2012/01/17 19:36:31 | 000,000,000 | ---D | C] -- C:\Users\Lulu\AppData\Local\{C6395C3D-7291-4CB7-82E0-18FE5F80479C}
[2012/01/17 10:48:14 | 000,000,000 | ---D | C] -- C:\Users\Lulu\AppData\Local\{7114A032-B9F3-4B38-8C4E-CBF2FFDB2D40}
[2012/01/16 22:05:07 | 000,000,000 | ---D | C] -- C:\Users\Lulu\AppData\Local\{088281CE-4A0C-447F-910F-D216A5A8085E}
[2012/01/16 22:05:00 | 000,000,000 | ---D | C] -- C:\Users\Lulu\AppData\Local\{80C54536-93F0-4AC1-A9EA-4122B1233F02}
[2012/01/16 02:28:13 | 000,000,000 | ---D | C] -- C:\Users\Lulu\AppData\Local\{7E7560B2-6F1C-4BF5-B3D1-82BAE9D74103}
[2012/01/16 02:28:03 | 000,000,000 | ---D | C] -- C:\Users\Lulu\AppData\Local\{55F97847-DBD9-4F8A-9C3A-4AEF2130C845}
[2012/01/15 02:14:42 | 000,000,000 | ---D | C] -- C:\Users\Lulu\AppData\Local\{0DB8A6A6-A549-4D68-90E0-72F30DB0B109}
[2012/01/15 02:14:36 | 000,000,000 | ---D | C] -- C:\Users\Lulu\AppData\Local\{F74A57D7-72E2-496D-A4FD-4E3F7C721026}
[2012/01/14 14:21:28 | 000,000,000 | ---D | C] -- C:\Users\Lulu\AppData\Local\{AB850C13-C932-4DC2-AF87-B6844AFB8B02}
[2012/01/14 04:39:42 | 000,000,000 | ---D | C] -- C:\Users\Lulu\AppData\Local\{B83FAAF0-E277-4B4D-94F7-BA70DE191667}
[2012/01/14 01:56:16 | 000,000,000 | ---D | C] -- C:\Users\Lulu\AppData\Local\{85A3461F-0F88-4CA6-BFD6-D6489E6E22A0}
[2012/01/13 08:07:14 | 000,000,000 | ---D | C] -- C:\Users\Lulu\AppData\Local\{000D0A4D-ABF2-430F-AFF7-5F4960A53FE2}
[2012/01/12 18:50:46 | 000,000,000 | ---D | C] -- C:\Users\Lulu\AppData\Local\{42C1CF5F-B768-443E-8CEB-BA044ADF28D6}
[2012/01/12 18:49:28 | 000,000,000 | ---D | C] -- C:\Users\Lulu\AppData\Local\{E8C14237-D388-44E1-9099-3302B49C24CA}
[2012/01/12 10:45:10 | 000,000,000 | ---D | C] -- C:\Users\Lulu\AppData\Local\{810A08DA-8E15-4BD2-9DC2-49D7D270F466}
[2012/01/11 03:30:48 | 000,000,000 | ---D | C] -- C:\Users\Lulu\AppData\Local\{45FEF407-0450-4C36-BDD0-A7AEBB911FE6}
[2012/01/11 03:28:20 | 000,000,000 | ---D | C] -- C:\Users\Lulu\AppData\Local\{D4FC24F1-E798-4FE6-968E-7D3B9262D1BC}
[2012/01/10 11:32:39 | 000,000,000 | ---D | C] -- C:\Users\Lulu\AppData\Local\{6CC0DAE2-3AD2-42A0-899A-E348C3FE7997}
[2012/01/09 20:56:09 | 000,000,000 | ---D | C] -- C:\Users\Lulu\AppData\Local\{EA7AD419-F90E-466A-99C7-C0A9D5555A83}
[2012/01/09 20:55:16 | 000,000,000 | ---D | C] -- C:\Users\Lulu\AppData\Local\{D2396963-57F0-49CB-992F-38FEC26243D0}
[2012/01/09 15:21:37 | 000,000,000 | ---D | C] -- C:\Users\Lulu\AppData\Local\{00A132DD-6075-49B1-BB97-CC90483B5B20}
[2012/01/09 10:14:49 | 000,000,000 | ---D | C] -- C:\Users\Lulu\AppData\Local\{8586D188-809C-4DDA-9A9A-1CF25A7E1D2B}
[2012/01/08 15:13:50 | 000,000,000 | ---D | C] -- C:\Users\Lulu\AppData\Local\{2772B390-9A8D-49C7-AD1F-3A096800FED5}
[2012/01/08 15:13:46 | 000,000,000 | ---D | C] -- C:\Users\Lulu\AppData\Local\{D15D6C5C-3CF2-47FA-9031-ABBC1DED0C6F}
[2012/01/08 11:58:48 | 000,000,000 | ---D | C] -- C:\Users\Lulu\AppData\Local\{EB198EE2-CC46-4823-AD4D-9A0EABD9D4C9}
[2012/01/07 20:51:46 | 000,000,000 | ---D | C] -- C:\Users\Lulu\AppData\Local\{BED6E500-443B-4310-B9B9-F742FCC50EC5}
[2012/01/07 20:51:42 | 000,000,000 | ---D | C] -- C:\Users\Lulu\AppData\Local\{4CB20ADC-1B1F-46C4-A90E-DAF500C269DA}
[2012/01/07 09:30:10 | 000,000,000 | ---D | C] -- C:\Users\Lulu\AppData\Local\{55845AF0-93E9-45E6-8B71-31991E60D321}
[2012/01/06 10:09:17 | 000,000,000 | ---D | C] -- C:\Users\Lulu\AppData\Local\{8421D8DE-E293-40A6-AA26-BABD12C61908}
[2012/01/05 14:24:29 | 000,000,000 | ---D | C] -- C:\Users\Lulu\AppData\Local\{8308FE09-C2B3-4513-B305-9A2CF7A20087}
[2012/01/05 08:13:33 | 000,000,000 | ---D | C] -- C:\Users\Lulu\AppData\Local\{46684B23-E6D2-4A9F-A79B-794749EF6C93}
[2012/01/04 20:20:35 | 000,000,000 | ---D | C] -- C:\Users\Lulu\AppData\Local\{ABBBBDB1-5BF6-43FF-9980-D22624673BB8}
[2012/01/04 15:21:56 | 000,000,000 | ---D | C] -- C:\Users\Lulu\AppData\Local\{76E6006D-6107-4415-8A95-B66B1C24ADD0}
[2012/01/04 10:06:16 | 000,000,000 | ---D | C] -- C:\Users\Lulu\AppData\Local\{208AA169-B895-4264-BD97-CC89CA1A2893}
[2012/01/03 21:24:35 | 000,000,000 | ---D | C] -- C:\Users\Lulu\AppData\Local\{F6DA4418-D364-45BB-9154-3429BB58D7ED}
[2012/01/03 14:32:20 | 000,000,000 | ---D | C] -- C:\Users\Lulu\AppData\Local\{A546B04D-DE9A-45C3-A529-FF8183F05031}
[2012/01/03 09:59:23 | 000,000,000 | ---D | C] -- C:\Users\Lulu\AppData\Local\{701153C3-0F82-4396-912A-0400E0AB35E1}
[2012/01/02 16:27:24 | 000,000,000 | ---D | C] -- C:\Users\Lulu\AppData\Local\{02057068-0554-4BCF-ABD4-66B5DDB84EA4}
[2012/01/02 00:54:05 | 000,000,000 | ---D | C] -- C:\Users\Lulu\AppData\Local\{0E56102B-0B2B-42C5-AAE2-693322868E4A}
[2012/01/01 19:17:56 | 000,000,000 | ---D | C] -- C:\Users\Lulu\AppData\Local\{C3F0B358-42BA-4CCA-A349-474D3E32BD63}
[2012/01/01 08:53:18 | 000,000,000 | ---D | C] -- C:\Users\Lulu\AppData\Local\{61F9A12C-96F8-40BD-B5F7-7CF56A75BC9F}
[2011/12/31 17:10:46 | 000,000,000 | ---D | C] -- C:\Users\Lulu\AppData\Local\{608FB610-57FD-41B2-9416-E765BDEE3F16}
[2011/12/31 17:08:24 | 000,000,000 | ---D | C] -- C:\Users\Lulu\AppData\Local\{6D2DC388-3101-455B-9DCC-B92CF858A5E2}
[2011/12/31 02:15:39 | 000,000,000 | ---D | C] -- C:\Users\Lulu\AppData\Local\{C4B32D0E-67D6-4804-8B6F-CB463A5F5339}
[2011/12/31 02:15:34 | 000,000,000 | ---D | C] -- C:\Users\Lulu\AppData\Local\{5A8278DA-2254-4FD5-B1F5-3026FA84C456}
[2011/12/30 09:52:53 | 000,000,000 | ---D | C] -- C:\Users\Lulu\AppData\Local\{56FE4455-A519-4EE6-874C-E678E84C4144}
[2011/12/30 09:52:48 | 000,000,000 | ---D | C] -- C:\Users\Lulu\AppData\Local\{DB63F3DE-A124-4FA0-8DB4-62E66B682272}
[2011/12/30 09:34:40 | 000,000,000 | ---D | C] -- C:\Users\Lulu\AppData\Local\{AC9B82F3-C124-4AB9-BCF1-C68C2D7A8255}
[2011/12/29 16:04:14 | 000,000,000 | ---D | C] -- C:\Users\Lulu\AppData\Local\{B2C613CD-6BC7-44DD-9546-E1822422A4E9}
[2011/12/29 16:02:02 | 000,000,000 | ---D | C] -- C:\Users\Lulu\AppData\Local\{C21E5E1B-65E8-423E-B21F-E16DB9414EEF}
[2011/12/29 01:59:54 | 000,000,000 | ---D | C] -- C:\Users\Lulu\AppData\Local\{DE0C5E6E-2CCB-42D0-A483-A9896C07D0DD}
[2011/12/29 01:59:38 | 000,000,000 | ---D | C] -- C:\Users\Lulu\AppData\Local\{AED4965A-B750-46FB-AAE2-2D1EBFE637B0}
[2011/12/29 01:47:43 | 000,000,000 | ---D | C] -- C:\Users\Lulu\AppData\Local\{BE01A0CE-5845-45F7-897B-1EDACAD1814F}
[2011/12/28 10:01:00 | 000,000,000 | ---D | C] -- C:\Users\Lulu\AppData\Local\{E7580B89-3EA4-4F96-91FE-B1617DF7051F}
[2011/12/28 10:00:05 | 000,000,000 | ---D | C] -- C:\Users\Lulu\AppData\Local\{4443FE26-BA19-450E-AA63-F914BF5CCB6A}
[2011/12/27 18:34:26 | 000,000,000 | ---D | C] -- C:\Users\Lulu\AppData\Local\{5577C151-97DA-40DD-ADE5-D04D1105BC93}
[2011/12/27 14:21:03 | 000,000,000 | ---D | C] -- C:\Users\Lulu\AppData\Local\{90EF3C32-9413-4065-B249-2852254E22C0}
[2011/12/27 07:06:26 | 000,000,000 | ---D | C] -- C:\Users\Lulu\AppData\Local\{35304C5E-E074-42E9-8D9E-D9C3B1F8EE68}
[2011/12/26 18:15:43 | 000,000,000 | ---D | C] -- C:\Users\Lulu\AppData\Local\{1A44C87F-C118-4E12-8F96-F6AD4899F8B3}
[2011/12/26 18:13:45 | 000,000,000 | ---D | C] -- C:\Users\Lulu\AppData\Local\{767743FF-C21A-4DC8-963A-1D6A382808D5}
[2011/12/26 03:25:49 | 000,000,000 | ---D | C] -- C:\Users\Lulu\AppData\Local\{2D073622-DD3F-44BA-8FDE-8962C5305DEA}
[2011/12/26 03:25:39 | 000,000,000 | ---D | C] -- C:\Users\Lulu\AppData\Local\{BA1CFF3E-53DD-4E9E-B9BB-A2E81DF4B4B7}
[2011/12/25 13:32:02 | 000,000,000 | ---D | C] -- C:\Users\Lulu\AppData\Local\{EAB551C0-9DE2-476A-9636-8D20823D5AA6}
[2011/04/26 14:58:17 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Lulu\AppData\Roaming\pcouffin.sys
[1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/23 20:02:04 | 000,000,254 | ---- | M] () -- C:\windows\tasks\HP Photo Creations Messager.job
[2012/01/23 20:00:02 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/23 19:50:23 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Lulu\Desktop\OTL.exe
[2012/01/23 19:50:04 | 000,000,904 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2965203062-2431539423-359020578-1001UA.job
[2012/01/23 19:29:13 | 000,104,667 | ---- | M] () -- C:\Users\Lulu\Desktop\julie_hesmondhalgh_5366963.jpg
[2012/01/23 19:29:01 | 000,043,650 | ---- | M] () -- C:\Users\Lulu\Desktop\julie_hesmondhalgh_5366964.jpg
[2012/01/23 19:28:54 | 000,012,568 | ---- | M] () -- C:\Users\Lulu\Desktop\0003700b-314.jpg
[2012/01/23 19:27:05 | 000,040,086 | ---- | M] () -- C:\Users\Lulu\Desktop\1278686092-17330x330.jpg
[2012/01/23 16:50:00 | 000,000,852 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2965203062-2431539423-359020578-1001Core.job
[2012/01/23 15:39:20 | 000,370,688 | ---- | M] () -- C:\Users\Lulu\Documents\Sketch Pad 1.sketchpad
[2012/01/23 15:39:01 | 000,002,828 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2012/01/23 14:14:32 | 000,001,189 | ---- | M] () -- C:\Users\Lulu\AppData\Roaming\vso_ts_preview.xml
[2012/01/23 13:46:41 | 000,714,754 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/01/23 13:46:41 | 000,620,086 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/01/23 13:46:41 | 000,107,978 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/01/23 11:56:10 | 000,180,352 | ---- | M] () -- C:\Users\Lulu\Desktop\activescan2_en.exe
[2012/01/23 09:33:38 | 000,016,080 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/23 09:33:38 | 000,016,080 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/23 09:31:24 | 087,259,922 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\incavi.avm
[2012/01/23 09:25:22 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/23 09:25:04 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/01/23 09:24:59 | 2899,468,288 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/22 20:36:28 | 010,975,620 | ---- | M] () -- C:\Users\Lulu\Desktop\Life Cruelty-Free Crafts, Recipes, Beauty Secrets .mobi
[2012/01/22 20:27:31 | 007,582,944 | ---- | M] () -- C:\Users\Lulu\Desktop\Draw Now- 30 Easy Exercises for Beginners.pdf
[2012/01/22 18:04:35 | 000,348,986 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\iavichjg.avm
[1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/23 19:29:05 | 000,104,667 | ---- | C] () -- C:\Users\Lulu\Desktop\julie_hesmondhalgh_5366963.jpg
[2012/01/23 19:28:59 | 000,043,650 | ---- | C] () -- C:\Users\Lulu\Desktop\julie_hesmondhalgh_5366964.jpg
[2012/01/23 19:28:53 | 000,012,568 | ---- | C] () -- C:\Users\Lulu\Desktop\0003700b-314.jpg
[2012/01/23 19:27:03 | 000,040,086 | ---- | C] () -- C:\Users\Lulu\Desktop\1278686092-17330x330.jpg
[2012/01/23 11:56:06 | 000,180,352 | ---- | C] () -- C:\Users\Lulu\Desktop\activescan2_en.exe
[2012/01/22 19:24:11 | 010,975,620 | ---- | C] () -- C:\Users\Lulu\Desktop\Life Cruelty-Free Crafts, Recipes, Beauty Secrets .mobi
[2012/01/22 19:23:45 | 007,582,944 | ---- | C] () -- C:\Users\Lulu\Desktop\Draw Now- 30 Easy Exercises for Beginners.pdf
[2011/09/26 00:38:18 | 000,175,616 | ---- | C] () -- C:\windows\SysWow64\unrar.dll
[2011/09/26 00:11:48 | 000,819,200 | ---- | C] () -- C:\windows\SysWow64\xvidcore.dll
[2011/09/26 00:11:48 | 000,180,224 | ---- | C] () -- C:\windows\SysWow64\xvidvfw.dll
[2011/08/30 16:19:39 | 000,000,000 | ---- | C] () -- C:\windows\iPlayer.INI
[2011/07/29 08:08:28 | 000,000,000 | ---- | C] () -- C:\Users\Lulu\AppData\Local\{0F1A1864-935C-4F5D-83AA-557613C6BF58}
[2011/06/25 13:36:38 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/06/25 13:36:38 | 000,000,088 | RHS- | C] () -- C:\ProgramData\6936B1AC81.sys
[2011/05/26 09:23:45 | 000,000,012 | ---- | C] () -- C:\Users\Lulu\AppData\Local\8372
[2011/05/26 09:23:45 | 000,000,012 | ---- | C] () -- C:\ProgramData\3969
[2011/05/26 09:23:45 | 000,000,012 | ---- | C] () -- C:\ProgramData\3495
[2011/05/26 09:23:45 | 000,000,012 | ---- | C] () -- C:\ProgramData\2198
[2011/05/26 09:23:45 | 000,000,012 | ---- | C] () -- C:\Users\Lulu\AppData\Roaming\0078
[2011/04/26 14:59:40 | 000,001,189 | ---- | C] () -- C:\Users\Lulu\AppData\Roaming\vso_ts_preview.xml
[2011/04/26 14:58:17 | 000,099,384 | ---- | C] () -- C:\Users\Lulu\AppData\Roaming\inst.exe
[2011/04/26 14:58:17 | 000,007,859 | ---- | C] () -- C:\Users\Lulu\AppData\Roaming\pcouffin.cat
[2011/04/26 14:58:17 | 000,001,167 | ---- | C] () -- C:\Users\Lulu\AppData\Roaming\pcouffin.inf
[2011/03/29 13:46:30 | 000,000,095 | ---- | C] () -- C:\windows\QBChanUtil_Trigger.ini
[2011/03/06 06:11:46 | 000,013,824 | ---- | C] () -- C:\Users\Lulu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/23 02:57:38 | 000,205,981 | ---- | C] () -- C:\windows\hpoins46.dat.temp
[2011/02/23 02:57:35 | 000,000,532 | ---- | C] () -- C:\windows\hpomdl46.dat.temp
[2011/02/23 02:20:25 | 000,205,372 | ---- | C] () -- C:\windows\hpoins46.dat
[2011/02/16 01:03:11 | 000,722,802 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/02/15 21:58:20 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/12/16 08:09:00 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2010/12/16 08:06:23 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe
[2010/12/16 07:56:34 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2010/12/16 07:54:21 | 000,002,888 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2010/01/29 16:21:20 | 000,000,532 | ---- | C] () -- C:\windows\hpomdl46.dat
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/13 19:17:29 | 000,098,304 | ---- | C] () -- C:\windows\SysWow64\tqquery.dll
[2009/07/13 19:13:37 | 000,098,304 | ---- | C] () -- C:\windows\SysWow64\NlsLeexicons000d.dll
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 18:44:12 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\txfflog.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:23:40 | 000,031,746 | ---- | C] () -- C:\windows\SysWow64\mrsxsys.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/07/13 20:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010/11/11 19:30:13 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2007/11/07 11:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 11:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 11:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 11:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 11:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 11:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 11:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 11:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 11:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 11:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2012/01/23 09:24:59 | 2899,468,288 | -HS- | M] () -- C:\hiberfil.sys
[2007/11/07 11:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007/11/07 11:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 11:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 11:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 11:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 11:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 11:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 11:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 11:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 11:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 11:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2012/01/23 09:25:00 | 3865,960,448 | -HS- | M] () -- C:\pagefile.sys
[2011/06/01 23:09:24 | 000,006,306 | ---- | M] () -- C:\scramble.log
[2007/11/07 11:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 11:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 11:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

< %systemdrive%\drivers\*.exe >

< %systemroot%\system32\drivers\*.* /90 >

< %PROGRAMFILES%\*.* >
[2009/07/13 23:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini


< MD5 for: EXPLORER.EXE >
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2009/08/03 01:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009/10/31 01:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 01:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\windows\SysNative\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\windows\SysNative\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 02:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\windows\SysNative\winlogon.exe
[2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< C:\Windows\assembly\tmp\U /s >

< HKLM\SOFTWARE\CLIENTS\Startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/03/02 00:25:37 | 000,552,376 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/03/02 00:25:37 | 000,552,376 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/03/02 00:25:37 | 000,552,376 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2011/03/02 00:25:36 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2011/03/02 00:25:36 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2011/03/02 00:25:36 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2009/07/13 20:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2009/07/13 20:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2009/07/13 20:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/08/19 23:35:15 | 000,673,024 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2011/08/19 23:35:15 | 000,673,024 | ---- | M] (Microsoft Corporation)

< HKLM\SOFTWARE\CLIENTS\Startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2011/03/02 00:25:37 | 000,552,376 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2011/03/02 00:25:37 | 000,552,376 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2011/03/02 00:25:37 | 000,552,376 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2011/03/02 00:25:36 | 000,912,344 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2011/03/02 00:25:36 | 000,912,344 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2011/03/02 00:25:36 | 000,912,344 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2009/07/13 20:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2009/07/13 20:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2009/07/13 20:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011/08/19 23:35:15 | 000,673,024 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2011/08/19 23:35:15 | 000,673,024 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:32D562A3
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:4E79C4F8
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:12D2EB9C
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >
  • 0

#6
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
# Step 1 #

Please reopen Posted Image on your desktop.
  • Under the Posted Image box at the bottom, paste in the following

    :OTL
    [2011/05/26 09:23:45 | 000,000,012 | ---- | C] () -- C:\Users\Lulu\AppData\Local\8372
    [2011/05/26 09:23:45 | 000,000,012 | ---- | C] () -- C:\ProgramData\3969
    [2011/05/26 09:23:45 | 000,000,012 | ---- | C] () -- C:\ProgramData\3495
    [2011/05/26 09:23:45 | 000,000,012 | ---- | C] () -- C:\ProgramData\2198
    [2011/05/26 09:23:45 | 000,000,012 | ---- | C] () -- C:\Users\Lulu\AppData\Roaming\0078
    [2009/07/13 19:17:29 | 000,098,304 | ---- | C] () -- C:\windows\SysWow64\tqquery.dll
    [2009/07/13 19:13:37 | 000,098,304 | ---- | C] () -- C:\windows\SysWow64\NlsLeexicons000d.dll
    
    :Commands
    [purity]
    [resethosts]
    [EMPTYTEMP]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]
  • Then click the Posted Image button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


# Step 2 #

Download aswMBR.exe ( 1.8mB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

# Step 3 #

Posted Image Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be
    prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.


Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2
prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP