Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

TR/Crypt.XPACK.Gen8 & EXP/CVE-2011.3544.T HELP PLEASE? [Solved]


  • This topic is locked This topic is locked

#1
beckathawrecka

beckathawrecka

    New Member

  • Member
  • Pip
  • 4 posts
hi there, im hoping you can help me - a friend of mine referred me to your site and said that you were extremely helpful. Ive got Avira installed on my computer and its picked up these viruses - TR/Crypt.XPACK.Gen8 & EXP/CVE-2011.3544.T . Its suggesting i quarantine them which i've done. but im not sure that they are gone from my computer all together, im also especially worried because i had a phone call from my bank about attempted access to my internet banking (im assuming the two are related). im very careful about what i download onto my computer so im not sure how i got these viruses. are you able to help me? im scared to use my computer until i know its safe again. ive attached the scan report also, thanks heaps :)

Avira Free Antivirus
Report file date: Monday, 5 March 2012 22:39

Scanning for 3517894 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows 7
Windows version : (plain) [6.1.7600]
Boot mode : Normally booted
Username : BECK
Computer name : BECK

Version information:
BUILD.DAT : 12.0.0.898 Bytes 31/01/2012 14:50:00
AVSCAN.EXE : 12.1.0.20 492496 Bytes 17/02/2012 08:44:46
AVSCAN.DLL : 12.1.0.18 54224 Bytes 17/02/2012 08:44:46
LUKE.DLL : 12.1.0.19 68304 Bytes 17/02/2012 08:44:46
AVSCPLR.DLL : 12.1.0.22 100048 Bytes 17/02/2012 08:44:46
AVREG.DLL : 12.1.0.29 228048 Bytes 17/02/2012 08:44:46
VBASE000.VDF : 7.10.0.0 19875328 Bytes 6/11/2009 09:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 14:33:08
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20/12/2011 22:30:12
VBASE003.VDF : 7.11.21.238 4472832 Bytes 1/02/2012 09:12:39
VBASE004.VDF : 7.11.21.239 2048 Bytes 1/02/2012 09:12:39
VBASE005.VDF : 7.11.21.240 2048 Bytes 1/02/2012 09:12:40
VBASE006.VDF : 7.11.21.241 2048 Bytes 1/02/2012 09:12:40
VBASE007.VDF : 7.11.21.242 2048 Bytes 1/02/2012 09:12:40
VBASE008.VDF : 7.11.21.243 2048 Bytes 1/02/2012 09:12:41
VBASE009.VDF : 7.11.21.244 2048 Bytes 1/02/2012 09:12:41
VBASE010.VDF : 7.11.21.245 2048 Bytes 1/02/2012 09:12:41
VBASE011.VDF : 7.11.21.246 2048 Bytes 1/02/2012 09:12:42
VBASE012.VDF : 7.11.21.247 2048 Bytes 1/02/2012 09:12:42
VBASE013.VDF : 7.11.22.33 1486848 Bytes 3/02/2012 07:38:12
VBASE014.VDF : 7.11.22.56 687616 Bytes 3/02/2012 07:38:40
VBASE015.VDF : 7.11.22.92 178176 Bytes 6/02/2012 22:11:34
VBASE016.VDF : 7.11.22.154 144896 Bytes 8/02/2012 11:18:55
VBASE017.VDF : 7.11.22.220 183296 Bytes 13/02/2012 07:10:11
VBASE018.VDF : 7.11.23.34 202752 Bytes 15/02/2012 08:44:46
VBASE019.VDF : 7.11.23.98 126464 Bytes 17/02/2012 08:43:43
VBASE020.VDF : 7.11.23.150 148480 Bytes 20/02/2012 10:05:41
VBASE021.VDF : 7.11.23.224 172544 Bytes 23/02/2012 08:49:38
VBASE022.VDF : 7.11.24.52 219648 Bytes 28/02/2012 06:52:16
VBASE023.VDF : 7.11.24.53 2048 Bytes 28/02/2012 06:52:17
VBASE024.VDF : 7.11.24.54 2048 Bytes 28/02/2012 06:52:18
VBASE025.VDF : 7.11.24.55 2048 Bytes 28/02/2012 06:52:20
VBASE026.VDF : 7.11.24.56 2048 Bytes 28/02/2012 06:52:21
VBASE027.VDF : 7.11.24.57 2048 Bytes 28/02/2012 06:52:22
VBASE028.VDF : 7.11.24.58 2048 Bytes 28/02/2012 06:52:23
VBASE029.VDF : 7.11.24.59 2048 Bytes 28/02/2012 06:52:24
VBASE030.VDF : 7.11.24.60 2048 Bytes 28/02/2012 06:52:25
VBASE031.VDF : 7.11.24.144 158720 Bytes 4/03/2012 09:25:42
Engineversion : 8.2.10.8
AEVDF.DLL : 8.1.2.2 106868 Bytes 15/12/2011 05:00:10
AESCRIPT.DLL : 8.1.4.7 442746 Bytes 24/02/2012 08:53:20
AESCN.DLL : 8.1.8.2 131444 Bytes 27/01/2012 00:34:18
AESBX.DLL : 8.2.4.5 434549 Bytes 15/12/2011 05:00:09
AERDL.DLL : 8.1.9.15 639348 Bytes 14/12/2011 14:32:23
AEPACK.DLL : 8.2.16.3 799094 Bytes 11/02/2012 11:23:45
AEOFFICE.DLL : 8.1.2.25 201084 Bytes 29/12/2011 22:31:17
AEHEUR.DLL : 8.1.4.0 4436342 Bytes 24/02/2012 08:53:00
AEHELP.DLL : 8.1.19.0 254327 Bytes 24/01/2012 02:33:12
AEGEN.DLL : 8.1.5.21 409971 Bytes 3/02/2012 09:12:54
AEEXP.DLL : 8.1.0.23 70005 Bytes 24/02/2012 08:53:25
AEEMU.DLL : 8.1.3.0 393589 Bytes 14/12/2011 14:32:19
AECORE.DLL : 8.1.25.4 201079 Bytes 13/02/2012 11:19:34
AEBB.DLL : 8.1.1.0 53618 Bytes 14/12/2011 14:32:19
AVWINLL.DLL : 12.1.0.17 27344 Bytes 15/12/2011 05:00:16
AVPREF.DLL : 12.1.0.17 51920 Bytes 15/12/2011 05:00:12
AVREP.DLL : 12.1.0.17 179408 Bytes 15/12/2011 05:00:13
AVARKT.DLL : 12.1.0.23 209360 Bytes 17/02/2012 08:44:46
AVEVTLOG.DLL : 12.1.0.17 169168 Bytes 15/12/2011 05:00:12
SQLITE3.DLL : 3.7.0.0 398288 Bytes 15/12/2011 05:00:24
AVSMTP.DLL : 12.1.0.17 62928 Bytes 15/12/2011 05:00:14
NETNT.DLL : 12.1.0.17 17104 Bytes 15/12/2011 05:00:21
RCIMAGE.DLL : 12.1.0.17 4450000 Bytes 15/12/2011 05:00:34
RCTEXT.DLL : 12.1.1.16 96208 Bytes 15/12/2011 05:00:34

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: default
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: extended

Start of the scan: Monday, 5 March 2012 22:39

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
[INFO] Please restart the search with Administrator rights

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
[INFO] Please restart the search with Administrator rights

Starting search for hidden objects.

The scan of running processes will be started
Scan process 'avscan.exe' - '70' Module(s) have been scanned
Scan process 'avcenter.exe' - '103' Module(s) have been scanned
Scan process 'GOM.EXE' - '107' Module(s) have been scanned
Scan process 'wlmail.exe' - '195' Module(s) have been scanned
Scan process 'wlcomm.exe' - '97' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '191' Module(s) have been scanned
Scan process 'Azureus.exe' - '82' Module(s) have been scanned
Scan process 'wuauclt.exe' - '37' Module(s) have been scanned
Scan process 'TPCHWMsg.exe' - '30' Module(s) have been scanned
Scan process 'TosSENotify.exe' - '42' Module(s) have been scanned
Scan process 'CFSwMgr.exe' - '56' Module(s) have been scanned
Scan process 'skypePM.exe' - '66' Module(s) have been scanned
Scan process 'NDSTray.exe' - '78' Module(s) have been scanned
Scan process 'taskeng.exe' - '29' Module(s) have been scanned
Scan process 'WDSmartWare.exe' - '105' Module(s) have been scanned
Scan process 'WDDMStatus.exe' - '30' Module(s) have been scanned
Scan process 'CCC.exe' - '153' Module(s) have been scanned
Scan process 'Skype.exe' - '123' Module(s) have been scanned
Scan process 'sidebar.exe' - '103' Module(s) have been scanned
Scan process 'jusched.exe' - '25' Module(s) have been scanned
Scan process 'avgnt.exe' - '75' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '69' Module(s) have been scanned
Scan process 'AdobeARM.exe' - '50' Module(s) have been scanned
Scan process 'htcUPCTLoader.exe' - '87' Module(s) have been scanned
Scan process 'TosReelTimeMonitor.exe' - '61' Module(s) have been scanned
Scan process 'TosNcCore.exe' - '34' Module(s) have been scanned
Scan process 'TEco.exe' - '32' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '45' Module(s) have been scanned
Scan process 'RtHDVCpl.exe' - '46' Module(s) have been scanned
Scan process 'TCrdMain.exe' - '66' Module(s) have been scanned
Scan process 'MOM.exe' - '65' Module(s) have been scanned
Scan process 'SmoothView.exe' - '16' Module(s) have been scanned
Scan process 'TPwrMain.exe' - '36' Module(s) have been scanned
Scan process 'Explorer.EXE' - '170' Module(s) have been scanned
Scan process 'Dwm.exe' - '32' Module(s) have been scanned
Scan process 'taskhost.exe' - '53' Module(s) have been scanned

Starting to scan executable files (registry).
The registry was scanned ( '1170' files ).


Starting the file scan:

Begin scan in 'C:\' <S3A7840D003>
C:\Users\BECK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\3af20e99-763e513b
[DETECTION] Is the TR/Crypt.XPACK.Gen8 Trojan
C:\Users\BECK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\82fe220-78d5ab80
[0] Archive type: ZIP
--> Market.class
[DETECTION] Contains recognition pattern of the EXP/CVE-2011-3544.T exploit

Beginning disinfection:
C:\Users\BECK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\82fe220-78d5ab80
[DETECTION] Contains recognition pattern of the EXP/CVE-2011-3544.T exploit
[NOTE] The file was moved to the quarantine directory under the name '4a501c71.qua'.
C:\Users\BECK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\3af20e99-763e513b
[DETECTION] Is the TR/Crypt.XPACK.Gen8 Trojan
[NOTE] The file was moved to the quarantine directory under the name '52c73305.qua'.


End of the scan: Tuesday, 6 March 2012 17:26
Used time: 2:14:04 Hour(s)

The scan has been done completely.

27492 Scanned directories
514782 Files were scanned
2 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
2 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
514780 Files not concerned
6907 Archives were scanned
0 Warnings
2 Notes
578642 Objects were scanned with rootkit scan
0 Hidden objects were found
  • 0

Advertisements


#2
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hello beckathawrecka and welcome to GeeksToGo :)

My nickname is GLeobas and I'm going to help you fix your problem.

Please note that I'm currently in training and my posts have to be approved by an expert before I reply.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
  • Please do not try to fix anything without being asked
  • I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread.
  • I am currently reviewing your logs.

  • 0

#3
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

# Step 1 #

Go to Start > Control Panel > Programs > Java. Posted Image

It will be open an Window with a few tabs.

In the General tab, click on the Settings button
On the next screen, select Delete Files e confirm.


# Step 2 #

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

# Step 3 #

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • In Extra Registry, select Use SafeList
  • Under the Custom Scan box paste this in
    netsvcs
    msconfig
    %SYSTEMDRIVE%\*.*
    %systemdrive%\drivers\*.exe
    %systemroot%\system32\drivers\*.* /90
    %PROGRAMFILES%\*.*
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    C:\Windows\assembly\tmp\U /s
    HKLM\SOFTWARE\CLIENTS\Startmenuinternet|command /rs
    HKLM\SOFTWARE\CLIENTS\Startmenuinternet|command /64 /rs
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

  • 0

#4
beckathawrecka

beckathawrecka

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
thanks for your help. below ive pasted the 3 different logs. the first time i tried to run aswMBR it completely froze my computer and i had to hold down the off button until it turned off...not sure if this is of any interest to you or not so i thought i'd mention it.

ASWMBR LOG:

aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-03-09 21:38:58
-----------------------------
21:38:58.259 OS Version: Windows 6.1.7600
21:38:58.259 Number of processors: 2 586 0x602
21:38:58.259 ComputerName: BECK UserName: BECK
21:39:00.412 Initialize success
21:39:06.469 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:39:06.469 Disk 0 Vendor: TOSHIBA_MK5055GSX FG001M Size: 476940MB BusType: 11
21:39:06.484 Disk 0 MBR read successfully
21:39:06.484 Disk 0 MBR scan
21:39:06.500 Disk 0 Windows VISTA default MBR code
21:39:06.531 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
21:39:06.547 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 464987 MB offset 3074048
21:39:06.594 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 10452 MB offset 955367424
21:39:06.640 Disk 0 scanning sectors +976773120
21:39:06.890 Disk 0 scanning C:\windows\system32\drivers
21:39:19.499 Service scanning
21:39:57.282 Modules scanning
21:40:17.078 Disk 0 trace - called modules:
21:40:17.125 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
21:40:17.141 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x864be5f0]
21:40:17.156 3 CLASSPNP.SYS[8b00459e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x86471030]
21:40:17.172 Scan finished successfully
21:40:30.448 Disk 0 MBR has been saved successfully to "C:\Users\BECK\Desktop\MBR.dat"
21:40:30.463 The log file has been saved successfully to "C:\Users\BECK\Desktop\aswMBR.txt"

OTL.TXT:

OTL logfile created on: 3/9/2012 9:44:46 PM - Run 1
OTL by OldTimer - Version 3.2.36.2 Folder = C:\Users\BECK\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.87 Gb Total Physical Memory | 1.67 Gb Available Physical Memory | 58.04% Memory free
5.75 Gb Paging File | 4.03 Gb Available in Paging File | 70.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 454.09 Gb Total Space | 16.43 Gb Free Space | 3.62% Space Free | Partition Type: NTFS

Computer Name: BECK | User Name: BECK | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/09 21:43:49 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\BECK\Desktop\OTL.exe
PRC - [2011/12/21 22:41:56 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe
PRC - [2011/12/20 10:11:46 | 000,196,904 | ---- | M] (Nitro PDF Software) -- C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
PRC - [2011/12/15 15:00:35 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/12/15 15:00:23 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/12/15 15:00:12 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/12/15 15:00:12 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/07/30 05:31:40 | 001,249,064 | ---- | M] () -- C:\ProgramData\TVersity\Media Server\MediaServer.exe
PRC - [2011/07/16 14:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/02/26 15:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/10/28 17:55:02 | 000,294,912 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
PRC - [2010/09/16 14:06:22 | 000,080,896 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2009/11/13 11:29:42 | 009,117,504 | ---- | M] (Western Digital) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
PRC - [2009/11/13 11:29:40 | 002,057,536 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
PRC - [2009/11/13 11:28:04 | 000,110,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2009/08/12 09:09:54 | 000,185,712 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe
PRC - [2009/08/12 09:09:38 | 001,324,384 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TECO\TEco.exe
PRC - [2009/08/11 12:55:46 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
PRC - [2009/08/07 10:05:18 | 000,583,024 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
PRC - [2009/08/07 10:04:56 | 000,685,424 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
PRC - [2009/08/07 08:02:02 | 000,029,528 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
PRC - [2009/08/07 06:06:58 | 000,466,792 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
PRC - [2009/08/06 07:18:50 | 000,464,224 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2009/08/06 07:18:08 | 000,476,512 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2009/08/06 07:04:54 | 000,738,616 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2009/08/04 11:16:50 | 001,021,272 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
PRC - [2009/08/04 11:16:32 | 000,111,960 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
PRC - [2009/07/30 16:54:38 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/07/30 16:54:10 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/07/29 13:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/07/29 08:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2009/07/29 07:00:10 | 000,460,088 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2009/07/14 11:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 08:24:00 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2009/07/08 02:37:32 | 000,062,832 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe
PRC - [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
PRC - [2009/03/28 11:10:56 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2009/03/11 11:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2009/02/21 02:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2009/01/14 14:33:40 | 000,034,088 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\Utilities\KeNotify.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/17 19:10:20 | 001,670,144 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\4745cd79cd87ef98af5163b152088e28\Microsoft.VisualBasic.ni.dll
MOD - [2012/02/17 18:53:36 | 000,997,888 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\0794d7af09099432ebfb51af1d7f15ae\System.Management.ni.dll
MOD - [2012/02/17 18:45:50 | 000,212,992 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\5ca17001998a75ca774d2b80eead5579\System.ServiceProcess.ni.dll
MOD - [2012/02/17 18:45:31 | 011,824,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\2df79ab909c782d3796e4107d040327d\System.Web.ni.dll
MOD - [2012/02/17 18:45:15 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0a894f77b9aa64acbd3ce791916357d8\System.Runtime.Remoting.ni.dll
MOD - [2012/02/17 18:45:11 | 006,618,624 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\c06a0517281bb4a9c7fcaeb58d38cd63\System.Data.ni.dll
MOD - [2012/02/17 18:44:21 | 012,431,360 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ff30db6905f8ec024fc808ed8779c0f3\System.Windows.Forms.ni.dll
MOD - [2012/02/17 18:44:06 | 001,586,688 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\a09ee392fa90849f2e9313a1ebbe0279\System.Drawing.ni.dll
MOD - [2012/02/17 18:43:33 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49f4cb0755ccc34cd35ff96dc2ef9e3\System.Xml.ni.dll
MOD - [2012/02/17 18:43:24 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\15742b3597258ce67cbe219005c197e5\System.Configuration.ni.dll
MOD - [2012/02/17 18:43:19 | 007,952,384 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\1f14b3e1ee0847f8662f513e67f92547\System.ni.dll
MOD - [2011/10/14 07:35:11 | 011,490,304 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/10/28 17:55:02 | 000,516,599 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\sqlite3.dll
MOD - [2010/10/28 17:55:02 | 000,348,160 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcDetect.dll
MOD - [2010/10/28 17:55:02 | 000,294,912 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
MOD - [2010/10/28 17:55:02 | 000,139,264 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcDisk.dll
MOD - [2010/10/28 17:55:02 | 000,139,264 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcDetectLegend.dll
MOD - [2010/10/28 17:55:02 | 000,094,208 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\fdHttpd.dll
MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/10/19 11:02:59 | 001,736,704 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3497.38831__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2009/10/19 11:02:59 | 000,782,336 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3497.38856__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2009/10/19 11:02:59 | 000,491,520 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3497.38899__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2009/10/19 11:02:59 | 000,409,600 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3497.38875__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2009/10/19 11:02:59 | 000,339,968 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3497.38814__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2009/10/19 11:02:59 | 000,331,776 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3497.38868__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2009/10/19 11:02:59 | 000,204,800 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3497.38833__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2009/10/19 11:02:59 | 000,196,608 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3497.38833__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2009/10/19 11:02:59 | 000,118,784 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3497.38898__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll
MOD - [2009/10/19 11:02:59 | 000,094,208 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3497.38868__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2009/10/19 11:02:59 | 000,094,208 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3497.38861__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2009/10/19 11:02:59 | 000,081,920 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3497.38856__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2009/10/19 11:02:59 | 000,077,824 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3497.38880__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2009/10/19 11:02:59 | 000,073,728 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3497.38822__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2009/10/19 11:02:59 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3497.38863__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2009/10/19 11:02:59 | 000,061,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3497.38867__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2009/10/19 11:02:59 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3497.38899__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2009/10/19 11:02:59 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3497.38898__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2009/10/19 11:02:59 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3497.38828__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2009/10/19 11:02:59 | 000,036,864 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3497.38855__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2009/10/19 11:02:59 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3497.38823__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2009/10/19 11:02:58 | 000,950,272 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3497.38923__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll
MOD - [2009/10/19 11:02:58 | 000,573,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3497.38833__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2009/10/19 11:02:58 | 000,393,216 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3497.38855__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2009/10/19 11:02:58 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3497.38862__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2009/10/19 11:02:58 | 000,307,200 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3497.38837__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2009/10/19 11:02:58 | 000,270,336 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2009/10/19 11:02:58 | 000,098,304 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3428.28305__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2009/10/19 11:02:58 | 000,094,208 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3428.28298__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2009/10/19 11:02:58 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3428.28316__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2009/10/19 11:02:58 | 000,061,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3497.38855__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2009/10/19 11:02:58 | 000,053,248 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3428.28315__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2009/10/19 11:02:58 | 000,053,248 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2009/10/19 11:02:58 | 000,053,248 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2009/10/19 11:02:58 | 000,049,152 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2009/10/19 11:02:58 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2009/10/19 11:02:58 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3428.28324__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2009/10/19 11:02:58 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3497.38837__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2009/10/19 11:02:58 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3428.28315__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2009/10/19 11:02:58 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3497.38856__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2009/10/19 11:02:58 | 000,036,864 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3497.38860__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2009/10/19 11:02:58 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3428.28296__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2009/10/19 11:02:58 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3428.28309__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2009/10/19 11:02:58 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3497.38862__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2009/10/19 11:02:58 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3428.28297__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2009/10/19 11:02:58 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3428.28354__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2009/10/19 11:02:58 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3428.28323__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2009/10/19 11:02:58 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3428.28313__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2009/10/19 11:02:58 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2009/10/19 11:02:58 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3428.28311__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2009/10/19 11:02:58 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3428.28304__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2009/10/19 11:02:58 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2009/10/19 11:02:58 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3428.28308__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2009/10/19 11:02:58 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3428.28302__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2009/10/19 11:02:58 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2009/10/19 11:02:58 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\APM.Foundation\2.0.3428.28310__90ba9c70f846762e\APM.Foundation.dll
MOD - [2009/10/19 11:02:58 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3428.28304__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2009/10/19 11:02:58 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3428.28302__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2009/10/19 11:02:58 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3428.28310__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2009/10/19 11:02:58 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2009/10/19 11:02:58 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3428.28324__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2009/10/19 11:02:58 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2009/10/19 11:02:58 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3428.28303__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2009/10/19 11:02:58 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3428.28313__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2009/10/19 11:02:58 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2009/10/19 11:02:58 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3428.28304__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2009/10/19 11:02:58 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3428.28311__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2009/10/19 11:02:58 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3428.28329__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2009/10/19 11:02:58 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3428.28327__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2009/10/19 11:02:58 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3428.28311__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2009/10/19 11:02:58 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3428.28327__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2009/10/19 11:02:58 | 000,007,168 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2009/10/19 11:02:57 | 001,212,416 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3497.38819__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2009/10/19 11:02:57 | 000,405,504 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3497.38827__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2009/10/19 11:02:57 | 000,106,496 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3497.38894__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2009/10/19 11:02:57 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3497.38892__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2009/10/19 11:02:57 | 000,061,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\APM.Server\2.0.3497.38811__90ba9c70f846762e\APM.Server.dll
MOD - [2009/10/19 11:02:57 | 000,057,344 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3497.38813__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2009/10/19 11:02:57 | 000,057,344 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3497.38812__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2009/10/19 11:02:57 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3428.28311__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2009/10/19 11:02:57 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Server\2.0.3497.38810__90ba9c70f846762e\AEM.Server.dll
MOD - [2009/10/19 11:02:57 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3497.38904__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2009/10/19 11:02:57 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3428.28301__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2009/10/19 11:02:57 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3428.28308__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2009/10/19 11:02:57 | 000,036,864 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3428.28303__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2009/10/19 11:02:57 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2009/10/19 11:02:57 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3428.28311__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2009/10/19 11:02:57 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3428.28303__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
MOD - [2009/10/19 11:02:57 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3428.28310__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2009/10/19 11:02:57 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3428.28309__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2009/10/19 11:02:57 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3428.28316__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2009/10/19 11:02:57 | 000,019,456 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3497.38893__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2009/10/19 11:02:57 | 000,007,168 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3497.38810__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2009/08/19 15:49:08 | 000,049,152 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\Memeo.API.dll
MOD - [2009/08/04 11:17:24 | 000,079,192 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
MOD - [2009/07/30 08:35:38 | 000,014,648 | ---- | M] () -- C:\Program Files\TOSHIBA\TBS\NotifyTBS.dll
MOD - [2009/07/29 15:24:14 | 000,504,293 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\sqlite3.dll
MOD - [2009/07/26 04:07:12 | 000,058,704 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
MOD - [2009/07/17 08:27:48 | 000,052,536 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
MOD - [2009/07/17 08:27:44 | 007,263,544 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
MOD - [2009/06/23 08:38:40 | 000,015,160 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
MOD - [2009/06/11 07:23:17 | 002,933,248 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009/05/05 03:45:14 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2009/03/13 12:08:04 | 000,049,152 | ---- | M] () -- C:\Program Files\TOSHIBA\PCDiag\NotifyPCD.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/12/20 10:11:46 | 000,196,904 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe -- (NitroReaderDriverReadSpool2)
SRV - [2011/12/15 15:00:23 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/12/15 15:00:12 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/07/30 05:31:40 | 001,249,064 | ---- | M] () [Auto | Running] -- C:\ProgramData\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2010/10/13 03:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/16 14:06:22 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2010/04/28 20:39:26 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/11/13 11:28:04 | 000,110,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009/08/18 03:48:42 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/08/12 09:09:54 | 000,185,712 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV - [2009/08/11 12:55:46 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe -- (cfWiMAXService)
SRV - [2009/08/07 10:04:56 | 000,685,424 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV - [2009/08/06 07:18:50 | 000,464,224 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2009/08/04 11:16:32 | 000,111,960 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2009/07/30 16:54:10 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/29 08:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2009/07/14 11:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 11:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/08 02:37:32 | 000,062,832 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe -- (RSELSVC)
SRV - [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2009/03/28 11:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2009/03/11 11:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2009/02/21 02:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (UsbserFilt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (USBCCID)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (upperdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (RtsUIR)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (pccsmcfd)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (nmwcdnsuc)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (nmwcdnsu)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (nmwcdc)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (aswMBR)
DRV - [2012/02/17 18:44:46 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/12/15 15:00:35 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/12/15 15:00:35 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010/12/02 12:13:22 | 000,018,304 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010/06/23 10:24:56 | 000,023,040 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2010/06/17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/10/26 08:54:24 | 000,025,088 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009/08/28 15:19:22 | 000,859,136 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2009/07/31 10:45:56 | 000,022,912 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2009/07/31 10:45:22 | 000,171,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/31 05:06:30 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/25 08:57:06 | 000,275,536 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2009/07/22 07:18:58 | 001,161,760 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/15 08:28:42 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2009/07/14 09:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/03 07:55:36 | 000,036,208 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\LPCFilter.sys -- (LPCFilter)
DRV - [2009/06/23 10:04:58 | 000,024,064 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PGEffect.sys -- (PGEffect)
DRV - [2009/06/20 12:31:08 | 000,012,920 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVALZFL.sys -- (TVALZFL)
DRV - [2009/05/05 17:30:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV - [2009/02/13 11:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSAU&bmod=TSAU
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=TSAU&bmod=TSAU
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7TSAU


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3891295939-46197774-543853369-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSAU&bmod=TSAU
IE - HKU\S-1-5-21-3891295939-46197774-543853369-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.facebook.com/home.php? [binary data]
IE - HKU\S-1-5-21-3891295939-46197774-543853369-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ninemsn.com.au/
IE - HKU\S-1-5-21-3891295939-46197774-543853369-1005\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-3891295939-46197774-543853369-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-3891295939-46197774-543853369-1005\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...TSAU_en___AU355
IE - HKU\S-1-5-21-3891295939-46197774-543853369-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3891295939-46197774-543853369-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@abr.gov.au/KeyMgmtPlugin: C:\Users\BECK\AppData\Local\ABR\Plug-In\bin\npAUSkeyPlugin.dll (Commonwealth Government of Australia)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\BECK\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\BECK\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/09 20:26:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/30 11:03:59 | 000,000,000 | ---D | M]

[2010/05/06 09:47:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BECK\AppData\Roaming\Mozilla\Extensions
[2010/05/06 09:47:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BECK\AppData\Roaming\Mozilla\Firefox\Profiles\53ak20m4.default\extensions
[2012/01/18 18:32:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/11 17:17:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/03/16 07:51:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/10/14 16:49:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012/01/18 18:32:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2011/11/10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/04/02 02:56:49 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010/04/02 02:56:50 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2010/04/02 02:56:50 | 000,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/04/02 02:56:50 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\BECK\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\BECK\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\BECK\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\BECK\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Nitro PDF Plug-In (Enabled) = C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: ABR_AUSkey Mozilla Plugin (Enabled) = C:\Users\BECK\AppData\Local\ABR\Plug-In\bin\npAUSkeyPlugin.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2009/06/11 07:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3891295939-46197774-543853369-1005\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKU\S-1-5-21-3891295939-46197774-543853369-1005..\Run: [{E207A7E3-E924-AD7E-485D-F5AF421ED6B2}] C:\Users\BECK\AppData\Roaming\Utyms\tueh.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Add to WebSite-Watcher - C:\Users\BECK\AppData\Roaming\aignes\WebSite-Watcher\config\settings\wswie.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 211.29.152.116 198.142.0.51 211.29.132.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3AEF3969-567A-43DF-A1EB-14928283D66C}: DhcpNameServer = 211.29.152.116 198.142.0.51 211.29.132.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DD6295A2-9DAF-4EC3-8C13-E6C0F5F7957D}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EDF2AD7D-4EBF-4FF7-863E-3EC18DA707A8}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 07:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{867d2998-6e18-11df-b710-002622454dc8}\Shell - "" = AutoRun
O33 - MountPoints2\{867d2998-6e18-11df-b710-002622454dc8}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{9f6e4a2c-4364-11df-ba0d-002622454dc8}\Shell - "" = AutoRun
O33 - MountPoints2\{9f6e4a2c-4364-11df-ba0d-002622454dc8}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{f3f65872-bc49-11de-a8d8-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f3f65872-bc49-11de-a8d8-806e6f6e6963}\Shell\AutoRun\command - "" = D:\MSWorks\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/03/09 21:43:35 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\BECK\Desktop\OTL.exe
[2012/03/09 21:24:09 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Users\BECK\Desktop\aswMBR.exe
[2012/03/06 17:04:19 | 000,000,000 | ---D | C] -- C:\Users\BECK\AppData\Local\{B29EB9A2-7214-4A77-9DFA-0A4C3D80DFC3}
[2012/03/06 17:04:06 | 000,000,000 | ---D | C] -- C:\Users\BECK\AppData\Local\{FDF63707-2F69-4BCC-8BD8-0F5D92612652}
[2012/03/05 21:42:40 | 000,000,000 | ---D | C] -- C:\Users\BECK\AppData\Local\{2F16343F-1EA5-43EE-AEEE-D686BAFC3CA5}
[2012/03/05 21:42:00 | 000,000,000 | ---D | C] -- C:\Users\BECK\AppData\Local\{C9C247EB-C8F5-4E29-A791-CFD7022A5359}
[2012/03/05 21:39:25 | 000,000,000 | ---D | C] -- C:\Users\BECK\AppData\Local\{FAF70C0F-C991-48CB-9845-67EABCF54FE3}
[2012/03/05 21:38:54 | 000,000,000 | ---D | C] -- C:\Users\BECK\AppData\Local\{7C157DFC-3258-4E0F-9EB4-E452D3B4EE6E}
[2012/02/29 16:58:24 | 000,000,000 | ---D | C] -- C:\Users\BECK\AppData\Local\{6BB26AB7-171D-4627-9C07-0E0308865F74}
[2012/02/29 16:58:02 | 000,000,000 | ---D | C] -- C:\Users\BECK\AppData\Local\{68C7F257-23B6-4E9E-8DEA-7B164730B7F3}
[2012/02/28 17:27:12 | 000,000,000 | ---D | C] -- C:\Users\BECK\AppData\Local\{CA67A31E-1F27-4A29-9685-D5B0891B8EEC}
[2012/02/28 17:26:41 | 000,000,000 | ---D | C] -- C:\Users\BECK\AppData\Local\{D92A9061-125B-4A5A-B869-6408E3F2D77B}
[2012/02/28 17:17:04 | 000,000,000 | ---D | C] -- C:\Users\BECK\AppData\Local\{770708A4-7B96-4C7E-ACD4-CB35B89496E6}
[2012/02/28 17:16:31 | 000,000,000 | ---D | C] -- C:\Users\BECK\AppData\Local\{A715CCFF-E095-4ABC-8868-9CD2726B2158}
[2012/02/17 18:59:02 | 000,000,000 | ---D | C] -- C:\Users\BECK\AppData\Local\{D66D76D6-9DC3-42B5-8A0D-D4C886086F86}
[2012/02/17 18:58:49 | 000,000,000 | ---D | C] -- C:\Users\BECK\AppData\Local\{866A3B68-66FB-48C5-B4EB-61ABC10C1545}
[2012/02/17 18:57:20 | 000,000,000 | ---D | C] -- C:\Users\BECK\AppData\Local\{423948B5-D3F2-4419-8036-DEEEA5C45A6E}
[2012/02/17 18:56:55 | 000,000,000 | ---D | C] -- C:\Users\BECK\AppData\Local\{8E3619D5-47AD-4825-9C49-BDECE948B67B}
[2012/02/16 22:44:39 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2012/02/16 22:44:37 | 001,798,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
[2012/02/16 22:44:37 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2012/02/16 22:44:35 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll
[2012/02/16 22:44:35 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2012/02/16 22:44:29 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
[2012/02/16 21:25:15 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\timedate.cpl
[2012/02/16 21:25:07 | 002,340,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2012/02/16 17:32:50 | 000,000,000 | ---D | C] -- C:\Users\BECK\Desktop\brodie
[2012/02/15 20:07:36 | 000,000,000 | ---D | C] -- C:\Users\BECK\Desktop\Photobook
[2012/02/13 22:15:37 | 000,000,000 | ---D | C] -- C:\Users\BECK\AppData\Local\{EDB4E12C-57D1-491F-B99F-5D5612CA8A6F}
[2012/02/13 22:15:12 | 000,000,000 | ---D | C] -- C:\Users\BECK\AppData\Local\{1180944E-5A73-4881-8270-6B571F82D970}

========== Files - Modified Within 30 Days ==========

[2012/03/09 21:43:49 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\BECK\Desktop\OTL.exe
[2012/03/09 21:41:25 | 000,722,290 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/03/09 21:41:25 | 000,146,190 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/03/09 21:40:30 | 000,000,512 | ---- | M] () -- C:\Users\BECK\Desktop\MBR.dat
[2012/03/09 21:38:37 | 000,016,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/09 21:38:37 | 000,016,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/09 21:34:00 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/09 21:30:09 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/09 21:29:40 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/03/09 21:29:32 | 2313,965,568 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/09 21:24:40 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\BECK\Desktop\aswMBR.exe
[2012/03/09 20:58:00 | 000,000,904 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3891295939-46197774-543853369-1005UA.job
[2012/03/06 20:09:59 | 000,002,048 | ---- | M] () -- C:\Users\BECK\AppData\Roaming\ThePhotobookClub.com.au Prefs
[2012/03/05 14:20:41 | 000,448,008 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/02/28 22:16:59 | 000,000,614 | ---- | M] () -- C:\Users\BECK\AppData\Roaming\wklnhst.dat
[2012/02/28 22:16:58 | 000,010,752 | ---- | M] () -- C:\Users\BECK\Desktop\optus.xlr
[2012/02/23 09:18:36 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\MpSigStub.exe
[2012/02/17 18:44:46 | 000,137,416 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\avipbb.sys

========== Files Created - No Company Name ==========

[2012/03/09 21:40:30 | 000,000,512 | ---- | C] () -- C:\Users\BECK\Desktop\MBR.dat
[2012/02/28 22:16:58 | 000,010,752 | ---- | C] () -- C:\Users\BECK\Desktop\optus.xlr
[2012/01/15 20:12:05 | 000,180,624 | ---- | C] () -- C:\windows\System32\Primomonnt.dll
[2011/12/29 09:51:50 | 000,000,614 | ---- | C] () -- C:\Users\BECK\AppData\Roaming\wklnhst.dat
[2011/10/08 08:42:16 | 000,002,048 | ---- | C] () -- C:\Users\BECK\AppData\Roaming\ThePhotobookClub.com.au Prefs
[2011/02/10 14:03:48 | 000,000,314 | ---- | C] () -- C:\windows\primopdf.ini

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/06/11 07:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/07/14 11:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2009/08/22 09:07:19 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2009/06/11 07:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2012/03/09 21:29:32 | 2313,965,568 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/09 21:29:35 | 3085,287,424 | -HS- | M] () -- C:\pagefile.sys

< %systemdrive%\drivers\*.exe >

< %systemroot%\system32\drivers\*.* /90 >
[2011/12/15 15:00:35 | 000,074,640 | ---- | M] (Avira GmbH) -- C:\windows\system32\drivers\avgntflt.sys
[2012/02/17 18:44:46 | 000,137,416 | ---- | M] (Avira GmbH) -- C:\windows\system32\drivers\avipbb.sys
[2011/12/15 15:00:35 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\windows\system32\drivers\avkmgr.sys

< %PROGRAMFILES%\*.* >
[2009/07/14 14:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini


< MD5 for: EXPLORER.EXE >
[2011/02/26 15:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/14 11:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 15:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 15:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 15:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\explorer.exe
[2011/02/26 15:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 22:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 15:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 15:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 15:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 16:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 11:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/14 11:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 22:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 11:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009/07/14 11:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/10/28 16:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009/10/28 16:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 15:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 22:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/14 11:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< C:\Windows\assembly\tmp\U /s >

< HKLM\SOFTWARE\CLIENTS\Startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2010/04/02 04:00:32 | 000,552,136 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2010/04/02 04:00:32 | 000,552,136 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2010/04/02 04:00:32 | 000,552,136 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2010/04/02 04:00:32 | 000,910,296 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2010/04/02 04:00:32 | 000,910,296 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2010/04/02 04:00:32 | 000,910,296 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\BECK\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/03/09 00:28:54 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\BECK\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/03/09 00:28:54 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\BECK\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/03/09 00:28:54 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\BECK\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/03/09 00:28:54 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2012/01/23 12:36:16 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2012/01/23 12:36:16 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2012/01/23 12:36:16 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/01/23 12:36:17 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2012/01/23 12:36:17 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)

< HKLM\SOFTWARE\CLIENTS\Startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2010/04/02 04:00:32 | 000,552,136 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2010/04/02 04:00:32 | 000,552,136 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2010/04/02 04:00:32 | 000,552,136 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2010/04/02 04:00:32 | 000,910,296 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2010/04/02 04:00:32 | 000,910,296 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2010/04/02 04:00:32 | 000,910,296 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\BECK\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/03/09 00:28:54 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\BECK\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/03/09 00:28:54 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\BECK\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/03/09 00:28:54 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\BECK\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/03/09 00:28:54 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2012/01/23 12:36:16 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2012/01/23 12:36:16 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2012/01/23 12:36:16 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/01/23 12:36:17 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2012/01/23 12:36:17 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)

< End of report >


EXTRAS.TXT:

OTL Extras logfile created on: 3/9/2012 9:44:46 PM - Run 1
OTL by OldTimer - Version 3.2.36.2 Folder = C:\Users\BECK\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.87 Gb Total Physical Memory | 1.67 Gb Available Physical Memory | 58.04% Memory free
5.75 Gb Paging File | 4.03 Gb Available in Paging File | 70.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 454.09 Gb Total Space | 16.43 Gb Free Space | 3.62% Space Free | Partition Type: NTFS

Computer Name: BECK | User Name: BECK | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [SpaceMonger] -- "C:\Program Files\SpaceMonger\SpaceMonger.exe" ; show-free-space false ; show-system-space false ; set-root "%l" (Sixty-Five Software, Inc.)
Directory [TVersity] -- "C:\ProgramData\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0DB8F853-899A-8628-E0D7-29FB190CF848}" = Catalyst Control Center Graphics Full Existing
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{117BCF94-6A1E-6741-39F5-09444381445E}" = CCC Help Italian
"{1211D6B0-B7B5-CB9A-99A2-066473FC35CA}" = CCC Help Swedish
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{14956199-1890-C3D4-F8B8-3C0C6FD82993}" = ccc-core-static
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1D210042-41EE-4472-2219-6A900366B9A3}" = CCC Help French
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{232DB76D-4751-41A9-9EC2-CDC0DAC1FAB6}" = WD SmartWare
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 30
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2ABB6396-785C-E2CB-579E-79BAF98E0527}" = Catalyst Control Center Graphics Previews Vista
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{342126B2-10D5-409E-884B-245347A497E1}" = TOSHIBA Bulletin Board
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E1B8E31-9692-207B-77B7-A8339AF03795}" = Catalyst Control Center Graphics Full New
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{42451051-52B5-4D74-920A-BB49861D7253}" = TOSHIBA ReelTime
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{50F68032-B5B7-4513-9116-C978DBD8F27A}" = DVD MovieFactory for TOSHIBA
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{51C77E17-3337-6409-16A9-A90CA8B9BBF6}" = ccc-utility
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{53536479-DFB0-47ED-9D10-43F3708C222D}" = TOSHIBA eco Utility
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{58630658-9DF7-E873-9F5D-0EAF87D25DAA}" = CCC Help Norwegian
"{594A3C2C-19B3-E02E-359C-B8D134F6B939}" = CCC Help Korean
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{6055830B-40E4-C794-3F04-2D0CD8AF1AAC}" = CCC Help Russian
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6DEF11C0-35FF-4160-A543-FDD336C4DAE5}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{6E932CA6-FD17-7694-FD7C-14CE25770EA5}" = Catalyst Control Center Graphics Previews Common
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba" = WildTangent Games App (Toshiba Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{739A6E9D-5D7D-8A5D-EC8A-4BD11E5749AA}" = CCC Help Hungarian
"{74656168-CF28-40BD-9D87-700B07BAF9B6}" = HTC Sync
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{88C606C4-02ED-416A-8A8A-97DA85DCB52D}" = HansaWorld Enterprise 6.1 100701
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{89F7D66C-777D-473B-AA11-319C0F190EAC}" = TOSHIBA Internal Modem Region Select Utility
"{8C72927B-7410-131A-E641-B9C505F4973C}" = CCC Help Japanese
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{910D3FB9-E341-4DD9-B52A-3B3C0C340AF6}" = Angry Birds
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{911AB6CA-E04C-1E98-523D-8FCFAB4F456C}" = CCC Help Czech
"{9216C6A7-694A-4437-BD00-BD1CF58E1839}" = CCC Help Spanish
"{92DE68CE-BC3E-7323-EA53-99490C8BD34D}" = Catalyst Control Center Graphics Light
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9668AE11-E05C-8169-F6D8-FBF7B507D7DB}" = CCC Help German
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{979587FD-F264-3C71-B0BE-6FC8DA993790}" = CCC Help Thai
"{999307CD-D57D-8C98-27ED-07F384ACFAA1}" = CCC Help Turkish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7594D38-0B7E-BCF7-A938-1AC03A6477FB}" = CCC Help English
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X
"{AC7BE07B-14D3-6EB5-814A-EB0A63CBFB47}" = CCC Help Polish
"{AE29FB61-E164-48A2-B15C-E78FD45B7C72}" = AUSkey software 1.3.18
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B1CDB3C6-8DD8-4864-8589-BDFBDA033941}" = CCC Help Chinese Traditional
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B4BB4CF2-F475-FB20-7AFA-F8AED032BFF8}" = ATI Catalyst Install Manager
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BDABF8CD-7436-EC6C-DD82-439225E22557}" = CCC Help Finnish
"{C5A15C68-0DF3-8A13-352E-E605491D7E3D}" = Catalyst Control Center InstallProxy
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFAE78A9-A7A4-537E-7CC0-5A794FFBF73F}" = Catalyst Control Center Core Implementation
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D19A1978-2FB2-B39A-5D30-C1EA38F788DD}" = CCC Help Danish
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D8634D93-03DD-01F1-AC7D-EE468AA24F45}" = CCC Help Dutch
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E151E679-4EC8-36F9-A691-C7600688A1CA}" = CCC Help Chinese Standard
"{E3D63B95-4B21-414A-A2C7-D6D6A6AC6D79}" = Catalyst Control Center - Branding
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EBC6193C-ED23-E332-9A9C-D5CB83CDDE2B}" = Catalyst Control Center Localization All
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree
"{F523590C-E732-44ED-9A9F-88EDA2D97AED}" = Nitro Reader 2
"{F544CA20-6810-E275-D288-F0D92CFADE4A}" = CCC Help Greek
"{FBE569CA-BFEB-4E57-A674-F94D938E1AEF}" = e-tax 2010
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FEED29DD-7BF3-582C-3353-1F2634C2323D}" = CCC Help Portuguese
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"aigneswebsitewatcher_is1" = WebSite-Watcher 2010 (10.1)
"Avira AntiVir Desktop" = Avira Free Antivirus
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CBF192A85B624E32B8D19ADEEF2DCFC5BC3AA73A" = Windows Driver Package - Nokia Modem (03/05/2008 3.7)
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"DVD Shrink_is1" = DVD Shrink 3.2
"GOM Player" = GOM Player
"InstallShield_{342126B2-10D5-409E-884B-245347A497E1}" = TOSHIBA Bulletin Board
"InstallShield_{42451051-52B5-4D74-920A-BB49861D7253}" = TOSHIBA ReelTime
"InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = DVD MovieFactory for TOSHIBA
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{53536479-DFB0-47ED-9D10-43F3708C222D}" = TOSHIBA eco Utility
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{89F7D66C-777D-473B-AA11-319C0F190EAC}" = TOSHIBA Internal Modem Region Select Utility
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"LTMOH" = LSI V92 MOH Application
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Open Codecs" = Xiph.Org Open Codecs 0.85.17777
"Picasa 3" = Picasa 3
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"PROHYBRIDR" = 2007 Microsoft Office system
"SpaceMonger" = SpaceMonger 2.1.1
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"TVersity Codec Pack" = TVersity Codec Pack 1.7
"TVersity Media Server" = TVersity Media Server 1.9.7
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.5
"WildTangent toshiba Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3891295939-46197774-543853369-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"ThePhotobookClub.com.au" = ThePhotobookClub.com.au

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/7/2012 5:28:35 AM | Computer Name = BECK | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4524

Error - 3/7/2012 5:28:36 AM | Computer Name = BECK | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/7/2012 5:28:36 AM | Computer Name = BECK | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5772

Error - 3/7/2012 5:28:36 AM | Computer Name = BECK | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5772

Error - 3/7/2012 5:28:37 AM | Computer Name = BECK | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/7/2012 5:28:37 AM | Computer Name = BECK | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6848

Error - 3/7/2012 5:28:37 AM | Computer Name = BECK | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6848

Error - 3/7/2012 5:28:39 AM | Computer Name = BECK | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/7/2012 5:28:39 AM | Computer Name = BECK | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8393

Error - 3/7/2012 5:28:39 AM | Computer Name = BECK | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8393

[ Media Center Events ]
Error - 2/22/2010 6:34:51 PM | Computer Name = BECK-PC | Source = MCUpdate | ID = 0
Description = 8:34:45 AM - Failed to retrieve Broadband (Error: The underlying connection
was closed: An unexpected error occurred on a receive.)

Error - 2/22/2010 6:36:29 PM | Computer Name = BECK-PC | Source = MCUpdate | ID = 0
Description = 8:36:29 AM - Failed to retrieve Directory (Error: The underlying connection
was closed: An unexpected error occurred on a receive.)

Error - 5/19/2010 5:40:30 AM | Computer Name = BECK-PC | Source = MCUpdate | ID = 0
Description = 7:40:30 PM - Error connecting to the internet. 7:40:30 PM - Unable
to contact server..

Error - 5/19/2010 5:40:39 AM | Computer Name = BECK-PC | Source = MCUpdate | ID = 0
Description = 7:40:35 PM - Error connecting to the internet. 7:40:35 PM - Unable
to contact server..

Error - 5/19/2010 6:40:44 AM | Computer Name = BECK-PC | Source = MCUpdate | ID = 0
Description = 8:40:44 PM - Error connecting to the internet. 8:40:44 PM - Unable
to contact server..

Error - 5/19/2010 6:40:51 AM | Computer Name = BECK-PC | Source = MCUpdate | ID = 0
Description = 8:40:49 PM - Error connecting to the internet. 8:40:49 PM - Unable
to contact server..

Error - 5/19/2010 7:40:56 AM | Computer Name = BECK-PC | Source = MCUpdate | ID = 0
Description = 9:40:55 PM - Error connecting to the internet. 9:40:55 PM - Unable
to contact server..

Error - 5/19/2010 7:41:02 AM | Computer Name = BECK-PC | Source = MCUpdate | ID = 0
Description = 9:41:01 PM - Error connecting to the internet. 9:41:01 PM - Unable
to contact server..

Error - 7/14/2010 6:47:50 AM | Computer Name = BECK-PC | Source = MCUpdate | ID = 0
Description = 8:47:50 PM - Error connecting to the internet. 8:47:50 PM - Unable
to contact server..

Error - 7/14/2010 6:48:03 AM | Computer Name = BECK-PC | Source = MCUpdate | ID = 0
Description = 8:47:56 PM - Error connecting to the internet. 8:47:56 PM - Unable
to contact server..

[ System Events ]
Error - 3/7/2012 5:14:04 AM | Computer Name = BECK | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 3/7/2012 5:14:04 AM | Computer Name = BECK | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 3/8/2012 7:54:17 AM | Computer Name = BECK | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 3/9/2012 6:30:29 AM | Computer Name = BECK | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 3/9/2012 6:30:29 AM | Computer Name = BECK | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 3/9/2012 7:26:12 AM | Computer Name = BECK | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 3/9/2012 7:29:46 AM | Computer Name = BECK | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:27:07 PM on ?9/?03/?2012 was unexpected.

Error - 3/9/2012 7:29:38 AM | Computer Name = BECK | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 3/9/2012 7:29:38 AM | Computer Name = BECK | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 3/9/2012 7:39:06 AM | Computer Name = BECK | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.


< End of report >



Thanks heaps...
  • 0

#5
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

How is your computer?
I didn't find nothing on your system but to make sure, do a full scan with the ESET Online Scanner

Disable your antivirus software
  • Acess the Eset Online Scanner website using Internet Explorer navigator.
    http://www.eset.com/...escan/index.php
  • Do the scan according the image:

    Posted Image
  • At the end, check the box "Delete Quarantined files" and click in [FINISH]
  • It will be generated a log in C:\Program Files\EsetOnlineScanner\Log.txt
    PS: If you didn't find the log.txt file in \EsetOnlineScanner\, look on \Program Files\Eset\EsetOnlineScanner\log.txt
  • Post that log.

  • 0

#6
beckathawrecka

beckathawrecka

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
thanks heaps for your help. my computer seems to be running ok...im a bit hesitant to do anything much on it until i know its all clear. by the way, do you happen to know if either of the viruses my computer found would be responsible for capturing my internet banking ids...i couldnt find anything online about what those particular viruses actually did but im assuming it was one of these that caused the problems.

Ok so i ran the scan. It actually wouldnt let me do it using internet explorer so i had to use google chrome to do it. below is the log file. im a bit worried that it found 2 (new) viruses. thanks again for all your help.

[email protected] as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=68f20b930e607c4eb811ddd6aaf25cee
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-03-11 12:31:27
# local_time=2012-03-11 10:31:27 (+1000, E. Australia Standard Time)
# country="Australia"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1792 16777215 100 0 6261080 6261080 0 0
# compatibility_mode=5893 16776573 100 94 169282 83089875 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=210925
# found=2
# cleaned=2
# scan_time=10404
C:\Users\BECK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6X8S4AOQ\download[1].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q2YIGN6T\download[1].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
  • 0

#7
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi

.im a bit hesitant to do anything much on it until i know its all clear. by the way, do you happen to know if either of the viruses my computer found would be responsible for capturing my internet banking ids...i couldnt find anything online about what those particular viruses actually did but im assuming it was one of these that caused the problems.

Ok so i ran the scan. It actually wouldnt let me do it using internet explorer so i had to use google chrome to do it. below is the log file. im a bit worried that it found 2 (new) viruses. thanks again for all your help.

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Don't worry, your computer looks like clean now.

Now the best part of the day ----- Your log now appears clean

The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [EMPTYFLASH]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

SPRING CLEAN

To manually create a new Restore Point
  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

Now we can purge the infected ones
  • GoStart > All programs > Accessories > system tools
  • Right click Disc cleanup and select run as administrator
  • Select Your main drive and accept the warning if you get one
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Posted Image Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

Keep safe.


  • 0

#8
beckathawrecka

beckathawrecka

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
thanks very much for your help. i had problems running step 1 of ur latest post - it kept saying it couldnt do the host files. but all else went fine.

have a nice day and thanks again :)
  • 0

#9
NeonFx

NeonFx

    Malware Removal Dude

  • Expert
  • 3,797 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP