Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

FBI got me! Moneypak.. frozen screen [Solved]


  • This topic is locked This topic is locked

#1
Chaze

Chaze

    Member

  • Member
  • PipPipPip
  • 154 posts
Just what the title reads. I will search here for a solution for the meanwhile. I cant get past my desktop screen without the fbi malware thingy freezing my laptop.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-12-2012 (ATTENTION: FRST version is 7 days old)
Ran by SYSTEM at 07-01-2013 11:39:22
Running from F:\
Windows Vista ™ Home Premium Service Pack 1 (X86) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [61440 2008-01-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start [417792 2008-04-29] (Chicony)
HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-12-06] (Synaptics, Inc.)
HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [431456 2008-02-06] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe [54608 2007-10-31] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [448080 2007-06-15] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [716800 2008-03-19] (TOSHIBA Corporation)
HKLM\...\Run: [jswtrayutil] "C:\Program Files\Jumpstart\jswtrayutil.exe" [x]
HKLM\...\Run: [NDSTray.exe] NDSTray.exe [x]
HKLM\...\Run: [cfFncEnabler.exe] cfFncEnabler.exe [x]
HKLM\...\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe [2042208 2011-10-30] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM\...\Run: [Skytel] Skytel.exe [x]
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-03-29] (Adobe Systems Incorporated)
HKLM\...\Run: [vmware-tray] "C:\Program Files\VMware\VMware Workstation\vmware-tray.exe" [72240 2007-10-08] (VMware, Inc.)
HKLM\...\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Workstation\hqtray.exe" [55856 2007-10-08] (VMware, Inc.)
HKLM\...\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot [296096 2012-10-02] (RealNetworks, Inc.)
HKU\Chaze\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2008-04-24] (TOSHIBA)
HKU\Chaze\...\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-01-20] (Google Inc.)
HKU\Chaze\...\Run: [Aim6] [x]
HKU\Chaze\...\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun [3481408 2012-02-13] (DT Soft Ltd)
HKU\Chaze\...\Run: [dplaysvr] C:\Users\Chaze\AppData\Local\dplaysvr.exe [x]
HKU\Chaze\...\Run: [Adobe ARM] "C:\ProgramData\ifgxpers.exe" [79600 2013-01-07] (?????????? ??????????)
HKU\Chaze\...\Policies\system: [LogonHoursAction] 2
HKU\Chaze\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Default\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2008-04-24] (TOSHIBA)
HKU\Default User\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2008-04-24] (TOSHIBA)
HKU\others\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2008-04-24] (TOSHIBA)
HKU\others\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-01-20] (Google Inc.)
HKU\others\...\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe -update activex [x]
HKU\others\...\Policies\system: [LogonHoursAction] 2
HKU\others\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Tcpip\Parameters: [DhcpNameServer] 167.206.251.129 167.206.251.130
AppInit_DLLs: c:\progra~2\browse~1\24897~1.175\{61d8b~1\browse~1.dll avgrsstx.dll

==================== Services (Whitelisted) ===================

2 avg8wd; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [297752 2009-09-28] (AVG Technologies CZ, s.r.o.)
2 Browser Manager; C:\ProgramData\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe [2400800 2012-11-02] ()
2 ConfigFree Service; "C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe" [40960 2008-04-16] (TOSHIBA CORPORATION)
2 db2ntsecserver; C:\Windows\System32\lvusbsta.dll [5632 2008-01-20] (Oak Technology Inc.) ATTENTION! ====> ZeroAccess
3 GameConsoleService; "C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe" [165416 2008-01-29] (WildTangent, Inc.)
3 jswpsapi; C:\Program Files\Jumpstart\jswpsapi.exe [954368 2008-04-16] (Atheros Communications, Inc.)
3 MozillaMaintenance; "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" [114144 2012-09-05] (Mozilla Foundation)
2 MREMP50; C:\Windows\System32\W700mdfl.dll [5632 2008-01-20] ()
2 openexec; C:\\OpenBase/bin/openexec.exe [731853 2008-06-07] ()
2 pinger; C:\TOSHIBA\IVP\ISM\pinger.exe [136816 2007-01-25] ()
3 SmartFaceVWatchSrv; "C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe" [73728 2008-04-24] (Toshiba)
2 TosCoSrv; "C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe" [431456 2008-02-06] (TOSHIBA Corporation)
2 TOSHIBA SMART Log Service; "C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe" [126976 2007-12-03] (TOSHIBA Corporation)
2 Viewpoint Manager Service; "C:\Program Files\Viewpoint\Common\ViewpointService.exe" [24652 2007-01-04] (Viewpoint Corporation)
2 VMAuthdService; "C:\Program Files\VMware\VMware Workstation\vmware-authd.exe" [109104 2007-10-08] (VMware, Inc.)
2 VMnetDHCP; C:\Windows\system32\vmnetdhcp.exe [121392 2007-10-08] (VMware, Inc.)
2 vmount2; "C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe" [269104 2007-03-23] (VMware, Inc.)
2 VMware NAT Service; C:\Windows\system32\vmnat.exe [150064 2007-10-08] (VMware, Inc.)
2 3c1807pd; C:\Windows\System32\se26nd5.dll [x]
2 acmservice; C:\Windows\System32\parvdm.dll [x]
2 agpcpq; C:\Windows\System32\ssfs0509.dll [x]
2 agrsrvce; C:\Windows\System32\pgpserv.dll [x]
2 appnnode; C:\Windows\System32\61883.dll [x]
2 ASFWHide; C:\Windows\System32\SaiU040B.dll [x]
2 aslm75; C:\Windows\System32\logonsvcid.dll [x]
2 ASNDIS5; C:\Windows\System32\osaio.dll [x]
2 ASUSVRC; C:\Windows\System32\ADSMService.dll [x]
2 AVCSTRM; C:\Windows\System32\s217bus.dll [x]
2 AVerBDA; C:\Windows\System32\swupdtmr.dll [x]
2 avgio; C:\Windows\System32\bdselfpr.dll [x]
2 bcm43xx; C:\Windows\System32\ihcservice.dll [x]
2 bcserver; C:\Windows\System32\SNMPTRAP.dll [x]
2 bc_filter; C:\Windows\System32\a016bus.dll [x]
2 caccprovsp; C:\Windows\System32\relational.dll [x]
2 ccpwdsvc; C:\Windows\System32\zpjava.dll [x]
2 COMMONFX.DLL; C:\Windows\System32\PcdrNt.dll [x]
2 cs429x; C:\Windows\System32\WmVirHid.dll [x]
2 CSDriver; C:\Windows\System32\VNUSB.dll [x]
2 CTMSHD; C:\Windows\System32\dmio.dll [x]
2 db2remotecmd; C:\Windows\System32\tsircsrv.dll [x]
2 DeviceScanner; C:\Windows\System32\forcewarewebinterface.dll [x]
2 df5serv; C:\Windows\System32\magictuneengine.dll [x]
2 DgiVecp; C:\Windows\System32\PTDCBus.dll [x]
2 dlartl_n; C:\Windows\System32\ccsetmgr.dll [x]
2 dnsexit; C:\Windows\System32\nvnetbus.dll [x]
2 dsunidrv; C:\Windows\System32\policyagent.dll [x]
2 E1000; C:\Windows\System32\scdemu.dll [x]
2 EhttpSrv; C:\Windows\System32\wmccds.dll [x]
2 elockservice; C:\Windows\System32\BASFND.dll [x]
2 emupia; C:\Windows\System32\ELmou.dll [x]
2 FastUserSwitchingCompatibility; C:\Windows\system32\FastUserSwitchingCompatibilityex.dll [x]
2 FiltUSBEMPIA; C:\Windows\System32\aic78u2.dll [x]
2 ggsemc; C:\Windows\System32\wampapache.dll [x]
2 IFPUSB; C:\Windows\System32\winpower.dll [x]
2 InCDsrvR; C:\Windows\System32\ovt519.dll [x]
2 ipodsrv; C:\Windows\System32\vpcnfltr.dll [x]
2 iwebcal; C:\Windows\System32\tsmservice.dll [x]
2 JGOGO; C:\Windows\System32\Defrag32.dll [x]
2 lexbces; C:\Windows\System32\pxfhserd.dll [x]
2 lvselsus; C:\Windows\System32\ql1280.dll [x]
2 lxrjd31d; C:\Windows\System32\ELhid.dll [x]
2 mcods; C:\Windows\System32\psched.dll [x]
2 mcontrol; C:\Windows\System32\NVXBAR.dll [x]
2 mcpromgr; C:\Windows\System32\EU3_USB.dll [x]
2 mcredirector; C:\Windows\System32\UlSata.dll [x]
2 mgabg; C:\Windows\System32\pcctlcom.dll [x]
2 mrpostman; C:\Windows\System32\cmbatt.dll [x]
2 mwlsvc; C:\Windows\System32\s7oppitx.dll [x]
2 NetworkLog; C:\Windows\svcs.exe [x]
2 nidomainservice; C:\Windows\System32\p17.dll [x]
2 nvenetfd; C:\Windows\System32\osanbm.dll [x]
2 nwlnknb; C:\Windows\System32\livesrv.dll [x]
2 parallel; C:\Windows\System32\oracledbconsoleorcl.dll [x]
2 pavatscheduler; C:\Windows\System32\AKSIFDH.dll [x]
2 phc600; C:\Windows\System32\AeLookupSvc.dll [x]
2 pnarp; C:\Windows\System32\GT680x.dll [x]
2 ProcObsrv; C:\Windows\System32\MTDVC2.dll [x]
2 razerusb; C:\Windows\System32\nfmservice.dll [x]
2 rmedia; C:\Windows\System32\isdrv122.dll [x]
2 rsvchost; C:\Windows\System32\TryAndDecideService.dll [x]
2 rwbackupsrv; C:\Windows\System32\nsm1mdfl.dll [x]
2 SaiH040B; C:\Windows\System32\PNRPSvc.dll [x]
2 SE2Cmdm; C:\Windows\System32\irsir.dll [x]
2 SimpTcp; C:\Windows\System32\tavsvc.dll [x]
2 sisperf; C:\Windows\System32\ATIBTCAP.dll [x]
2 SiSRaid; C:\Windows\System32\acsvc.dll [x]
2 smartwiservice; C:\Windows\System32\ndiscm.dll [x]
2 smserial; C:\Windows\System32\bgmainsvc.dll [x]
2 snpstd; C:\Windows\System32\JiaoCap.dll [x]
2 snpstd2; C:\Windows\System32\eamon.dll [x]
2 Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [x]
2 tbiosdrv; C:\Windows\System32\SE2Emdfl.dll [x]
2 tfsnifs; C:\Windows\System32\openldap-slapd.dll [x]
2 TMBMServer; C:\Windows\System32\kbdclass.dll [x]
2 truecrypt; C:\Windows\System32\UMAXPCLS.dll [x]
2 twotrack; C:\Windows\System32\AsusACPI.dll [x]
2 U81xmdfl; C:\Windows\System32\clcapsvc.dll [x]
2 UDFReadr; C:\Windows\System32\djsnetcn.dll [x]
3 ufad-ws60; "C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe" -d "C:\Program Files\VMware\VMware Workstation\\" -s ufad-p2v.xml [x]
2 viaagp1; C:\Windows\System32\vsdatant.dll [x]
2 WINIO; C:\Windows\System32\VAIOMediaPlatform-MusicServer-UPnP.dll [x]
2 winpowerrmi; C:\Windows\System32\s217mdm.dll [x]

==================== Drivers (Whitelisted) ====================

1 AvgLdx86; C:\Windows\System32\Drivers\avgldx86.sys [335240 2009-09-28] (AVG Technologies CZ, s.r.o.)
1 AvgMfx86; C:\Windows\System32\Drivers\avgmfx86.sys [27784 2009-09-28] (AVG Technologies CZ, s.r.o.)
1 AvgTdiX; C:\Windows\System32\Drivers\avgtdix.sys [108552 2009-06-09] (AVG Technologies CZ, s.r.o.)
2 DirectNT; C:\Windows\System32\Drivers\DirectNT.sys [3424 1996-12-04] (c't)
1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2012-04-11] (DT Soft Ltd)
2 hcmon; \??\C:\Windows\system32\Drivers\hcmon.sys [34864 2007-10-08] (VMware, Inc.)
1 i8042prt; C:\Windows\System32\DRIVERS\i8042prt.sys [54784 2008-01-20] ()
1 SCDEmu; C:\Windows\System32\Drivers\SCDEmu.sys [112096 2012-05-02] (Power Software Ltd)
0 sptd; C:\Windows\System32\Drivers\sptd.sys [473656 2012-03-05] (Duplex Secure Ltd.)
3 Svk2pl; C:\Windows\System32\DRIVERS\Svk2pl.sys [81408 2010-04-01] (Gigaware)
3 SVRPEDRV; \??\C:\Windows\System32\sysprep\PEDrv.sys [9216 2008-01-18] (Inventec Corporation)
3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [18432 2007-12-17] (Chicony Electronics Co., Ltd.)
3 vmkbd; \??\C:\Windows\system32\drivers\VMkbd.sys [20912 2007-10-08] (VMware, Inc.)
3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [16816 2007-10-08] (VMware, Inc.)
2 VMnetBridge; C:\Windows\System32\DRIVERS\vmnetbridge.sys [28592 2007-10-08] (VMware, Inc.)
2 VMnetuserif; \??\C:\Windows\system32\drivers\vmnetuserif.sys [25008 2007-10-08] (VMware, Inc.)
2 vmx86; \??\C:\Windows\system32\Drivers\vmx86.sys [924976 2007-10-08] (VMware, Inc.)
2 vstor2; \??\C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys [18480 2007-03-23] (VMware, Inc.)
2 vstor2-ws60; \??\C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys [19248 2007-08-07] (VMware, Inc.)
3 IO_Memory; \??\C:\WINDOWS\SYSTEM32\SYSPREP\Drivers\ioport.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
3 RimUsb; C:\Windows\System32\Drivers\RimUsb.sys [x]

==================== NetSvcs (Whitelisted) ===================

NETSVC: MREMP50 -> C:\Windows\system32\W700mdfl.dll ()
NETSVC: agpcpq -> C:\Windows\system32\ssfs0509.dll ==> No File.
NETSVC: viaagp1 -> C:\Windows\system32\vsdatant.dll ==> No File.
NETSVC: lxrjd31d -> C:\Windows\system32\ELhid.dll ==> No File.
NETSVC: nidomainservice -> C:\Windows\system32\p17.dll ==> No File.
NETSVC: ProcObsrv -> C:\Windows\system32\MTDVC2.dll ==> No File.
NETSVC: SE2Cmdm -> C:\Windows\system32\irsir.dll ==> No File.
NETSVC: snpstd2 -> C:\Windows\system32\eamon.dll ==> No File.
NETSVC: CTMSHD -> C:\Windows\system32\dmio.dll ==> No File.
NETSVC: SimpTcp -> C:\Windows\system32\tavsvc.dll ==> No File.
NETSVC: IFPUSB -> C:\Windows\system32\winpower.dll ==> No File.
NETSVC: ASUSVRC -> C:\Windows\system32\ADSMService.dll ==> No File.
NETSVC: COMMONFX.DLL -> C:\Windows\system32\PcdrNt.dll ==> No File.
NETSVC: bcserver -> C:\Windows\system32\SNMPTRAP.dll ==> No File.
NETSVC: mgabg -> C:\Windows\system32\pcctlcom.dll ==> No File.
NETSVC: iwebcal -> C:\Windows\system32\tsmservice.dll ==> No File.
NETSVC: mcredirector -> C:\Windows\system32\UlSata.dll ==> No File.
NETSVC: TMBMServer -> C:\Windows\system32\kbdclass.dll ==> No File.
NETSVC: snpstd -> C:\Windows\system32\JiaoCap.dll ==> No File.
NETSVC: df5serv -> C:\Windows\system32\magictuneengine.dll ==> No File.
NETSVC: JGOGO -> C:\Windows\system32\Defrag32.dll ==> No File.
NETSVC: razerusb -> C:\Windows\system32\nfmservice.dll ==> No File.
NETSVC: winpowerrmi -> C:\Windows\system32\s217mdm.dll ==> No File.
NETSVC: dsunidrv -> C:\Windows\system32\policyagent.dll ==> No File.
NETSVC: bc_filter -> C:\Windows\system32\a016bus.dll ==> No File.
NETSVC: mcontrol -> C:\Windows\system32\NVXBAR.dll ==> No File.
NETSVC: rwbackupsrv -> C:\Windows\system32\nsm1mdfl.dll ==> No File.
NETSVC: SiSRaid -> C:\Windows\system32\acsvc.dll ==> No File.
NETSVC: mwlsvc -> C:\Windows\system32\s7oppitx.dll ==> No File.
NETSVC: lexbces -> C:\Windows\system32\pxfhserd.dll ==> No File.
NETSVC: avgio -> C:\Windows\system32\bdselfpr.dll ==> No File.
NETSVC: parallel -> C:\Windows\system32\oracledbconsoleorcl.dll ==> No File.
NETSVC: ASNDIS5 -> C:\Windows\system32\osaio.dll ==> No File.
NETSVC: dnsexit -> C:\Windows\system32\nvnetbus.dll ==> No File.
NETSVC: WINIO -> C:\Windows\system32\VAIOMediaPlatform-MusicServer-UPnP.dll ==> No File.
NETSVC: E1000 -> C:\Windows\system32\scdemu.dll ==> No File.
NETSVC: sisperf -> C:\Windows\system32\ATIBTCAP.dll ==> No File.
NETSVC: 3c1807pd -> C:\Windows\system32\se26nd5.dll ==> No File.
NETSVC: smserial -> C:\Windows\system32\bgmainsvc.dll ==> No File.
NETSVC: ASFWHide -> C:\Windows\system32\SaiU040B.dll ==> No File.
NETSVC: se2Cunic -> No Registry Path.
NETSVC: mnsframework -> No Registry Path.
NETSVC: mcstrm -> No Registry Path.
NETSVC: icm10blk -> No Registry Path.
NETSVC: roxupnprenderer -> No Registry Path.
NETSVC: DCamUSBSQTECH -> No Registry Path.
NETSVC: usbvm321 -> No Registry Path.
NETSVC: WNIPROT5 -> No Registry Path.
NETSVC: SaiH040B -> C:\Windows\system32\PNRPSvc.dll ==> No File.
NETSVC: portio -> No Registry Path.
NETSVC: kbfiltr -> No Registry Path.
NETSVC: db2ntsecserver -> C:\Windows\system32\lvusbsta.dll (Oak Technology Inc.) ATTENTION! ====> ZeroAccess
NETSVC: issvc -> No Registry Path.
NETSVC: Usb20Scan -> No Registry Path.
NETSVC: FireTDI -> No Registry Path.
NETSVC: tfsnudf -> No Registry Path.
NETSVC: pacsptisvr -> No Registry Path.
NETSVC: NSSvcMgr -> No Registry Path.
NETSVC: nwlnkspx -> No Registry Path.
NETSVC: rnadirectory -> No Registry Path.
NETSVC: asp.net_2.0.50727 -> No Registry Path.
NETSVC: lvuvc -> No Registry Path.
NETSVC: cs429x -> C:\Windows\system32\WmVirHid.dll ==> No File.
NETSVC: mrpostman -> C:\Windows\system32\cmbatt.dll ==> No File.
NETSVC: aslm75 -> C:\Windows\system32\logonsvcid.dll ==> No File.
NETSVC: rmedia -> C:\Windows\system32\isdrv122.dll ==> No File.
NETSVC: lvselsus -> C:\Windows\system32\ql1280.dll ==> No File.
NETSVC: rsvchost -> C:\Windows\system32\TryAndDecideService.dll ==> No File.
NETSVC: caccprovsp -> C:\Windows\system32\relational.dll ==> No File.
NETSVC: nwlnknb -> C:\Windows\system32\livesrv.dll ==> No File.
NETSVC: elockservice -> C:\Windows\system32\BASFND.dll ==> No File.
NETSVC: CSDriver -> C:\Windows\system32\VNUSB.dll ==> No File.
NETSVC: tbiosdrv -> C:\Windows\system32\SE2Emdfl.dll ==> No File.
NETSVC: bcm43xx -> C:\Windows\system32\ihcservice.dll ==> No File.
NETSVC: EhttpSrv -> C:\Windows\system32\wmccds.dll ==> No File.
NETSVC: smartwiservice -> C:\Windows\system32\ndiscm.dll ==> No File.
NETSVC: emupia -> C:\Windows\system32\ELmou.dll ==> No File.
NETSVC: mcpromgr -> C:\Windows\system32\EU3_USB.dll ==> No File.
NETSVC: tfsnifs -> C:\Windows\system32\openldap-slapd.dll ==> No File.
NETSVC: FiltUSBEMPIA -> C:\Windows\system32\aic78u2.dll ==> No File.
NETSVC: ccpwdsvc -> C:\Windows\system32\zpjava.dll ==> No File.
NETSVC: dlartl_n -> C:\Windows\system32\ccsetmgr.dll ==> No File.
NETSVC: DeviceScanner -> C:\Windows\system32\forcewarewebinterface.dll ==> No File.
NETSVC: agrsrvce -> C:\Windows\system32\pgpserv.dll ==> No File.
NETSVC: AVCSTRM -> C:\Windows\system32\s217bus.dll ==> No File.
NETSVC: twotrack -> C:\Windows\system32\AsusACPI.dll ==> No File.
NETSVC: nvenetfd -> C:\Windows\system32\osanbm.dll ==> No File.
NETSVC: db2remotecmd -> C:\Windows\system32\tsircsrv.dll ==> No File.
NETSVC: pnarp -> C:\Windows\system32\GT680x.dll ==> No File.
NETSVC: ipodsrv -> C:\Windows\system32\vpcnfltr.dll ==> No File.
NETSVC: truecrypt -> C:\Windows\system32\UMAXPCLS.dll ==> No File.
NETSVC: mcods -> C:\Windows\system32\psched.dll ==> No File.
NETSVC: UDFReadr -> C:\Windows\system32\djsnetcn.dll ==> No File.
NETSVC: DgiVecp -> C:\Windows\system32\PTDCBus.dll ==> No File.
NETSVC: appnnode -> C:\Windows\system32\61883.dll ==> No File.
NETSVC: acmservice -> C:\Windows\system32\parvdm.dll ==> No File.
NETSVC: pavatscheduler -> C:\Windows\system32\AKSIFDH.dll ==> No File.
NETSVC: U81xmdfl -> C:\Windows\system32\clcapsvc.dll ==> No File.
NETSVC: ggsemc -> C:\Windows\system32\wampapache.dll ==> No File.
NETSVC: InCDsrvR -> C:\Windows\system32\ovt519.dll ==> No File.
NETSVC: phc600 -> C:\Windows\system32\AeLookupSvc.dll ==> No File.
NETSVC: AVerBDA -> C:\Windows\system32\swupdtmr.dll ==> No File.

==================== One Month Created Files and Folders ========

2013-01-07 11:39 - 2013-01-07 11:39 - 00000000 ____D C:\FRST
2013-01-07 08:17 - 2013-01-07 08:17 - 00000000 ____D C:\Windows\pss
2013-01-07 08:00 - 2013-01-07 08:00 - 00751078 ____A C:\Users\All Users\1.bmp
2013-01-07 07:30 - 2013-01-07 07:30 - 00079600 ____A (?????????? ??????????) C:\Users\All Users\ifgxpers.exe
2013-01-01 00:03 - 2012-12-16 05:12 - 00034304 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2013-01-01 00:03 - 2012-12-16 02:50 - 00293376 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2012-12-29 00:16 - 2013-01-07 08:04 - 00000376 ____A C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Chaze.job
2012-12-29 00:16 - 2013-01-07 08:03 - 00000370 ____A C:\Windows\Tasks\ReclaimerUpdateFiles_Chaze.job
2012-12-29 00:16 - 2013-01-07 05:26 - 00000366 ____A C:\Windows\Tasks\ReclaimerUpdateXML_Chaze.job
2012-12-14 21:04 - 2012-12-15 11:34 - 00019746 ____A C:\Users\Chaze\Desktop\Final comp sci.odt
2012-12-13 00:20 - 2012-11-13 18:48 - 12320256 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-12-13 00:20 - 2012-11-13 18:14 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-12-13 00:20 - 2012-11-13 18:09 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-12-13 00:20 - 2012-11-13 17:58 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-12-13 00:20 - 2012-11-13 17:57 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-12-13 00:20 - 2012-11-13 17:57 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-12-13 00:20 - 2012-11-13 17:55 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-12-13 00:20 - 2012-11-13 17:51 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-12-13 00:20 - 2012-11-13 17:49 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-12-13 00:20 - 2012-11-13 17:49 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-12-13 00:20 - 2012-11-13 17:48 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-12-13 00:20 - 2012-11-13 17:47 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-12-13 00:20 - 2012-11-13 17:46 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-12-13 00:20 - 2012-11-13 17:45 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-12-13 00:20 - 2012-11-13 17:44 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-12-13 00:20 - 2012-11-13 17:41 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-12-13 00:10 - 2012-07-25 19:39 - 00526952 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2012-12-13 00:10 - 2012-07-25 19:39 - 00047720 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
2012-12-13 00:10 - 2012-07-25 19:21 - 00196608 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe
2012-12-13 00:10 - 2012-07-25 19:20 - 00613888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll
2012-12-13 00:10 - 2012-07-25 19:20 - 00172032 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll
2012-12-13 00:10 - 2012-07-25 19:20 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll
2012-12-13 00:10 - 2012-07-25 19:20 - 00038912 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll
2012-12-13 00:10 - 2012-07-25 18:46 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll
2012-12-13 00:10 - 2012-07-25 18:33 - 00066560 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
2012-12-13 00:10 - 2012-07-25 18:32 - 00155136 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
2012-12-13 00:10 - 2012-06-02 06:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2012-12-13 00:10 - 2012-06-02 06:34 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2012-12-13 00:10 - 2009-07-14 04:12 - 00016896 ____A (Microsoft Corporation) C:\Windows\System32\winusb.dll
2012-12-12 06:49 - 2012-12-12 06:49 - 15728568 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerInstaller.exe
2012-12-11 22:30 - 2012-11-12 17:36 - 02048000 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-12-11 22:30 - 2012-11-12 17:29 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-12-11 22:30 - 2012-11-02 02:18 - 00376320 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll
2012-12-11 22:30 - 2012-11-02 00:26 - 00023040 ____A (Microsoft Corporation) C:\Windows\System32\dpnsvr.exe
2012-12-11 22:30 - 2012-09-28 08:11 - 00892928 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-12-11 22:30 - 2012-08-21 03:47 - 00224640 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\volsnap.sys
2012-12-10 20:37 - 2012-12-10 21:32 - 00000641 ____A C:\Users\Chaze\Desktop\1problem5.py
2012-12-10 20:35 - 2012-12-12 09:44 - 00000000 ____D C:\Users\Chaze\Desktop\python
2012-12-10 20:33 - 2012-12-10 20:36 - 00000755 ____A C:\Users\Chaze\Desktop\problem5.py
2012-12-10 20:26 - 2012-12-10 20:26 - 00000121 ____A C:\Users\Chaze\Desktop\starsfinalforpro.txt

==================== One Month Modified Files and Folders ========

2013-01-07 08:17 - 2013-01-07 08:17 - 00000000 ____D C:\Windows\pss
2013-01-07 08:14 - 2006-11-02 02:33 - 00707664 ____A C:\Windows\System32\PerfStringBackup.INI
2013-01-07 08:06 - 2012-03-06 07:19 - 00000000 ____D C:\Users\Chaze\AppData\Roaming\VMware
2013-01-07 08:04 - 2012-12-29 00:16 - 00000376 ____A C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Chaze.job
2013-01-07 08:04 - 2012-03-06 07:11 - 00000000 ____D C:\Users\All Users\VMware
2013-01-07 08:04 - 2010-06-15 14:25 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-01-07 08:03 - 2012-12-29 00:16 - 00000370 ____A C:\Windows\Tasks\ReclaimerUpdateFiles_Chaze.job
2013-01-07 08:03 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-01-07 08:03 - 2006-11-02 04:47 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-01-07 08:03 - 2006-11-02 04:47 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-01-07 08:01 - 2012-04-05 07:51 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-01-07 08:00 - 2013-01-07 08:00 - 00751078 ____A C:\Users\All Users\1.bmp
2013-01-07 07:50 - 2010-06-15 14:25 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-01-07 07:30 - 2013-01-07 07:30 - 00079600 ____A (?????????? ??????????) C:\Users\All Users\ifgxpers.exe
2013-01-07 06:32 - 2009-06-09 16:40 - 00000000 ____D C:\Windows\System32\Drivers\Avg
2013-01-07 05:36 - 2009-01-20 17:48 - 01717081 ____A C:\Windows\WindowsUpdate.log
2013-01-07 05:26 - 2012-12-29 00:16 - 00000366 ____A C:\Windows\Tasks\ReclaimerUpdateXML_Chaze.job
2013-01-07 05:24 - 2010-06-15 14:25 - 00000680 ____A C:\Users\Chaze\AppData\Local\d3d9caps.dat
2013-01-02 08:28 - 2011-04-17 08:48 - 00000000 ___HD C:\$AVG8.VAULT$
2013-01-02 08:19 - 2006-11-02 05:01 - 00032548 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-01-01 00:23 - 2006-11-02 04:47 - 00391712 ____A C:\Windows\System32\FNTCACHE.DAT
2012-12-19 06:31 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\rescache
2012-12-16 05:12 - 2013-01-01 00:03 - 00034304 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2012-12-16 02:50 - 2013-01-01 00:03 - 00293376 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2012-12-15 11:34 - 2012-12-14 21:04 - 00019746 ____A C:\Users\Chaze\Desktop\Final comp sci.odt
2012-12-14 19:59 - 2012-10-02 07:32 - 00001982 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-12-14 19:45 - 2008-01-20 18:47 - 00087076 ____A C:\Windows\PFRO.log
2012-12-13 00:02 - 2006-11-02 02:24 - 65087872 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-12-12 09:44 - 2012-12-10 20:35 - 00000000 ____D C:\Users\Chaze\Desktop\python
2012-12-12 09:23 - 2012-10-04 08:26 - 00000000 ____D C:\Users\Chaze\AppData\Local\Microsoft Help
2012-12-12 06:49 - 2012-12-12 06:49 - 15728568 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerInstaller.exe
2012-12-12 06:49 - 2012-04-05 07:51 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-12-12 06:49 - 2011-09-29 04:37 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-12-10 21:32 - 2012-12-10 20:37 - 00000641 ____A C:\Users\Chaze\Desktop\1problem5.py
2012-12-10 20:37 - 2012-11-29 09:49 - 00002185 ____A C:\Users\Chaze\Desktop\IDLE (Python GUI).lnk
2012-12-10 20:36 - 2012-12-10 20:33 - 00000755 ____A C:\Users\Chaze\Desktop\problem5.py
2012-12-10 20:34 - 2012-09-14 06:52 - 00000000 ____D C:\Users\Chaze\Desktop\Ethnic Studies
2012-12-10 20:34 - 2012-03-14 11:36 - 00000000 ____D C:\Users\Chaze\Desktop\bmw stuff
2012-12-10 20:26 - 2012-12-10 20:26 - 00000121 ____A C:\Users\Chaze\Desktop\starsfinalforpro.txt
2012-12-09 20:42 - 2012-11-15 08:43 - 00000000 ____D C:\Users\Chaze\.idlerc


ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-2036848099-160209580-2947422689-1000\$2c568a31310402a22506ad0a4c4feff6

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2012-12-11 22:30] - [2012-08-21 03:47] - 0224640 ____A (Microsoft Corporation) 786DB5771F05EF300390399F626BF30A


==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-09-12 20:30:29
Restore point made on: 2012-09-20 23:02:37
Restore point made on: 2012-09-26 23:02:46
Restore point made on: 2012-10-01 06:10:41
Restore point made on: 2012-10-02 08:12:49
Restore point made on: 2012-10-16 08:12:18
Restore point made on: 2012-10-16 18:19:32
Restore point made on: 2012-10-17 08:51:07
Restore point made on: 2012-10-18 08:29:07
Restore point made on: 2012-10-23 05:09:55
Restore point made on: 2012-11-01 08:26:16
Restore point made on: 2012-11-14 08:11:11
Restore point made on: 2012-11-15 00:01:49
Restore point made on: 2012-11-15 08:40:56
Restore point made on: 2012-11-21 10:55:24
Restore point made on: 2012-12-04 09:09:14
Restore point made on: 2012-12-06 11:05:18
Restore point made on: 2012-12-11 08:34:48
Restore point made on: 2012-12-13 00:02:08
Restore point made on: 2012-12-27 12:52:49
Restore point made on: 2013-01-01 00:03:06

==================== Memory info ===========================

Percentage of memory in use: 13%
Total physical RAM: 2813.1 MB
Available physical RAM: 2424.75 MB
Total Pagefile: 2612.97 MB
Available Pagefile: 2476.56 MB
Total Virtual: 2047.88 MB
Available Virtual: 1966.31 MB

==================== Partitions =============================

1 Drive c: (SQ004720V05) (Fixed) (Total:225.52 GB) (Free:131.43 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
3 Drive e: (TOSHIBA SYSTEM VOLUME) (Fixed) (Total:1.46 GB) (Free:1.32 GB) NTFS
4 Drive f: () (Removable) (Total:4.65 GB) (Free:2.87 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 233 GB 0 B
Disk 1 Online 4769 MB 0 B
Disk 2 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 1500 MB 1024 KB
Partition 2 Primary 226 GB 1501 MB
Partition 3 Primary 6040 MB 227 GB

=========================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 E TOSHIBA SYS NTFS Partition 1500 MB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C SQ004720V05 NTFS Partition 226 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 17 (Suspicious Type)
Hidden: Yes
Active: No

There is no volume associated with this partition.

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 4769 MB 32 KB

=========================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 F FAT32 Removable 4769 MB Healthy

=========================================================

Last Boot: 2013-01-07 08:24

==================== End Of Log ============================

Edited by Chaze, 07 January 2013 - 10:43 AM.

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi lets see if we can fix this

Download the attached fixlist.txt to the same location as FRST
[attachment=62332:fixlist.txt]
Re-run FRST as before
Press fix
Once the run has completed the log will be saved to the same place

Reboot to normal windows

Download OTL to your Desktop
Secondary link
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

    Posted Image
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    winsock.*
    /md5stop
    CREATERESTOREPOINT

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

THEN

Download aswMBR.exe ( 4.5mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image


On completion of the scan click save log, save it to your desktop and post in your next reply
  • 0

#3
Chaze

Chaze

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 154 posts
Im currently running the scans you recommended...but I was able to to open explorer by running tdss, then unchecking a few things at start up...I searched on the net and found a few no no's on start up.
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Are you able to access normal mode now ?
  • 0

#5
Chaze

Chaze

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 154 posts
OTL logfile created on: 1/7/2013 1:46:34 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Chaze\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.72 Gb Available Physical Memory | 62.62% Memory free
5.70 Gb Paging File | 4.68 Gb Available in Paging File | 82.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 225.52 Gb Total Space | 128.22 Gb Free Space | 56.85% Space Free | Partition Type: NTFS
Drive E: | 4.65 Gb Total Space | 2.87 Gb Free Space | 61.66% Space Free | Partition Type: FAT32

Computer Name: CHAZE-PC | User Name: Chaze | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/07 13:42:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chaze\Desktop\OTL.exe
PRC - [2012/12/12 09:49:28 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe
PRC - [2012/12/11 18:20:50 | 000,542,104 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2012/11/02 14:00:42 | 002,400,800 | ---- | M] () -- C:\ProgramData\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe
PRC - [2012/10/02 10:34:18 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2011/10/30 05:03:06 | 002,042,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2010/05/14 10:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2009/09/28 08:10:06 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/09/28 08:10:02 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/09/28 08:09:53 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/04/24 21:35:46 | 000,073,728 | ---- | M] (Toshiba) -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
PRC - [2008/04/24 15:03:12 | 000,430,080 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2008/04/17 02:21:24 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2008/04/17 02:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2008/04/17 02:19:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2008/04/11 03:51:58 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/04/08 18:14:50 | 006,037,504 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/03/19 16:35:44 | 000,716,800 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2008/02/06 16:52:52 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2008/02/06 16:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2008/01/20 21:24:43 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
PRC - [2007/12/03 20:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
PRC - [2007/11/21 20:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2007/10/23 18:27:16 | 000,066,928 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
PRC - [2007/10/08 08:27:04 | 000,072,240 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
PRC - [2007/10/08 08:26:52 | 000,150,064 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe
PRC - [2007/10/08 08:26:50 | 000,121,392 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe
PRC - [2007/10/08 08:26:38 | 000,055,856 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\hqtray.exe
PRC - [2007/10/08 08:26:28 | 000,109,104 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
PRC - [2007/06/16 00:01:58 | 000,448,080 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2007/03/23 09:02:52 | 000,269,104 | ---- | M] (VMware, Inc.) -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
PRC - [2007/01/25 20:47:50 | 000,136,816 | ---- | M] () -- C:\TOSHIBA\IVP\ISM\pinger.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/10/05 15:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/15 11:51:06 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0a92eca8267a46afdb9acb1b1f70a3e0\System.Web.ni.dll
MOD - [2012/11/15 11:50:46 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\2633dbf77be293b3a8693b6b062fd787\System.Runtime.Remoting.ni.dll
MOD - [2012/11/15 03:47:13 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\741164a3e36f879b9f9e3ff176465127\System.Xml.ni.dll
MOD - [2012/11/15 03:46:34 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\22e554f2c4da53c07e4815a24e2d50e2\System.Windows.Forms.ni.dll
MOD - [2012/11/15 03:46:12 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2c6cd37f29fc76d6c2ed6bbed202d82c\System.Drawing.ni.dll
MOD - [2012/11/15 03:43:54 | 007,976,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b2052acbbbba4f98585196872195e009\System.ni.dll
MOD - [2012/11/15 03:43:36 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7ad9c44df3b85848590e63f13fc59804\mscorlib.ni.dll
MOD - [2012/11/02 14:00:42 | 002,400,800 | ---- | M] () -- C:\ProgramData\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe
MOD - [2011/08/30 16:25:44 | 000,016,832 | ---- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\ViewerPS.dll
MOD - [2009/01/20 20:00:39 | 001,679,360 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3034.36909__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2009/01/20 20:00:39 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3034.36868__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2009/01/20 20:00:39 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3034.36922__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2009/01/20 20:00:39 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3034.36901__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2009/01/20 20:00:39 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3034.36888__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2009/01/20 20:00:38 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3034.37102__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2009/01/20 20:00:38 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3034.37066__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2009/01/20 20:00:38 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3034.37022__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2009/01/20 20:00:37 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3034.37132__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2009/01/20 20:00:11 | 000,352,256 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3034.37074__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2009/01/20 20:00:11 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3034.37138__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2009/01/20 20:00:11 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3034.37080__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2009/01/20 20:00:11 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3034.36881__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2009/01/20 20:00:11 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3034.37073__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2009/01/20 20:00:10 | 000,147,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3034.37131__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll
MOD - [2009/01/20 20:00:10 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3034.37130__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2009/01/20 20:00:09 | 000,802,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3034.37030__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2009/01/20 20:00:09 | 000,585,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3034.36935__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2009/01/20 20:00:09 | 000,479,232 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3034.37023__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2009/01/20 20:00:09 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3034.36889__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2009/01/20 20:00:09 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3034.37094__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2009/01/20 20:00:09 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3034.37059__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2009/01/20 20:00:09 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3034.36941__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2009/01/20 20:00:09 | 000,217,088 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3034.36928__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2009/01/20 20:00:09 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3034.37045__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2009/01/20 20:00:09 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3034.37030__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2009/01/20 20:00:09 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3034.37022__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2009/01/20 20:00:09 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3034.36941__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2009/01/20 20:00:09 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3034.37044__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2009/01/20 20:00:09 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3034.37058__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2009/01/20 20:00:08 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3034.37030__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2009/01/20 20:00:08 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2009/01/20 20:00:08 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2939.23679__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2009/01/20 20:00:08 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2939.23767__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2009/01/20 20:00:08 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2939.23710__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2009/01/20 20:00:08 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2939.23768__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2009/01/20 20:00:08 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2009/01/20 20:00:07 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2939.23668__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2009/01/20 20:00:07 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2939.23689__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2009/01/20 20:00:07 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2009/01/20 20:00:07 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2939.23764__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2009/01/20 20:00:07 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2939.23662__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2009/01/20 20:00:07 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2939.23802__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2009/01/20 20:00:07 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2939.23667__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2009/01/20 20:00:07 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2939.23717__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2009/01/20 20:00:07 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2939.23693__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2009/01/20 20:00:07 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2939.23687__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2009/01/20 20:00:07 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2939.23679__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2009/01/20 20:00:07 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2939.23707__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2009/01/20 20:00:07 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2939.23717__90ba9c70f846762e\DEM.OS.dll
MOD - [2009/01/20 20:00:07 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2009/01/20 20:00:07 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2939.23718__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2009/01/20 20:00:07 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2009/01/20 20:00:07 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2939.23688__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2009/01/20 20:00:07 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2939.23734__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2009/01/20 20:00:07 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2939.23718__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2009/01/20 20:00:06 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2965.22300__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2009/01/20 20:00:06 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2939.23743__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2009/01/20 20:00:06 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2939.23739__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2009/01/20 20:00:06 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2939.23740__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2009/01/20 20:00:06 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2939.23738__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2009/01/20 20:00:06 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2939.23742__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2009/01/20 20:00:06 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2939.23708__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2009/01/20 20:00:06 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2939.23763__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2009/01/20 20:00:06 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2939.23735__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2009/01/20 20:00:06 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2009/01/20 20:00:06 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2939.23741__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2009/01/20 20:00:06 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2939.23711__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2009/01/20 20:00:06 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2009/01/20 20:00:05 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2939.23665__90ba9c70f846762e\AEM.Foundation.dll
MOD - [2009/01/20 20:00:05 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2009/01/20 20:00:05 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2939.23709__90ba9c70f846762e\APM.Foundation.dll
MOD - [2009/01/20 20:00:05 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2009/01/20 19:59:55 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3034.36895__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2009/01/20 19:59:55 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3034.37123__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2009/01/20 19:59:55 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3034.37122__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2009/01/20 19:59:55 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2939.23678__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2009/01/20 19:59:55 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3034.37150__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2009/01/20 19:59:55 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2939.23679__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2009/01/20 19:59:55 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2939.23694__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2009/01/20 19:59:55 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2939.23712__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2009/01/20 19:59:55 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.2939.23677__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll
MOD - [2009/01/20 19:59:55 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3034.36860__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2009/01/20 19:59:54 | 001,511,424 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3034.36876__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2009/01/20 19:59:54 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3034.36861__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2009/01/20 19:59:54 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3034.36861__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2009/01/20 19:59:54 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3034.36859__90ba9c70f846762e\APM.Server.dll
MOD - [2009/01/20 19:59:54 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2939.23713__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2009/01/20 19:59:54 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2939.23689__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2009/01/20 19:59:54 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3034.37123__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2009/01/20 19:59:54 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2009/01/20 19:59:54 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2939.23711__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2009/01/20 19:59:54 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2939.23746__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2009/01/20 19:59:53 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3034.36860__90ba9c70f846762e\AEM.Server.dll
MOD - [2008/04/23 01:05:08 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2008/03/06 13:14:54 | 005,121,912 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
MOD - [2007/12/25 15:03:40 | 000,015,184 | ---- | M] () -- C:\Program Files\TOSHIBA\PCDiag\NotifyPCD.dll
MOD - [2007/12/15 00:40:00 | 000,090,112 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll
MOD - [2007/10/08 08:27:16 | 000,970,288 | ---- | M] () -- C:\Program Files\VMware\VMware Workstation\libxml2.dll
MOD - [2007/10/08 08:26:48 | 000,080,432 | ---- | M] () -- C:\Program Files\VMware\VMware Workstation\zlib1.dll
MOD - [2006/12/01 20:55:42 | 000,009,216 | ---- | M] () -- C:\Program Files\TOSHIBA\TBS\NotifyTBS.dll
MOD - [2006/10/10 13:44:16 | 000,009,728 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
MOD - [2006/10/07 13:57:04 | 000,053,248 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s217mdm.dll -- (winpowerrmi)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\VAIOMediaPlatform-MusicServer-UPnP.dll -- (WINIO)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vsdatant.dll -- (viaagp1)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\djsnetcn.dll -- (UDFReadr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\clcapsvc.dll -- (U81xmdfl)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\AsusACPI.dll -- (twotrack)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\UMAXPCLS.dll -- (truecrypt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\kbdclass.dll -- (TMBMServer)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\openldap-slapd.dll -- (tfsnifs)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SE2Emdfl.dll -- (tbiosdrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\eamon.dll -- (snpstd2)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\JiaoCap.dll -- (snpstd)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\bgmainsvc.dll -- (smserial)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ndiscm.dll -- (smartwiservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\acsvc.dll -- (SiSRaid)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ATIBTCAP.dll -- (sisperf)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tavsvc.dll -- (SimpTcp)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\irsir.dll -- (SE2Cmdm)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\PNRPSvc.dll -- (SaiH040B)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nsm1mdfl.dll -- (rwbackupsrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\TryAndDecideService.dll -- (rsvchost)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\isdrv122.dll -- (rmedia)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nfmservice.dll -- (razerusb)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MTDVC2.dll -- (ProcObsrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\GT680x.dll -- (pnarp)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\AeLookupSvc.dll -- (phc600)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\AKSIFDH.dll -- (pavatscheduler)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\oracledbconsoleorcl.dll -- (parallel)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\livesrv.dll -- (nwlnknb)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\osanbm.dll -- (nvenetfd)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\p17.dll -- (nidomainservice)
SRV - File not found [Auto | Stopped] -- C:\Windows\svcs.exe -- (NetworkLog)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s7oppitx.dll -- (mwlsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cmbatt.dll -- (mrpostman)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pcctlcom.dll -- (mgabg)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\UlSata.dll -- (mcredirector)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\EU3_USB.dll -- (mcpromgr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\NVXBAR.dll -- (mcontrol)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\psched.dll -- (mcods)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ELhid.dll -- (lxrjd31d)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ql1280.dll -- (lvselsus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pxfhserd.dll -- (lexbces)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Defrag32.dll -- (JGOGO)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tsmservice.dll -- (iwebcal)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vpcnfltr.dll -- (ipodsrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ovt519.dll -- (InCDsrvR)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\winpower.dll -- (IFPUSB)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wampapache.dll -- (ggsemc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\aic78u2.dll -- (FiltUSBEMPIA)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ELmou.dll -- (emupia)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\BASFND.dll -- (elockservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wmccds.dll -- (EhttpSrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\scdemu.dll -- (E1000)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\policyagent.dll -- (dsunidrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nvnetbus.dll -- (dnsexit)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ccsetmgr.dll -- (dlartl_n)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\PTDCBus.dll -- (DgiVecp)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\magictuneengine.dll -- (df5serv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\forcewarewebinterface.dll -- (DeviceScanner)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tsircsrv.dll -- (db2remotecmd)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dmio.dll -- (CTMSHD)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\VNUSB.dll -- (CSDriver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\WmVirHid.dll -- (cs429x)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\PcdrNt.dll -- (COMMONFX.DLL)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\zpjava.dll -- (ccpwdsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\relational.dll -- (caccprovsp)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SNMPTRAP.dll -- (bcserver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ihcservice.dll -- (bcm43xx)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\a016bus.dll -- (bc_filter)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\bdselfpr.dll -- (avgio)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\swupdtmr.dll -- (AVerBDA)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s217bus.dll -- (AVCSTRM)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ADSMService.dll -- (ASUSVRC)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\osaio.dll -- (ASNDIS5)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\logonsvcid.dll -- (aslm75)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SaiU040B.dll -- (ASFWHide)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\61883.dll -- (appnnode)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pgpserv.dll -- (agrsrvce)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ssfs0509.dll -- (agpcpq)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\parvdm.dll -- (acmservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\se26nd5.dll -- (3c1807pd)
SRV - [2012/12/12 09:49:34 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/02 14:00:42 | 002,400,800 | ---- | M] () [Auto | Running] -- C:\ProgramData\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe -- (Browser Manager)
SRV - [2012/09/05 20:26:40 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2009/09/28 08:09:53 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2008/04/24 21:35:46 | 000,073,728 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV - [2008/04/17 02:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/04/16 18:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\Jumpstart\jswpsapi.exe -- (jswpsapi)
SRV - [2008/04/11 03:51:58 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/02/06 16:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2008/01/29 12:09:58 | 000,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/12/03 20:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/21 20:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2007/10/23 18:27:16 | 000,066,928 | ---- | M] () [Auto | Running] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2007/10/08 08:26:52 | 000,150,064 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnat.exe -- (VMware NAT Service)
SRV - [2007/10/08 08:26:50 | 000,121,392 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2007/10/08 08:26:28 | 000,109,104 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2007/08/07 11:34:56 | 000,186,928 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2007/03/23 09:02:52 | 000,269,104 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe -- (vmount2)
SRV - [2007/01/25 20:47:50 | 000,136,816 | ---- | M] () [Auto | Running] -- C:\TOSHIBA\IVP\ISM\pinger.exe -- (pinger)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/10/05 15:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\SYSPREP\Drivers\ioport.sys -- (IO_Memory)
DRV - File not found [Adapter | Auto | Unknown] -- C:\Windows\system32\FastUserSwitchingCompatibilityex.dll -- (FastUserSwitchingCompatibility)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (ast0ud9t)
DRV - [2013/01/07 13:11:04 | 000,013,560 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\gfibto.sys -- (gfibto)
DRV - [2012/05/03 01:37:29 | 000,112,096 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2012/04/11 10:21:14 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012/03/06 01:22:15 | 000,473,656 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/04/01 15:53:58 | 000,081,408 | ---- | M] (Gigaware) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Svk2pl.sys -- (Svk2pl)
DRV - [2009/09/28 08:10:06 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/09/28 08:10:05 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/06/09 19:40:44 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2008/05/21 11:26:40 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/04/28 19:59:18 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2008/04/23 03:36:32 | 003,551,232 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/04/18 03:54:16 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/04/15 12:05:08 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/04/11 00:25:30 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2008/01/18 11:22:00 | 000,009,216 | ---- | M] (Inventec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\sysprep\PEDRV.SYS -- (SVRPEDRV)
DRV - [2007/12/17 14:45:20 | 000,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007/12/14 13:53:24 | 000,024,200 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2007/11/09 17:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/10/08 08:27:34 | 000,924,976 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmx86.sys -- (vmx86)
DRV - [2007/10/08 08:27:34 | 000,034,864 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hcmon.sys -- (hcmon)
DRV - [2007/10/08 08:27:32 | 000,025,008 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2007/10/08 08:27:30 | 000,020,912 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMkbd.sys -- (vmkbd)
DRV - [2007/10/08 08:26:06 | 000,028,592 | R--- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2007/10/08 08:26:06 | 000,016,816 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2007/08/07 11:33:54 | 000,019,248 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2007/03/23 09:03:00 | 000,018,480 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys -- (vstor2)
DRV - [2006/11/28 18:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 16:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/09 01:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10I.sys -- (KR10I)
DRV - [2006/11/09 01:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10N.sys -- (KR10N)
DRV - [2006/10/30 14:23:12 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [1996/12/04 17:37:40 | 000,003,424 | ---- | M] (c't) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\DirectNT.sys -- (DirectNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSHB&bmod=TSHB
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=TSHB&bmod=TSHB
IE - HKLM\..\SearchScopes,DefaultScope = {056662DC-D11A-45B9-B129-AC9E05299437}
IE - HKLM\..\SearchScopes\{056662DC-D11A-45B9-B129-AC9E05299437}: "URL" = http://www.google.co...ng}&rlz=1I7TSHB


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2036848099-160209580-2947422689-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://yahoo.com/
IE - HKU\S-1-5-21-2036848099-160209580-2947422689-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSHB&bmod=TSHB
IE - HKU\S-1-5-21-2036848099-160209580-2947422689-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKU\S-1-5-21-2036848099-160209580-2947422689-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2036848099-160209580-2947422689-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-2036848099-160209580-2947422689-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-2036848099-160209580-2947422689-1000\..\SearchScopes\{056662DC-D11A-45B9-B129-AC9E05299437}: "URL" = http://www.google.co...1I7TSHB_enUS331
IE - HKU\S-1-5-21-2036848099-160209580-2947422689-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2036848099-160209580-2947422689-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.claro-sea...0000024d225f6f4
IE - HKU\S-1-5-21-2036848099-160209580-2947422689-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2036848099-160209580-2947422689-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Claro Search"
FF - prefs.js..browser.search.order.1: "Claro Search"
FF - prefs.js..browser.search.selectedEngine: "Claro Search"
FF - prefs.js..browser.startup.homepage: "http://www.claro-sea...000024d225f6f4"
FF - prefs.js..extensions.enabledAddons: {dfefbe51-ca52-484b-adf0-6b158b05262d}:2.4.897.175
FF - prefs.js..extensions.enabledAddons: {0153E448-190B-4987-BDE1-F256CADA672F}:15.0.6
FF - prefs.js..keyword.URL: "http://www.claro-sea...024d225f6f4&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@palmsource.com/installer,version=1.0: C:\PROGRA~1\Palm\PACKAG~1\NPInstal.dll ()
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/10/02 10:35:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/07 13:10:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{dfefbe51-ca52-484b-adf0-6b158b05262d}: C:\ProgramData\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\FirefoxExtension [2012/11/07 17:46:23 | 000,000,000 | ---D | M]

[2009/06/13 19:32:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chaze\AppData\Roaming\Mozilla\Extensions
[2009/06/13 19:32:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chaze\AppData\Roaming\Mozilla\Extensions\[email protected]
[2013/01/07 13:06:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chaze\AppData\Roaming\Mozilla\Firefox\Profiles\549d9gl2.default\extensions
[2013/01/07 13:06:27 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\Chaze\AppData\Roaming\Mozilla\Firefox\Profiles\549d9gl2.default\extensions\[email protected]
[2012/09/18 11:47:55 | 000,272,844 | ---- | M] () (No name found) -- C:\Users\Chaze\AppData\Roaming\Mozilla\Firefox\Profiles\549d9gl2.default\extensions\[email protected]
[2012/09/18 11:45:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/11/07 17:46:23 | 000,000,000 | ---D | M] (Browser Manager) -- C:\PROGRAMDATA\BROWSER MANAGER\2.4.897.175\{61D8B74E-8D89-46FF-AFA6-33382C54AC73}\FIREFOXEXTENSION
[2012/10/02 10:35:25 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2012/09/05 20:27:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/10/19 09:29:22 | 000,006,522 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/09/05 20:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/09/05 20:26:22 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.claro-sea...0000024d225f6f4
CHR - default_search_provider: Claro Search (Enabled)
CHR - default_search_provider: search_url = http://www.claro-sea...0000024d225f6f4
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.claro-sea...0000024d225f6f4
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.210.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U21 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: PalmSource Package Installer (Enabled) = C:\PROGRA~1\Palm\PACKAG~1\NPInstal.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpplugin.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Chaze\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\Chaze\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\Chaze\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Search = C:\Users\Chaze\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Chaze\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Settings Protector = C:\Users\Chaze\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\
CHR - Extension: Gmail = C:\Users\Chaze\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Gmail = C:\Users\Chaze\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - No CLSID value found.
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [cfFncEnabler.exe] cfFncEnabler.exe File not found
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [jswtrayutil] "C:\Program Files\Jumpstart\jswtrayutil.exe" File not found
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [VMware hqtray] C:\Program Files\VMware\VMware Workstation\hqtray.exe (VMware, Inc.)
O4 - HKLM..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2036848099-160209580-2947422689-1000..\Run: [Aim6] File not found
O4 - HKU\S-1-5-21-2036848099-160209580-2947422689-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2036848099-160209580-2947422689-1000..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-2036848099-160209580-2947422689-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2036848099-160209580-2947422689-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2036848099-160209580-2947422689-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553542500} http://fpdownload2.m...ash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.251.129 167.206.251.130
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B0F31E43-512B-499E-AAA1-E7828F7C5D43}: DhcpNameServer = 167.206.251.129 167.206.251.130
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C2855BE1-397D-4868-A2A8-74543FB04624}: DhcpNameServer = 167.206.251.129 167.206.251.130
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (c:\progra~2\browse~1\24897~1.175\{61d8b~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.dll ()
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Chaze\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Chaze\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/05/17 14:11:20 | 000,020,480 | ---- | M] () - E:\Autobio.odt -- [ FAT32 ]
O33 - MountPoints2\{7dc22c63-7284-11de-9761-001e33a2b7a4}\Shell\AutoRun\command - "" = E:\wd_windows_tools\WDSetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - C:\Windows\system32\FastUserSwitchingCompatibilityex.dll File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: MREMP50 - File not found
NetSvcs: agpcpq - %systemroot%\system32\ssfs0509.dll File not found
NetSvcs: viaagp1 - %systemroot%\system32\vsdatant.dll File not found
NetSvcs: lxrjd31d - %systemroot%\system32\ELhid.dll File not found
NetSvcs: nidomainservice - %systemroot%\system32\p17.dll File not found
NetSvcs: ProcObsrv - %systemroot%\system32\MTDVC2.dll File not found
NetSvcs: SE2Cmdm - %systemroot%\system32\irsir.dll File not found
NetSvcs: snpstd2 - %systemroot%\system32\eamon.dll File not found
NetSvcs: CTMSHD - %systemroot%\system32\dmio.dll File not found
NetSvcs: SimpTcp - %systemroot%\system32\tavsvc.dll File not found
NetSvcs: IFPUSB - %systemroot%\system32\winpower.dll File not found
NetSvcs: ASUSVRC - %systemroot%\system32\ADSMService.dll File not found
NetSvcs: COMMONFX.DLL - %systemroot%\system32\PcdrNt.dll File not found
NetSvcs: bcserver - %systemroot%\system32\SNMPTRAP.dll File not found
NetSvcs: mgabg - %systemroot%\system32\pcctlcom.dll File not found
NetSvcs: iwebcal - %systemroot%\system32\tsmservice.dll File not found
NetSvcs: mcredirector - %systemroot%\system32\UlSata.dll File not found
NetSvcs: TMBMServer - %systemroot%\system32\kbdclass.dll File not found
NetSvcs: snpstd - %systemroot%\system32\JiaoCap.dll File not found
NetSvcs: df5serv - %systemroot%\system32\magictuneengine.dll File not found
NetSvcs: JGOGO - %systemroot%\system32\Defrag32.dll File not found
NetSvcs: razerusb - %systemroot%\system32\nfmservice.dll File not found
NetSvcs: winpowerrmi - %systemroot%\system32\s217mdm.dll File not found
NetSvcs: dsunidrv - %systemroot%\system32\policyagent.dll File not found
NetSvcs: bc_filter - %systemroot%\system32\a016bus.dll File not found
NetSvcs: mcontrol - %systemroot%\system32\NVXBAR.dll File not found
NetSvcs: rwbackupsrv - %systemroot%\system32\nsm1mdfl.dll File not found
NetSvcs: SiSRaid - %systemroot%\system32\acsvc.dll File not found
NetSvcs: mwlsvc - %systemroot%\system32\s7oppitx.dll File not found
NetSvcs: lexbces - %systemroot%\system32\pxfhserd.dll File not found
NetSvcs: avgio - %systemroot%\system32\bdselfpr.dll File not found
NetSvcs: parallel - %systemroot%\system32\oracledbconsoleorcl.dll File not found
NetSvcs: ASNDIS5 - %systemroot%\system32\osaio.dll File not found
NetSvcs: dnsexit - %systemroot%\system32\nvnetbus.dll File not found
NetSvcs: WINIO - %systemroot%\system32\VAIOMediaPlatform-MusicServer-UPnP.dll File not found
NetSvcs: E1000 - %systemroot%\system32\scdemu.dll File not found
NetSvcs: sisperf - %systemroot%\system32\ATIBTCAP.dll File not found
NetSvcs: 3c1807pd - %systemroot%\system32\se26nd5.dll File not found
NetSvcs: smserial - %systemroot%\system32\bgmainsvc.dll File not found
NetSvcs: ASFWHide - %systemroot%\system32\SaiU040B.dll File not found
NetSvcs: se2Cunic - File not found
NetSvcs: mnsframework - File not found
NetSvcs: mcstrm - File not found
NetSvcs: icm10blk - File not found
NetSvcs: roxupnprenderer - File not found
NetSvcs: DCamUSBSQTECH - File not found
NetSvcs: usbvm321 - File not found
NetSvcs: WNIPROT5 - File not found
NetSvcs: SaiH040B - %systemroot%\system32\PNRPSvc.dll File not found
NetSvcs: portio - File not found
NetSvcs: kbfiltr - File not found
NetSvcs: db2ntsecserver - File not found
NetSvcs: issvc - File not found
NetSvcs: Usb20Scan - File not found
NetSvcs: FireTDI - File not found
NetSvcs: tfsnudf - File not found
NetSvcs: pacsptisvr - File not found
NetSvcs: NSSvcMgr - File not found
NetSvcs: nwlnkspx - File not found
NetSvcs: rnadirectory - File not found
NetSvcs: asp.net_2.0.50727 - File not found
NetSvcs: lvuvc - File not found
NetSvcs: cs429x - %systemroot%\system32\WmVirHid.dll File not found
NetSvcs: mrpostman - %systemroot%\system32\cmbatt.dll File not found
NetSvcs: aslm75 - %systemroot%\system32\logonsvcid.dll File not found
NetSvcs: rmedia - %systemroot%\system32\isdrv122.dll File not found
NetSvcs: lvselsus - %systemroot%\system32\ql1280.dll File not found
NetSvcs: rsvchost - %systemroot%\system32\TryAndDecideService.dll File not found
NetSvcs: caccprovsp - %systemroot%\system32\relational.dll File not found
NetSvcs: nwlnknb - %systemroot%\system32\livesrv.dll File not found
NetSvcs: elockservice - %systemroot%\system32\BASFND.dll File not found
NetSvcs: CSDriver - %systemroot%\system32\VNUSB.dll File not found
NetSvcs: tbiosdrv - %systemroot%\system32\SE2Emdfl.dll File not found
NetSvcs: bcm43xx - %systemroot%\system32\ihcservice.dll File not found
NetSvcs: EhttpSrv - %systemroot%\system32\wmccds.dll File not found
NetSvcs: smartwiservice - %systemroot%\system32\ndiscm.dll File not found
NetSvcs: emupia - %systemroot%\system32\ELmou.dll File not found
NetSvcs: mcpromgr - %systemroot%\system32\EU3_USB.dll File not found
NetSvcs: tfsnifs - %systemroot%\system32\openldap-slapd.dll File not found
NetSvcs: FiltUSBEMPIA - %systemroot%\system32\aic78u2.dll File not found
NetSvcs: ccpwdsvc - %systemroot%\system32\zpjava.dll File not found
NetSvcs: dlartl_n - %systemroot%\system32\ccsetmgr.dll File not found
NetSvcs: DeviceScanner - %systemroot%\system32\forcewarewebinterface.dll File not found
NetSvcs: agrsrvce - %systemroot%\system32\pgpserv.dll File not found
NetSvcs: AVCSTRM - %systemroot%\system32\s217bus.dll File not found
NetSvcs: twotrack - %systemroot%\system32\AsusACPI.dll File not found
NetSvcs: nvenetfd - %systemroot%\system32\osanbm.dll File not found
NetSvcs: db2remotecmd - %systemroot%\system32\tsircsrv.dll File not found
NetSvcs: pnarp - %systemroot%\system32\GT680x.dll File not found
NetSvcs: ipodsrv - %systemroot%\system32\vpcnfltr.dll File not found
NetSvcs: truecrypt - %systemroot%\system32\UMAXPCLS.dll File not found
NetSvcs: mcods - %systemroot%\system32\psched.dll File not found
NetSvcs: UDFReadr - %systemroot%\system32\djsnetcn.dll File not found
NetSvcs: DgiVecp - %systemroot%\system32\PTDCBus.dll File not found
NetSvcs: appnnode - %systemroot%\system32\61883.dll File not found
NetSvcs: acmservice - %systemroot%\system32\parvdm.dll File not found
NetSvcs: pavatscheduler - %systemroot%\system32\AKSIFDH.dll File not found
NetSvcs: U81xmdfl - %systemroot%\system32\clcapsvc.dll File not found
NetSvcs: ggsemc - %systemroot%\system32\wampapache.dll File not found
NetSvcs: InCDsrvR - %systemroot%\system32\ovt519.dll File not found
NetSvcs: phc600 - %systemroot%\system32\AeLookupSvc.dll File not found
NetSvcs: AVerBDA - %systemroot%\system32\swupdtmr.dll File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/01/07 14:39:17 | 000,000,000 | ---D | C] -- C:\FRST
[2013/01/07 13:42:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Chaze\Desktop\OTL.exe
[2013/01/07 13:18:08 | 000,000,000 | ---D | C] -- C:\Users\Chaze\AppData\Local\adawarebp
[2013/01/07 13:07:45 | 000,000,000 | ---D | C] -- C:\Users\Chaze\AppData\Roaming\LavasoftStatistics
[2013/01/07 13:07:32 | 000,000,000 | ---D | C] -- C:\Users\Chaze\AppData\Local\Downloaded Installations
[2013/01/07 13:07:27 | 000,044,424 | ---- | C] (GFI Software) -- C:\Windows\System32\sbbd.exe
[2013/01/07 13:07:27 | 000,013,560 | ---- | C] (GFI Software) -- C:\Windows\System32\drivers\gfibto.sys
[2013/01/07 13:06:32 | 000,000,000 | ---D | C] -- C:\ProgramData\blekko toolbars
[2013/01/07 13:06:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2013/01/07 13:06:28 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner
[2013/01/07 13:06:28 | 000,000,000 | ---D | C] -- C:\Program Files\adawaretb
[2013/01/07 13:05:36 | 000,000,000 | ---D | C] -- C:\Users\Chaze\AppData\Roaming\Ad-Aware Antivirus
[2013/01/07 11:17:24 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/01/01 03:03:20 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2013/01/01 03:03:20 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2012/12/13 03:20:33 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/12/13 03:20:31 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/12/13 03:20:29 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/12/13 03:20:29 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/12/13 03:20:28 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/12/13 03:20:24 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/12/13 03:20:24 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/12/13 03:20:18 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/12/13 03:10:43 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll
[2012/12/13 03:10:33 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winusb.dll
[2012/12/13 03:10:32 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll
[2012/12/13 03:10:31 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2012/12/13 03:10:30 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll
[2012/12/13 03:10:30 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll
[2012/12/12 09:49:18 | 015,728,568 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2012/12/12 01:30:18 | 002,048,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/12/12 01:30:17 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll
[2012/12/12 01:30:17 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnsvr.exe
[2012/12/12 01:30:08 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012/12/10 23:35:09 | 000,000,000 | ---D | C] -- C:\Users\Chaze\Desktop\python

========== Files - Modified Within 30 Days ==========

[2013/01/07 14:01:04 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/07 13:50:02 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/07 13:43:37 | 000,607,436 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/01/07 13:43:36 | 000,105,630 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/01/07 13:42:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chaze\Desktop\OTL.exe
[2013/01/07 13:36:21 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/07 13:36:20 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Chaze.job
[2013/01/07 13:35:35 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/07 13:35:34 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/07 13:35:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/07 13:35:17 | 2950,524,928 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/07 13:11:04 | 000,044,424 | ---- | M] (GFI Software) -- C:\Windows\System32\sbbd.exe
[2013/01/07 13:11:04 | 000,013,560 | ---- | M] (GFI Software) -- C:\Windows\System32\drivers\gfibto.sys
[2013/01/07 12:48:56 | 000,205,312 | ---- | M] () -- C:\Users\Chaze\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/01/07 11:55:28 | 000,001,356 | ---- | M] () -- C:\Users\Chaze\AppData\Local\d3d9caps.dat
[2013/01/07 11:03:39 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Chaze.job
[2013/01/07 11:00:27 | 000,018,252 | ---- | M] () -- C:\ProgramData\sound.mp3
[2013/01/07 11:00:22 | 000,114,890 | ---- | M] () -- C:\ProgramData\1.jpg
[2013/01/07 09:32:02 | 063,332,954 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2013/01/07 08:26:10 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateXML_Chaze.job
[2013/01/01 03:23:05 | 000,391,712 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/12/16 08:12:54 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2012/12/16 05:50:29 | 000,293,376 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2012/12/15 14:34:13 | 000,019,746 | ---- | M] () -- C:\Users\Chaze\Desktop\Final comp sci.odt
[2012/12/14 22:59:39 | 000,001,982 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/12/12 09:49:31 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/12/12 09:49:30 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/12/12 09:49:19 | 015,728,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2012/12/11 00:32:34 | 000,000,641 | ---- | M] () -- C:\Users\Chaze\Desktop\1problem5.py
[2012/12/10 23:37:26 | 000,002,185 | ---- | M] () -- C:\Users\Chaze\Desktop\IDLE (Python GUI).lnk
[2012/12/10 23:36:22 | 000,000,755 | ---- | M] () -- C:\Users\Chaze\Desktop\problem5.py
[2012/12/10 09:20:48 | 000,093,708 | ---- | M] () -- C:\Users\Chaze\Desktop\HW4x.pdf
[2012/12/10 00:23:06 | 000,093,708 | ---- | M] () -- C:\Users\Chaze\Documents\HW4x.pdf

========== Files Created - No Company Name ==========

[2013/01/07 13:35:17 | 2950,524,928 | -HS- | C] () -- C:\hiberfil.sys
[2013/01/07 11:00:27 | 000,018,252 | ---- | C] () -- C:\ProgramData\sound.mp3
[2013/01/07 11:00:21 | 000,114,890 | ---- | C] () -- C:\ProgramData\1.jpg
[2012/12/29 03:16:51 | 000,000,376 | ---- | C] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Chaze.job
[2012/12/29 03:16:48 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Chaze.job
[2012/12/29 03:16:47 | 000,000,366 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateXML_Chaze.job
[2012/12/15 00:04:59 | 000,019,746 | ---- | C] () -- C:\Users\Chaze\Desktop\Final comp sci.odt
[2012/12/13 03:10:53 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/12/13 03:10:53 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/12/10 23:37:14 | 000,000,641 | ---- | C] () -- C:\Users\Chaze\Desktop\1problem5.py
[2012/12/10 23:33:20 | 000,000,755 | ---- | C] () -- C:\Users\Chaze\Desktop\problem5.py
[2012/12/10 09:20:48 | 000,093,708 | ---- | C] () -- C:\Users\Chaze\Desktop\HW4x.pdf
[2012/12/10 00:23:06 | 000,093,708 | ---- | C] () -- C:\Users\Chaze\Documents\HW4x.pdf
[2012/10/19 09:57:36 | 001,589,248 | ---- | C] () -- C:\Windows\System32\libmysql_d.dll
[2012/09/20 22:52:40 | 000,000,600 | ---- | C] () -- C:\Users\Chaze\AppData\Roaming\winscp.rnd
[2012/09/20 10:51:34 | 000,000,600 | ---- | C] () -- C:\Users\Chaze\AppData\Local\PUTTY.RND
[2012/04/06 10:43:04 | 000,000,031 | ---- | C] () -- C:\Users\Chaze\AppData\Roaming\316971.dat
[2011/11/12 13:08:33 | 000,000,632 | RHS- | C] () -- C:\Users\Chaze\ntuser.pol
[2011/07/14 01:54:53 | 000,000,000 | ---- | C] () -- C:\Users\Chaze\AppData\Local\{4D1756FD-1807-4439-B465-1C977EBAFE62}
[2010/09/26 19:38:31 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/06/15 17:25:34 | 000,001,356 | ---- | C] () -- C:\Users\Chaze\AppData\Local\d3d9caps.dat
[2009/06/09 20:52:13 | 000,205,312 | ---- | C] () -- C:\Users\Chaze\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2012/05/03 15:35:27 | 000,000,000 | ---D | M] -- C:\Windows\$NtUninstallKB8426$\3535204956\L
[2012/05/03 15:35:03 | 000,000,000 | ---D | M] -- C:\Windows\$NtUninstallKB8426$\3535204956\U
[2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"ThreadingModel" = Both
"" = C:\$Recycle.Bin\S-1-5-21-2036848099-160209580-2947422689-1000\$2c568a31310402a22506ad0a4c4feff6\n.

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

========== Base Services ==========
SRV - [2006/11/02 04:46:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2008/01/20 21:24:17 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2008/01/20 21:24:14 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2009/04/11 01:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
No service found with a name of BFE
SRV - [2011/11/16 09:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009/04/11 01:28:19 | 000,268,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2008/01/20 21:24:36 | 000,081,920 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2012/06/01 19:02:32 | 000,133,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2009/04/11 01:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2009/04/11 01:28:18 | 000,204,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcsvc.dll -- (Dhcp)
SRV - [2011/03/02 10:44:27 | 000,086,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2008/01/20 21:25:01 | 000,057,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009/04/11 01:28:19 | 000,026,112 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2008/01/20 21:24:09 | 000,288,256 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2009/04/11 01:28:20 | 000,364,032 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV - [2009/04/11 01:28:24 | 000,311,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2008/01/20 21:24:54 | 000,045,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2008/01/20 21:24:11 | 000,274,432 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2008/01/20 21:24:23 | 000,237,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2008/01/20 21:23:44 | 000,168,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2008/01/20 21:24:47 | 000,018,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2009/04/11 01:28:25 | 000,222,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2010/08/17 09:11:37 | 000,128,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2011/11/16 09:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
SRV - [2009/04/11 01:28:19 | 000,564,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\emdmgmt.dll -- (EMDMgmt)
SRV - [2008/01/20 21:24:19 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2009/04/11 01:28:24 | 000,262,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2009/04/11 01:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2008/01/20 21:24:35 | 000,019,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2011/11/16 09:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
No service found with a name of wscsvc
SRV - [2010/09/06 11:20:29 | 000,125,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2009/07/10 06:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
SRV - [2009/04/11 01:27:49 | 003,408,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\SLsvc.exe -- (slsvc)
SRV - [2010/11/04 13:55:12 | 000,601,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2009/04/11 01:28:24 | 000,242,688 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/10 06:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (Themes)
SRV - [2009/04/11 01:28:23 | 000,153,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2009/04/11 01:28:10 | 001,055,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2009/04/11 01:28:18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2009/04/11 01:28:18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2008/01/20 21:23:27 | 000,104,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
No service found with a name of WinDefend
SRV - [2009/04/11 01:28:25 | 001,017,856 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (Eventlog)
No service found with a name of MpsSvc
SRV - [2009/04/11 01:28:25 | 000,453,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (stisvc)
SRV - [2009/04/11 01:27:45 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009/04/11 01:28:25 | 000,162,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2012/06/02 17:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2009/04/11 01:28:18 | 000,175,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009/07/11 14:01:42 | 000,513,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2009/06/10 06:42:23 | 000,160,256 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >
[2007/11/07 07:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< MD5 for: EXPLORER.EXE >
[2008/10/29 01:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 22:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 21:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 21:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SERVICES >
[2006/09/18 16:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\System32\drivers\etc\services
[2006/09/18 16:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\services

< MD5 for: SERVICES.EXE >
[2008/01/20 21:24:48 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009/04/11 01:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009/04/11 01:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2006/11/02 07:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\System32\en-US\services.exe.mui
[2006/11/02 07:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced\services.exe.mui

< MD5 for: SERVICES.LNK >
[2008/01/20 21:42:58 | 000,001,688 | ---- | M] () MD5=C50AE46E57C3F3FB61A3B3A1E5D9C412 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 21:42:58 | 000,001,688 | ---- | M] () MD5=C50AE46E57C3F3FB61A3B3A1E5D9C412 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2006/09/18 16:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2006/09/18 16:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.mof
[2006/09/18 16:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.mof

< MD5 for: SERVICES.MSC >
[2006/11/02 07:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2006/09/18 16:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2006/11/02 07:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a2085506ff73b6e0\services.msc
[2006/09/18 16:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_cf63e2a445bae4e3\services.msc

< MD5 for: SERVICES.RDB >
[2009/04/23 23:35:04 | 000,262,144 | ---- | M] () MD5=00D8C85E07B0D69A27816B54E56EF85B -- C:\Program Files\OpenOffice.org 3\URE\misc\services.rdb
[2009/04/23 23:34:14 | 005,472,256 | ---- | M] () MD5=81CCB59A28A03DB55807B883CB679027 -- C:\Program Files\OpenOffice.org 3\Basis\program\services.rdb

< MD5 for: SVCHOST.EXE >
[2008/01/20 21:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/20 21:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/20 21:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/20 21:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 21:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< MD5 for: WINSOCK.DLL >
[2006/11/02 02:10:22 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\System32\WINSOCK.DLL
[2006/11/02 02:10:22 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\WINSOCK.DLL
[2006/11/02 02:10:22 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6002.18005_none_fff8f2266fafa2e8\WINSOCK.DLL

< End of report >



extras


OTL Extras logfile created on: 1/7/2013 1:46:34 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Chaze\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.72 Gb Available Physical Memory | 62.62% Memory free
5.70 Gb Paging File | 4.68 Gb Available in Paging File | 82.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 225.52 Gb Total Space | 128.22 Gb Free Space | 56.85% Space Free | Partition Type: NTFS
Drive E: | 4.65 Gb Total Space | 2.87 Gb Free Space | 61.66% Space Free | Partition Type: FAT32

Computer Name: CHAZE-PC | User Name: Chaze | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2036848099-160209580-2947422689-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- ()


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{131AD6AD-FEA2-4012-B6D6-824037F48B86}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{202D0946-4CF5-4D0E-AFB5-508280B1CF22}" = rport=445 | protocol=6 | dir=out | app=system |
"{257ADCB1-0316-4BF9-B730-5133C978C9E9}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{41953B8D-9F0C-40AB-819B-05CB189B43A8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{431F5BAF-1035-45F3-813C-124F4350D250}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{4B2F5766-EDD1-47A4-B2C6-901C1BB00185}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{54E02278-CD66-4899-A17F-6113720EC653}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6704A3DA-470A-47B2-9D5E-CED6CF57397F}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{74AAC735-19A0-4514-AC70-88649BE8EC70}" = rport=137 | protocol=17 | dir=out | app=system |
"{7AC920E3-F92D-477B-BF90-9C582F9FE3B8}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{7C6976F9-1A37-4D5E-B64D-FFB95E8E6EC9}" = rport=138 | protocol=17 | dir=out | app=system |
"{7ECA823B-182B-4887-A7CB-A46CF8EF0F1A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{8E10943B-67A5-4BED-AF9D-3148D7624D50}" = lport=139 | protocol=6 | dir=in | app=system |
"{9F212492-52B1-4225-805D-64C9898FC90B}" = lport=137 | protocol=17 | dir=in | app=system |
"{A53CCB70-6AEF-4640-B7A6-6106372493FA}" = lport=138 | protocol=17 | dir=in | app=system |
"{B3EAFA38-9EAF-4453-B52A-7B10D23BF512}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{BDF7A89A-DDBD-4362-AC88-F89BDD98A59C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{BFE92E32-2B1A-4651-B6D4-942426C20786}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{C7C16E31-7BC7-4002-82DE-DA819EA5A682}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{C8A4494C-CDB6-40F6-A542-4B2F3247C070}" = rport=139 | protocol=6 | dir=out | app=system |
"{CB3C5088-97BD-4A77-8E0E-6C37602CCC07}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{D898C7E0-229E-4573-B14E-E14E9CD7B949}" = lport=445 | protocol=6 | dir=in | app=system |
"{ED15708E-48BE-48E0-A33A-CE56115BF55C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{028CE695-3ABB-4368-9B02-62279BDE44E8}" = protocol=1 | dir=in | [email protected],-28543 |
"{396D073A-0336-4975-8089-F1A2E8011B4D}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{4655B122-1DEE-4D44-A569-8A80FB83E17B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4670DDF1-1EF0-4593-B1C3-CC96A3064318}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{4E37379C-B7DA-4E4A-B6DF-3BA25D1DA10A}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{4E525A3A-DF7C-4AC7-B714-9EA68F75CC59}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{6686E8F3-66A0-487D-BF79-98B283BEB7AD}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{6B01DE4F-E893-4AA4-BCA7-2425DB410A6A}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{6EB40E0A-046A-40B4-B638-40AC045A086E}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |
"{79698259-448A-4D92-B4E8-FEF45800321E}" = protocol=58 | dir=out | [email protected],-28546 |
"{8B4120C2-8940-4437-A886-2E0E44818023}" = protocol=1 | dir=out | [email protected],-28544 |
"{994381E3-6327-47CC-9FFB-6E667C7F765A}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{A6DC76AF-A8D9-436C-9235-A78236FAF2B8}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{AA950F2C-B276-4012-A082-16CAE095F472}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B0896C02-1E39-4C71-A478-9807938C48D4}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{D0E6C9F3-75F6-4FBA-9D32-715C554CE473}" = protocol=58 | dir=in | [email protected],-28545 |
"{DDF8F474-B8FA-44FB-B60F-8C531EF794E1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EF5C3FE7-0A2C-4DA7-BDE7-13933F3C83DA}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{F6B4D9FD-20EC-4B30-9520-445C2638DE5F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"TCP Query User{627E6662-64A8-46A0-9959-1F514F94AA49}C:\ediabas\bin\ifhsrv32.exe" = protocol=6 | dir=in | app=c:\ediabas\bin\ifhsrv32.exe |
"TCP Query User{CEC1F4DF-CFCD-4C3A-AF5A-A7DF424CD054}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{2ECEC0F1-B390-42B0-84D9-8C9C488E1631}C:\ediabas\bin\ifhsrv32.exe" = protocol=17 | dir=in | app=c:\ediabas\bin\ifhsrv32.exe |
"UDP Query User{7A947B01-40BA-4420-998A-69FD08D92F73}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{07C9627A-CA0B-2AA2-062E-204359DF7BA1}" = Catalyst Control Center Core Implementation
"{0882B1C8-D5DA-4DC3-A13D-3630D9CBD8FB}" = Gigaware USB to Serial Cable Driver Installer
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{0EFB2016-41D2-5F30-8F60-25250F6DABDD}" = CCC Help Thai
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1E57A11B-AB65-C6D1-F999-B3B37AB2298E}" = Catalyst Control Center Localization Japanese
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 21
"{27265B80-303E-EFFF-6052-B11F91B634C3}" = Catalyst Control Center Localization Italian
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2920435D-CE92-5024-1694-DFD43A5FF074}" = Catalyst Control Center Localization Greek
"{2CD6D3D2-1EFC-F0B4-1761-FD4FA7F8750F}" = CCC Help Finnish
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java™ 6 Update 6
"{358004B9-3A16-87FF-4487-4D6F0C70E52F}" = Catalyst Control Center Localization Russian
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{38A3E884-313A-7AE0-11BC-482DE0C8766A}" = CCC Help Czech
"{3BB12DBC-0A8E-ECE2-F179-D06B99B8CD02}" = Catalyst Control Center Localization Czech
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E0E28DC-DA90-1BA2-FA36-AA3C2E4FB74A}" = Catalyst Control Center Graphics Previews Vista
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{4C90501F-864B-5AC4-867D-6AC35BE50721}" = ccc-utility
"{55398A75-13E0-570F-BD16-2EE5D9E5523D}" = Catalyst Control Center Localization Norwegian
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5F131988-3326-AD64-1817-D76A2FE3C2D3}" = CCC Help Chinese Traditional
"{5FBF37CD-B7F9-564C-BDFC-73D970CF7AF2}" = CCC Help Italian
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{61C63422-E5E2-8576-2B82-0E01F5AD2538}" = CCC Help English
"{61F90A4F-AD49-7FFB-F027-5B2CB64F0A70}" = Catalyst Control Center Graphics Light
"{629044C7-745A-64B8-467F-2F93ED50008B}" = CCC Help Chinese Standard
"{65BF23C0-4EF9-27CC-7B6F-190F4008A569}" = Catalyst Control Center Localization Polish
"{65D602E4-DCDE-0743-6A0A-F1A203449F47}" = CCC Help German
"{68BEE9AE-D577-4CFA-9201-02B0CF288FC5}" = Memeo AutoBackup
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69E5255D-9D43-4CFF-8984-843ABD7753B7}" = Catalyst Control Center - Branding
"{6B4874CA-13CF-2477-B697-B448201B56B6}" = CCC Help Norwegian
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6EB0B23B-AA51-6F4E-C94C-C1015ED61EEC}" = CCC Help Japanese
"{70495081-1DC8-AD4B-C197-12138B8FBC9E}" = CCC Help Danish
"{71B929E2-3556-93DB-DEC0-FD56D3EFB473}" = Catalyst Control Center Localization Chinese Traditional
"{71C47830-182D-79FA-0790-0366E6E2C2EB}" = Catalyst Control Center Localization Spanish
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77CAD946-C573-6647-B222-B6870C072932}" = CCC Help Korean
"{7E83516C-931B-870F-5CDF-01FDF9A4AEF0}" = Catalyst Control Center Localization Turkish
"{86728841-C151-B8E4-43C6-DD289DE570B6}" = Catalyst Control Center Localization Swedish
"{86DBA852-5D5E-1856-D828-620E792EDC0D}" = Catalyst Control Center Localization Chinese Standard
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{88BA2601-8A62-7AB7-DB8A-7AA2840B7C87}" = Catalyst Control Center Localization Thai
"{890EF3F8-742F-46BD-9E8E-084B3A1F4364}" = QuickBooks Financial Center
"{8B587895-7716-1B99-5D85-3CA4AAF8A0F4}" = Catalyst Control Center Localization Dutch
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{9244F321-0BBD-9D4A-C1FB-6437E3D0550D}" = Catalyst Control Center Localization German
"{93F3EBDD-4007-C233-7320-977AC0941054}" = CCC Help Turkish
"{94AB6CE0-DB26-7048-2A5B-4647EA1FC693}" = ccc-core-static
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A103C127-2168-4493-8D01-4BF180BED12C}" = CCC Help Portuguese
"{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A7F27ADB-3C56-0F2B-6B4B-0B8E02A49186}" = ATI Catalyst Install Manager
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC2EE52D-05CD-8140-5D29-5AA29590971E}" = CCC Help French
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{B02A78AE-EA3B-8261-AEBC-8221E22DCC1E}" = CCC Help Polish
"{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}" = Atheros Wi-Fi Protected Setup Library
"{B1D67B62-35A8-A9A1-AA74-F6A495C8271A}" = Catalyst Control Center Localization Danish
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{BC2EA92A-A5A9-A137-5204-F150EDB05DB3}" = CCC Help Hungarian
"{BC713970-8C3C-852B-4139-636F21114B7F}" = CCC Help Dutch
"{C0C31BCC-56FB-42a7-8766-D29E1BD74C7C}" = Python 2.7.3
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{C5F1A9C4-C041-2E95-5D7E-EF56CED2B522}" = Skins
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D7CC05AF-067D-0D1A-1E4D-9DCBCDCC2D41}" = Catalyst Control Center Graphics Full New
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E0FC3A5D-CF52-ABA7-92EF-D9794F372121}" = Catalyst Control Center Graphics Full Existing
"{E44096DC-9389-47DE-9515-C7CA51EE05D7}" = BlackBerry Desktop Software 7.1
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EA7D1919-A6BF-979A-E3A2-F753E23D45FA}" = Catalyst Control Center Localization Hungarian
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{ED2BC5D9-20EE-FBB6-8483-240F19EFCAA5}" = CCC Help Swedish
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F0345A2F-1D78-0AEA-7CBB-CEF48622EB44}" = Catalyst Control Center Localization Portuguese
"{F0646787-1A2F-34E9-A61D-9DAD69F606F8}" = CCC Help Spanish
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F50E4D66-5280-FDF8-7F55-2E47FCF23E7D}" = Catalyst Control Center Localization Korean
"{F67E6AE5-F87B-025F-2D6B-26491304393F}" = CCC Help Russian
"{F9DAAC4B-5E3F-1D39-9D4B-6998664EF402}" = Catalyst Control Center Localization Finnish
"{F9F66B99-C1B3-ACEA-1F80-404CC4DD96BF}" = Catalyst Control Center Localization French
"{FA493449-3E34-4E05-8CA7-26A42E9F180E}" = CCC Help Greek
"{FD6034A3-655C-49F0-B496-D4CBFD74D7A7}" = Palm Desktop by ACCESS
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AIM_6" = AIM 6
"AVG8Uninstall" = AVG Free 8.5
"Belarc Advisor" = Belarc Advisor 8.2
"BlackBerry_Desktop" = BlackBerry Desktop Software 7.1
"DAEMON Tools Lite" = DAEMON Tools Lite
"Google Chrome" = Google Chrome
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{68BEE9AE-D577-4CFA-9201-02B0CF288FC5}" = Memeo AutoBackup
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Picasa2" = Picasa 2
"PowerISO" = PowerISO
"PROHYBRIDR" = 2007 Microsoft Office system
"RealPlayer 15.0" = RealPlayer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 0.9.9
"WildTangent toshiba Master Uninstall" = TOSHIBA Games
"WinRAR archiver" = WinRAR archiver
"winscp3_is1" = WinSCP 5.0.9 RC

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2036848099-160209580-2947422689-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"JoinMe" = join.me

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/21/2012 9:48:57 AM | Computer Name = Chaze-PC | Source = Bonjour Service | ID = 100
Description = Local Hostname Chaze-PC.local already in use; will try Chaze-PC-2.local
instead

Error - 10/21/2012 9:52:10 AM | Computer Name = Chaze-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.0.7:5353 4 Chaze-PC.local.
Addr 192.168.0.7

Error - 10/21/2012 9:52:10 AM | Computer Name = Chaze-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: ProbeCount 2; will rename 4 Chaze-PC.local.
Addr 192.168.0.5

Error - 10/21/2012 9:52:10 AM | Computer Name = Chaze-PC | Source = Bonjour Service | ID = 100
Description = Local Hostname Chaze-PC.local already in use; will try Chaze-PC-2.local
instead

Error - 10/21/2012 11:12:14 AM | Computer Name = Chaze-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.0.7:5353 4 Chaze-PC.local.
Addr 192.168.0.7

Error - 10/21/2012 11:12:14 AM | Computer Name = Chaze-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: ProbeCount 2; will rename 4 Chaze-PC.local.
Addr 192.168.0.5

Error - 10/21/2012 11:12:14 AM | Computer Name = Chaze-PC | Source = Bonjour Service | ID = 100
Description = Local Hostname Chaze-PC.local already in use; will try Chaze-PC-2.local
instead

Error - 10/21/2012 9:56:05 PM | Computer Name = Chaze-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.0.7:5353 4 Chaze-PC.local.
Addr 192.168.0.7

Error - 10/21/2012 9:56:05 PM | Computer Name = Chaze-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: ProbeCount 2; will rename 4 Chaze-PC.local.
Addr 192.168.0.5

Error - 10/21/2012 9:56:05 PM | Computer Name = Chaze-PC | Source = Bonjour Service | ID = 100
Description = Local Hostname Chaze-PC.local already in use; will try Chaze-PC-2.local
instead

[ System Events ]
Error - 1/7/2013 2:37:08 PM | Computer Name = Chaze-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 1/7/2013 2:37:08 PM | Computer Name = Chaze-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 1/7/2013 2:37:08 PM | Computer Name = Chaze-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 1/7/2013 2:37:08 PM | Computer Name = Chaze-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 1/7/2013 2:37:08 PM | Computer Name = Chaze-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 1/7/2013 2:37:08 PM | Computer Name = Chaze-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 1/7/2013 2:37:08 PM | Computer Name = Chaze-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 1/7/2013 2:37:08 PM | Computer Name = Chaze-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 1/7/2013 2:37:08 PM | Computer Name = Chaze-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 1/7/2013 2:37:08 PM | Computer Name = Chaze-PC | Source = Service Control Manager | ID = 7023
Description =


< End of report >
  • 0

#6
Chaze

Chaze

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 154 posts

Are you able to access normal mode now ?



Yes, in normal now.
Scans completed.
  • 0

#7
Chaze

Chaze

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 154 posts
aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-01-07 14:27:09
-----------------------------
14:27:09.869 OS Version: Windows 6.0.6002 Service Pack 2
14:27:09.869 Number of processors: 2 586 0x301
14:27:09.869 ComputerName: CHAZE-PC UserName: Chaze
14:27:13.598 Initialize success
14:27:27.139 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:27:27.139 Disk 0 Vendor: WDC_WD2500BEVS-26VAT0 11.01A11 Size: 238475MB BusType: 3
14:27:27.155 Disk 0 MBR read successfully
14:27:27.171 Disk 0 MBR scan
14:27:27.186 Disk 0 Windows VISTA default MBR code
14:27:27.202 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
14:27:27.217 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 230934 MB offset 3074048
14:27:27.264 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 6040 MB offset 476026880
14:27:27.280 Disk 0 scanning sectors +488396800
14:27:27.373 Disk 0 scanning C:\Windows\system32\drivers
14:27:36.827 Service scanning
14:27:43.005 Service FastUserSwitchingCompatibility C:\Windows\C:\Windows\system32\FastUserSwitchingCompatibilityex.dll **LOCKED** 123
14:27:58.511 Modules scanning
14:28:07.372 Disk 0 trace - called modules:
14:28:07.465 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x84ba41e8]<<
14:28:07.481 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x856aa030]
14:28:07.512 3 CLASSPNP.SYS[89f188b3] -> nt!IofCallDriver -> [0x856aa858]
14:28:07.543 5 acpi.sys[807256bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8566db98]
14:28:07.559 \Driver\atapi[0x847bfd40] -> IRP_MJ_CREATE -> 0x84ba41e8
14:28:07.590 Scan finished successfully
14:28:20.757 Disk 0 MBR has been saved successfully to "C:\Users\Chaze\Desktop\MBR.dat"
14:28:20.757 The log file has been saved successfully to "C:\Users\Chaze\Desktop\aswMBR.txt"
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
There may be zero access remnants to remove

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:OTL
SRV - [2012/11/02 14:00:42 | 002,400,800 | ---- | M] () [Auto | Running] -- C:\ProgramData\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe -- (Browser Manager)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (ast0ud9t)
IE - HKU\S-1-5-21-2036848099-160209580-2947422689-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://yahoo.com/
IE - HKU\S-1-5-21-2036848099-160209580-2947422689-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-2036848099-160209580-2947422689-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-2036848099-160209580-2947422689-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.claro-sea...0000024d225f6f4
FF - prefs.js..browser.search.defaultenginename: "Claro Search"
FF - prefs.js..browser.search.order.1: "Claro Search"
FF - prefs.js..browser.search.selectedEngine: "Claro Search"
FF - prefs.js..browser.startup.homepage: "http://www.claro-search.com/?affID=114508&tt=4212_8&babsrc=HP_clro&mntrId=6c3262420000000000000024d225f6f4"
FF - prefs.js..keyword.URL: "http://www.claro-search.com/?affID=114508&tt=4212_8&babsrc=KW_clro&mntrId=6c3262420000000000000024d225f6f4&q="
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{dfefbe51-ca52-484b-adf0-6b158b05262d}: C:\ProgramData\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\FirefoxExtension [2012/11/07 17:46:23 | 000,000,000 | ---D | M]
[2012/11/07 17:46:23 | 000,000,000 | ---D | M] (Browser Manager) -- C:\PROGRAMDATA\BROWSER MANAGER\2.4.897.175\{61D8B74E-8D89-46FF-AFA6-33382C54AC73}\FIREFOXEXTENSION
[2012/10/19 09:29:22 | 000,006,522 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
O3 - HKLM\..\Toolbar: (no name) - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - No CLSID value found.
O20 - AppInit_DLLs: (c:\progra~2\browse~1\24897~1.175\{61d8b~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.dll ()
[2013/01/07 13:06:32 | 000,000,000 | ---D | C] -- C:\ProgramData\blekko toolbars

:Files
C:\ProgramData\Browser Manager

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that

FINALLY

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#9
Chaze

Chaze

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 154 posts
After about a few minutes of scanning in otl, theres a pop up asking me for permission (java auto updater)
do i just press continue?
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Deny that for the moment please
  • 0

Advertisements


#11
Chaze

Chaze

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 154 posts
OTL logfile created on: 1/9/2013 10:38:20 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Chaze\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.89 Gb Available Physical Memory | 68.65% Memory free
5.70 Gb Paging File | 4.88 Gb Available in Paging File | 85.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 225.52 Gb Total Space | 132.40 Gb Free Space | 58.71% Space Free | Partition Type: NTFS

Computer Name: CHAZE-PC | User Name: Chaze | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/07 13:42:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chaze\Desktop\OTL.exe
PRC - [2012/12/11 18:20:50 | 000,542,104 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2012/10/02 10:34:18 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2012/02/13 03:06:56 | 003,481,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2011/10/30 05:03:06 | 002,042,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/09/28 08:10:06 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/09/28 08:10:02 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/09/28 08:09:53 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/04/24 21:35:46 | 000,073,728 | ---- | M] (Toshiba) -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
PRC - [2008/04/24 15:03:12 | 000,430,080 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2008/04/21 21:47:28 | 000,015,872 | ---- | M] (Toshiba Corporation) -- C:\Program Files\TOSHIBA\ConfigFree\cfFncEnabler.exe
PRC - [2008/04/17 02:21:24 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2008/04/17 02:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2008/04/17 02:19:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2008/04/11 03:51:58 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/04/08 18:14:50 | 006,037,504 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/03/19 16:35:44 | 000,716,800 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2008/02/06 16:52:52 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2008/02/06 16:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2007/12/03 20:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
PRC - [2007/11/21 20:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2007/10/23 18:27:16 | 000,066,928 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
PRC - [2007/10/08 08:27:04 | 000,072,240 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
PRC - [2007/10/08 08:26:52 | 000,150,064 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe
PRC - [2007/10/08 08:26:50 | 000,121,392 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe
PRC - [2007/10/08 08:26:38 | 000,055,856 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\hqtray.exe
PRC - [2007/10/08 08:26:28 | 000,109,104 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
PRC - [2007/06/16 00:01:58 | 000,448,080 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2007/03/23 09:02:52 | 000,269,104 | ---- | M] (VMware, Inc.) -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
PRC - [2007/01/25 20:47:50 | 000,136,816 | ---- | M] () -- C:\TOSHIBA\IVP\ISM\pinger.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/10/05 15:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/15 11:53:52 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\d08cb6b1c4052e6f5a4e2452870d67d7\System.Management.ni.dll
MOD - [2012/11/15 11:51:20 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\6525d5b1a3b2cbea3301959a47b353c2\System.ServiceProcess.ni.dll
MOD - [2012/11/15 03:46:34 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\22e554f2c4da53c07e4815a24e2d50e2\System.Windows.Forms.ni.dll
MOD - [2012/11/15 03:46:12 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2c6cd37f29fc76d6c2ed6bbed202d82c\System.Drawing.ni.dll
MOD - [2012/11/15 03:43:54 | 007,976,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b2052acbbbba4f98585196872195e009\System.ni.dll
MOD - [2012/11/15 03:43:36 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7ad9c44df3b85848590e63f13fc59804\mscorlib.ni.dll
MOD - [2009/01/20 20:00:07 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2939.23662__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2009/01/20 20:00:07 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2939.23707__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2009/01/20 19:59:55 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3034.37123__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2009/01/20 19:59:55 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3034.37122__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2009/01/20 19:59:55 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2939.23679__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2008/04/23 01:05:08 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2008/03/06 13:14:54 | 005,121,912 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
MOD - [2007/12/25 15:03:40 | 000,015,184 | ---- | M] () -- C:\Program Files\TOSHIBA\PCDiag\NotifyPCD.dll
MOD - [2007/12/15 00:40:00 | 000,090,112 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll
MOD - [2007/10/08 08:27:16 | 000,970,288 | ---- | M] () -- C:\Program Files\VMware\VMware Workstation\libxml2.dll
MOD - [2007/10/08 08:26:48 | 000,080,432 | ---- | M] () -- C:\Program Files\VMware\VMware Workstation\zlib1.dll
MOD - [2006/12/01 20:55:42 | 000,009,216 | ---- | M] () -- C:\Program Files\TOSHIBA\TBS\NotifyTBS.dll
MOD - [2006/10/10 13:44:16 | 000,009,728 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
MOD - [2006/10/07 13:57:04 | 000,053,248 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s217mdm.dll -- (winpowerrmi)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\VAIOMediaPlatform-MusicServer-UPnP.dll -- (WINIO)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vsdatant.dll -- (viaagp1)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\djsnetcn.dll -- (UDFReadr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\clcapsvc.dll -- (U81xmdfl)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\AsusACPI.dll -- (twotrack)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\UMAXPCLS.dll -- (truecrypt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\kbdclass.dll -- (TMBMServer)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\openldap-slapd.dll -- (tfsnifs)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SE2Emdfl.dll -- (tbiosdrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\eamon.dll -- (snpstd2)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\JiaoCap.dll -- (snpstd)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\bgmainsvc.dll -- (smserial)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ndiscm.dll -- (smartwiservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\acsvc.dll -- (SiSRaid)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ATIBTCAP.dll -- (sisperf)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tavsvc.dll -- (SimpTcp)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\irsir.dll -- (SE2Cmdm)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\PNRPSvc.dll -- (SaiH040B)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nsm1mdfl.dll -- (rwbackupsrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\TryAndDecideService.dll -- (rsvchost)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\isdrv122.dll -- (rmedia)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nfmservice.dll -- (razerusb)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MTDVC2.dll -- (ProcObsrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\GT680x.dll -- (pnarp)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\AeLookupSvc.dll -- (phc600)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\AKSIFDH.dll -- (pavatscheduler)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\oracledbconsoleorcl.dll -- (parallel)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\livesrv.dll -- (nwlnknb)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\osanbm.dll -- (nvenetfd)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\p17.dll -- (nidomainservice)
SRV - File not found [Auto | Stopped] -- C:\Windows\svcs.exe -- (NetworkLog)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s7oppitx.dll -- (mwlsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cmbatt.dll -- (mrpostman)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pcctlcom.dll -- (mgabg)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\UlSata.dll -- (mcredirector)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\EU3_USB.dll -- (mcpromgr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\NVXBAR.dll -- (mcontrol)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\psched.dll -- (mcods)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ELhid.dll -- (lxrjd31d)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ql1280.dll -- (lvselsus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pxfhserd.dll -- (lexbces)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Defrag32.dll -- (JGOGO)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tsmservice.dll -- (iwebcal)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vpcnfltr.dll -- (ipodsrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ovt519.dll -- (InCDsrvR)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\winpower.dll -- (IFPUSB)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wampapache.dll -- (ggsemc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\aic78u2.dll -- (FiltUSBEMPIA)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ELmou.dll -- (emupia)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\BASFND.dll -- (elockservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wmccds.dll -- (EhttpSrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\scdemu.dll -- (E1000)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\policyagent.dll -- (dsunidrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nvnetbus.dll -- (dnsexit)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ccsetmgr.dll -- (dlartl_n)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\PTDCBus.dll -- (DgiVecp)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\magictuneengine.dll -- (df5serv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\forcewarewebinterface.dll -- (DeviceScanner)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tsircsrv.dll -- (db2remotecmd)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dmio.dll -- (CTMSHD)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\VNUSB.dll -- (CSDriver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\WmVirHid.dll -- (cs429x)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\PcdrNt.dll -- (COMMONFX.DLL)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\zpjava.dll -- (ccpwdsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\relational.dll -- (caccprovsp)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SNMPTRAP.dll -- (bcserver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ihcservice.dll -- (bcm43xx)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\a016bus.dll -- (bc_filter)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\bdselfpr.dll -- (avgio)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\swupdtmr.dll -- (AVerBDA)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s217bus.dll -- (AVCSTRM)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ADSMService.dll -- (ASUSVRC)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\osaio.dll -- (ASNDIS5)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\logonsvcid.dll -- (aslm75)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SaiU040B.dll -- (ASFWHide)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\61883.dll -- (appnnode)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pgpserv.dll -- (agrsrvce)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ssfs0509.dll -- (agpcpq)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\parvdm.dll -- (acmservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\se26nd5.dll -- (3c1807pd)
SRV - [2012/12/12 09:49:34 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/05 20:26:40 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2009/09/28 08:09:53 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2008/04/24 21:35:46 | 000,073,728 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV - [2008/04/17 02:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/04/16 18:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\Jumpstart\jswpsapi.exe -- (jswpsapi)
SRV - [2008/04/11 03:51:58 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/02/06 16:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2008/01/29 12:09:58 | 000,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/12/03 20:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/21 20:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2007/10/23 18:27:16 | 000,066,928 | ---- | M] () [Auto | Running] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2007/10/08 08:26:52 | 000,150,064 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnat.exe -- (VMware NAT Service)
SRV - [2007/10/08 08:26:50 | 000,121,392 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2007/10/08 08:26:28 | 000,109,104 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2007/08/07 11:34:56 | 000,186,928 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2007/03/23 09:02:52 | 000,269,104 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe -- (vmount2)
SRV - [2007/01/25 20:47:50 | 000,136,816 | ---- | M] () [Auto | Running] -- C:\TOSHIBA\IVP\ISM\pinger.exe -- (pinger)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/10/05 15:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\SYSPREP\Drivers\ioport.sys -- (IO_Memory)
DRV - File not found [Adapter | Auto | Unknown] -- C:\Windows\system32\FastUserSwitchingCompatibilityex.dll -- (FastUserSwitchingCompatibility)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (ax0ose8u)
DRV - [2013/01/07 13:11:04 | 000,013,560 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\gfibto.sys -- (gfibto)
DRV - [2012/05/03 01:37:29 | 000,112,096 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2012/04/11 10:21:14 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012/03/06 01:22:15 | 000,473,656 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/04/01 15:53:58 | 000,081,408 | ---- | M] (Gigaware) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Svk2pl.sys -- (Svk2pl)
DRV - [2009/09/28 08:10:06 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/09/28 08:10:05 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/06/09 19:40:44 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2008/05/21 11:26:40 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/04/28 19:59:18 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2008/04/23 03:36:32 | 003,551,232 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/04/18 03:54:16 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/04/15 12:05:08 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/04/11 00:25:30 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2008/01/18 11:22:00 | 000,009,216 | ---- | M] (Inventec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\sysprep\PEDRV.SYS -- (SVRPEDRV)
DRV - [2007/12/17 14:45:20 | 000,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007/12/14 13:53:24 | 000,024,200 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2007/11/09 17:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/10/08 08:27:34 | 000,924,976 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmx86.sys -- (vmx86)
DRV - [2007/10/08 08:27:34 | 000,034,864 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hcmon.sys -- (hcmon)
DRV - [2007/10/08 08:27:32 | 000,025,008 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2007/10/08 08:27:30 | 000,020,912 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMkbd.sys -- (vmkbd)
DRV - [2007/10/08 08:26:06 | 000,028,592 | R--- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2007/10/08 08:26:06 | 000,016,816 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2007/08/07 11:33:54 | 000,019,248 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2007/03/23 09:03:00 | 000,018,480 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys -- (vstor2)
DRV - [2006/11/28 18:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 16:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/09 01:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10I.sys -- (KR10I)
DRV - [2006/11/09 01:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10N.sys -- (KR10N)
DRV - [2006/10/30 14:23:12 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [1996/12/04 17:37:40 | 000,003,424 | ---- | M] (c't) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\DirectNT.sys -- (DirectNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSHB&bmod=TSHB
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=TSHB&bmod=TSHB
IE - HKLM\..\SearchScopes,DefaultScope = {056662DC-D11A-45B9-B129-AC9E05299437}
IE - HKLM\..\SearchScopes\{056662DC-D11A-45B9-B129-AC9E05299437}: "URL" = http://www.google.co...ng}&rlz=1I7TSHB

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSHB&bmod=TSHB
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{056662DC-D11A-45B9-B129-AC9E05299437}: "URL" = http://www.google.co...1I7TSHB_enUS331
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledAddons: {dfefbe51-ca52-484b-adf0-6b158b05262d}:2.4.897.175
FF - prefs.js..extensions.enabledAddons: {0153E448-190B-4987-BDE1-F256CADA672F}:15.0.6


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@palmsource.com/installer,version=1.0: C:\PROGRA~1\Palm\PACKAG~1\NPInstal.dll ()
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/10/02 10:35:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/07 13:10:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2009/06/13 19:32:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chaze\AppData\Roaming\Mozilla\Extensions
[2009/06/13 19:32:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chaze\AppData\Roaming\Mozilla\Extensions\[email protected]
[2013/01/07 13:06:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chaze\AppData\Roaming\Mozilla\Firefox\Profiles\549d9gl2.default\extensions
[2013/01/07 13:06:27 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\Chaze\AppData\Roaming\Mozilla\Firefox\Profiles\549d9gl2.default\extensions\[email protected]
[2012/09/18 11:47:55 | 000,272,844 | ---- | M] () (No name found) -- C:\Users\Chaze\AppData\Roaming\Mozilla\Firefox\Profiles\549d9gl2.default\extensions\[email protected]
[2012/09/18 11:45:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- C:\PROGRAMDATA\BROWSER MANAGER\2.4.897.175\{61D8B74E-8D89-46FF-AFA6-33382C54AC73}\FIREFOXEXTENSION
[2012/10/02 10:35:25 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2012/09/05 20:27:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/05 20:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/09/05 20:26:22 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.claro-sea...0000024d225f6f4
CHR - default_search_provider: Claro Search (Enabled)
CHR - default_search_provider: search_url = http://www.claro-sea...0000024d225f6f4
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.claro-sea...0000024d225f6f4
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.210.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U21 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: PalmSource Package Installer (Enabled) = C:\PROGRA~1\Palm\PACKAG~1\NPInstal.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpplugin.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Chaze\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\Chaze\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\Chaze\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Search = C:\Users\Chaze\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Chaze\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Settings Protector = C:\Users\Chaze\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\
CHR - Extension: Gmail = C:\Users\Chaze\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Gmail = C:\Users\Chaze\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/01/09 10:08:13 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [cfFncEnabler.exe] cfFncEnabler.exe File not found
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [jswtrayutil] "C:\Program Files\Jumpstart\jswtrayutil.exe" File not found
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [VMware hqtray] C:\Program Files\VMware\VMware Workstation\hqtray.exe (VMware, Inc.)
O4 - HKLM..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553542500} http://fpdownload2.m...ash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.251.129 167.206.251.130
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B0F31E43-512B-499E-AAA1-E7828F7C5D43}: DhcpNameServer = 167.206.251.129 167.206.251.130
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C2855BE1-397D-4868-A2A8-74543FB04624}: DhcpNameServer = 167.206.251.129 167.206.251.130
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Chaze\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Chaze\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{7dc22c63-7284-11de-9761-001e33a2b7a4}\Shell\AutoRun\command - "" = E:\wd_windows_tools\WDSetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/09 10:08:02 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/07 14:39:17 | 000,000,000 | ---D | C] -- C:\FRST
[2013/01/07 13:42:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Chaze\Desktop\OTL.exe
[2013/01/07 13:18:08 | 000,000,000 | ---D | C] -- C:\Users\Chaze\AppData\Local\adawarebp
[2013/01/07 13:07:45 | 000,000,000 | ---D | C] -- C:\Users\Chaze\AppData\Roaming\LavasoftStatistics
[2013/01/07 13:07:32 | 000,000,000 | ---D | C] -- C:\Users\Chaze\AppData\Local\Downloaded Installations
[2013/01/07 13:07:27 | 000,044,424 | ---- | C] (GFI Software) -- C:\Windows\System32\sbbd.exe
[2013/01/07 13:07:27 | 000,013,560 | ---- | C] (GFI Software) -- C:\Windows\System32\drivers\gfibto.sys
[2013/01/07 13:06:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2013/01/07 13:06:28 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner
[2013/01/07 13:06:28 | 000,000,000 | ---D | C] -- C:\Program Files\adawaretb
[2013/01/07 13:05:36 | 000,000,000 | ---D | C] -- C:\Users\Chaze\AppData\Roaming\Ad-Aware Antivirus
[2013/01/07 11:17:24 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/12/10 23:35:09 | 000,000,000 | ---D | C] -- C:\Users\Chaze\Desktop\python

========== Files - Modified Within 30 Days ==========

[2013/01/09 10:50:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/09 10:43:52 | 000,607,436 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/01/09 10:43:52 | 000,105,630 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/01/09 10:36:49 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/09 10:36:00 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/09 10:36:00 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/09 10:35:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/09 10:35:00 | 2950,524,928 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/09 10:08:13 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2013/01/09 10:00:59 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/09 09:53:49 | 063,421,651 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2013/01/07 14:28:20 | 000,000,512 | ---- | M] () -- C:\Users\Chaze\Desktop\MBR.dat
[2013/01/07 13:42:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chaze\Desktop\OTL.exe
[2013/01/07 13:11:04 | 000,044,424 | ---- | M] (GFI Software) -- C:\Windows\System32\sbbd.exe
[2013/01/07 13:11:04 | 000,013,560 | ---- | M] (GFI Software) -- C:\Windows\System32\drivers\gfibto.sys
[2013/01/07 12:48:56 | 000,205,312 | ---- | M] () -- C:\Users\Chaze\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/01/07 11:55:28 | 000,001,356 | ---- | M] () -- C:\Users\Chaze\AppData\Local\d3d9caps.dat
[2013/01/07 11:00:27 | 000,018,252 | ---- | M] () -- C:\ProgramData\sound.mp3
[2013/01/07 11:00:22 | 000,114,890 | ---- | M] () -- C:\ProgramData\1.jpg
[2013/01/01 03:23:05 | 000,391,712 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/12/15 14:34:13 | 000,019,746 | ---- | M] () -- C:\Users\Chaze\Desktop\Final comp sci.odt
[2012/12/14 22:59:39 | 000,001,982 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/12/11 00:32:34 | 000,000,641 | ---- | M] () -- C:\Users\Chaze\Desktop\1problem5.py
[2012/12/10 23:37:26 | 000,002,185 | ---- | M] () -- C:\Users\Chaze\Desktop\IDLE (Python GUI).lnk
[2012/12/10 23:36:22 | 000,000,755 | ---- | M] () -- C:\Users\Chaze\Desktop\problem5.py

========== Files Created - No Company Name ==========

[2013/01/07 14:28:20 | 000,000,512 | ---- | C] () -- C:\Users\Chaze\Desktop\MBR.dat
[2013/01/07 13:35:17 | 2950,524,928 | -HS- | C] () -- C:\hiberfil.sys
[2013/01/07 11:00:27 | 000,018,252 | ---- | C] () -- C:\ProgramData\sound.mp3
[2013/01/07 11:00:21 | 000,114,890 | ---- | C] () -- C:\ProgramData\1.jpg
[2012/12/15 00:04:59 | 000,019,746 | ---- | C] () -- C:\Users\Chaze\Desktop\Final comp sci.odt
[2012/12/13 03:10:53 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/12/13 03:10:53 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/12/10 23:37:14 | 000,000,641 | ---- | C] () -- C:\Users\Chaze\Desktop\1problem5.py
[2012/12/10 23:33:20 | 000,000,755 | ---- | C] () -- C:\Users\Chaze\Desktop\problem5.py
[2012/10/19 09:57:36 | 001,589,248 | ---- | C] () -- C:\Windows\System32\libmysql_d.dll
[2012/09/20 22:52:40 | 000,000,600 | ---- | C] () -- C:\Users\Chaze\AppData\Roaming\winscp.rnd
[2012/09/20 10:51:34 | 000,000,600 | ---- | C] () -- C:\Users\Chaze\AppData\Local\PUTTY.RND
[2012/04/06 10:43:04 | 000,000,031 | ---- | C] () -- C:\Users\Chaze\AppData\Roaming\316971.dat
[2011/11/12 13:08:33 | 000,000,632 | RHS- | C] () -- C:\Users\Chaze\ntuser.pol
[2011/07/14 01:54:53 | 000,000,000 | ---- | C] () -- C:\Users\Chaze\AppData\Local\{4D1756FD-1807-4439-B465-1C977EBAFE62}
[2010/09/26 19:38:31 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/06/15 17:25:34 | 000,001,356 | ---- | C] () -- C:\Users\Chaze\AppData\Local\d3d9caps.dat
[2009/06/09 20:52:13 | 000,205,312 | ---- | C] () -- C:\Users\Chaze\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2012/05/03 15:35:27 | 000,000,000 | ---D | M] -- C:\Windows\$NtUninstallKB8426$\3535204956\L
[2012/05/03 15:35:03 | 000,000,000 | ---D | M] -- C:\Windows\$NtUninstallKB8426$\3535204956\U
[2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"ThreadingModel" = Both
"" = C:\$Recycle.Bin\S-1-5-21-2036848099-160209580-2947422689-1000\$2c568a31310402a22506ad0a4c4feff6\n.

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2009/06/11 21:59:43 | 000,000,000 | ---D | M] -- C:\Users\Chaze\AppData\Roaming\acccore
[2013/01/07 13:05:47 | 000,000,000 | ---D | M] -- C:\Users\Chaze\AppData\Roaming\Ad-Aware Antivirus
[2012/10/19 09:28:58 | 000,000,000 | ---D | M] -- C:\Users\Chaze\AppData\Roaming\Babylon
[2012/03/15 12:05:56 | 000,000,000 | ---D | M] -- C:\Users\Chaze\AppData\Roaming\DAEMON Tools Lite
[2012/03/07 00:11:14 | 000,000,000 | ---D | M] -- C:\Users\Chaze\AppData\Roaming\DAEMON Tools Pro
[2010/10/28 15:14:48 | 000,000,000 | ---D | M] -- C:\Users\Chaze\AppData\Roaming\HotSync
[2009/06/22 07:32:44 | 000,000,000 | ---D | M] -- C:\Users\Chaze\AppData\Roaming\LimeWire
[2012/10/20 16:32:05 | 000,000,000 | ---D | M] -- C:\Users\Chaze\AppData\Roaming\Notepad++
[2009/06/11 08:13:11 | 000,000,000 | ---D | M] -- C:\Users\Chaze\AppData\Roaming\OpenOffice.org
[2011/06/14 08:22:23 | 000,000,000 | ---D | M] -- C:\Users\Chaze\AppData\Roaming\Research In Motion
[2009/06/18 21:15:05 | 000,000,000 | ---D | M] -- C:\Users\Chaze\AppData\Roaming\TOSHIBA
[2009/07/18 22:54:05 | 000,000,000 | ---D | M] -- C:\Users\Chaze\AppData\Roaming\WinBatch

========== Purity Check ==========



< End of report >
  • 0

#12
Chaze

Chaze

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 154 posts
# AdwCleaner v2.105 - Logfile created 01/09/2013 at 11:48:09
# Updated 08/01/2013 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : Chaze - CHAZE-PC
# Boot Mode : Normal
# Running from : C:\Users\Chaze\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : Viewpoint Manager Service

***** [Files / Folders] *****

File Deleted : C:\Users\Chaze\AppData\Roaming\Mozilla\Firefox\Profiles\549d9gl2.default\bprotector_extensions.sqlite
File Deleted : C:\Users\Chaze\AppData\Roaming\Mozilla\Firefox\Profiles\549d9gl2.default\bprotector_prefs.js
Folder Deleted : C:\Program Files\adawaretb
Folder Deleted : C:\Program Files\Viewpoint
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\IBUpdaterService
Folder Deleted : C:\ProgramData\Viewpoint
Folder Deleted : C:\Users\Chaze\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Folder Deleted : C:\Users\Chaze\AppData\LocalLow\adawaretb
Folder Deleted : C:\Users\Chaze\AppData\LocalLow\Claro LTD
Folder Deleted : C:\Users\Chaze\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Chaze\AppData\Roaming\Mozilla\Firefox\Profiles\549d9gl2.default\adawaretb

***** [Registry] *****

Key Deleted : HKCU\Software\5d55dddbb23ee843
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\5d55dddbb23ee843
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501160}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011501160}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501160}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\SOFTWARE\Software
Key Deleted : HKLM\Software\Viewpoint
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0.1 (en-US)

File : C:\Users\Chaze\AppData\Roaming\Mozilla\Firefox\Profiles\549d9gl2.default\prefs.js

C:\Users\Chaze\AppData\Roaming\Mozilla\Firefox\Profiles\549d9gl2.default\user.js ... Deleted !

Deleted : user_pref("avg.install.userHPSettings", "hxxp://www.claro-search.com/?affID=114508&tt=4212_8&babsrc=[...]
Deleted : user_pref("avg.install.userSPSettings", "Claro Search");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.claro-search.com/?affID=114508&tt=421[...]
Deleted : user_pref("extensions.claro.admin", false);
Deleted : user_pref("extensions.claro.aflt", "babsst");
Deleted : user_pref("extensions.claro.appId", "{C3110516-8EFC-49D6-8B72-69354F332062}");
Deleted : user_pref("extensions.claro.dfltLng", "en");
Deleted : user_pref("extensions.claro.excTlbr", false);
Deleted : user_pref("extensions.claro.id", "6c3262420000000000000024d225f6f4");
Deleted : user_pref("extensions.claro.instlDay", "15632");
Deleted : user_pref("extensions.claro.instlRef", "sst");
Deleted : user_pref("extensions.claro.prdct", "claro");
Deleted : user_pref("extensions.claro.prtnrId", "claro");
Deleted : user_pref("extensions.claro.tlbrId", "claro");
Deleted : user_pref("extensions.claro.tlbrSrchUrl", "");
Deleted : user_pref("extensions.claro.vrsn", "1.8.3.10");
Deleted : user_pref("extensions.claro.vrsni", "1.8.3.10");
Deleted : user_pref("extensions.claro_i.smplGrp", "none");
Deleted : user_pref("extensions.claro_i.vrsnTs", "1.8.3.1010:29:42");

-\\ Google Chrome v23.0.1271.97

File : C:\Users\Chaze\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.11] : homepage = "hxxp://www.claro-search.com/?affID=114508&tt=4212_8&babsrc=HP_clro&mntrId=6c32624[...]
Deleted [l.15] : urls_to_restore_on_startup = [ "hxxp://www.claro-search.com/?affID=114508&tt=4212_8&babsrc[...]
Deleted [l.40] : icon_url = "hxxp://www.claro-search.com/favicon.ico",
Deleted [l.43] : keyword = "claro-search.com",
Deleted [l.46] : search_url = "hxxp://www.claro-search.com/?q={searchTerms}&affID=114508&tt=4212_8&babsrc=SP_c[...]
Deleted [l.258] : homepage = "hxxp://www.claro-search.com/?affID=114508&tt=4212_8&babsrc=HP_clro&mntrId=6c32624200[...]
Deleted [l.507] : urls_to_restore_on_startup = [ "hxxp://www.claro-search.com/?affID=114508&tt=4212_8&babsrc=HP[...]

*************************

AdwCleaner[R1].txt - [7683 octets] - [07/01/2013 13:28:45]
AdwCleaner[R2].txt - [7743 octets] - [07/01/2013 13:29:39]
AdwCleaner[S1].txt - [6482 octets] - [09/01/2013 11:48:09]

########## EOF - C:\AdwCleaner[S1].txt - [6542 octets] ##########
  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Once combofix has completed could you let me know how the system is running
  • 0

#14
Chaze

Chaze

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 154 posts
ComboFix 13-01-08.01 - Chaze 01/09/2013 12:07:03.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2813.1840 [GMT -5:00]
Running from: c:\users\Chaze\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *Enabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}
SP: AVG Anti-Virus Free *Enabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Chaze\AppData\Roaming\316971.dat
c:\windows\system32\dds_trash_log.cmd
c:\windows\system32\pt
c:\windows\system32\pt\smartfacevcp.dll.mui
c:\windows\system32\pt\toscdspd.cpl.mui
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NetworkLog
.
.
((((((((((((((((((((((((( Files Created from 2012-12-09 to 2013-01-09 )))))))))))))))))))))))))))))))
.
.
2013-01-09 17:18 . 2013-01-09 17:18 -------- d-----w- c:\users\others\AppData\Local\temp
2013-01-09 17:18 . 2013-01-09 17:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-09 15:08 . 2013-01-09 15:08 -------- d-----w- C:\_OTL
2013-01-07 19:39 . 2013-01-07 18:41 -------- d-----w- C:\FRST
2013-01-07 18:18 . 2013-01-07 18:18 -------- d-----w- c:\users\Chaze\AppData\Local\adawarebp
2013-01-07 18:07 . 2013-01-07 18:07 -------- d-----w- c:\users\Chaze\AppData\Roaming\LavasoftStatistics
2013-01-07 18:07 . 2013-01-07 18:07 -------- d-----w- c:\users\Chaze\AppData\Local\Downloaded Installations
2013-01-07 18:07 . 2013-01-07 18:11 44424 ----a-w- c:\windows\system32\sbbd.exe
2013-01-07 18:07 . 2013-01-07 18:11 13560 ----a-w- c:\windows\system32\drivers\gfibto.sys
2013-01-07 18:06 . 2013-01-07 18:15 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2013-01-07 18:06 . 2013-01-07 18:06 -------- d-----w- c:\program files\Toolbar Cleaner
2013-01-07 18:05 . 2013-01-07 18:05 -------- d-----w- c:\users\Chaze\AppData\Roaming\Ad-Aware Antivirus
2013-01-01 08:03 . 2012-12-16 13:12 34304 ----a-w- c:\windows\system32\atmlib.dll
2013-01-01 08:03 . 2012-12-16 10:50 293376 ----a-w- c:\windows\system32\atmfd.dll
2012-12-13 08:10 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-12-13 08:10 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-12-13 08:10 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-12-13 08:10 . 2009-07-14 12:12 16896 ----a-w- c:\windows\system32\winusb.dll
2012-12-13 08:10 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-12-13 08:10 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-12-13 08:10 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-12-13 08:10 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-12-13 08:10 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2012-12-13 08:10 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
2012-12-13 08:10 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-12-12 14:49 . 2012-12-12 14:49 15728568 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-12-12 06:30 . 2012-11-13 01:36 2048000 ----a-w- c:\windows\system32\win32k.sys
2012-12-12 06:30 . 2012-11-02 10:18 376320 ----a-w- c:\windows\system32\dpnet.dll
2012-12-12 06:30 . 2012-11-02 08:26 23040 ----a-w- c:\windows\system32\dpnsvr.exe
2012-12-12 06:30 . 2012-08-21 11:47 224640 ----a-w- c:\windows\system32\drivers\volsnap.sys
2012-12-12 06:30 . 2012-11-13 01:29 2048 ----a-w- c:\windows\system32\tzres.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-07 17:57 . 2008-01-21 02:23 54784 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2012-12-12 14:49 . 2012-04-05 15:51 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-12 14:49 . 2011-09-29 12:37 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-06 19:04 . 2012-12-06 19:04 69632 ----a-r- c:\users\Chaze\AppData\Roaming\Microsoft\Installer\{E44096DC-9389-47DE-9515-C7CA51EE05D7}\NewShortcut4_838BDC75346D4F49BD1D5328F986CD86.exe
2012-12-06 19:04 . 2012-12-06 19:04 413696 ----a-r- c:\users\Chaze\AppData\Roaming\Microsoft\Installer\{E44096DC-9389-47DE-9515-C7CA51EE05D7}\NewShortcut2_5B2EDCAA303A43629DACC3FFFABD0901.exe
2012-12-06 19:04 . 2012-12-06 19:04 413696 ----a-r- c:\users\Chaze\AppData\Roaming\Microsoft\Installer\{E44096DC-9389-47DE-9515-C7CA51EE05D7}\NewShortcut1_9F9ABBA94B874F449DBFBD7EB1332F16.exe
2012-12-06 19:04 . 2012-12-06 19:04 413696 ----a-r- c:\users\Chaze\AppData\Roaming\Microsoft\Installer\{E44096DC-9389-47DE-9515-C7CA51EE05D7}\ARPPRODUCTICON.exe
2012-09-06 01:27 . 2012-09-18 16:45 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-21 39408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-07 1029416]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-11-01 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800]
"NDSTray.exe"="NDSTray.exe" [BU]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2011-10-30 2042208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2007-10-08 72240]
"VMware hqtray"="c:\program files\VMware\VMware Workstation\hqtray.exe" [2007-10-08 55856]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2012-10-02 296096]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2012-12-11 542104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
2008-04-29 18:33 417792 ----a-w- c:\program files\Camera Assistant Software for Toshiba\traybar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-24 06:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 15:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMBBLaunchAgent.exe]
2011-11-02 06:00 90448 ----a-w- c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
NETSVCS REQUIRES REPAIRS - current entries shown
AeLookupSvc
wercplsupport
Themes
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Ias
Irmon
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
SENS
Sharedaccess
SRService
MREMP50
agpcpq
viaagp1
lxrjd31d
nidomainservice
ProcObsrv
SE2Cmdm
snpstd2
CTMSHD
SimpTcp
IFPUSB
ASUSVRC
COMMONFX.DLL
bcserver
mgabg
iwebcal
mcredirector
TMBMServer
snpstd
df5serv
JGOGO
razerusb
winpowerrmi
dsunidrv
bc_filter
mcontrol
rwbackupsrv
SiSRaid
mwlsvc
lexbces
avgio
parallel
ASNDIS5
dnsexit
WINIO
E1000
sisperf
3c1807pd
smserial
ASFWHide
se2Cunic
mnsframework
mcstrm
icm10blk
roxupnprenderer
DCamUSBSQTECH
usbvm321
WNIPROT5
SaiH040B
portio
kbfiltr
db2ntsecserver
issvc
Usb20Scan
FireTDI
tfsnudf
pacsptisvr
NSSvcMgr
nwlnkspx
rnadirectory
asp.net_2.0.50727
lvuvc
cs429x
mrpostman
aslm75
rmedia
lvselsus
rsvchost
caccprovsp
nwlnknb
elockservice
CSDriver
tbiosdrv
bcm43xx
EhttpSrv
smartwiservice
emupia
mcpromgr
tfsnifs
FiltUSBEMPIA
ccpwdsvc
dlartl_n
DeviceScanner
agrsrvce
AVCSTRM
twotrack
nvenetfd
db2remotecmd
pnarp
ipodsrv
truecrypt
mcods
UDFReadr
DgiVecp
appnnode
acmservice
pavatscheduler
U81xmdfl
ggsemc
InCDsrvR
phc600
AVerBDA
Tapisrv
Wmi
WmdmPmSp
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
ProfSvc
EapHost
winmgmt
schedule
SessionEnv
browser
hkmsvc
.
Rebuilding ... You need to reboot your machine for this to take effect.
.
AppMgmt
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 14:49]
.
2013-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-15 22:24]
.
2013-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-15 22:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 167.206.251.129 167.206.251.130
FF - ProfilePath - c:\users\Chaze\AppData\Roaming\Mozilla\Firefox\Profiles\549d9gl2.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage -
FF - ExtSQL: 2013-01-07 13:06; [email protected]; c:\users\Chaze\AppData\Roaming\Mozilla\Firefox\Profiles\549d9gl2.default\extensions\[email protected]
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Aim6 - (no file)
HKLM-Run-jswtrayutil - c:\program files\Jumpstart\jswtrayutil.exe
HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe
SafeBoot-77639970.sys
SafeBoot-81767835.sys
SafeBoot-83900942.sys
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-Adobe ARM - c:\programdata\ifgxpers.exe
MSConfigStartUp-dplaysvr - c:\users\Chaze\AppData\Local\dplaysvr.exe
MSConfigStartUp-HotSync - c:\program files\PalmSource\Desktop\HotSync.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-09 13:05
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i??????p?IZ???????????????8 ??`
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2260)
c:\programdata\Ad-Aware Browsing Protection\adawarebp.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\progra~1\AVG\AVG8\avgwdsvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\toshiba\IVP\ISM\pinger.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\program files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
c:\program files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
c:\windows\system32\vmnat.exe
c:\program files\VMware\VMware Workstation\vmware-authd.exe
c:\windows\system32\vmnetdhcp.exe
c:\program files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
c:\windows\RtHDVCpl.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files\AVG\AVG8\avgtray.exe
.
**************************************************************************
.
Completion time: 2013-01-09 13:11:30 - machine was rebooted
ComboFix-quarantined-files.txt 2013-01-09 18:11
.
Pre-Run: 141,933,883,392 bytes free
Post-Run: 141,228,290,048 bytes free
.
- - End Of File - - DB89B3BFF6C3D5CAB8CF786D45F898E9
  • 0

#15
Chaze

Chaze

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 154 posts
Machine appears to be back to normal. Thanks for your time and help.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP