Bad image keeps appearing

Microsoft Windows 7 home premium 64-bit
March 7, 2010 at 11:41:26
Specs: Windows 7, Don't know
It keeps popping up a windows saying i have a
bad image constantly. I have just run a
kapersky
anti-virus scan(which says i have trojans) and
a command prompt
sfc/scannow but the problem still persists on
startup, shutdown and on most of the
programs i
open

See More: Bad image keeps appearing

Report •


#1
March 7, 2010 at 11:45:50
These scans will remove some baddies and will help identify the files causing the problem.

Download DDS and save it to your desktop.
DDS.scr


Disable any script blocker if your Anti-Virus/Anti-Malware has it.
Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click dds.scr to run the tool.
When done, the DDS.txt will open.
Click Yes at the next prompt for Optional Scan.

When done, DDS will open two (2) logs:
1. DDS.txt
2. Attach.txt

Save both reports to your desktop then post them please.

Please download Malwarebytes' Anti-Malware from one of these sites:

MalwareBytes1

MalwareBytes2

Rename the setup file, mbam-setup.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename mbam-setup.exe to tool.exe> click save.

1. Double Click tool.exe to install the application.
2. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
3. If an update is found, it will download and install the latest version.
4. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient.
5. When the scan is complete, click OK, then Show Results to view the results.
6. Make sure that everything found is checked, and click Remove Selected.
7. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
8. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
9. Copy&Paste the entire report in your next reply.


Report •

#2
March 7, 2010 at 12:14:49

DDS (Ver_09-12-01.01) - NTFSX64
Run by Nick at 20:11:37.97 on 07/03/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium
6.1.7600.0.1252.44.1033.18.3933.2129 [GMT 0:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k
LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k
LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\UnsignedThemesSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k
LocalServiceNoNetwork
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet
Security 2010\avp.exe
C:\Windows\system32\svchost.exe -k
LocalServiceAndNoImpersonation
C:\Program Files (x86)\Flip
Video\FlipShare\FlipShareService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\TOSHIBA\F3607gw Mobile Broadband
Device\WMCore\mini_WMCore.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k
NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program
Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program
Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe
C:\Program Files\TOSHIBA\TECO\TEco.exe
C:\Program Files (x86)\TOSHIBA\Toshiba Online Product
Information\TOPI.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Windows
Live\Messenger\msnmsgr.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Speech\Common\sapisvr.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service
Station\ToshibaServiceStation.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet
Security 2010\avp.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files
(x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files
(x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service
Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD
Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD
Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\taskhost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Users\Nick\AppData\Local\Google\Chrome\Application\chr
ome.exe
C:\Users\Nick\AppData\Local\Google\Chrome\Application\chr
ome.exe
C:\Users\Nick\AppData\Local\Google\Chrome\Application\chr
ome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Nick\Desktop\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
uDefault_Page_URL =
hxxp://www.google.com/ig/redirectdomain?
brand=TSEH&bmod=TSEH
mLocal Page = c:\windows\syswow64\blank.htm
mWinlogon: Userinit=userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: c:\windows\syswow64\pz0vf1k76.dll: {a3ba40a2-74f0-
42bd-f434-00b15a2c8953} -
c:\windows\syswow64\pz0vf1k76.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-
009027a5cd4f} - c:\program files (x86)\google\google
toolbar\GoogleToolbar_32.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} -
c:\program files (x86)\techsmith\snagit 9\SnagitIEAddin.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No
File
uRun: [TOSHIBA Online Product Information] c:\program files
(x86)\toshiba\toshiba online product information\topi.exe
uRun: [msnmsgr] "c:\program files (x86)\windows
live\messenger\msnmsgr.exe" /background
uRun: [Google Update]
"c:\users\nick\appdata\local\google\update\GoogleUpdate.exe
" /c
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe
/autoRun
uRun: [Speech Recognition]
"c:\windows\speech\common\sapisvr.exe" -SpeechUX -
Startup
uRun: [Remote System Protection] rundll32.exe
c:\windows\system32\pz0vf1k76.dll, HUI_proc
mRun: [SVPWUTIL] c:\program files
(x86)\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] "c:\program
files\toshiba\utilities\HWSetup.exe" hwSetUP
mRun: [KeNotify] c:\program files
(x86)\toshiba\utilities\KeNotify.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files
(x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [TWebCamera]
"%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera
Application\TWebCamera.exe" autorun
mRun: [ToshibaServiceStation] "c:\program files
(x86)\toshiba\toshiba service
station\ToshibaServiceStation.exe" /hide:60
mRun: [AVP] "c:\program files (x86)\kaspersky lab\kaspersky
internet security 2010\avp.exe"
dRun: [TOSHIBA Online Product Information] c:\program files
(x86)\toshiba\toshiba online product information\topi.exe
StartupFolder:
c:\users\nick\appdata\roaming\micros~1\windows\startm~1\pr
ograms\startup\trdcre~1.lnk - c:\program files
(x86)\toshiba\trdcreminder\TRDCReminder.exe
uPolicies-explorer: NoFolderOptions = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
uPolicies-system: DisableTaskMgr = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableTaskMgr = 1 (0x1)
IE: Add to Anti-Banner - c:\program files (x86)\kaspersky
lab\kaspersky internet security 2010\ie_banner_deny.htm
IE: E&xport to Microsoft Excel -
c:\progra~2\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} -
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program
files (x86)\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-
E1D6-4330-914C-F5F514E3486C} -
c:\progra~2\micros~2\office12\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} -
{4248FE82-7FCB-46AC-B270-339F08212110} - c:\program
files (x86)\kaspersky lab\kaspersky internet security
2010\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} -
c:\progra~2\micros~2\office12\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} -
{CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program
files (x86)\kaspersky lab\kaspersky internet security
2010\klwtbbho.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-
i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} -
hxxp://messenger.zone.msn.com/binary/MessengerStatsPA
Client.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-
i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-
i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} -
hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56
986.cab
AppInit_DLLs:
c:\progra~2\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~2\kasp
er~1\kasper~1\sbhook.dll

============= SERVICES / DRIVERS
===============

R0 KLBG;Kaspersky Lab Boot Guard
Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14
40464]
R0 tos_sps64;TOSHIBA tos_sps64
Service;c:\windows\system32\drivers\tos_sps64.sys [2009-
11-3 482384]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6
Filter;c:\windows\system32\drivers\klim6.sys [2009-11-3
27152]
R1 vwififlt;Virtual WiFi Filter
Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14
59904]
R2 AVP;Kaspersky Internet Security;c:\program files
(x86)\kaspersky lab\kaspersky internet security 2010\avp.exe
[2009-10-20 340456]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program
files (x86)\toshiba\configfree\CFIWmxSvcs64.exe [2009-8-10
248688]
R2 ConfigFree Gadget Service;ConfigFree Gadget
Service;c:\program files
(x86)\toshiba\configfree\CFProcSRVC.exe [2009-7-14 42368]
R2 ConfigFree Service;ConfigFree Service;c:\program files
(x86)\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]
R2 TemproMonitoringService;Notebook Performance Tuning
Service (TEMPRO);c:\program files (x86)\toshiba
tempro\TemproSvc.exe [2009-8-6 116104]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility
Service;c:\program files\toshiba\teco\TecoService.exe [2009-
8-27 251760]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and
General Purpose Device Filter
Driver;c:\windows\system32\drivers\TVALZFL.sys [2009-6-19
14472]
R2 UnsignedThemes;Unsigned
Themes;c:\windows\UnsignedThemesSvc.exe [2009-7-13
24168]
R2
uxpatch;uxpatch;c:\windows\system32\drivers\uxpatch.sys
[2009-7-13 30568]
R2 WMCoreService;Mobile Broadband Core
Service;c:\program files (x86)\toshiba\f3607gw mobile
broadband device\wmcore\mini_WMCore.exe [2009-12-1
448512]
R3 IntcHdmiAddService;Intel(R) High Definition Audio
HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-7-10
139264]
R3 klmouflt;Kaspersky Lab
KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-
10-2 21008]
R3 PGEffect;Pangu effect
driver;c:\windows\system32\drivers\PGEffect.sys [2009-11-3
35008]
R3 RTL8167;Realtek 8167 NT
Driver;c:\windows\system32\drivers\Rt64win7.sys [2009-9-4
215040]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11bg 54Mbps
USB 2.0 Network
Adapter;c:\windows\system32\drivers\RTL8187B.sys [2009-
11-3 446976]
R3 TMachInfo;TMachInfo;c:\program files
(x86)\toshiba\toshiba service station\TMachInfo.exe [2009-11-
3 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD
Alert Service;c:\program files\toshiba\toshiba hdd ssd
alert\TosSmartSrv.exe [2009-8-3 137560]
R3 TPCHSrv;TPCH Service;c:\program
files\toshiba\tphm\TPCHSrv.exe [2009-8-4 826224]
R3 vwifimp;Microsoft Virtual WiFi Miniport
Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14
17920]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card
Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-11-3
222208]

=============== Created Last 30 ================

2010-03-07 18:57:44 0 d-----w-
c:\programdata\SpeedyPC
2010-03-06 08:37:33 245760 ----a-w-
c:\windows\syswow64\uxtheme.dll.backup
2010-03-06 08:37:29 2755072 ----a-w-
c:\windows\syswow64\themeui.dll.backup
2010-03-06 08:23:50 332288 ----a-w-
c:\windows\system32\uxtheme.dll.backup
2010-03-06 08:23:42 2851328 ----a-w-
c:\windows\system32\themeui.dll.backup
2010-03-06 08:23:37 44544 ----a-w-
c:\windows\system32\themeservice.dll.backup
2010-03-05 19:25:58 0 d-----w- c:\program files
(x86)\RealVNC
2010-03-02 18:25:49 286720 ----a-w-
c:\windows\iun506.exe
2010-03-02 18:25:45 0 d-----w- c:\program files
(x86)\Mp3 File Editor
2010-03-01 21:34:23 0 d-----w- c:\program files
(x86)\WADder
2010-03-01 20:40:37 0 d-----w- C:\wadder
2010-02-28 16:53:12 0 d-----w- c:\program
files\SmartFTP Client
2010-02-28 16:52:05 0 d-----w- c:\program files
(x86)\SmartFTP Client 4.0 (x64) Setup Files
2010-02-28 15:08:02 0 d-----w-
c:\windows\syswow64\RegistryCorrector
2010-02-28 15:07:55 86016 ----a-w-
c:\windows\unvise32.exe
2010-02-28 15:07:46 0 d-----w- c:\program files
(x86)\Registry Corrector
2010-02-24 17:15:12 25600 ----a-w-
c:\windows\syswow64\setup16.exe
2010-02-24 17:15:12 243200 ----a-w-
c:\windows\system32\wow64.dll
2010-02-24 17:15:11 7680 ----a-w-
c:\windows\syswow64\instnm.exe
2010-02-24 17:15:11 5120 ----a-w-
c:\windows\syswow64\wow32.dll
2010-02-24 17:15:11 2048 ----a-w-
c:\windows\syswow64\user.exe
2010-02-24 17:15:11 14336 ----a-w-
c:\windows\syswow64\ntvdm64.dll
2010-02-24 17:14:50 2048 ----a-w-
c:\windows\syswow64\tzres.dll
2010-02-24 17:14:50 2048 ----a-w-
c:\windows\system32\tzres.dll
2010-02-24 17:14:37 716800 ----a-w-
c:\windows\syswow64\jscript.dll
2010-02-24 17:14:35 960512 ----a-w-
c:\windows\system32\CPFilters.dll
2010-02-24 17:14:35 641536 ----a-w-
c:\windows\syswow64\CPFilters.dll
2010-02-24 17:14:34 613888 ----a-w-
c:\windows\system32\psisdecd.dll
2010-02-24 17:14:34 552960 ----a-w-
c:\windows\system32\msdri.dll
2010-02-24 17:14:34 288256 ----a-w-
c:\windows\system32\MSNP.ax
2010-02-24 17:14:34 204288 ----a-w-
c:\windows\syswow64\MSNP.ax
2010-02-24 17:14:33 465408 ----a-w-
c:\windows\syswow64\psisdecd.dll
2010-02-13 14:50:01 0 d-----w-
c:\windows\syswow64\QuickTime
2010-02-13 14:49:58 0 d-----w- c:\program files
(x86)\3ivx
2010-02-13 14:49:47 0 d-----w- c:\programdata\Flip
Video
2010-02-13 14:49:47 0 d-----w- c:\program files
(x86)\Flip Video
2010-02-10 18:33:23 0 d-----w- c:\program files
(x86)\Novel Games
2010-02-06 07:47:01 0 d-----w- C:\Computer++

==================== Find3M
====================

2010-02-24 09:16:06 212864 ------w-
c:\windows\system32\MpSigStub.exe
2010-01-21 20:05:53 143387 ----a-w-
c:\windows\system32\drivers\klin.dat
2010-01-21 20:05:53 104987 ----a-w-
c:\windows\system32\drivers\klick.dat
2010-01-20 20:43:21 0 ---ha-w-
c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.W
df
2010-01-19 09:05:57 424960 ----a-w-
c:\windows\system32\secproc.dll
2010-01-19 09:05:57 422912 ----a-w-
c:\windows\system32\secproc_isv.dll
2010-01-19 09:05:57 121856 ----a-w-
c:\windows\system32\secproc_ssp_isv.dll
2010-01-19 09:05:57 121856 ----a-w-
c:\windows\system32\secproc_ssp.dll
2010-01-19 09:00:44 305152 ----a-w-
c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-19 09:00:43 357888 ----a-w-
c:\windows\system32\RMActivate_isv.exe
2010-01-19 09:00:37 356352 ----a-w-
c:\windows\system32\RMActivate.exe
2010-01-19 09:00:37 306688 ----a-w-
c:\windows\system32\RMActivate_ssp.exe
2010-01-18 23:29:31 85504 ----a-w-
c:\windows\syswow64\secproc_ssp_isv.dll
2010-01-18 23:29:31 85504 ----a-w-
c:\windows\syswow64\secproc_ssp.dll
2010-01-18 23:29:31 365568 ----a-w-
c:\windows\syswow64\secproc_isv.dll
2010-01-18 23:29:30 369152 ----a-w-
c:\windows\syswow64\secproc.dll
2010-01-18 23:28:33 324608 ----a-w-
c:\windows\syswow64\RMActivate_isv.exe
2010-01-18 23:28:33 277504 ----a-w-
c:\windows\syswow64\RMActivate_ssp_isv.exe
2010-01-18 23:28:30 320512 ----a-w-
c:\windows\syswow64\RMActivate.exe
2010-01-18 23:28:30 280064 ----a-w-
c:\windows\syswow64\RMActivate_ssp.exe
2010-01-11 07:12:38 381440 ----a-w-
c:\windows\syswow64\iedkcs32.dll
2010-01-08 03:38:32 285696 ----a-w-
c:\windows\system32\drivers\mrxsmb10.sys
2010-01-08 03:38:28 157696 ----a-w-
c:\windows\system32\drivers\mrxsmb.sys
2009-12-19 09:51:24 1192960 ----a-w-
c:\windows\system32\wininet.dll
2009-12-19 09:50:56 14848 ----a-w-
c:\windows\system32\tsbyuv.dll
2009-12-19 09:49:47 1572352 ----a-w-
c:\windows\system32\quartz.dll
2009-12-19 09:47:56 25088 ----a-w-
c:\windows\system32\msyuv.dll
2009-12-19 09:47:53 38912 ----a-w-
c:\windows\system32\msvidc32.dll
2009-12-19 09:47:46 16384 ----a-w-
c:\windows\system32\msrle32.dll
2009-12-19 09:46:35 54272 ----a-w-
c:\windows\system32\iyuv_32.dll
2009-07-14 05:37:38 31548 ----a-w-
c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w-
c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w-
c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w-
c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program
files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files
(x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w-
c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w-
c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w-
c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w-
c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r-
c:\windows\fonts\StaticCache.dat
2009-07-14 01:39:53 398848 --sha-w-
c:\windows\winsxs\amd64_microsoft-windows-mail-
app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f69663
9a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w-
c:\windows\winsxs\x86_microsoft-windows-mail-
app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108
c86c\WinMail.exe

============= FINISH: 20:12:58.39 ===============

I will now run the other scanner


Report •

#3
March 7, 2010 at 12:29:37
Malwarebytes' Anti-Malware 1.44
Database version: 3833
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

07/03/2010 20:29:08
mbam-log-2010-03-07 (20-29-08).txt

Scan type: Quick Scan
Objects scanned: 101172
Time elapsed: 8 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 4
Registry Data Items Infected: 5
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{a3ba40a2-74f0-42bd-f434-
00b15a2c8953} (Trojan.BHO) -> Quarantined and deleted
successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\C
urrentVersion\Ext\Stats\{a3ba40a2-74f0-42bd-f434-
00b15a2c8953} (Trojan.BHO) -> Quarantined and deleted
successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\C
urrentVersion\Explorer\Browser Helper Objects\{a3ba40a2-
74f0-42bd-f434-00b15a2c8953} (Trojan.BHO) -> Quarantined
and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Dr. Guard
(Rogue.DrGuard) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\C
urrentVersion\Explorer\idstrf (Malware.Trace) -> Quarantined
and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\C
urrentVersion\Explorer\winid (Malware.Trace) -> Quarantined
and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\C
urrentVersion\Policies\Explorer\nofolderoptions
(Hijack.FolderOptions) -> Delete on reboot.
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curren
tVersion\Run\remote system protection (Trojan.Agent) ->
Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\C
urrentVersion\Policies\Explorer\NoActiveDesktopChanges
(Hijack.DisplayProperties) -> Bad: (1) Good: (0) ->
Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\C
urrentVersion\Policies\Explorer\NoFolderOptions
(Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined
and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\C
urrentVersion\Policies\System\DisableRegistryTools
(Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and
deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\C
urrentVersion\Policies\System\DisableTaskMgr
(Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined
and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\C
urrentVersion\Policies\System\DisableTaskMgr
(Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined
and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\$RECYCLE.BIN\S-1-5-21-3526876227-2196846717-
3562661962-1001\$R2DABIQ\drgext.dll (Rootkit.TDSS) ->
Quarantined and deleted successfully.
C:\$RECYCLE.BIN\S-1-5-21-3526876227-2196846717-
3562661962-1001\$R2DABIQ\drghook.dll (Rootkit.TDSS) ->
Quarantined and deleted successfully.
C:\Users\Nick\AppData\Local\Temp\clic.exe (Trojan.Dropper)
-> Quarantined and deleted successfully.
C:\Users\Nick\AppData\Local\Temp\jisfije9fjoiee.tmp
(Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Nick\AppData\Local\Temp\hsf78w3uhduf8w.tmp
(Trojan.Agent) -> Quarantined and deleted successfully.

Restarting my computer now


Report •

Related Solutions

#4
March 7, 2010 at 12:38:16
I have now restarted the problem has persisted and is still
popping up everytime i open stuff. it was even doing it through
the dds.scr thingy

Report •

#5
March 7, 2010 at 17:43:46
Download TDSSKiller to your Desktop from the following link.

TDSSKiller


1. Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop. It will extract to an unzipped folder, drag TDSSKiller.exe out of that folder onto the desktop.
2. Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

"%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v


3. If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
4. When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.


Report •

#6
March 8, 2010 at 09:39:37
It tells me "utility does not support x64 operating systems

Report •

#7
March 8, 2010 at 10:07:46
I have just run Hijackthis as intructed to by another forum here
is the log it gave me

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:05:52, on 08/03/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\TOSHIBA\Toshiba Online Product
Information\TOPI.exe
C:\Program Files (x86)\Windows
Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet
Security 2010\avp.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Users\Nick\AppData\Local\Google\Chrome\Application\chr
ome.exe
C:\Users\Nick\AppData\Local\Google\Chrome\Application\chr
ome.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Users\Nick\AppData\Local\Google\Chrome\Application\chr
ome.exe
C:\Users\Nick\AppData\Local\Google\Chrome\Application\chr
ome.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search
Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start
Page = about:blank
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search
Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start
Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local
Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet
Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-
7695ECA05670} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-
009027A5CD4F} - C:\Program Files (x86)\Google\Google
Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-
D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit
9\SnagitIEAddin.dll
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files
(x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [HWSetup] "C:\Program
Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
O4 - HKLM\..\Run: [KeNotify] C:\Program Files
(x86)\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher]
"C:\Program Files (x86)\Adobe\Reader
9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TWebCamera]
"%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera
Application\TWebCamera.exe" autorun
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files
(x86)\TOSHIBA\TOSHIBA Service
Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky
Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKCU\..\Run: [TOSHIBA Online Product Information]
C:\Program Files (x86)\TOSHIBA\Toshiba Online Product
Information\topi.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files
(x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update]
"C:\Users\Nick\AppData\Local\Google\Update\GoogleUpdate.
exe" /c
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows
Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Speech Recognition]
"C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -
Startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar]
%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
(User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin]
C:\Windows\System32\mctadmin.exe (User 'LOCAL
SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar]
%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
(User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin]
C:\Windows\System32\mctadmin.exe (User 'NETWORK
SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product
Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online
Product Information\topi.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TOSHIBA Online Product
Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online
Product Information\topi.exe (User 'Default user')
O4 - .DEFAULT User Startup: TRDCReminder.lnk =
C:\Program Files
(x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User
'Default user')
O4 - Startup: TRDCReminder.lnk = C:\Program Files
(x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe
O8 - Extra context menu item: Add to Anti-Banner -
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet
Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-
D9FCDDC9D600} - C:\Program Files (x86)\Windows
Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live
Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} -
C:\Program Files (x86)\Windows
Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-
8081-5663EE0C6C49} -
C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-
7350-4f3c-8081-5663EE0C6C49} -
C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-
46AC-B270-339F08212110} - C:\Program Files
(x86)\Kaspersky Lab\Kaspersky Internet Security
2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-
3C9C571A8263} -
C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-
A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky
Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O13 - Gopher Prefix:
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072}
(MessengerStatsClient Class) -
http://messenger.zone.msn.com/binar...
ient.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
http://platformdl.adobe.com/NOS/get...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48}
(Minesweeper Flags Class) -
http://messenger.zone.msn.com/binar...
86.cab
O20 - AppInit_DLLs:
C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PRO
GRA~2\KASPER~1\KASPER~1\sbhook.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112
(ALG) - Unknown owner - C:\Windows\System32\alg.exe (file
missing)
O23 - Service: Kaspersky Internet Security (AVP) -
Kaspersky Lab - C:\Program Files (x86)\Kaspersky
Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) -
TOSHIBA CORPORATION - C:\Program Files
(x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
O23 - Service: ConfigFree Gadget Service - TOSHIBA
CORPORATION - C:\Program Files
(x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
O23 - Service: ConfigFree Service - TOSHIBA
CORPORATION - C:\Program Files
(x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100
(EFS) - Unknown owner - C:\Windows\System32\lsass.exe
(file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118
(Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe
(file missing)
O23 - Service: FlipShare Service - Unknown owner -
C:\Program Files (x86)\Flip
Video\FlipShare\FlipShareService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. -
C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game
Console\GameConsoleService.exe
O23 - Service: Google Software Updater (gusvc) - Google -
C:\Program Files (x86)\Google\Common\Google
Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner -
C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner
- C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102
(Netlogon) - Unknown owner -
C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300
(ProtectedStorage) - Unknown owner -
C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2
(RpcLocator) - Unknown owner -
C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1
(SamSs) - Unknown owner - C:\Windows\system32\lsass.exe
(file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3
(SNMPTRAP) - Unknown owner -
C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1
(Spooler) - Unknown owner -
C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101
(sppsvc) - Unknown owner -
C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Notebook Performance Tuning Service
(TEMPRO) (TemproMonitoringService) - Toshiba Europe
GmbH - C:\Program Files (x86)\Toshiba
TEMPRO\TemproSvc.exe
O23 - Service: TMachInfo - TOSHIBA Corporation -
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service
Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service
(TODDSrv) - Unknown owner -
C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA
Corporation - C:\Program Files\TOSHIBA\Power
Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA
Corporation - C:\Program
Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA
Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD
Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA
Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-
101 (UI0Detect) - Unknown owner -
C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Unsigned Themes (UnsignedThemes) - The
Within Network, LLC - C:\Windows\UnsignedThemesSvc.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003
(VaultSvc) - Unknown owner -
C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100
(vds) - Unknown owner - C:\Windows\System32\vds.exe (file
missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102
(VSS) - Unknown owner - C:\Windows\system32\vssvc.exe
(file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-
104 (wbengine) - Unknown owner -
C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Mobile Broadband Core Service
(WMCoreService) - Unknown owner - C:\Program Files
(x86)\TOSHIBA\F3607gw Mobile Broadband
Device\WMCore\mini_WMCore.exe
O23 - Service:
@%Systemroot%\system32\wbem\wmiapsrv.exe,-110
(wmiApSrv) - Unknown owner -
C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media
Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown
owner - C:\Program Files (x86)\Windows Media
Player\wmpnetwk.exe (file missing)

--
End of file - 10850 bytes

which ones should i fix/delete


Report •

#8
March 8, 2010 at 15:11:47
Those Hijack This logs are not as useful as they once were, the DDS log above has that info and ten times more.

The problem you have is an infected system file we will need to use a different tool to try to find it because your 64 bit system limits us to only a few programs to work on these types of systems.

This tool we are about to run OTL will create a huge file and we will need all of it to find the infected system file. You will need to post its logs in segments as it will take 3 maybe 4 post to get all the info to us.

Please download OTL from following site:

OTL by OldTimer

1. Save it to your desktop
2. Double click the OTL icon on your desktop
3. Close any open browsers.
4. Double-click on OTL.exe to start the program.
Leave all settings as they appear as default, except for the following:

Under the Custom Scan box paste the bolded list in
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
/md5stop
%systemroot%\*. /mp /s

Now click the Run Scan button on the toolbar.
The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Save that notepad file
Post the contents of that Notepad document in your next reply.


Report •

#9
March 9, 2010 at 10:12:28
OTL logfile created on: 3/9/2010 5:48:12 PM - Run 1
OTL by OldTimer - Version 3.1.35.0 Folder =
C:\Users\Nick\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type =
NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United Kingdom | Language:
ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical
Memory | 63.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File |
79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows |
%ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.04 Gb Total Space | 111.53 Gb Free Space |
74.83% Space Free | Partition Type: NTFS
Drive D: | 148.65 Gb Total Space | 85.30 Gb Free Space |
57.38% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SHRIKE
Current User Name: Nick
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList)
==========[/color]

PRC - [2010/03/09 17:46:35 | 000,554,496 | ---- | M] (OldTimer
Tools) -- C:\Users\Nick\Desktop\OTL.exe
PRC - [2010/02/05 18:36:00 | 000,527,344 | ---- | M] (Google
Inc.) --
C:\Users\Nick\AppData\Local\Google\Chrome\Application\chr
ome.exe
PRC - [2009/12/01 17:37:52 | 000,448,512 | R--- | M] () --
C:\Program Files (x86)\TOSHIBA\F3607gw Mobile Broadband
Device\WMCore\mini_WMCore.exe
PRC - [2009/10/20 19:39:28 | 000,340,456 | ---- | M]
(Kaspersky Lab) -- C:\Program Files (x86)\Kaspersky
Lab\Kaspersky Internet Security 2010\avp.exe
PRC - [2009/08/12 10:30:42 | 006,203,296 | ---- | M]
(TOSHIBA) -- C:\Program Files (x86)\TOSHIBA\Toshiba
Online Product Information\TOPI.exe
PRC - [2009/07/26 15:44:34 | 003,883,856 | ---- | M] (Microsoft
Corporation) -- C:\Program Files (x86)\Windows
Live\Messenger\msnmsgr.exe
PRC - [2009/07/14 19:10:30 | 000,042,368 | ---- | M]
(TOSHIBA CORPORATION) -- C:\Program Files
(x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
PRC - [2009/05/05 12:12:00 | 000,451,840 | ---- | M] () --
C:\Program Files (x86)\Flip
Video\FlipShare\FlipShareService.exe
PRC - [2009/03/10 18:51:20 | 000,046,448 | ---- | M]
(TOSHIBA CORPORATION) -- C:\Program Files
(x86)\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2009/02/06 16:07:48 | 000,027,512 | ---- | M] (Microsoft
Corporation) -- C:\Program Files (x86)\Windows
Live\Contacts\wlcomm.exe
PRC - [2009/01/13 20:33:40 | 000,034,088 | ---- | M]
(TOSHIBA CORPORATION) -- C:\Program Files
(x86)\TOSHIBA\Utilities\KeNotify.exe


[color=#E56717]========== Modules (SafeList)
==========[/color]

MOD - [2010/03/09 17:46:35 | 000,554,496 | ---- | M]
(OldTimer Tools) -- C:\Users\Nick\Desktop\OTL.exe
MOD - [2009/07/14 01:17:54 | 000,242,936 | ---- | M]
(Microsoft Corporation) -- C:\Windows\SysWOW64\rsaenh.dll
MOD - [2009/07/14 01:16:15 | 000,126,976 | ---- | M]
(Microsoft Corporation) -- C:\Windows\IME\SPTIP.DLL
MOD - [2009/07/14 01:16:14 | 000,018,944 | ---- | M]
(Microsoft Corporation) --
C:\Windows\SysWOW64\Speech\SpeechUX\SpeechUXPS.D
LL
MOD - [2009/07/14 01:16:13 | 000,045,568 | ---- | M]
(Microsoft Corporation) --
C:\Windows\SysWOW64\RpcRtRemote.dll
MOD - [2009/07/14 01:15:07 | 000,486,912 | ---- | M]
(Microsoft Corporation) --
C:\Windows\SysWOW64\comdlg32.dll
MOD - [2009/07/14 01:03:50 | 001,680,896 | ---- | M]
(Microsoft Corporation) --
C:\Windows\winsxs\x86_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2
b7fabfc\comctl32.dll


[color=#E56717]========== Win32 Services (SafeList)
==========[/color]

SRV:[b]64bit:[/b] - [2009/08/27 13:38:22 | 000,251,760 | ---- |
M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program
Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco
Utility Service)
SRV:[b]64bit:[/b] - [2009/08/05 14:20:12 | 000,488,800 | ---- |
M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program
Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:[b]64bit:[/b] - [2009/08/04 11:15:06 | 000,826,224 | ---- |
M] (TOSHIBA Corporation) [On_Demand | Running] --
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:[b]64bit:[/b] - [2009/08/03 17:17:56 | 000,137,560 | ---- |
M] (TOSHIBA Corporation) [On_Demand | Running] --
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD
Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:[b]64bit:[/b] - [2009/07/28 14:48:06 | 000,140,632 | ---- |
M] (TOSHIBA Corporation) [Auto | Running] --
C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:[b]64bit:[/b] - [2009/07/14 01:41:59 | 000,229,888 | ---- |
M] (Microsoft Corporation) [On_Demand | Stopped] --
C:\Windows\SysNative\wwansvc.dll -- (WwanSvc)
SRV:[b]64bit:[/b] - [2009/07/14 01:41:56 | 000,202,240 | ---- |
M] (Microsoft Corporation) [On_Demand | Stopped] --
C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc)
SRV:[b]64bit:[/b] - [2009/07/14 01:41:56 | 000,163,840 | ---- |
M] (Microsoft Corporation) [Auto | Running] --
C:\Windows\SysNative\umpo.dll -- (Power)
SRV:[b]64bit:[/b] - [2009/07/14 01:41:55 | 000,044,544 | ---- |
M] (Microsoft Corporation) [Auto | Running] --
C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:[b]64bit:[/b] - [2009/07/14 01:41:54 | 000,065,536 | ---- |
M] (Microsoft Corporation) [On_Demand | Stopped] --
C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify)
SRV:[b]64bit:[/b] - [2009/07/14 01:41:54 | 000,029,184 | ---- |
M] (Microsoft Corporation) [On_Demand | Stopped] --
C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc)
SRV:[b]64bit:[/b] - [2009/07/14 01:41:53 | 000,327,168 | ---- |
M] (Microsoft Corporation) [On_Demand | Running] --
C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc)
SRV:[b]64bit:[/b] - [2009/07/14 01:41:53 | 000,327,168 | ---- |
M] (Microsoft Corporation) [On_Demand | Running] --
C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc)
SRV:[b]64bit:[/b] - [2009/07/14 01:41:53 | 000,187,904 | ---- |
M] (Microsoft Corporation) [On_Demand | Running] --
C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider)
SRV:[b]64bit:[/b] - [2009/07/14 01:41:53 | 000,067,072 | ---- |
M] (Microsoft Corporation) [Unknown | Running] --
C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper)
SRV:[b]64bit:[/b] - [2009/07/14 01:41:53 | 000,025,088 | ---- |
M] (Microsoft Corporation) [On_Demand | Stopped] --
C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg)
SRV:[b]64bit:[/b] - [2009/07/14 01:41:27 | 001,011,712 | ---- |
M] (Microsoft Corporation) [Auto | Running] -- C:\Program
Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2009/07/14 01:41:18 | 000,231,936 | ---- |
M] (Microsoft Corporation) [On_Demand | Running] --
C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener)
SRV:[b]64bit:[/b] - [2009/07/14 01:40:54 | 001,127,936 | ---- |
M] (Microsoft Corporation) [On_Demand | Stopped] --
C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:[b]64bit:[/b] - [2009/07/14 01:40:28 | 000,314,368 | ---- |
M] (Microsoft Corporation) [Auto | Running] --
C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV:[b]64bit:[/b] - [2009/07/14 01:40:28 | 000,291,328 | ---- |
M] (Microsoft Corporation) [On_Demand | Stopped] --
C:\Windows\SysNative\defragsvc.dll -- (defragsvc)
SRV:[b]64bit:[/b] - [2009/07/14 01:40:13 | 000,083,968 | ---- |
M] (Microsoft Corporation) [On_Demand | Stopped] --
C:\Windows\SysNative\bthserv.dll -- (bthserv)
SRV:[b]64bit:[/b] - [2009/07/14 01:40:10 | 000,100,864 | ---- |
M] (Microsoft Corporation) [Unknown | Stopped] --
C:\Windows\SysNative\bdesvc.dll -- (BDESVC)
SRV:[b]64bit:[/b] - [2009/07/14 01:40:05 | 000,114,688 | ---- |
M] (Microsoft Corporation) [On_Demand | Stopped] --
C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV)
SRV:[b]64bit:[/b] - [2009/07/14 01:40:01 | 000,032,256 | ---- |
M] (Microsoft Corporation) [On_Demand | Stopped] --
C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc)
SRV:[b]64bit:[/b] - [2009/07/14 01:39:51 | 001,503,744 | ---- |
M] (Microsoft Corporation) [On_Demand | Stopped] --
C:\Windows\SysNative\wbengine.exe -- (wbengine)
SRV:[b]64bit:[/b] - [2009/07/14 01:39:28 | 003,524,608 | ---- |
M] (Microsoft Corporation) [Auto | Running] --
C:\Windows\SysNative\sppsvc.exe -- (sppsvc)
SRV:[b]64bit:[/b] - [2009/07/14 01:39:11 | 000,689,152 | ---- |
M] (Microsoft Corporation) [On_Demand | Stopped] --
C:\Windows\SysNative\FXSSVC.exe -- (Fax)
SRV - [2010/01/04 18:03:42 | 000,238,328 | ---- | M]
(WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program
Files (x86)\TOSHIBA Games\TOSHIBA Game
Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/12/01 17:37:52 | 000,448,512 | R--- | M] () [Auto |
Running] -- C:\Program Files (x86)\TOSHIBA\F3607gw Mobile
Broadband Device\WMCore\mini_WMCore.exe --
(WMCoreService)
SRV - [2009/10/20 19:39:28 | 000,340,456 | ---- | M]
(Kaspersky Lab) [Auto | Running] -- C:\Program Files
(x86)\Kaspersky Lab\Kaspersky Internet Security
2010\avp.exe -- (AVP)
SRV - [2009/08/17 10:48:42 | 000,051,512 | ---- | M]
(TOSHIBA Corporation) [On_Demand | Running] -- C:\Program
Files (x86)\TOSHIBA\TOSHIBA Service
Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/08/10 19:55:58 | 000,248,688 | ---- | M]
(TOSHIBA CORPORATION) [Auto | Running] -- C:\Program
Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe --
(cfWiMAXService)
SRV - [2009/08/06 15:02:50 | 000,116,104 | ---- | M] (Toshiba
Europe GmbH) [Auto | Running] -- C:\Program Files
(x86)\Toshiba TEMPRO\TemproSvc.exe --
(TemproMonitoringService) Notebook Performance Tuning
Service (TEMPRO)
SRV - [2009/07/14 19:10:30 | 000,042,368 | ---- | M]
(TOSHIBA CORPORATION) [Auto | Running] -- C:\Program
Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe --
(ConfigFree Gadget Service)
SRV - [2009/07/14 03:20:14 | 000,000,000 | ---D | M]
[On_Demand | Stopped] -- C:\Windows\Vss -- (VSS)
SRV - [2009/07/14 03:20:14 | 000,000,000 | ---D | M]
[Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc --
(MSDTC)
SRV - [2009/07/14 01:16:12 | 000,165,376 | ---- | M] (Microsoft
Corporation) [On_Demand | Running] --
C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/14 01:15:11 | 000,253,440 | ---- | M] (Microsoft
Corporation) [Auto | Running] --
C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 20:30:11 | 000,061,056 | ---- | M] ()
[On_Demand | Stopped] --
C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2009/07/13 01:08:04 | 000,024,168 | ---- | M] (The
Within Network, LLC) [Auto | Running] --
C:\Windows\UnsignedThemesSvc.exe -- (UnsignedThemes)
SRV - [2009/06/10 20:39:58 | 000,089,920 | ---- | M] (Microsoft
Corporation) [On_Demand | Stopped] --
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsv
w.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009/05/05 12:12:00 | 000,451,840 | ---- | M] () [Auto |
Running] -- C:\Program Files (x86)\Flip
Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2009/03/10 18:51:20 | 000,046,448 | ---- | M]
(TOSHIBA CORPORATION) [Auto | Running] -- C:\Program
Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree
Service)

Report •

#10
March 9, 2010 at 10:13:15
s\SysNative\drivers\klif.sys -- (KLIF)
DRV:[b]64bit:[/b] - [2009/11/03 16:33:44 | 000,027,152 | ---- |
M] (Kaspersky Lab) [Kernel | System | Running] --
C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:[b]64bit:[/b] - [2009/10/14 20:18:38 | 000,040,464 | ---- |
M] (Kaspersky Lab) [Kernel | Boot | Running] --
C:\Windows\SysNative\drivers\klbg.sys -- (KLBG)
DRV:[b]64bit:[/b] - [2009/10/02 18:39:32 | 000,021,008 | ---- |
M] (Kaspersky Lab) [Kernel | On_Demand | Running] --
C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:[b]64bit:[/b] - [2009/09/01 14:29:56 | 000,157,712 | ---- |
M] (Kaspersky Lab) [Kernel | System | Running] --
C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:[b]64bit:[/b] - [2009/08/27 08:07:06 | 007,369,600 | ---- |
M] (Intel Corporation) [Kernel | On_Demand | Running] --
C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:[b]64bit:[/b] - [2009/08/20 16:04:06 | 000,446,976 | ---- |
M] (Realtek Semiconductor Corporation )
[Kernel | On_Demand | Running] --
C:\Windows\SysNative\drivers\RTL8187B.sys -- (RTL8187B)
DRV:[b]64bit:[/b] - [2009/07/30 20:02:36 | 000,044,912 | ---- |
M] (COMPAL ELECTRONIC INC.) [Kernel | On_Demand |
Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys --
(LPCFilter)
DRV:[b]64bit:[/b] - [2009/07/30 19:22:04 | 000,027,784 | ---- |
M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -
- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:[b]64bit:[/b] - [2009/07/30 17:46:22 | 000,222,208 | ---- |
M] (Realtek Semiconductor Corp.) [Kernel | On_Demand |
Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys --
(RSUSBSTOR)
DRV:[b]64bit:[/b] - [2009/07/24 15:57:08 | 000,482,384 | ---- |
M] (TOSHIBA Corporation) [Kernel | Boot | Running] --
C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:[b]64bit:[/b] - [2009/07/20 17:48:32 | 000,274,480 | ---- |
M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -
- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:[b]64bit:[/b] - [2009/07/14 15:31:18 | 000,026,840 | ---- |
M] (TOSHIBA Corporation) [Kernel | Boot | Running] --
C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:[b]64bit:[/b] - [2009/07/14 01:52:21 | 000,106,576 | ---- |
M] (Advanced Micro Devices) [Kernel | On_Demand |
Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys --
(amdsata)
DRV:[b]64bit:[/b] - [2009/07/14 01:52:21 | 000,028,752 | ---- |
M] (Advanced Micro Devices) [Kernel | Boot | Running] --
C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2009/07/14 01:52:20 | 000,194,128 | ---- |
M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped]
-- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009/07/14 01:48:04 | 000,153,152 | ---- |
M] (Microsoft Corporation) [Kernel | Boot | Running] --
C:\Windows\SysNative\drivers\ksecpkg.sys -- (KSecPkg)
DRV:[b]64bit:[/b] - [2009/07/14 01:48:04 | 000,065,600 | ---- |
M] (LSI Corporation) [Kernel | On_Demand | Stopped] --
C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009/07/14 01:48:04 | 000,014,416 | ---- |
M] (Microsoft Corporation) [Kernel | Boot | Running] --
C:\Windows\SysNative\drivers\hwpolicy.sys -- (hwpolicy)
DRV:[b]64bit:[/b] - [2009/07/14 01:47:49 | 000,055,376 | ---- |
M] (Microsoft Corporation) [File_System | On_Demand |
Stopped] -- C:\Windows\SysNative\drivers\fsdepends.sys --
(FsDepends)
DRV:[b]64bit:[/b] - [2009/07/14 01:47:48 | 000,077,888 | ---- |
M] (Hewlett-Packard Company) [Kernel | On_Demand |
Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys --
(HpSAMD)
DRV:[b]64bit:[/b] - [2009/07/14 01:45:56 | 000,022,096 | ---- |
M] (Microsoft Corporation) [File_System | On_Demand |
Stopped] -- C:\Windows\SysNative\drivers\wimmount.sys --
(WIMMount)
DRV:[b]64bit:[/b] - [2009/07/14 01:45:55 | 000,217,680 | ---- |
M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] --
C:\Windows\SysNative\drivers\vhdmp.sys -- (vhdmp)
DRV:[b]64bit:[/b] - [2009/07/14 01:45:55 | 000,036,432 | ---- |
M] (Microsoft Corporation) [Kernel | Boot | Running] --
C:\Windows\SysNative\drivers\vdrvroot.sys -- (vdrvroot)
DRV:[b]64bit:[/b] - [2009/07/14 01:45:55 | 000,024,656 | ---- |
M] (Promise Technology) [Kernel | On_Demand | Stopped] --
C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009/07/14 01:45:46 | 000,214,096 | ---- |
M] (Microsoft Corporation) [Kernel | Boot | Running] --
C:\Windows\SysNative\drivers\rdyboost.sys -- (rdyboost)
DRV:[b]64bit:[/b] - [2009/07/14 01:45:45 | 000,050,768 | ---- |
M] (Microsoft Corporation) [Kernel | Boot | Running] --
C:\Windows\SysNative\drivers\pcw.sys -- (pcw)
DRV:[b]64bit:[/b] - [2009/07/14 01:43:14 | 000,460,504 | ---- |
M] (Microsoft Corporation) [Kernel | Boot | Running] --
C:\Windows\SysNative\drivers\cng.sys -- (CNG)
DRV:[b]64bit:[/b] - [2009/07/14 01:43:13 | 000,223,448 | ---- |
M] (Microsoft Corporation) [Kernel | Boot | Running] --
C:\Windows\SysNative\drivers\fvevol.sys -- (fvevol)
DRV:[b]64bit:[/b] - [2009/07/14 00:17:46 | 000,024,064 | ---- |
M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] --
C:\Windows\SysNative\drivers\rdpbus.sys -- (rdpbus)
DRV:[b]64bit:[/b] - [2009/07/14 00:16:35 | 000,008,192 | ---- |
M] (Microsoft Corporation) [Kernel | System | Running] --
C:\Windows\SysNative\drivers\RDPREFMP.sys --
(RDPREFMP)
DRV:[b]64bit:[/b] - [2009/07/14 00:10:24 | 000,060,416 | ---- |
M] (Microsoft Corporation) [Kernel | On_Demand | Running] --
C:\Windows\SysNative\drivers\agilevpn.sys -- (RasAgileVpn)
WAN Miniport (IKEv2)
DRV:[b]64bit:[/b] - [2009/07/14 00:09:26 | 000,012,800 | ---- |
M] (Microsoft Corporation) [Kernel | System | Running] --
C:\Windows\SysNative\drivers\wfplwf.sys -- (WfpLwf)
DRV:[b]64bit:[/b] - [2009/07/14 00:08:13 | 000,035,328 | ---- |
M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] --
C:\Windows\SysNative\drivers\ndiscap.sys -- (NdisCap)
DRV:[b]64bit:[/b] - [2009/07/14 00:07:28 | 000,017,920 | ---- |
M] (Microsoft Corporation) [Kernel | On_Demand | Running] --
C:\Windows\SysNative\drivers\vwifimp.sys -- (vwifimp)
DRV:[b]64bit:[/b] - [2009/07/14 00:07:22 | 000,059,904 | ---- |
M] (Microsoft Corporation) [Kernel | System | Running] --
C:\Windows\SysNative\drivers\vwififlt.sys -- (vwififlt)
DRV:[b]64bit:[/b] - [2009/07/14 00:07:21 | 000,024,576 | ---- |
M] (Microsoft Corporation) [Kernel | On_Demand | Running] --
C:\Windows\SysNative\drivers\vwifibus.sys -- (vwifibus)
DRV:[b]64bit:[/b] - [2009/07/14 00:07:13 | 000,227,840 | ---- |
M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] --
C:\Windows\SysNative\drivers\1394ohci.sys -- (1394ohci)
DRV:[b]64bit:[/b] - [2009/07/14 00:07:00 | 000,350,208 | ---- |
M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] --
C:\Windows\SysNative\drivers\HdAudio.sys --
(HdAudAddService)
DRV:[b]64bit:[/b] - [2009/07/14 00:07:00 | 000,184,576 | ---- |
M] (Microsoft Corporation) [Kernel | On_Demand | Running] --
C:\Windows\SysNative\drivers\usbvideo.sys -- (usbvideo) USB
Video Device (WDM)
DRV:[b]64bit:[/b] - [2009/07/14 00:06:52 | 000,009,728 | ---- |
M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] --
C:\Windows\SysNative\drivers\umpass.sys -- (UmPass)
DRV:[b]64bit:[/b] - [2009/07/14 00:06:24 | 000,008,192 | ---- |
M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] --
C:\Windows\SysNative\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV:[b]64bit:[/b] - [2009/07/14 00:05:37 | 000,112,128 | ---- |
M] (Microsoft Corporation) [Kernel | On_Demand | Running] --
C:\Windows\SysNative\drivers\WUDFPf.sys -- (WudfPf)
DRV:[b]64bit:[/b] - [2009/07/14 00:02:08 | 000,015,360 | ---- |
M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] --
C:\Windows\SysNative\drivers\MTConfig.sys -- (MTConfig)
DRV:[b]64bit:[/b] - [2009/07/14 00:00:34 | 000,038,912 | ---- |
M] (Microsoft Corporation) [Kernel | On_Demand | Running] --
C:\Windows\SysNative\drivers\CompositeBus.sys --
(CompositeBus)
DRV:[b]64bit:[/b] - [2009/07/14 00:00:13 | 000,006,656 | ---- |
M] (Microsoft Corporation) [Kernel | System | Running] --
C:\Windows\SysNative\drivers\beep.sys -- (Beep)
DRV:[b]64bit:[/b] - [2009/07/13 23:52:39 | 000,061,440 | ---- |
M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] --
C:\Windows\SysNative\drivers\appid.sys -- (AppID)
DRV:[b]64bit:[/b] - [2009/07/13 23:50:17 | 000,029,696 | ---- |
M] (Microsoft Corporation) [Kernel | Unknown | Stopped] --
C:\Windows\SysNative\drivers\scfilter.sys -- (scfilter)
DRV:[b]64bit:[/b] - [2009/07/13 23:37:18 | 000,040,448 | ---- |
M] (Microsoft Corporation) [Kernel | System | Running] --
C:\Windows\SysNative\drivers\discache.sys -- (discache)
DRV:[b]64bit:[/b] - [2009/07/13 23:31:06 | 000,026,624 | ---- |
M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] --
C:\Windows\SysNative\drivers\hidbatt.sys -- (HidBatt)
DRV:[b]64bit:[/b] - [2009/07/13 23:31:03 | 000,017,664 | ---- |
M] (Microsoft Corporation) [Kernel | On_Demand | Running] --
C:\Windows\SysNative\drivers\CmBatt.sys -- (CmBatt)
DRV:[b]64bit:[/b] - [2009/07/13 23:27:17 | 000,012,288 | ---- |
M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] --
C:\Windows\SysNative\drivers\acpipmi.sys -- (AcpiPmi)
DRV:[b]64bit:[/b] - [2009/07/13 23:19:25 | 000,060,928 | ---- |
M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] --
C:\Windows\SysNative\drivers\amdppm.sys -- (AmdPPM)
DRV:[b]64bit:[/b] - [2009/07/13 01:09:20 | 000,030,568 | ---- |
M] () [Kernel | Auto | Running] --
C:\Windows\SysNative\drivers\uxpatch.sys -- (uxpatch)
DRV:[b]64bit:[/b] - [2009/07/10 06:45:12 | 000,139,264 | ---- |
M] (Intel(R) Corporation) [Kernel | On_Demand | Running] --
C:\Windows\SysNative\drivers\IntcHdmi.sys --
(IntcHdmiAddService) Intel(R)
DRV:[b]64bit:[/b] - [2009/06/22 17:06:38 | 000,035,008 | ---- |
M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] --
C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:[b]64bit:[/b] - [2009/06/20 02:09:57 | 001,394,688 | ---- |
M] (Atheros Communications, Inc.) [Kernel | On_Demand |
Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:[b]64bit:[/b] - [2009/06/19 19:15:22 | 000,014,472 | ---- |
M] (TOSHIBA Corporation) [Kernel | Auto | Running] --
C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:[b]64bit:[/b] - [2009/06/10 20:34:33 | 003,286,016 | ---- |
M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -
- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009/06/10 20:34:28 | 000,468,480 | ---- |
M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -
- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009/06/10 20:34:23 | 000,270,848 | ---- |
M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -
- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009/06/10 20:31:59 | 000,031,232 | ---- |
M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand |
Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys --
(hcw85cir)
DRV:[b]64bit:[/b] - [2009/06/04 17:54:36 | 000,408,600 | ---- |
M] (Intel Corporation) [Kernel | Boot | Running] --
C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:[b]64bit:[/b] - [2009/05/22 21:52:30 | 000,215,040 | ---- |
M] (Realtek ) [Kernel |
On_Demand | Running] --
C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft
Corporation) [File_System | On_Demand | Stopped] --
C:\Windows\SysWOW64\drivers\wimmount.sys --
(WIMMount)
DRV - [2009/07/14 01:16:02 | 000,014,336 | ---- | M] (Microsoft
Corporation) [File_System | System | Running] --
C:\Windows\SysWOW64\netbios.dll -- (NetBIOS)
DRV - [2009/06/10 21:28:14 | 000,001,088 | ---- | M] () [Kernel
| On_Demand | Running] --
C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
DRV - [2009/06/10 21:15:18 | 000,003,066 | ---- | M] () [Kernel
| System | Running] --
C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)


[color=#E56717]========== Standard Registry (SafeList)
==========[/color]


[color=#E56717]========== Internet Explorer
==========[/color]

IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet
Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet
Explorer\Main,Local Page =
C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://www.google.com/ig/redirectdo...
brand=TSEH&bmod=TSEH
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start
Page = about:blank
IE -
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings: "ProxyEnable" = 0

FF -
HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-
729d-4703-bc37-106ce9879ce2}: C:\Program Files
(x86)\Kaspersky Lab\Kaspersky Internet Security
2010\THBExt [2010/01/21 20:05:38 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 21:00:26 | 000,000,824 | ---- |
M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (SnagIt Toolbar Loader) - {00C6482D-
C502-44C8-8409-FCE54AD9C208} - C:\Program Files
(x86)\TechSmith\Snagit 9\DLLx64\SnagitBHO64.dll
(TechSmith Corporation)
O2:[b]64bit:[/b] - BHO: (IEVkbdBHO Class) - {59273AB4-
E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files
(x86)\Kaspersky Lab\Kaspersky Internet Security
2010\x64\ievkbd.dll (Kaspersky Lab)
O2:[b]64bit:[/b] - BHO: (Google Toolbar Helper) - {AA58ED58-
01DD-4d91-8333-CF10577473F7} - C:\Program Files
(x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google
Inc.)
O2:[b]64bit:[/b] - BHO: (Google Toolbar Notifier BHO) -
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program
Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll
(Google Inc.)
O2:[b]64bit:[/b] - BHO: (FilterBHO Class) - {E33CF602-D945-
461A-83F0-819F76A199F8} - C:\Program Files
(x86)\Kaspersky Lab\Kaspersky Internet Security
2010\x64\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-
7695ECA05670} - No CLSID value found.
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (Google Toolbar) -
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program
Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
(Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-
11d4-9B18-009027A5CD4F} - C:\Program Files
(x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google
Inc.)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-
B09E-D2AAB95CABE3} - C:\Program Files
(x86)\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith
Corporation)
O3:[b]64bit:[/b] - HKCU\..\Toolbar\WebBrowser: (Google
Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -
C:\Program Files (x86)\Google\Google
Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) -
{2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program
Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
(Google Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [00TCrdMain] C:\Program
Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA
Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds]
C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray]
C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [Persistence]
C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program
Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek
Semiconductor)
O4:[b]64bit:[/b] - HKLM..\Run: [SmartFaceVWatcher]
C:\Program
Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe
(TOSHIBA Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [SmoothView] C:\Program
Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA
Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [Teco] C:\Program
Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [Toshiba Registration]
C:\Program
Files\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba
Europe GmbH)
O4:[b]64bit:[/b] - HKLM..\Run: [Toshiba TEMPRO]
C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
(Toshiba Europe GmbH)
O4:[b]64bit:[/b] - HKLM..\Run: [TosNC] C:\Program
Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA
Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [TosReelTimeMonitor]
C:\Program
Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA
Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [TosSENotify] C:\Program
Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
(TOSHIBA Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [TosWaitSrv] C:\Program
Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA
Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [TPwrMain] C:\Program
Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA
Corporation)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky
Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky
Lab)
O4 - HKLM..\Run: [HWSetup] C:\Program
Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics,
Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files
(x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA
CORPORATION)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files
(x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA
CORPORATION)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files
(x86)\TOSHIBA\TOSHIBA Service
Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files
(x86)\TOSHIBA\TOSHIBA Web Camera
Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files
(x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft
Corporation)
O4 - HKCU..\Run: [Speech Recognition]
C:\Windows\Speech\Common\sapisvr.exe (Microsoft
Corporation)
O4 - HKCU..\Run: [TOSHIBA Online Product Information]
C:\Program Files (x86)\TOSHIBA\Toshiba Online Product
Information\TOPI.exe (TOSHIBA)
O4 - Startup:
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs\Startup\TRDCReminder.lnk = C:\Program
Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe
(TOSHIBA Europe)
O6 -
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\polici
es\Explorer: NoActiveDesktop = 1
O6 -
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\polici
es\Explorer: NoDriveTypeAutoRun = 28
O6 -
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\polici
es\System: ConsentPromptBehaviorAdmin = 5
O6 -
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\polici
es\System: ConsentPromptBehaviorUser = 3
O8:[b]64bit:[/b] - Extra context menu item: Add to Anti-
Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky
Internet Security 2010\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Anti-Banner -
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet
Security 2010\ie_banner_deny.htm ()
O9:[b]64bit:[/b] - Extra Button: &Virtual keyboard -
{4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program
Files (x86)\Kaspersky Lab\Kaspersky Internet Security
2010\x64\klwtbbho.dll (Kaspersky Lab)
O9:[b]64bit:[/b] - Extra Button: URLs c&heck - {CCF151D8-
D089-449F-A5A4-D9909053F20F} - C:\Program Files
(x86)\Kaspersky Lab\Kaspersky Internet Security
2010\x64\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-
D9FCDDC9D600} - C:\Program Files (x86)\Windows
Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live
Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} -
C:\Program Files (x86)\Windows
Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-
8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft
Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote -
{2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program
Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft
Corporation)
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-
46AC-B270-339F08212110} - C:\Program Files
(x86)\Kaspersky Lab\Kaspersky Internet Security
2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-
A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky
Lab\Kaspersky Internet Security 2010\klwtbbho.dll
(Kaspersky Lab)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/ji...
i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072}
http://messenger.zone.msn.com/binar...
ient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/ji...
i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-
ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/ji...
1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.adobe.com/NOS/get...
(Reg Error: Key error.)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48}
http://messenger.zone.msn.com/binar...
86.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters:
DhcpNameServer = 192.168.0.1
O18:[b]64bit:[/b] - Protocol\Handler\livecall {828030A1-22C1-
4009-854F-8E305202313F} - Reg Error: Key error. File not
found
O18:[b]64bit:[/b] - Protocol\Handler\ms-help {314111c7-a502-
11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not
found
O18:[b]64bit:[/b] - Protocol\Handler\ms-itss {0A9007C0-4076-
11D3-8789-0000F8105754} - Reg Error: Key error. File not
found
O18:[b]64bit:[/b] - Protocol\Handler\msnim {828030A1-22C1-
4009-854F-8E305202313F} - Reg Error: Key error. File not
found
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml {03C514A3-
1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File
not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-
8E305202313F} - C:\Program Files (x86)\Windows
Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft
Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-
8E305202313F} - C:\Program Files (x86)\Windows
Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft
Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-
9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows
Live\Mail\mailcomm.dll (Microsoft Corporation)
O20:[b]64bit:[/b] - AppInit_DLLs:
(C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll) -
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet
Security 2010\x64\sbhook64.dll (Kaspersky Lab)
O20:[b]64bit:[/b] - AppInit_DLLs:
(C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll) -
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet
Security 2010\x64\kloehk.dll (Kaspersky Lab)
O20 - AppInit_DLLs:
(C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) -
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet
Security 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs:
(C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll) -
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet
Security 2010\sbhook.dll (Kaspersky Lab)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) -
C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet -
(SystemPropertiesPerformance.exe) -
C:\Windows\SysNative\SystemPropertiesPerformance.exe
(Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) -
File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -
C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet -
(SystemPropertiesPerformance.exe) -
C:\Windows\SysWow64\SystemPropertiesPerformance.exe
(Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - Reg
Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel
Corporation)
O20:[b]64bit:[/b] - Winlogon\Notify\klogon: DllName - Reg
Error: Key error. - C:\Windows\SysNative\klogon.dll
(Kaspersky Lab)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-
11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-
00AA005127ED} - CLSID or File not found.
O30:[b]64bit:[/b] - LSA: Security Packages - (pku2u) -
C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) -
C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not
found
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: AppSecDll -
(C:\Users\Nick\AppData\Local\Windows Server\mlthnj.dll) -
C:\Users\Nick\AppData\Local\Windows Server\mlthnj.dll ()

Report •

#11
March 9, 2010 at 10:14:00
NetSvcs:[b]64bit:[/b] Ias - C:\Windows\SysNative\ias
[2009/07/14 03:20:14 | 000,000,000 | ---D | M]
NetSvcs:[b]64bit:[/b] Irmon - C:\Windows\SysNative\irmon.dll
(Microsoft Corporation)
NetSvcs:[b]64bit:[/b] Wmi - C:\Windows\SysNative\wmi.dll
(Microsoft Corporation)
NetSvcs:[b]64bit:[/b] Themes -
C:\Windows\SysNative\themeservice.dll (Microsoft
Corporation)
NetSvcs:[b]64bit:[/b] BDESVC -
C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
NetSvcs: Ias - C:\Windows\SysWOW64\ias.dll (Microsoft
Corporation)
NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft
Corporation)


SafeBootMin:[b]64bit:[/b] AppMgmt - Service
SafeBootMin:[b]64bit:[/b] Base - Driver Group
SafeBootMin:[b]64bit:[/b] Boot Bus Extender - Driver Group
SafeBootMin:[b]64bit:[/b] Boot file system - Driver Group
SafeBootMin:[b]64bit:[/b] File system - Driver Group
SafeBootMin:[b]64bit:[/b] Filter - Driver Group
SafeBootMin:[b]64bit:[/b] HelpSvc - Service
SafeBootMin:[b]64bit:[/b] MCODS - Service
SafeBootMin:[b]64bit:[/b] PCI Configuration - Driver Group
SafeBootMin:[b]64bit:[/b] PNP Filter - Driver Group
SafeBootMin:[b]64bit:[/b] Power -
C:\Windows\SysNative\umpo.dll (Microsoft Corporation)
SafeBootMin:[b]64bit:[/b] Primary disk - Driver Group
SafeBootMin:[b]64bit:[/b] RpcEptMapper -
C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation)
SafeBootMin:[b]64bit:[/b] sacsvr - Service
SafeBootMin:[b]64bit:[/b] SCSI Class - Driver Group
SafeBootMin:[b]64bit:[/b] System Bus Extender - Driver
Group
SafeBootMin:[b]64bit:[/b] vmms - Service
SafeBootMin:[b]64bit:[/b] WinDefend - C:\Program
Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:[b]64bit:[/b] WudfPf -
C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft
Corporation)
SafeBootMin:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-
444553540000} - Universal Serial Bus controllers
SafeBootMin:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-
08002BE10318} - CD-ROM Drive
SafeBootMin:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-
08002BE10318} - DiskDrive
SafeBootMin:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-
08002BE10318} - Standard floppy disk controller
SafeBootMin:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-
08002BE10318} - Hdc
SafeBootMin:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-
08002BE10318} - Keyboard
SafeBootMin:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-
08002BE10318} - Mouse
SafeBootMin:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-
08002BE10318} - PCMCIA Adapters
SafeBootMin:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-
08002BE10318} - SCSIAdapter
SafeBootMin:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-
08002BE10318} - System
SafeBootMin:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-
08002BE10318} - Floppy disk drive
SafeBootMin:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-
00C04F79DEAF} - Volume shadow copy
SafeBootMin:[b]64bit:[/b] {6BDD1FC1-810F-11D0-BEC7-
08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-
08002BE2092F} - Volume
SafeBootMin:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-
00A0C90F57DA} - Human Interface Devices
SafeBootMin:[b]64bit:[/b] {D48179BE-EC20-11D1-B6B8-
00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:[b]64bit:[/b] {D94EE5D8-D189-4994-83D2-
F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: VDS - C:\Windows\SysWOW64\wbem\vds.mof
()
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} -
Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} -
CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} -
DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} -
Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318}
- Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318}
- Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} -
Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} -
PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318}
- SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318}
- System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} -
Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} -
Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F}
- IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F}
- Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
- Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7}
- SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6}
- SecurityDevices

SafeBootNet:[b]64bit:[/b] AppMgmt - Service
SafeBootNet:[b]64bit:[/b] Base - Driver Group
SafeBootNet:[b]64bit:[/b] Boot Bus Extender - Driver Group
SafeBootNet:[b]64bit:[/b] Boot file system - Driver Group
SafeBootNet:[b]64bit:[/b] Dhcp -
C:\Windows\SysNative\dhcpcore.dll (Microsoft Corporation)
SafeBootNet:[b]64bit:[/b] File system - Driver Group
SafeBootNet:[b]64bit:[/b] Filter - Driver Group
SafeBootNet:[b]64bit:[/b] HelpSvc - Service
SafeBootNet:[b]64bit:[/b] Messenger - Service
SafeBootNet:[b]64bit:[/b] MpfService - Service
SafeBootNet:[b]64bit:[/b] NDIS Wrapper - Driver Group
SafeBootNet:[b]64bit:[/b] ndiscap -
C:\Windows\SysNative\drivers\ndiscap.sys (Microsoft
Corporation)
SafeBootNet:[b]64bit:[/b] NetBIOSGroup - Driver Group
SafeBootNet:[b]64bit:[/b] NetDDEGroup - Driver Group
SafeBootNet:[b]64bit:[/b] Network - Driver Group
SafeBootNet:[b]64bit:[/b] NetworkProvider - Driver Group
SafeBootNet:[b]64bit:[/b] PCI Configuration - Driver Group
SafeBootNet:[b]64bit:[/b] PNP Filter - Driver Group
SafeBootNet:[b]64bit:[/b] PNP_TDI - Driver Group
SafeBootNet:[b]64bit:[/b] Power -
C:\Windows\SysNative\umpo.dll (Microsoft Corporation)
SafeBootNet:[b]64bit:[/b] Primary disk - Driver Group
SafeBootNet:[b]64bit:[/b] rdsessmgr - Service
SafeBootNet:[b]64bit:[/b] RpcEptMapper -
C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation)
SafeBootNet:[b]64bit:[/b] sacsvr - Service
SafeBootNet:[b]64bit:[/b] SCSI Class - Driver Group
SafeBootNet:[b]64bit:[/b] Streams Drivers - Driver Group
SafeBootNet:[b]64bit:[/b] System Bus Extender - Driver Group
SafeBootNet:[b]64bit:[/b] TDI - Driver Group
SafeBootNet:[b]64bit:[/b] vmms - Service
SafeBootNet:[b]64bit:[/b] WinDefend - C:\Program
Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:[b]64bit:[/b] WudfPf -
C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft
Corporation)
SafeBootNet:[b]64bit:[/b] WudfUsbccidDriver - Driver
SafeBootNet:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-
444553540000} - Universal Serial Bus controllers
SafeBootNet:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-
08002BE10318} - CD-ROM Drive
SafeBootNet:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-
08002BE10318} - DiskDrive
SafeBootNet:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-
08002BE10318} - Standard floppy disk controller
SafeBootNet:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-
08002BE10318} - Hdc
SafeBootNet:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-
08002BE10318} - Keyboard
SafeBootNet:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-
08002BE10318} - Mouse
SafeBootNet:[b]64bit:[/b] {4D36E972-E325-11CE-BFC1-
08002BE10318} - Net
SafeBootNet:[b]64bit:[/b] {4D36E973-E325-11CE-BFC1-
08002BE10318} - NetClient
SafeBootNet:[b]64bit:[/b] {4D36E974-E325-11CE-BFC1-
08002BE10318} - NetService
SafeBootNet:[b]64bit:[/b] {4D36E975-E325-11CE-BFC1-
08002BE10318} - NetTrans
SafeBootNet:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-
08002BE10318} - PCMCIA Adapters
SafeBootNet:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-
08002BE10318} - SCSIAdapter
SafeBootNet:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-
08002BE10318} - System
SafeBootNet:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-
08002BE10318} - Floppy disk drive
SafeBootNet:[b]64bit:[/b] {50DD5230-BA8A-11D1-BF5D-
0000F805F530} - Smart card readers
SafeBootNet:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-
00C04F79DEAF} - Volume shadow copy
SafeBootNet:[b]64bit:[/b] {6BDD1FC1-810F-11D0-BEC7-
08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-
08002BE2092F} - Volume
SafeBootNet:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-
00A0C90F57DA} - Human Interface Devices
SafeBootNet:[b]64bit:[/b] {D48179BE-EC20-11D1-B6B8-
00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:[b]64bit:[/b] {D94EE5D8-D189-4994-83D2-
F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: Dhcp - C:\Windows\SysWOW64\dhcpcore.dll
(Microsoft Corporation)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MpfService - Service
SafeBootNet: MPSDrv -
C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOS - C:\Windows\SysWOW64\netbios.dll
(Microsoft Corporation)
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: Tcpip -
C:\Windows\SysWOW64\wbem\tcpip.mof ()
SafeBootNet: TDI - Driver Group
SafeBootNet: VDS - C:\Windows\SysWOW64\wbem\vds.mof
()
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} -
Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} -
CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} -
DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} -
Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} -
Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} -
Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} -
Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} -
Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} -
NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} -
NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} -
NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} -
PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} -
SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} -
System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} -
Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} -
Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} -
Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F}
- IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F}
- Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
- Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7}
- SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} -
SecurityDevices


Report •

#12
March 9, 2010 at 10:14:39
ActiveX:[b]64bit:[/b] {22d6f312-b0f6-11d0-94ab-0080c74c7e95}
- Microsoft Windows Media Player 12.0
ActiveX:[b]64bit:[/b] {2C7339CF-2B09-4501-B3F3-
F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s
/n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:[b]64bit:[/b] {3af36230-a269-11d1-b5bf-0000f8051515}
- Offline Browsing Pack
ActiveX:[b]64bit:[/b] {44BBA840-CC51-11CF-AAFA-
00AA00B6015C} - "%ProgramFiles%\Windows
Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:[b]64bit:[/b] {44BBA855-CC51-11CF-AAFA-
00AA00B6015F} - DirectDrawEx
ActiveX:[b]64bit:[/b] {45ea75a0-a269-11d1-b5bf-0000f8051515}
- Internet Explorer Help
ActiveX:[b]64bit:[/b] {4f645220-306d-11d2-995d-00c04f98bbc9}
- Microsoft Windows Script 5.6
ActiveX:[b]64bit:[/b] {5fd399c0-a70a-11d1-9948-00c04f98bbc9}
- Internet Explorer Setup Tools
ActiveX:[b]64bit:[/b] {630b1da0-b465-11d1-9948-
00c04f98bbc9} - Browsing Enhancements
ActiveX:[b]64bit:[/b] {6BF52A52-394A-11d3-B153-
00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:[b]64bit:[/b] {6fab99d0-bab8-11d1-994a-00c04f98bbc9}
- MSN Site Access
ActiveX:[b]64bit:[/b] {7790769C-0471-11d2-AF11-
00C04FA35D02} - Address Book 7
ActiveX:[b]64bit:[/b] {89820200-ECBD-11cf-8B85-
00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:[b]64bit:[/b] {89820200-ECBD-11cf-8B85-
00AA005B4383} - C:\Windows\System32\ie4uinit.exe -
BaseSettings
ActiveX:[b]64bit:[/b] {89B4C1CD-B018-4511-B0A1-
5476DBF70820} - C:\Windows\system32\Rundll32.exe
C:\Windows\system32\mscories.dll,Install
ActiveX:[b]64bit:[/b] {9381D8F2-0288-11D0-9501-
00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:[b]64bit:[/b] {C9E9A340-D1F1-11D0-821E-
444553540600} - Internet Explorer Core Fonts
ActiveX:[b]64bit:[/b] {de5aed00-a4bf-11d1-9948-00c04f98bbc9}
- HTML Help
ActiveX:[b]64bit:[/b] {E92B03AB-B707-11d2-9CBD-
0000F87A369E} - Active Directory Service Interface
ActiveX:[b]64bit:[/b] {FEBEF00C-046D-438D-8A88-
BF94A6C9E703} - .NET Framework
ActiveX:[b]64bit:[/b] >{22d6f312-b0f6-11d0-94ab-
0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe
/ShowWMP
ActiveX:[b]64bit:[/b] >{26923b43-4d38-484f-9b9e-
de460746276c} - C:\Windows\System32\ie4uinit.exe -
UserIconConfig
ActiveX:[b]64bit:[/b] >{39525A64-594D-4690-8318-
2700473BD796} - RunDLL32 IEDKCS32.DLL,BrandIE4
SIGNUP
ActiveX:[b]64bit:[/b] >{60B49E34-C7CC-11D0-8953-
00A0C90347FF} -
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java
(Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft
Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} -
%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall
%SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline
Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} -
"%ProgramFiles(x86)%\Windows Mail\WinMail.exe"
OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} -
DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet
Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft
Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet
Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} -
Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} -
Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site
Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} -
Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} -
.NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} -
regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} -
C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} -
C:\Windows\SysWOW64\Rundll32.exe
C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} -
Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} -
Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} -
Windows Movie Maker 2.6
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} -
Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML
Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} -
Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} -
%SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} -
C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} -
"C:\Windows\SysWOW64\rundll32.exe"
"C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup
SIGNUP

Drivers32:[b]64bit:[/b] aux -
C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:[b]64bit:[/b] aux1 -
C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:[b]64bit:[/b] midi -
C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:[b]64bit:[/b] midi1 -
C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:[b]64bit:[/b] midimapper -
C:\Windows\SysNative\midimap.dll (Microsoft Corporation)
Drivers32:[b]64bit:[/b] mixer -
C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:[b]64bit:[/b] mixer1 -
C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:[b]64bit:[/b] msacm.imaadpcm -
C:\Windows\SysNative\imaadp32.acm (Microsoft Corporation)
Drivers32:[b]64bit:[/b] msacm.l3acm -
C:\Windows\SysNative\l3codeca.acm (Fraunhofer Institut
Integrierte Schaltungen IIS)
Drivers32:[b]64bit:[/b] msacm.msadpcm -
C:\Windows\SysNative\msadp32.acm (Microsoft Corporation)
Drivers32:[b]64bit:[/b] msacm.msg711 -
C:\Windows\SysNative\msg711.acm (Microsoft Corporation)
Drivers32:[b]64bit:[/b] msacm.msgsm610 -
C:\Windows\SysNative\msgsm32.acm (Microsoft Corporation)
Drivers32:[b]64bit:[/b] MSVideo8 -
C:\Windows\SysNative\vfwwdm32.dll (Microsoft Corporation)
Drivers32:[b]64bit:[/b] vidc.i420 -
C:\Windows\SysNative\iyuv_32.dll (Microsoft Corporation)
Drivers32:[b]64bit:[/b] VIDC.IYUV -
C:\Windows\SysNative\iyuv_32.dll (Microsoft Corporation)
Drivers32:[b]64bit:[/b] vidc.mrle -
C:\Windows\SysNative\msrle32.dll (Microsoft Corporation)
Drivers32:[b]64bit:[/b] vidc.msvc -
C:\Windows\SysNative\msvidc32.dll (Microsoft Corporation)
Drivers32:[b]64bit:[/b] VIDC.UYVY -
C:\Windows\SysNative\msyuv.dll (Microsoft Corporation)
Drivers32:[b]64bit:[/b] VIDC.YUY2 -
C:\Windows\SysNative\msyuv.dll (Microsoft Corporation)
Drivers32:[b]64bit:[/b] VIDC.YVU9 -
C:\Windows\SysNative\tsbyuv.dll (Microsoft Corporation)
Drivers32:[b]64bit:[/b] VIDC.YVYU -
C:\Windows\SysNative\msyuv.dll (Microsoft Corporation)
Drivers32:[b]64bit:[/b] wave -
C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:[b]64bit:[/b] wave1 -
C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:[b]64bit:[/b] wavemapper -
C:\Windows\SysNative\msacm32.drv (Microsoft Corporation)
Drivers32: msacm.l3acm -
C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut
Integrierte Schaltungen IIS)
Drivers32: msacm.siren -
C:\Windows\SysWow64\sirenacm.dll (Microsoft Corporation)
Drivers32: vidc.3IV2 -
C:\Windows\SysWow64\3ivxVfWCodec.dll (3ivx Technologies
Pty. Ltd.)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll
(Radius Inc.)

[color=#E56717]========== Files/Folders - Created Within
30 Days ==========[/color]

[2010/03/09 17:47:08 | 000,554,496 | ---- | C] (OldTimer Tools)
-- C:\Users\Nick\Desktop\OTL.exe
[2010/03/08 18:04:26 | 000,000,000 | ---D | C] -- C:\Program
Files (x86)\Trend Micro
[2010/03/07 20:18:48 | 000,000,000 | ---D | C] --
C:\Users\Nick\AppData\Roaming\Malwarebytes
[2010/03/07 20:18:36 | 000,038,224 | ---- | C] (Malwarebytes
Corporation) --
C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/03/07 20:18:33 | 000,022,104 | ---- | C] (Malwarebytes
Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/03/07 20:18:33 | 000,000,000 | ---D | C] --
C:\ProgramData\Malwarebytes
[2010/03/07 20:18:32 | 000,000,000 | ---D | C] -- C:\Program
Files (x86)\Malwarebytes' Anti-Malware
[2010/03/07 19:01:05 | 000,000,000 | ---D | C] --
C:\Users\Nick\AppData\Local\Windows Server
[2010/03/07 18:57:44 | 000,000,000 | ---D | C] --
C:\ProgramData\SpeedyPC
[2010/03/06 08:37:33 | 000,245,760 | ---- | C] (Microsoft
Corporation) -- C:\Windows\SysWow64\uxtheme.dll.backup
[2010/03/06 08:37:29 | 002,755,072 | ---- | C] (Microsoft
Corporation) -- C:\Windows\SysWow64\themeui.dll.backup
[2010/03/06 08:23:50 | 000,332,288 | ---- | C] (Microsoft
Corporation) -- C:\Windows\SysNative\uxtheme.dll.backup
[2010/03/06 08:23:42 | 002,851,328 | ---- | C] (Microsoft
Corporation) -- C:\Windows\SysNative\themeui.dll.backup
[2010/03/06 08:23:37 | 000,044,544 | ---- | C] (Microsoft
Corporation) --
C:\Windows\SysNative\themeservice.dll.backup
[2010/03/05 19:25:58 | 000,000,000 | ---D | C] -- C:\Program
Files (x86)\RealVNC
[2010/03/02 18:25:49 | 000,286,720 | ---- | C] (Indigo Rose
Corporation) -- C:\Windows\iun506.exe
[2010/03/02 18:25:45 | 000,000,000 | ---D | C] -- C:\Program
Files (x86)\Mp3 File Editor
[2010/03/02 18:20:51 | 000,000,000 | ---D | C] --
C:\Users\Nick\Documents\CustomizeMii 2.31
[2010/03/01 21:34:23 | 000,000,000 | ---D | C] -- C:\Program
Files (x86)\WADder
[2010/03/01 20:40:37 | 000,000,000 | ---D | C] -- C:\wadder
[2010/02/28 16:54:18 | 000,000,000 | ---D | C] --
C:\Users\Nick\AppData\Roaming\SmartFTP
[2010/02/28 16:53:12 | 000,000,000 | ---D | C] -- C:\Program
Files\SmartFTP Client
[2010/02/28 16:52:05 | 000,000,000 | ---D | C] -- C:\Program
Files (x86)\SmartFTP Client 4.0 (x64) Setup Files
[2010/02/28 15:08:02 | 000,000,000 | ---D | C] --
C:\Windows\SysWow64\RegistryCorrector
[2010/02/28 15:07:55 | 000,086,016 | ---- | C] (MindVision
Software) -- C:\Windows\unvise32.exe
[2010/02/28 15:07:46 | 000,000,000 | ---D | C] -- C:\Program
Files (x86)\Registry Corrector
[2010/02/28 14:44:15 | 000,000,000 | ---D | C] --
C:\Users\Nick\AppData\Local\TransmitMii
[2010/02/28 13:42:17 | 000,000,000 | ---D | C] --
C:\Users\Nick\AppData\Local\ElevatedDiagnostics
[2010/02/27 20:43:37 | 000,000,000 | ---D | C] --
C:\Users\Nick\Desktop\New folder
[2010/02/24 17:15:12 | 000,243,200 | ---- | C] (Microsoft
Corporation) -- C:\Windows\SysNative\wow64.dll
[2010/02/24 17:15:12 | 000,025,600 | ---- | C] (Microsoft
Corporation) -- C:\Windows\SysWow64\setup16.exe
[2010/02/24 17:15:11 | 000,014,336 | ---- | C] (Microsoft
Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2010/02/24 17:15:11 | 000,007,680 | ---- | C] (Microsoft
Corporation) -- C:\Windows\SysWow64\instnm.exe
[2010/02/24 17:15:11 | 000,005,120 | ---- | C] (Microsoft
Corporation) -- C:\Windows\SysWow64\wow32.dll
[2010/02/24 17:15:11 | 000,002,048 | ---- | C] (Microsoft
Corporation) -- C:\Windows\SysWow64\user.exe
[2010/02/24 17:14:38 | 000,852,480 | ---- | C] (Microsoft
Corporation) -- C:\Windows\SysNative\jscript.dll
[2010/02/24 17:14:37 | 000,716,800 | ---- | C] (Microsoft
Corporation) -- C:\Windows\SysWow64\jscript.dll
[2010/02/24 17:14:35 | 000,960,512 | ---- | C] (Microsoft
Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2010/02/24 17:14:35 | 000,641,536 | ---- | C] (Microsoft
Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2010/02/24 17:14:34 | 000,613,888 | ---- | C] (Microsoft
Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2010/02/24 17:14:34 | 000,552,960 | ---- | C] (Microsoft
Corporation) -- C:\Windows\SysNative\msdri.dll
[2010/02/24 17:14:34 | 000,288,256 | ---- | C] (Microsoft
Corporation) -- C:\Windows\SysNative\MSNP.ax
[2010/02/24 17:14:34 | 000,204,288 | ---- | C] (Microsoft
Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2010/02/24 17:14:33 | 000,465,408 | ---- | C] (Microsoft
Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2010/02/13 14:50:01 | 000,000,000 | ---D | C] --
C:\Windows\SysWow64\QuickTime
[2010/02/13 14:49:58 | 000,000,000 | ---D | C] -- C:\Program
Files (x86)\3ivx
[2010/02/13 14:49:47 | 000,000,000 | ---D | C] --
C:\ProgramData\Flip Video
[2010/02/13 14:49:47 | 000,000,000 | ---D | C] -- C:\Program
Files (x86)\Flip Video
[2010/02/11 17:29:15 | 000,424,960 | ---- | C] (Microsoft
Corporation) -- C:\Windows\SysNative\secproc.dll
[2010/02/11 17:29:15 | 000,422,912 | ---- | C] (Microsoft
Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2010/02/11 17:29:15 | 000,369,152 | ---- | C] (Microsoft
Corporation) -- C:\Windows\SysWow64\secproc.dll
[2010/02/11 17:29:15 | 000,365,568 | ---- | C] (Microsoft
Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2010/02/11 17:29:15 | 000,357,888 | ---- | C] (Microsoft
Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2010/02/11 17:29:15 | 000,356,352 | ---- | C] (Microsoft
Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2010/02/11 17:29:15 | 000,324,608 | ---- | C] (Microsoft
Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2010/02/11 17:29:15 | 000,320,512 | ---- | C] (Microsoft
Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2010/02/11 17:29:15 | 000,306,688 | ---- | C] (Microsoft
Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2010/02/11 17:29:15 | 000,305,152 | ---- | C] (Microsoft
Corporation) --
C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2010/02/11 17:29:15 | 000,121,856 | ---- | C] (Microsoft
Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2010/02/11 17:29:15 | 000,121,856 | ---- | C] (Microsoft
Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2010/02/11 17:29:15 | 000,085,504 | ---- | C] (Microsoft
Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2010/02/11 17:29:15 | 000,085,504 | ---- | C] (Microsoft
Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2010/02/11 17:29:14 | 000,280,064 | ---- | C] (Microsoft
Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2010/02/11 17:29:14 | 000,277,504 | ---- | C] (Microsoft
Corporation) --
C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2010/02/11 17:29:13 | 001,572,352 | ---- | C] (Microsoft
Corporation) -- C:\Windows\SysNative\quartz.dll
[2010/02/11 17:29:13 | 001,328,640 | ---- | C] (Microsoft
Corporation) -- C:\Windows\SysWow64\quartz.dll
[2010/02/11 17:29:13 | 000,091,648 | ---- | C] (Microsoft
Corporation) -- C:\Windows\SysWow64\avifil32.dll
[2010/02/11 17:29:13 | 000,084,480 | ---- | C] (Microsoft
Corporation) -- C:\Windows\SysWow64\mciavi32.dll
[2010/02/11 17:29:13 | 000,054,272 | ---- | C] (Microsoft
Corporation) -- C:\Windows\SysNative\iyuv_32.dll
[2010/02/11 17:29:13 | 000,038,912 | ---- | C] (Microsoft
Corporation) -- C:\Windows\SysNative\msvidc32.dll
[2010/02/11 17:29:13 | 000,025,088 | ---- | C] (Microsoft
Corporation) -- C:\Windows\SysNative\msyuv.dll
[2010/02/11 17:29:13 | 000,016,384 | ---- | C] (Microsoft
Corporation) -- C:\Windows\SysNative\msrle32.dll
[2010/02/11 17:29:13 | 000,014,848 | ---- | C] (Microsoft
Corporation) -- C:\Windows\SysNative\tsbyuv.dll
[2010/02/10 18:33:23 | 000,000,000 | ---D | C] -- C:\Program
Files (x86)\Novel Games
[2010/02/07 18:35:03 | 000,000,000 | ---D | C] --
C:\Users\Nick\Desktop\New folder (2)
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30
Days ==========[/color]

[2010/03/09 17:52:04 | 002,359,296 | -HS- | M] () --
C:\Users\Nick\NTUSER.DAT
[2010/03/09 17:48:43 | 000,016,080 | -H-- | M] () --
C:\Windows\SysNative\7B296FB0-376B-497e-B012-
9C450E1B7327-5P-1.C7483456-A289-439d-8115-
601632D005A0
[2010/03/09 17:48:43 | 000,016,080 | -H-- | M] () --
C:\Windows\SysNative\7B296FB0-376B-497e-B012-
9C450E1B7327-5P-0.C7483456-A289-439d-8115-
601632D005A0
[2010/03/09 17:46:35 | 000,554,496 | ---- | M] (OldTimer Tools)
-- C:\Users\Nick\Desktop\OTL.exe
[2010/03/09 17:42:39 | 000,002,046 | ---- | M] () --
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs\Startup\TRDCReminder.lnk
[2010/03/09 17:41:42 | 000,000,374 | ---- | M] () --
C:\Windows\SysNative\drivers\etc\hosts.ics
[2010/03/09 17:40:46 | 000,000,006 | -H-- | M] () --
C:\Windows\tasks\SA.DAT
[2010/03/09 17:40:41 | 000,067,584 | --S- | M] () --
C:\Windows\bootstat.dat
[2010/03/09 17:40:32 | 3092,934,656 | -HS- | M] () --
C:\hiberfil.sys
[2010/03/08 21:44:31 | 006,649,382 | -H-- | M] () --
C:\Users\Nick\AppData\Local\IconCache.db
[2010/03/08 21:06:09 | 000,000,902 | ---- | M] () --
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-
3526876227-2196846717-3562661962-1001UA.job
[2010/03/08 18:04:26 | 000,002,104 | ---- | M] () --
C:\Users\Nick\Desktop\HijackThis.lnk
[2010/03/07 20:18:41 | 000,001,020 | ---- | M] () --
C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/07 19:13:07 | 000,000,348 | ---- | M] () --
C:\Windows\tasks\PC Medkit.job
[2010/03/05 19:25:59 | 000,001,041 | ---- | M] () --
C:\Users\Nick\Desktop\VNC Viewer 4.lnk
[2010/03/03 20:19:12 | 000,141,920 | ---- | M] () --
C:\Users\Nick\Desktop\pirate.swf
[2010/03/02 19:08:23 | 000,713,888 | ---- | M] () --
C:\Windows\SysNative\PerfStringBackup.INI
[2010/03/02 19:08:23 | 000,619,642 | ---- | M] () --
C:\Windows\SysNative\perfh009.dat
[2010/03/02 19:08:23 | 000,107,792 | ---- | M] () --
C:\Windows\SysNative\perfc009.dat
[2010/03/02 19:06:46 | 000,011,264 | ---- | M] () --
C:\Users\Nick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-
E0D61DEA3FDF.ini
[2010/03/02 18:25:38 | 000,286,720 | ---- | M] (Indigo Rose
Corporation) -- C:\Windows\iun506.exe
[2010/02/28 16:53:16 | 000,002,659 | ---- | M] () --
C:\Users\Public\Desktop\SmartFTP Client.lnk
[2010/02/28 15:06:00 | 000,000,850 | ---- | M] () --
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-
3526876227-2196846717-3562661962-1001Core.job
[2010/02/13 14:49:48 | 000,001,951 | ---- | M] () --
C:\Users\Public\Desktop\FlipShare.lnk
[2010/02/12 17:22:21 | 000,002,256 | ---- | M] () --
C:\Users\Nick\Desktop\Google Chrome.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[color=#E56717]========== Files Created - No Company
Name ==========[/color]

[2010/03/08 18:04:26 | 000,002,104 | ---- | C] () --
C:\Users\Nick\Desktop\HijackThis.lnk
[2010/03/07 20:18:41 | 000,001,020 | ---- | C] () --
C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/07 18:46:21 | 000,000,348 | ---- | C] () --
C:\Windows\tasks\PC Medkit.job
[2010/03/05 19:25:59 | 000,001,041 | ---- | C] () --
C:\Users\Nick\Desktop\VNC Viewer 4.lnk
[2010/03/03 20:19:12 | 000,141,920 | ---- | C] () --
C:\Users\Nick\Desktop\pirate.swf
[2010/02/28 16:53:16 | 000,002,659 | ---- | C] () --
C:\Users\Public\Desktop\SmartFTP Client.lnk
[2010/02/13 14:49:48 | 000,001,951 | ---- | C] () --
C:\Users\Public\Desktop\FlipShare.lnk
[2010/01/31 17:32:11 | 000,011,264 | ---- | C] () --
C:\Users\Nick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-
E0D61DEA3FDF.ini
[2010/01/27 19:47:56 | 000,000,033 | ---- | C] () --
C:\ProgramData\{081230F8-EA50-42A9-983C-
D22ABC2EED3B}.ini
[2010/01/27 18:28:00 | 000,000,960 | ---- | C] () --
C:\ProgramData\ss.ini
[2009/11/05 10:04:01 | 000,185,344 | ---- | C] () --
C:\Windows\SysWow64\MemWarp.dll
[2009/11/05 10:04:01 | 000,021,504 | ---- | C] () --
C:\Windows\SysWow64\WBCustomizer.dll
[2009/11/03 11:08:28 | 000,000,000 | ---- | C] () --
C:\Windows\NDSTray.INI
[2009/07/13 23:42:10 | 000,064,000 | ---- | C] () --
C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 21:03:59 | 000,364,544 | ---- | C] () --
C:\Windows\SysWow64\msjetoledb40.dll
[2009/04/28 03:37:00 | 000,028,672 | ---- | C] () --
C:\Windows\SysWow64\SPCtl.dll
[2008/02/19 06:33:34 | 000,446,352 | ---- | C] () --
C:\Windows\SysWow64\OpenQuicktimeLib.dll

[color=#E56717]========== Custom Scans
==========[/color]


[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles
>[/color]
[2009/07/14 01:15:50 | 001,386,496 | ---- | M] (Microsoft
Corporation)[b] Unable to obtain MD5[/b] --
C:\Windows\SysWOW64\msvbvm60.dll

[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles
>[/color]


[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2009/07/14 01:52:21 | 000,061,008 | ---- | M] (Microsoft
Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799
--
C:\Windows\SysWow64\DriverStore\FileRepository\machine.i
nf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/14 01:52:21 | 000,061,008 | ---- | M] (Microsoft
Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799
--
C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_
6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2009/07/14 01:52:21 | 000,024,128 | ---- | M] (Microsoft
Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C
--
C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf
_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/14 01:52:21 | 000,024,128 | ---- | M] (Microsoft
Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C
--
C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.
1.7600.16385_none_392d19c13b3ad543\atapi.sys

[color=#A23BEC]< MD5 for: CNGAUDIT.DLL >[/color]
[2009/07/14 01:15:06 | 000,012,288 | ---- | M] (Microsoft
Corporation)
MD5=50BA656134F78AF64E4DD3C8B6FEFD7E --
C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 01:15:06 | 000,012,288 | ---- | M] (Microsoft
Corporation)
MD5=50BA656134F78AF64E4DD3C8B6FEFD7E --
C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 01:15:06 | 000,012,288 | ---- | M] (Microsoft
Corporation)
MD5=50BA656134F78AF64E4DD3C8B6FEFD7E --
C:\Windows\winsxs\x86_microsoft-windows-cngaudit-
dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e81
32b\cngaudit.dll
[2009/07/14 01:40:20 | 000,018,944 | ---- | M] (Microsoft
Corporation)
MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 --
C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-
dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458
461\cngaudit.dll

[color=#A23BEC]< MD5 for: IASTOR.SYS >[/color]
[2009/06/04 17:54:36 | 000,408,600 | ---- | M] (Intel
Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9
-- C:\Program Files (x86)\Intel\Intel Matrix Storage
Manager\driver64\IaStor.sys
[2009/06/04 17:54:36 | 000,408,600 | ---- | M] (Intel
Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9
--
C:\Windows\SysWow64\DriverStore\FileRepository\iaahci.inf_
amd64_neutral_7fb62b08f6b7117a\iaStor.sys
[2009/06/04 17:43:16 | 000,330,264 | ---- | M] (Intel
Corporation) MD5=D483687EACE0C065EE772481A96E05F5
-- C:\Program Files (x86)\Intel\Intel Matrix Storage
Manager\driver\IaStor.sys

[color=#A23BEC]< MD5 for: IASTORV.SYS >[/color]
[2009/07/14 01:48:04 | 000,410,688 | ---- | M] (Intel
Corporation)
MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 --
C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf
_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 01:48:04 | 000,410,688 | ---- | M] (Intel
Corporation)
MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 --
C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1
.7600.16385_none_0b06441fa1790136\iaStorV.sys

[color=#A23BEC]< MD5 for: NETLOGON.DLL >[/color]
[2009/07/14 01:41:52 | 000,692,736 | ---- | M] (Microsoft
Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -
- C:\Windows\winsxs\amd64_microsoft-windows-security-
netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea
51aaeefe\netlogon.dll
[2009/07/14 01:16:02 | 000,563,712 | ---- | M] (Microsoft
Corporation)
MD5=EAA75D9000B71F10EEC04D2AE6C60E81 --
C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 01:16:02 | 000,563,712 | ---- | M] (Microsoft
Corporation)
MD5=EAA75D9000B71F10EEC04D2AE6C60E81 --
C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 01:16:02 | 000,563,712 | ---- | M] (Microsoft
Corporation)
MD5=EAA75D9000B71F10EEC04D2AE6C60E81 --
C:\Windows\winsxs\wow64_microsoft-windows-security-
netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c
860bb0f9\netlogon.dll

[color=#A23BEC]< MD5 for: NVSTOR.SYS >[/color]
[2009/07/14 01:45:45 | 000,167,488 | ---- | M] (NVIDIA
Corporation)
MD5=477DC4D6DEB99BE37084C9AC6D013DA1 --
C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_
amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 01:45:45 | 000,167,488 | ---- | M] (NVIDIA
Corporation)
MD5=477DC4D6DEB99BE37084C9AC6D013DA1 --
C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.
7600.16385_none_95cfb4ced8afab0e\nvstor.sys

[color=#A23BEC]< MD5 for: SCECLI.DLL >[/color]
[2009/07/14 01:16:13 | 000,175,616 | ---- | M] (Microsoft
Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2
-- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 01:16:13 | 000,175,616 | ---- | M] (Microsoft
Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2
-- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 01:16:13 | 000,175,616 | ---- | M] (Microsoft
Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2
-- C:\Windows\winsxs\wow64_microsoft-windows-
s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_no
ne_9e577e55272d37b4\scecli.dll
[2009/07/14 01:41:53 | 000,232,448 | ---- | M] (Microsoft
Corporation)
MD5=398712DDDAEFB85EDF61DF6A07B65C79 --
C:\Windows\winsxs\amd64_microsoft-windows-
s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_no
ne_9402d402f2cc75b9\scecli.dll

[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
< End of report >

will post extras


Report •

#13
March 9, 2010 at 10:15:02
OTL Extras logfile created on: 3/9/2010 5:48:12 PM - Run 1
OTL by OldTimer - Version 3.1.35.0 Folder =
C:\Users\Nick\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type =
NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United Kingdom | Language:
ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical
Memory | 63.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File |
79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows |
%ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.04 Gb Total Space | 111.53 Gb Free Space |
74.83% Space Free | Partition Type: NTFS
Drive D: | 148.65 Gb Total Space | 85.30 Gb Free Space |
57.38% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SHRIKE
Current User Name: Nick
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Extra Registry (SafeList)
==========[/color]


[color=#E56717]========== File Associations
==========[/color]

[b]64bit:[/b]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension
>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension
>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe
(Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>
]
.html [@ = ChromeHTML] --
C:\Users\Nick\AppData\Local\Google\Chrome\Application\chr
ome.exe (Google Inc.)

[color=#E56717]========== Shell Spawning
==========[/color]

[b]64bit:[/b]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell
\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft
Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft
Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] --
%SystemRoot%\System32\InfDefaultInstall.exe "%1"
(Microsoft Corporation)
InternetShortcut [print] --
"C:\Windows\System32\rundll32.exe"
"C:\Windows\System32\mshtml.dll",PrintHTML "%1"
(Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
(Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe
%SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft
Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft
Corporation)
Directory [OneNote.Open] --
C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
(Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft
Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft
Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell
\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe
"%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft
Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft
Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] --
%SystemRoot%\System32\InfDefaultInstall.exe "%1"
(Microsoft Corporation)
InternetShortcut [print] --
"C:\Windows\System32\rundll32.exe"
"C:\Windows\System32\mshtml.dll",PrintHTML "%1"
(Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
(Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe
%SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft
Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft
Corporation)
Directory [OneNote.Open] --
C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
(Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft
Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft
Corporation)

[color=#E56717]========== Security Center Settings
==========[/color]

[b]64bit:[/b]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center]
"cval" = 0

[b]64bit:[/b]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center\Monitoring]

[b]64bit:[/b]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center]
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servi
ces\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servi
ces\SharedAccess\Parameters\FirewallPolicy\StandardProfile
]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servi
ces\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[color=#E56717]========== Authorized Applications List
==========[/color]


[color=#E56717]========== HKEY_LOCAL_MACHINE
Uninstall List ==========[/color]

64bit:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA
Value Added Package
"{1E9E8BA6-FD0B-465D-AFA2-ECE10BF095F9}" =
TOSHIBA Bulletin Board
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA
Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA
Extended Tiles for Windows Mobility Center
"{6F07ACDA-5A9F-4E2D-8968-FBB5C8950C3A}" =
SmartFTP Client
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft
Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E363055-15E5-4D8A-9C69-A0A9DE9A3337}" = UxStyle
Core Beta
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft
Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft
Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft
Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel®
Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft
Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA
PC Health Monitor
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA
eco Utility
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA
Recovery Media Creator
"{B7EFE954-D636-4FAA-8EC0-365FD6542A69}" = TOSHIBA
Mobile Broadband Device
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" =
PlayReady PC Runtime amd64
"{C2DDF845-7107-40E8-8D2A-8719F1799570}" = TOSHIBA
ReelTime
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA
HDD/SSD Alert
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" =
TRORMCLauncher
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA
SD Memory Utilities
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft
Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA
Face Recognition
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA
Value Added Package
"{0823A2E3-69DD-A37A-7CD9-1CBEB037545C}" = Toshiba
Photo Service - powered by myphotobook
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek
WLAN Driver
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility
Common Driver
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft
Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows
Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google
Toolbar for Internet Explorer
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = Toshiba
Assist
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows
Live Upload Tool
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba
Online Product Information
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google
Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6
Update 14
"{26D8DF7E-DBF8-43A6-8D42-F37497CE603D}" =
Skype(TM) Launcher
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" =
Acrobat.com
"{32AE58D5-49F5-45A6-B697-259EE62B015C}_is1" =
WADder 2.7.3
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows
Live Communications Platform
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows
Live Sign-in Assistant
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA
Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA
Hardware Setup
"{5C47C8B6-77FF-4FC7-A388-66FCF9CFC24C}" = Snagit
9.1.3
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA
Web Camera Application
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA
Flash Cards Support Utility
"{6217D572-0BD6-4A6E-A2B9-D354EE3219D4}" = The
Conduit Code Generator
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows
Live Mail
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA
DVD PLAYER
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA
Recovery Media Creator Reminder
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows
Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft
Visual C++ 2005 Redistributable
"{838DC5B4-2614-A98F-346B-B3BE3BE07CE7}" = FlipShare
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows
Live Sync
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek
8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft
Silverlight
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft
Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-
0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-
861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack
2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft
Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-
0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-
861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack
2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft
Office Word MUI (English) 2007
"{90120000-001B-0409-0000-
0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-
861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack
2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft
Office Proof (English) 2007
"{90120000-001F-0409-0000-
0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-
89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools
2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft
Office Proof (French) 2007
"{90120000-001F-040C-0000-
0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-
968E-EBB76BB86787}" = Microsoft Office Proofing Tools
2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft
Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-
0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-
9AB9-D290383A10D9}" = Microsoft Office Proofing Tools
2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility
Pack for the 2007 Office system
"{90120000-002A-0000-1000-
0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-
BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack
2 (SP2)
"{90120000-002A-0409-1000-
0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-
A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack
2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft
Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft
Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-
0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-
A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack
2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft
Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-
0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-
861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack
2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft
Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-
0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-
A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack
2 (SP2)
"{90120000-0116-0409-1000-
0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-
A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack
2 (SP2)
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba
Manuals
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft
Office Home and Student 2007
"{91120000-002F-0000-0000-
0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-
BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack
2 (SP2)
"{91120000-002F-0000-0000-
0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-
80AE-815B703B84FF}" = Security Update for Microsoft Office
system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft
Office PowerPoint Viewer 2007 (English)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek
USB 2.0 Card Reader
"{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky
Internet Security 2010
"{9E4FF410-471F-49E3-9358-74FF0D5E9901}" = Toshiba
TEMPRO
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A74F16FA-1D5B-405B-8D8D-1BC6F9DAED8B}" =
Amazon.co.uk
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows
Live Messenger
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA
Service Station
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe
Reader 9.1
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows
Movie Maker 2.6
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA
eco Utility
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA
HDD/SSD Alert
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows
Live Photo Gallery
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail
filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" =
Microsoft Office Suite Activation Assistant
"{E83BA61A-5D77-4DD5-9C92-A3447F11E27D}" = eBay
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft
SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft
Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek
High Definition Audio Driver
"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA
ConfigFree
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows
Live Call
"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10
ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"DoremiSoft AVI to MP3 Converter" = DoremiSoft AVI to MP3
Converter 1.0
"eu.myphotobook.001F9DF2D0BAABEB11F42CCEE4322460
7B61109C.1" = Toshiba Photo Service - powered by
myphotobook
"Free YouTube Uploader_is1" = Free YouTube Uploader
version 2.3
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student
2007
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}"
= TOSHIBA Value Added Package
"InstallShield_{1E9E8BA6-FD0B-465D-AFA2-
ECE10BF095F9}" = TOSHIBA Bulletin Board
"InstallShield_{51B4E156-14A5-4904-9AE4-
B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}"
= TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-
441CEB12FADF}" = TOSHIBA Extended Tiles for Windows
Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}"
= TOSHIBA Flash Cards Support Utility
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}"
= TOSHIBA Recovery Media Creator Reminder
"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}"
= TOSHIBA eco Utility
"InstallShield_{C2DDF845-7107-40E8-8D2A-8719F1799570}"
= TOSHIBA ReelTime
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}"
= TOSHIBA HDD/SSD Alert
"InstallShield_{E65C7D8E-186D-484B-BEA8-
DEF0331CE600}" = TRORMCLauncher
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}"
= TOSHIBA Face Recognition
"InstallWIX_{9D8B0949-7C47-476F-9F06-F900D3B078EA}" =
Kaspersky Internet Security 2010
"LHTTSENG" = L&H TTS3000 British English
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-
Malware
"Mp3_File_Editor_5" = Mp3 File Editor 5.11 (standard)
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"RealVNC_is1" = VNC Free Edition 4.1.3
"Registry Corrector" = Registry Corrector
"SmartFTP Client 4.0 (x64) Setup Files" = SmartFTP Client
Setup Files 4.0 (x64) (remove only)
"Space Invaders_is1" = Space Invaders 1.1.0
"Speakonia_is1" = Speakonia
"tv_enua" = Lernout & Hauspie TruVoice American English
TTS Engine
"Uninstall_is1" = Uninstall 1.0.0.1
"WildTangent toshiba Master Uninstall" = WildTangent
Games
"WinLiveSuite_Wave3" = Windows Live Essentials

[color=#E56717]========== HKEY_CURRENT_USER
Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\C
urrentVersion\Uninstall]
"Google Chrome" = Google Chrome

[color=#E56717]========== Last 10 Event Log Errors
==========[/color]

[ Application Events ]
Error - 1/28/2010 2:54:47 PM | Computer Name = Shrike |
Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version:
0.0.0.0, time stamp:
0x4b1ff63f Faulting module name: unknown, version: 0.0.0.0,
time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x6365536c Faulting
process id: 0x1668 Faulting application
start time: 0x01caa04b2ec15ae6 Faulting application path:
C:\Users\Nick\AppData\Local\Google\Chrome\Application\chr
ome.exe
Faulting
module path: unknown Report Id: 9a82bedb-0c3e-11df-b77a-
002622e57b31

Error - 1/28/2010 2:55:50 PM | Computer Name = Shrike |
Source = Application Hang | ID = 1002
Description = The program chrome.exe version 0.0.0.0
stopped interacting with Windows
and was closed. To see if more information about the
problem is available, check
the problem history in the Action Center control panel.
Process ID: 12bc Start Time:
01caa04a60155c54 Termination Time: 38 Application
Path:
C:\Users\Nick\AppData\Local\Google\Chrome\Application\chr
ome.exe

Report
Id: a661dc1c-0c3e-11df-b77a-002622e57b31

Error - 1/30/2010 1:52:31 PM | Computer Name = Shrike |
Source = Application Hang | ID = 1002
Description = The program chrome.exe version 0.0.0.0
stopped interacting with Windows
and was closed. To see if more information about the
problem is available, check
the problem history in the Action Center control panel.
Process ID: 121c Start Time:
01caa1d191d15f6e Termination Time: 192 Application
Path:
C:\Users\Nick\AppData\Local\Google\Chrome\Application\chr
ome.exe

Report
Id: 3407c443-0dc8-11df-8359-002622e57b31

Error - 1/30/2010 1:52:32 PM | Computer Name = Shrike |
Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version:
0.0.0.0, time stamp:
0x4b57e078 Faulting module name: NPSWF32.dll, version:
10.0.42.34, time stamp: 0x4ae7bd0e
Exception
code: 0xc0000005 Fault offset: 0x001e25f5 Faulting
process id: 0x11fc Faulting application
start time: 0x01caa1d24f412480 Faulting application path:
C:\Users\Nick\AppData\Local\Google\Chrome\Application\chr
ome.exe
Faulting
module path:
C:\Windows\system32\Macromed\Flash\NPSWF32.dll
Report Id: 3d033ebd-0dc8-11df-8359-002622e57b31

Error - 2/6/2010 10:18:27 AM | Computer Name = Shrike |
Source = SideBySide | ID = 16842815
Description = Activation context generation failed for
"c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in
manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_M
AJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 2/7/2010 12:11:38 PM | Computer Name = Shrike |
Source = SideBySide | ID = 16842815
Description = Activation context generation failed for
"c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in
manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_M
AJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 2/11/2010 1:34:36 PM | Computer Name = Shrike |
Source = Application Error | ID = 1000
Description = Faulting application name: msnmsgr.exe,
version: 14.0.8089.726, time
stamp: 0x4a6ce533 Faulting module name:
avicap32.dll_unloaded, version: 0.0.0.0,
time stamp: 0x4a5bd994 Exception code: 0xc0000005
Fault offset: 0x6ba80be1 Faulting
process id: 0xd20 Faulting application start time:
0x01caab3f3a44cfae Faulting application
path: C:\Program Files (x86)\Windows
Live\Messenger\msnmsgr.exe Faulting module
path: avicap32.dll Report Id: b894a4f4-1733-11df-a317-
002622e57b31

Error - 2/13/2010 10:49:22 AM | Computer Name = Shrike |
Source = MsiInstaller | ID = 10005
Description =

Error - 2/20/2010 2:01:06 PM | Computer Name = Shrike |
Source = Google Update | ID = 20
Description =

Error - 2/20/2010 3:01:05 PM | Computer Name = Shrike |
Source = Google Update | ID = 20
Description =

[ Media Center Events ]
Error - 2/20/2010 1:31:55 PM | Computer Name = Shrike |
Source = MCUpdate | ID = 0
Description = 17:31:55 - Error connecting to the internet.
17:31:55 - Unable
to contact server..

Error - 2/20/2010 1:32:07 PM | Computer Name = Shrike |
Source = MCUpdate | ID = 0
Description = 17:32:00 - Error connecting to the internet.
17:32:00 - Unable
to contact server..

Error - 2/20/2010 2:34:46 PM | Computer Name = Shrike |
Source = MCUpdate | ID = 0
Description = 18:34:42 - Error connecting to the internet.
18:34:42 - Unable
to contact server..

Error - 2/20/2010 2:40:19 PM | Computer Name = Shrike |
Source = MCUpdate | ID = 0
Description = 18:34:56 - Error connecting to the internet.
18:34:56 - Unable
to contact server..

Error - 2/20/2010 3:40:20 PM | Computer Name = Shrike |
Source = MCUpdate | ID = 0
Description = 19:40:19 - Error connecting to the internet.
19:40:19 - Unable
to contact server..

Error - 2/20/2010 3:40:27 PM | Computer Name = Shrike |
Source = MCUpdate | ID = 0
Description = 19:40:25 - Error connecting to the internet.
19:40:25 - Unable
to contact server..

Error - 2/20/2010 3:40:49 PM | Computer Name = Shrike |
Source = MCUpdate | ID = 0
Description = 19:40:49 - Error connecting to the internet.
19:40:49 - Unable
to contact server..

Error - 2/20/2010 3:40:56 PM | Computer Name = Shrike |
Source = MCUpdate | ID = 0
Description = 19:40:54 - Error connecting to the internet.
19:40:54 - Unable
to contact server..

[ System Events ]
Error - 2/13/2010 12:48:16 PM | Computer Name = Shrike |
Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached
while waiting for a transaction
response from the WMCoreService service.

Error - 2/28/2010 3:05:55 PM | Computer Name = Shrike |
Source = Virtual Disk Service | ID = 33554441
Description =

Error - 3/1/2010 3:25:02 PM | Computer Name = Shrike |
Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached
while waiting for a transaction
response from the PlugPlay service.

Error - 3/1/2010 3:25:02 PM | Computer Name = Shrike |
Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached
while waiting for a transaction
response from the ShellHWDetection service.

Error - 3/1/2010 3:25:02 PM | Computer Name = Shrike |
Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds)
while waiting for the Mobile
Broadband Core Service service to connect.

Error - 3/1/2010 3:25:02 PM | Computer Name = Shrike |
Source = Service Control Manager | ID = 7000
Description = The Mobile Broadband Core Service service
failed to start due to the
following error: %%1053

Error - 3/2/2010 2:46:07 PM | Computer Name = Shrike |
Source = ipnathlp | ID = 31004
Description =

Error - 3/3/2010 2:37:35 PM | Computer Name = Shrike |
Source = ipnathlp | ID = 31004
Description =

Error - 3/4/2010 4:03:30 PM | Computer Name = Shrike |
Source = ipnathlp | ID = 31004
Description =

Error - 3/4/2010 4:08:55 PM | Computer Name = Shrike |
Source = Disk | ID = 262155
Description = The driver detected a controller error on
\Device\Harddisk1\DR1.


< End of report >


Report •

#14
March 9, 2010 at 17:53:39
Please download OTL from following site:

OTL by OldTimer

1. Save it to your desktop
2. Double click the OTL icon on your desktop
3. Close any open browsers.
4. Double-click on OTL.exe to start the program.

Under the Custom Scans/Fixes box at the bottom, paste in text between the X's
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
:OTL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-
7695ECA05670} - No CLSID value found.
O36 - AppCertDlls: AppSecDll -
(C:\Users\Nick\AppData\Local\Windows Server\mlthnj.dll) -
C:\Users\Nick\AppData\Local\Windows Server\mlthnj.dll ()


XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Then click the Run Fix button at the top
Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Please run the BitDefender online scan this link:
Bitdefender Online Scanner

Click I Agree to agree to the EULA.
Allow the ActiveX control to install when prompted.
Click Click here to scan to begin the scan.
Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
When the scan is finished, click on Click here to export the scan results.
Save the report to your desktop so you can post it in your next reply.


Report •

#15
March 10, 2010 at 09:16:16
========== OTL ==========
Registry key
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curre
ntVersion\Explorer\Browser Helper Objects\ deleted
successfully.
File 2478D38-C3F9-4efb-9B51- not found.
Registry value
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro
l\Session Manager\AppCertDlls\\ not found.
File pSecDll - not found.

OTL by OldTimer - Version 3.1.35.0 log created on
03102010_171508

Report •

#16
March 10, 2010 at 09:21:00
BitDefender QuickScan Beta 32-bit v0.9.9.9
------------------------------------------

Scan date: Wed Mar 10 17:18:44 2010
Machine ID: 8C9640

No infection found.
---------------------


Processes
---------
<verified> ConfigFree(TM) 4080
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
<verified> ConfigFree(TM) 3300
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
<verified> Google Chrome 564
C:\Users\Nick\AppData\Local\Google\Chrome\Application\chr
ome.exe
<verified> Google Chrome 2724
C:\Users\Nick\AppData\Local\Google\Chrome\Application\chr
ome.exe
<verified> Google Chrome 3632
C:\Users\Nick\AppData\Local\Google\Chrome\Application\chr
ome.exe
<verified> Google Chrome 5136
C:\Users\Nick\AppData\Local\Google\Chrome\Application\chr
ome.exe
<verified> Google Chrome 5560
C:\Users\Nick\AppData\Local\Google\Chrome\Application\chr
ome.exe
<verified> Google Chrome 6040
C:\Users\Nick\AppData\Local\Google\Chrome\Application\chr
ome.exe
<verified> Kaspersky Anti-Virus 3224
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet
Security 2010\avp.exe
<verified> TOSHIBA Online Product Information 3472
C:\Program Files (x86)\TOSHIBA\Toshiba Online Product
Information\TOPI.exe
<verified> Windows Live Communications Platform 4448
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
<verified> Windows Live Messenger 3152
C:\Program Files (x86)\Windows
Live\Messenger\msnmsgr.exe


Network activity
----------------


Autoruns and critical files
---------------------------
<unsigned> HWSetup C:\Program
Files\TOSHIBA\Utilities\HWSetup.exe
<unsigned> SVPWUTIL Application
C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe

<verified> Adobe Acrobat C:\Program
Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
<verified> Google Update
C:\Users\Nick\AppData\Local\Google\Update\GoogleUpdate.e
xe
<verified> Kaspersky Anti-Virus C:\Program
Files (x86)\Kaspersky Lab\Kaspersky Internet Security
2010\avp.exe
<verified> Kaspersky Anti-Virus c:\Program
Files (x86)\Kaspersky Lab\Kaspersky Internet Security
2010\mzvkbd3.dll
<verified> Kaspersky Anti-Virus c:\Program
Files (x86)\Kaspersky Lab\Kaspersky Internet Security
2010\sbhook.dll
<verified> KeNotify Application C:\Program
Files (x86)\TOSHIBA\Utilities\KeNotify.exe
<verified> Microsoft® Windows® Operating System
C:\Program Files\Windows Sidebar\sidebar.exe
<verified> Microsoft® Windows® Operating System
C:\Windows\Speech\Common\sapisvr.exe
<verified> Microsoft® Windows® Operating System
c:\windows\system32\userinit.exe
<verified> TOSHIBA Online Product Information
C:\Program Files (x86)\TOSHIBA\Toshiba Online Product
Information\TOPI.exe
<verified> TOSHIBA Service Station C:\Program
Files (x86)\TOSHIBA\TOSHIBA Service
Station\ToshibaServiceStation.exe
<verified> TOSHIBA Web Camera Application
C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera
Application\TWebCamera.exe
<verified> Windows Live Messenger C:\Program
Files (x86)\Windows Live\Messenger\msnmsgr.exe


Browser plugins
---------------
<verified> Adobe® Flash® Player ActiveX
C:\Windows\Downloaded Program
Files\FP_AX_CAB_INSTALLER.exe
<verified> BitDefender QuickScan
C:\Users\Nick\AppData\Local\Google\Chrome\User
Data\Default\Extensions\hbaokpefboaljmnibacdomagkkfmhodl
\0.9.9.9\npqscan.dll
<verified> BitDefender QuickScan
C:\Users\Nick\AppData\Local\Google\Chrome\User
Data\Default\Extensions\hbaokpefboaljmnibacdomagkkfmhodl
\0.9.9.9\npqslauncher.dll
<verified> Google Toolbar for Internet Explorer c:\program
files (x86)\google\google toolbar\googletoolbar_32.dll
<verified> Microsoft® Windows® Operating System
C:\Windows\System32\mswsock.dll
<verified> Microsoft® Windows® Operating System
C:\Windows\system32\napinsp.dll
<verified> Microsoft® Windows® Operating System
C:\Windows\system32\NLAapi.dll
<verified> Microsoft® Windows® Operating System
C:\Windows\system32\pnrpnsp.dll
<verified> Microsoft® Windows® Operating System
C:\Windows\System32\winrnr.dll
<verified> MSN® Games by Zone.com
C:\Windows\Downloaded Program
Files\MessengerStatsPAClient.dll
<verified> MSN® Games by Zone.com
C:\Windows\Downloaded Program Files\MineSweeper.dll
<verified> NPSWF32.dll
C:\Windows\system32\Macromed\Flash\NPSWF32.dll
<verified> Silverlight Plug-In C:\Program Files
(x86)\Microsoft Silverlight\3.0.50106.0\npctrl.dll
<verified> Snagit c:\program files
(x86)\techsmith\snagit 9\snagitieaddin.dll
<verified> Windows Live® Photo Gallery C:\Program
Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
<verified> Windows® Internet Explorer
C:\Windows\SysWOW64\ieframe.dll


Scan
----
<unsigned> MD5: f2f51454681ebab6c977849934f9b521
C:\Program Files (x86)\TOSHIBA\F3607gw Mobile Broadband
Device\WMCore\mini_WMCore.exe
<unsigned> MD5: 96e8146a1107387eda800ca9ca36cdb0
C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe
<unsigned> MD5: 8107e3a186c034ddeb14718d71332714
C:\Program Files\TOSHIBA\Utilities\HWSetup.exe
<unsigned> MD5: 4928ab3a304ddf05c354de3807a4a66b
C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e
3b_8.0.50727.4053_none_cbf21254470d8752\mfc80.dll
<unsigned> MD5: 686b224b4987c22b153fbb545fee9657
C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e
3b_8.0.50727.4053_none_cbf21254470d8752\mfc80u.dll
<unsigned> MD5: d8584c7fb9a1ba8480f9000c1ca1b415
C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e1
8e3b_8.0.50727.4053_none_03ca5532205cb096\mfc80ENU.dl
l


No file uploaded.

Scan finished - communication took 4 sec
Total traffic - 0.06 MB sent, 1.17 KB recvd
Scanned 591 files and modules - 44 seconds


Report •

#17
March 10, 2010 at 18:09:32
Are there any changes, are you still getting the bad image notice ?

Report •

#18
March 11, 2010 at 02:34:09
Yes V_V

Report •

#19
March 11, 2010 at 09:32:53
There is still a bad image problemo

Report •

#20
March 11, 2010 at 18:54:39
The bad image problem seems to be something other than a virus or spyware.

I know you have run scf /scannow but try it again since the dtl run may have killed a bad file.

Try sfc /scannow and see if it will replace any bad file that you may have.

Click the start orb and type CMD, when it comes up right-click it & select 'run as administrator'. Once CMD is open, type sfc /scannow (note the space after sfc is needed) then click enter.. This will do a complete system file integrity check which will located damaged/corrupt files & replace them with backups of the original.


Report •

#21
March 11, 2010 at 21:40:13
I have windows 7 pro and I'm not sure if Home Premium is the same.
Try tapping f8 to safe mode and click on fix my computer and see if that does the trick for you. It works on Pro.

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

#22
March 12, 2010 at 09:28:11
actually the free programs are for XP... but i may try the safe
mode thingy if sfc /scannow does not work which is running now

Report •

#23
March 12, 2010 at 10:26:23
sfc /scannow found nothing and did not tell me to restart my
computer

When i pressed F8 i clicked repair my computer then selected
my keyboard and user account. What am i supposed to do
then? there was a lot of options


Report •

#24
March 12, 2010 at 10:41:05
google is a good friend:
http://www.sevenforums.com/tutorial...


Report •

#25
March 12, 2010 at 10:53:02
meh that failed >_>

Report •

#26
March 12, 2010 at 10:56:09
post the EXACT error message


Report •

#27
March 12, 2010 at 11:15:40
no it just said there was no errors found and told me to remove
any discs and such

Report •

#28
March 12, 2010 at 12:14:54
It keeps popping up a windows saying i have a
bad image constantly.

Does that message still appear? If so, what is the EXACT message?


Report •

#29
Report •

#30
Report •

#31
March 13, 2010 at 10:12:08
i cant acess the file appdata does not exist
I tryed to acess it in safemode but safemode would not load it
just froze when trying to load one of the .dll files. I tries multiple
time V_V

Report •

#32
March 13, 2010 at 10:21:09
I don't have a clue about what you just said?

Report •

#33
March 13, 2010 at 10:24:01
sorry...
I tried to access mlthnj.dll but one of the folders leading to it did
not exist

I tried to use safemode to get there but that did not start up

Understand?


Report •

#34
March 13, 2010 at 10:26:52
mlthnj.dll is spyware, why are you trying to access it?

Did you try super anti-spy like it was mentioned in the link I gave you in response 30?
It says it will remove that infection

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

#35
March 13, 2010 at 10:29:01
ok trying that now. I did not realise it was spyware i thought it
was a windows run file >_>

Report •

#36
March 13, 2010 at 10:56:38
its still scanning and has not found mlthnj.dll yet
I have found it though. Should i delete it?

Report •

#37
March 13, 2010 at 11:05:56
im going to delete it since the spyware thingy failed

Report •

#38
March 13, 2010 at 11:09:25
ok its been fixed i typed
C:\Users\(username)\Appdata\Local\Windows Server
Then deleted mlthnj.dll and now the error is gone Thanks for all the help Jabuck and xpuser4real

Report •

#39
March 13, 2010 at 11:34:07
Glad you got it sorted out, thanks for posting back

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

Ask Question