slamdunk

Members

View Profile See their activity

Posts
7
Joined
July 13, 2012
Last visited
November 23, 2014

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by slamdunk

C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

slamdunk replied to slamdunk's topic in Resolved Malware Removal Logs

Very good now, I appreciate your help .. I will champion your site ... I have friends who have problems, I'll send them to you. Thanks for your help.. James
C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

slamdunk replied to slamdunk's topic in Resolved Malware Removal Logs

Maniac, I ran OTL, pasted the files you provided into the Custom Scan/Fixes box and ran quick scan.. then rebooted ... this is the only file in the C:\_OTL\MovedFiles, except WinAmp folder ... so I'm pasting what I see here: All processes killed ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{57BCA5FA-5DBB-45a2-B558-1755C3F6253B} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}\ deleted successfully. C:\Program Files\Winamp Toolbar\winamptb.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{90eee664-34b1-422a-a782-779af65cdf6d} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90eee664-34b1-422a-a782-779af65cdf6d}\ not found. HKU\S-1-5-21-658057386-4236903089-2978409280-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! Registry value HKEY_USERS\S-1-5-21-658057386-4236903089-2978409280-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{57BCA5FA-5DBB-45a2-B558-1755C3F6253B} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}\ not found. File C:\Program Files\Winamp Toolbar\winamptb.dll not found. Registry value HKEY_USERS\S-1-5-21-658057386-4236903089-2978409280-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{90eee664-34b1-422a-a782-779af65cdf6d} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90eee664-34b1-422a-a782-779af65cdf6d}\ not found. Registry key HKEY_USERS\S-1-5-21-658057386-4236903089-2978409280-1000\Software\Microsoft\Internet Explorer\SearchScopes\{4C2B5789-5F9B-4D32-A24C-F5DB1805AAB1}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4C2B5789-5F9B-4D32-A24C-F5DB1805AAB1}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}\ deleted successfully. File C:\Program Files\Winamp Toolbar\winamptb.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{90eee664-34b1-422a-a782-779af65cdf6d}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90eee664-34b1-422a-a782-779af65cdf6d}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{90eee664-34b1-422a-a782-779af65cdf6d} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90eee664-34b1-422a-a782-779af65cdf6d}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}\ deleted successfully. File C:\Program Files\Winamp Toolbar\winamptb.dll not found. ADS C:\Windows\System32:Yƒwz
C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

slamdunk replied to slamdunk's topic in Resolved Malware Removal Logs

Thanks Maniac, I'll check back in the mornings.. James
C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

slamdunk replied to slamdunk's topic in Resolved Malware Removal Logs

..............................................the EXtras.txt file: OTL Extras logfile created on: 7/13/2012 6:34:57 PM - Run 1 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\James\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.87 Gb Total Physical Memory | 1.34 Gb Available Physical Memory | 71.81% Memory free 4.63 Gb Paging File | 3.63 Gb Available in Paging File | 78.38% Paging File free Paging file location(s): c:\pagefile.sys 2875 2875 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 147.58 Gb Total Space | 68.00 Gb Free Space | 46.08% Space Free | Partition Type: NTFS Computer Name: SYMPHONY | User Name: James | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 0 "InternetSettingsDisableNotify" = 0 "AutoUpdateDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 1 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine -- (TOSHIBA Corporation) "C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- () ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{05477BF1-9D8C-48AC-B9FB-2D63AC0C8397}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{26EE14F3-2A6F-4649-9D6B-2A63F4E977B0}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs3 server | "{2F6484ED-82E2-4722-96D5-51783953EBBA}" = lport=139 | protocol=6 | dir=in | app=system | "{33C45BFE-664E-4784-8DA3-86B1C1906BDC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{4B136929-9B2F-4A0D-B618-D44159B0DD2F}" = rport=137 | protocol=17 | dir=out | app=system | "{4CFD0B02-393E-4199-B0EC-25D57F4C671C}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{55522056-305C-412E-A5ED-D66BF72D9B97}" = rport=445 | protocol=6 | dir=out | app=system | "{55BE6E60-0DC3-4D19-895B-99411869CD41}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{565AD267-CC9C-4C3B-B469-784E0C319A8C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{5D44D7D6-F631-42DC-A900-308B83A6390A}" = lport=445 | protocol=6 | dir=in | app=system | "{72EBF469-69D6-42AA-9013-4A21FA782BD6}" = lport=138 | protocol=17 | dir=in | app=system | "{987F9228-D50D-47B9-B01A-E159351CF095}" = lport=137 | protocol=17 | dir=in | app=system | "{99900023-7634-49DC-BFBC-E26447EA365B}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{9A3A593D-8B92-4DFF-BF1A-35D4F6C43442}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs3 server | "{A85B60C9-F455-479C-935D-60A88A26E259}" = lport=50900 | protocol=6 | dir=in | name=adobe version cue cs3 server | "{BAA3F949-842D-41B7-AC33-64AA11AA0C51}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C439E879-54B1-4D21-BE0B-C26C0E69F0D2}" = lport=50901 | protocol=6 | dir=in | name=adobe version cue cs3 server | "{DE47239E-7141-49E2-A3C6-A40CA723DAD3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{E1FA4A9E-CF6C-478A-9B6C-C39999EA39CC}" = rport=139 | protocol=6 | dir=out | app=system | "{E3A51A24-4B56-451F-A763-5C72933CA88D}" = rport=138 | protocol=17 | dir=out | app=system | "{EA0850C6-20A2-4069-B00B-1BD81AF88C4C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{F28CBA2A-A139-4F8A-BA90-E68A7525FC0D}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00BF706D-2B8E-48A3-B1F5-916026FE674C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{2288AC28-FBAE-41E6-884D-668AB59357EB}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{4F92E4AE-1973-4D94-924E-A5E5D658C2C1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{5B8B8F11-9552-446B-857F-14E1FEABAAB2}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\indiana jones and the fate of atlantis\indiana jones and the fate of atlantis.exe | "{5C5A8E4F-D7A0-469F-8F3D-A9020F506ABC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{6F381444-A77A-4EC5-A1B1-77239361FC91}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{860B93DC-25CD-4E5B-A1D4-429DC9EA2597}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe | "{88D71826-DFF8-4DA3-BBFF-6A842DD6EF48}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{9022EFCA-4690-4DBC-A738-244C71EB3AB0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{A4097776-33BD-4B17-B3FE-FDC522DFFB17}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\indiana jones and the fate of atlantis\indiana jones and the fate of atlantis.exe | "{BB2ECD43-5373-4681-B5A3-585171FF20AF}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe | "{CED30CE1-8C01-42B1-B531-FE9D13F229BD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{D86014BE-0539-4CEF-88F1-34CA00C5FAF8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{F67F3A6D-1827-43AC-883B-80E9A8C7EEFD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "TCP Query User{3D3EF231-1E71-44A5-8AC4-466407E8884E}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "TCP Query User{E3F427B4-21E2-4F7B-9A7D-303BEF3CE087}C:\users\james\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\james\appdata\local\google\chrome\application\chrome.exe | "UDP Query User{0AA477C3-4827-4367-9591-61B1FE2F00AA}C:\users\james\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\james\appdata\local\google\chrome\application\chrome.exe | "UDP Query User{18F65D51-27DE-4270-9BE4-5FC7495F230B}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3 "{007811BF-E310-4285-BFC6-55DB29B3EDDE}" = WinPatrol "{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0 "{02EBDBB9-4600-41D3-B566-40CB861511D2}" = World of Warcraft FREE Trial "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3 "{06A419C1-0509-4967-87F9-8761D8D6765D}" = ccc-core-static "{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{09E2111C-16B1-4DDF-BF0D-F994C9A12350}" = Adobe Setup "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0 "{1266764D-FC4F-4FA7-B63B-884D53B1680F}" = NetAssistant "{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist "{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin "{18DB3375-0649-4EA3-959A-44F1ACD278BA}" = IncrediMail "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server "{1EBE1FE9-A341-3E9B-84C2-ABBB25F313E7}" = Catalyst Control Center Graphics Full New "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x32 "{26A24AE4-039D-4CA4-87B4-2F83216013F0}" = Java 6 Update 13 "{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java 6 Update 15 "{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java 7 Update 4 "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3 "{2BDF38E0-1A7F-4220-B4B7-118DD45E5E13}" = TOSHIBA Supervisor Password "{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt "{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder "{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java 6 Update 2 "{3BB2CF34-1FC8-46E2-9D64-4A8D1D577549}" = Digidesign Pro Tools Creative Collection 8.0 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0 "{409A13BD-5F3E-442B-BA7B-A1E32B2D8927}" = Digidesign Pro Tools LE 8.0 "{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades "{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore "{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings "{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001 "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3 "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02 "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator "{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA "{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center "{61EE011A-A8D9-C1BD-962D-6342A371B1DB}" = ccc-utility "{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr "{6A179A95-BA3E-8E61-D15F-A1DCC6ADBFD9}" = Catalyst Control Center Graphics Previews Vista "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All "{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3 "{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files "{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash "{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER "{6F481C0F-B941-5E3F-CABD-0F23E718DF2C}" = Catalyst Control Center Core Implementation "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7395D650-AE5D-4D68-B8FE-D3FA6B51467F}" = Driver Detective "{745877DC-8FFE-4E4C-ABBC-589B887A47D1}" = Virtual Sound Canvas DXi "{755F77D1-717E-4D7D-BF21-D3EB63906365}" = Winbond CIR Device Drivers "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3 "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3 "{82C0D164-1456-0361-4F39-58435427AFCB}" = Catalyst Control Center Graphics Full Existing "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver "{890EF3F8-742F-46BD-9E8E-084B3A1F4364}" = QuickBooks Financial Center "{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr "{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS "{8A5F34E2-37CF-4AD4-808C-2D413786E31A}" = Microsoft Visual C Runtime "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3 "{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1" = Auslogics Registry Cleaner "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support "{8E8E1C64-85FA-4327-8D4B-11FC2BB5BDF6}" = calibre "{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings "{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3 "{9F1D8E17-2AE6-4608-901D-42146D7D9C68}" = Digidesign Audio Drivers 8.0 "{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer "{A24C2C43-4312-493E-96B3-5D1DCE24DEBF}" = Free DigiRack Plug-Ins 8.0 "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific "{A72E0107-CFC5-16FB-BEA6-A74B94425ADD}" = CCC Help English "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings "{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional "{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2 "{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK "{AFCB85FD-F3FB-6977-C2DE-1D5A1E26F37E}" = ATI Catalyst Install Manager "{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0 "{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore "{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser "{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3 "{B7F560B3-6EFF-4026-A982-843895A41149}" = Adobe BridgeTalk Plugin CS3 "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3 "{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3 "{BF313243-28F5-2434-0B5B-FAA0B8B30B1C}" = Catalyst Control Center Graphics Light "{BFC85CDC-BD7C-4FDD-9507-8D74B5A79404}" = TOSHIBA Hardware Setup "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2 "{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration "{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1" = SRWare Iron 10.0.650.1 "{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3 "{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari "{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client "{D1C18EDD-571A-4BDD-BE7B-1DD86027D7FF}" = Adobe Creative Suite 3 Design Premium "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files "{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software "{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding "{D6F8B656-4127-D525-8893-8653D72DD136}" = Catalyst Control Center Graphics Previews Common "{DA22A6BB-10B5-4595-BD59-1AD4023C8536}" = Virtual Sound Canvas VST "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings "{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR "{DB4DF8B5-E448-45E5-1C6C-0C276F828E10}" = Skins "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings "{DE6A3D43-B716-9973-9E2E-4620237464C4}" = Catalyst Control Center HydraVision Full "{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3 "{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1 "{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips "{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities "{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications "{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA "{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint "{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK "{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS "{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock "{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe_c14ac4070fd9614ffe63f4bb533db2c" = Add or Remove Adobe Creative Suite 3 Design Premium "Advanced SystemCare 5_is1" = Advanced SystemCare 5 "Alarm Clock_is1" = Alarm Clock v1.0 "avast" = avast! Free Antivirus "AVS Audio Converter_is1" = AVS Audio Converter 7 "AVS Audio Editor_is1" = AVS Audio Editor version 4.2 "AVS Media Player_is1" = AVS Media Player 3.1 "AVS Update Manager_is1" = AVS Update Manager 1.0 "AVS Video Editor 4_is1" = AVS Video Editor 4 4.2.1.166 "AVS Video Recorder_is1" = AVS Video Recorder 2.4 "AVS Video to Flash_is1" = AVS Video to Flash "AVS YouTube Uploader 2.1_is1" = AVS YouTube Uploader version 2.1 "AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3 "AVS4YOU Video Converter 6_is1" = AVS Video Converter 6 "BB_is1" = Band-in-a-Box 2009.5 (Build 287) "CCleaner" = CCleaner "CleanMem" = CleanMem "CloneSpy" = CloneSpy 2.6 "Download Manager" = Download Manager 2.3.8 "Duplicate Cleaner Free" = Duplicate Cleaner Free 3.0.0 "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7 "Free Registry Defrag_is1" = Free Registry Defrag "Free Studio_is1" = Free Studio version 5.0.9 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.17.221 "Google Updater" = Google Updater "GuitarScalesMethod - TRIAL_is1" = GSM TRIAL "InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center "InstallShield_{7395D650-AE5D-4D68-B8FE-D3FA6B51467F}" = Driver Detective "InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "MJGSolo_1_is1" = Master Jazz Guitar Solos 1 "Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "Mplayer" = Mplayer 0.6.9 "NM_is1" = NoteMatch "OpenAL" = OpenAL "PG Music DirectX Plugins_is1" = PG Music DirectX Plugins 2.0.0.0 "Picasa2" = Picasa 2 "PTW80_is1" = PowerTracks Pro Audio 6 "Puzzle Master 3" = Puzzle Master 3 "Quake2UninstallKey" = Quake II "Security Task Manager" = Security Task Manager 1.8d "Smart Defrag 2_is1" = Smart Defrag 2 "SmartClose.{7F22CBCB-92B5-4F5D-9A34-BB690215BEF2}_is1" = SmartClose 1.3 "SynTPDeinstKey" = Synaptics Pointing Device Driver "TOSHIBA Software Modem" = TOSHIBA Software Modem "Uninstall_is1" = Uninstall 1.0.0.1 "WildTangent toshiba Master Uninstall" = TOSHIBA Games "Winamp" = Winamp "Winamp Toolbar" = Winamp Toolbar "Windows Media Encoder 9" = Windows Media Encoder 9 Series "WinMend Registry Defrag_is1" = WinMend Registry Defrag 1.4.1 "Wisdom-soft Set up ScreenHunter 5.1 Free" = Wisdom-soft Set up ScreenHunter 5.1 Free ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-658057386-4236903089-2978409280-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "FileZilla Client" = FileZilla Client 3.5.2 "Google Chrome" = Google Chrome "NetAssistant 3.6.5" = NetAssistant for Firefox ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 7/8/2012 7:37:46 AM | Computer Name = symphony | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 14602 Error - 7/8/2012 7:37:47 AM | Computer Name = symphony | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 7/8/2012 7:37:47 AM | Computer Name = symphony | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 15600 Error - 7/8/2012 7:37:47 AM | Computer Name = symphony | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 15600 Error - 7/8/2012 7:37:48 AM | Computer Name = symphony | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 7/8/2012 7:37:48 AM | Computer Name = symphony | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 16614 Error - 7/8/2012 7:37:48 AM | Computer Name = symphony | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 16614 Error - 7/12/2012 12:18:10 PM | Computer Name = symphony | Source = Application Error | ID = 1000 Description = Faulting application GoogleToolbarManager_0531C63A913CC9D1.exe, version 5.0.2124.6042, time stamp 0x4929a4cf, faulting module GoogleToolbarManager_0531C63A913CC9D1.exe, version 5.0.2124.6042, time stamp 0x4929a4cf, exception code 0xc0000005, fault offset 0x000a5e43, process id 0x15ac, application start time 0x01cd6049ed78fd36. Error - 7/12/2012 12:18:24 PM | Computer Name = symphony | Source = Application Error | ID = 1000 Description = Faulting application GoogleToolbarManager_0531C63A913CC9D1.exe, version 5.0.2124.6042, time stamp 0x4929a4cf, faulting module GoogleToolbarManager_0531C63A913CC9D1.exe, version 5.0.2124.6042, time stamp 0x4929a4cf, exception code 0xc0000005, fault offset 0x000a5e43, process id 0x10b4, application start time 0x01cd6049f5d28ff6. Error - 7/12/2012 12:18:40 PM | Computer Name = symphony | Source = Application Error | ID = 1000 Description = Faulting application GoogleToolbarManager_0531C63A913CC9D1.exe, version 5.0.2124.6042, time stamp 0x4929a4cf, faulting module GoogleToolbarManager_0531C63A913CC9D1.exe, version 5.0.2124.6042, time stamp 0x4929a4cf, exception code 0xc0000005, fault offset 0x000a5e43, process id 0x7d4, application start time 0x01cd6049ff74a076. Error - 7/13/2012 5:08:38 AM | Computer Name = symphony | Source = VSS | ID = 8194 Description = Error - 7/13/2012 4:29:53 PM | Computer Name = symphony | Source = EventSystem | ID = 4621 Description = [ System Events ] Error - 7/13/2012 9:30:51 AM | Computer Name = symphony | Source = Service Control Manager | ID = 7000 Description = Error - 7/13/2012 2:55:32 PM | Computer Name = symphony | Source = Service Control Manager | ID = 7000 Description = Error - 7/13/2012 2:55:32 PM | Computer Name = symphony | Source = Service Control Manager | ID = 7026 Description = Error - 7/13/2012 4:17:33 PM | Computer Name = symphony | Source = Service Control Manager | ID = 7000 Description = Error - 7/13/2012 4:17:33 PM | Computer Name = symphony | Source = Service Control Manager | ID = 7026 Description = Error - 7/13/2012 4:17:35 PM | Computer Name = symphony | Source = Microsoft-Windows-Kernel-General | ID = 5 Description = Error - 7/13/2012 4:32:30 PM | Computer Name = symphony | Source = Service Control Manager | ID = 7000 Description = Error - 7/13/2012 4:32:30 PM | Computer Name = symphony | Source = Service Control Manager | ID = 7026 Description = Error - 7/13/2012 4:47:47 PM | Computer Name = symphony | Source = Service Control Manager | ID = 7000 Description = Error - 7/13/2012 4:47:47 PM | Computer Name = symphony | Source = Service Control Manager | ID = 7026 Description = < End of report >
C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

slamdunk replied to slamdunk's topic in Resolved Malware Removal Logs

Ok Maniac, Here's the OTLfiles: OTL logfile created on: 7/13/2012 6:34:57 PM - Run 1 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\James\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.87 Gb Total Physical Memory | 1.34 Gb Available Physical Memory | 71.81% Memory free 4.63 Gb Paging File | 3.63 Gb Available in Paging File | 78.38% Paging File free Paging file location(s): c:\pagefile.sys 2875 2875 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 147.58 Gb Total Space | 68.00 Gb Free Space | 46.08% Space Free | Partition Type: NTFS Computer Name: SYMPHONY | User Name: James | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/07/13 18:25:07 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\James\Downloads\OTL.exe PRC - [2012/06/28 05:51:53 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2012/06/28 05:51:51 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2012/06/17 18:37:59 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2012/05/28 15:56:36 | 000,288,128 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe PRC - [2012/05/26 12:04:52 | 000,913,792 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe PRC - [2011/05/15 12:53:20 | 000,325,512 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe PRC - [2011/04/10 17:29:14 | 001,646,936 | ---- | M] (IObit) -- C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008/10/18 22:58:24 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe PRC - [2008/08/14 11:14:20 | 000,200,704 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynToshiba.exe PRC - [2008/05/02 02:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe PRC - [2008/05/02 02:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe PRC - [2008/01/19 00:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2007/08/15 16:31:50 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe PRC - [2007/08/01 15:39:18 | 000,077,824 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe PRC - [2007/07/20 21:45:16 | 001,372,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe PRC - [2007/06/19 16:28:32 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe PRC - [2007/06/15 22:01:58 | 000,448,080 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SmoothView\SmoothView.exe PRC - [2007/05/18 04:43:00 | 000,430,080 | ---- | M] () -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe PRC - [2007/03/29 11:39:20 | 000,427,576 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe PRC - [2007/03/29 11:39:18 | 000,411,192 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TPwrMain.exe PRC - [2007/02/25 22:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe PRC - [2007/01/25 19:47:50 | 000,136,816 | ---- | M] () -- C:\Toshiba\IVP\ISM\pinger.exe PRC - [2006/11/14 21:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe PRC - [2006/10/22 23:24:02 | 000,620,152 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe PRC - [2006/10/05 13:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe PRC - [2006/08/23 17:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe PRC - [2006/05/25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe ========== Modules (No Company Name) ========== MOD - [2012/06/17 18:37:57 | 002,042,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2012/06/15 03:44:50 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll MOD - [2012/06/15 03:42:28 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll MOD - [2012/06/15 03:42:17 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll MOD - [2012/05/24 10:45:42 | 000,138,112 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\ASCv5ExtMenu.dll MOD - [2012/05/11 03:45:19 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll MOD - [2012/05/11 03:44:45 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll MOD - [2012/05/11 03:44:41 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\1b337cf9a031145849bc48c11b2cfe58\Accessibility.ni.dll MOD - [2012/05/11 03:43:09 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll MOD - [2012/05/11 03:41:27 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll MOD - [2012/05/11 03:41:18 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll MOD - [2011/11/08 13:46:02 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll MOD - [2011/04/14 18:01:33 | 000,548,854 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll MOD - [2011/04/10 17:28:46 | 000,047,960 | ---- | M] () -- C:\Program Files\IObit\Smart Defrag 2\NtfsData.dll MOD - [2009/09/15 18:20:52 | 000,177,152 | ---- | M] () -- C:\Program Files\IObit\Smart Defrag 2\madbasic_.bpl MOD - [2009/09/15 18:20:52 | 000,044,544 | ---- | M] () -- C:\Program Files\IObit\Smart Defrag 2\maddisAsm_.bpl MOD - [2009/09/15 18:20:46 | 000,345,088 | ---- | M] () -- C:\Program Files\IObit\Smart Defrag 2\madexcept_.bpl MOD - [2009/02/25 14:34:55 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll MOD - [2008/11/14 04:29:10 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HydraVision.Wizard\2.0.3223.36990__90ba9c70f846762e\CLI.Aspect.HydraVision.Wizard.dll MOD - [2008/11/14 04:29:10 | 000,278,528 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3223.36839__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2008/11/14 04:29:10 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3223.36858__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2008/11/14 04:29:10 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3223.36852__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2008/11/14 04:29:10 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3223.36846__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll MOD - [2008/11/14 04:29:10 | 000,011,776 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3223.36982__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll MOD - [2008/11/14 04:29:10 | 000,008,704 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3223.36981__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll MOD - [2008/11/14 04:29:10 | 000,007,680 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Wizard\2.0.3223.36987__90ba9c70f846762e\CLI.Caste.HydraVision.Wizard.dll MOD - [2008/11/14 04:29:10 | 000,007,680 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.3223.36982__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.dll MOD - [2008/11/14 04:29:09 | 001,691,648 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3223.36856__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll MOD - [2008/11/14 04:29:09 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3223.36961__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll MOD - [2008/11/14 04:29:09 | 000,364,544 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3223.36942__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll MOD - [2008/11/14 04:29:09 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3223.36936__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2008/11/14 04:29:09 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3223.36846__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2008/11/14 04:29:09 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3223.36912__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2008/11/14 04:29:09 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3223.36895__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll MOD - [2008/11/14 04:29:08 | 000,356,352 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3223.36919__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2008/11/14 04:29:08 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3223.36962__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2008/11/14 04:29:08 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3223.36919__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2008/11/14 04:29:08 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3223.36918__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2008/11/14 04:29:08 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3223.36960__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll MOD - [2008/11/14 04:29:06 | 000,811,008 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3223.36897__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll MOD - [2008/11/14 04:29:06 | 000,720,896 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3223.36848__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll MOD - [2008/11/14 04:29:06 | 000,589,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3223.36859__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll MOD - [2008/11/14 04:29:06 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3223.36930__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll MOD - [2008/11/14 04:29:06 | 000,225,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3223.36858__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2008/11/14 04:29:06 | 000,122,880 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3223.36909__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll MOD - [2008/11/14 04:29:06 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3223.36896__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2008/11/14 04:29:06 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3223.36862__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll MOD - [2008/11/14 04:29:06 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3223.36908__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll MOD - [2008/11/14 04:29:05 | 000,798,720 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3223.36937__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll MOD - [2008/11/14 04:29:05 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3223.36896__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2008/11/14 04:29:05 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3223.36911__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll MOD - [2008/11/14 04:29:05 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3223.36863__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll MOD - [2008/11/14 04:29:05 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3223.36895__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2008/11/14 04:29:05 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3223.36896__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2008/11/14 04:29:05 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3223.36910__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2008/11/14 04:29:04 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3184.27499__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2008/11/14 04:29:04 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3184.27506__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll MOD - [2008/11/14 04:29:03 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3184.27491__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2008/11/14 04:29:03 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3184.27533__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2008/11/14 04:29:03 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3184.27509__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2008/11/14 04:29:03 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3184.27533__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2008/11/14 04:29:03 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2008/11/14 04:29:02 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3184.27483__90ba9c70f846762e\LOG.Foundation.dll MOD - [2008/11/14 04:29:02 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3184.27484__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2008/11/14 04:29:02 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3184.27511__90ba9c70f846762e\DEM.OS.I0602.dll MOD - [2008/11/14 04:29:02 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3184.27510__90ba9c70f846762e\MOM.Foundation.dll MOD - [2008/11/14 04:29:02 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3184.27511__90ba9c70f846762e\DEM.OS.dll MOD - [2008/11/14 04:29:02 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll MOD - [2008/11/14 04:29:01 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3184.27501__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2008/11/14 04:29:01 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3184.27485__90ba9c70f846762e\CLI.Foundation.dll MOD - [2008/11/14 04:29:01 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2008/11/14 04:29:01 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3184.27528__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2008/11/14 04:29:01 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3184.27567__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2008/11/14 04:29:01 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3184.27503__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2008/11/14 04:29:01 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3184.27499__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2008/11/14 04:29:01 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3184.27492__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2008/11/14 04:29:01 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3184.27512__90ba9c70f846762e\DEM.Graphics.dll MOD - [2008/11/14 04:29:01 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2008/11/14 04:29:01 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3184.27498__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2008/11/14 04:29:01 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3184.27515__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2008/11/14 04:29:01 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3184.27513__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2008/11/14 04:29:00 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3184.27520__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2008/11/14 04:29:00 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3184.27520__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2008/11/14 04:29:00 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3184.27518__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2008/11/14 04:29:00 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3184.27527__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll MOD - [2008/11/14 04:29:00 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3184.27516__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll MOD - [2008/11/14 04:29:00 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3184.27519__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll MOD - [2008/11/14 04:29:00 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3184.27514__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll MOD - [2008/11/14 04:28:59 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3184.27518__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2008/11/14 04:28:59 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3184.27517__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2008/11/14 04:28:59 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3184.27520__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2008/11/14 04:28:59 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3184.27509__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2008/11/14 04:28:59 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3184.27513__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2008/11/14 04:28:59 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3184.27510__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2008/11/14 04:28:59 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll MOD - [2008/11/14 04:28:59 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3184.27508__90ba9c70f846762e\APM.Foundation.dll MOD - [2008/11/14 04:28:59 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3184.27499__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2008/11/14 04:28:59 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3223.36983__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll MOD - [2008/11/14 04:28:58 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3223.36973__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2008/11/14 04:28:58 | 000,014,848 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll MOD - [2008/11/14 04:28:58 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll MOD - [2008/11/14 04:28:58 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3223.36836__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll MOD - [2008/11/14 04:28:57 | 000,536,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3223.36947__90ba9c70f846762e\CLI.Component.Systemtray.dll MOD - [2008/11/14 04:28:57 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3223.36851__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2008/11/14 04:28:57 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3223.36953__90ba9c70f846762e\MOM.Implementation.dll MOD - [2008/11/14 04:28:57 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3223.36951__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2008/11/14 04:28:57 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3223.36838__90ba9c70f846762e\CLI.Component.SkinFactory.dll MOD - [2008/11/14 04:28:57 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3184.27505__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2008/11/14 04:28:57 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3184.27488__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2008/11/14 04:28:57 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3184.27493__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2008/11/14 04:28:57 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3184.27504__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2008/11/14 04:28:57 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3184.27510__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2008/11/14 04:28:57 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3184.27488__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll MOD - [2008/11/14 04:28:56 | 001,077,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3223.36843__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2008/11/14 04:28:56 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3223.36837__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2008/11/14 04:28:56 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3184.27496__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2008/11/14 04:28:56 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3184.27504__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2008/11/14 04:28:55 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3223.36837__90ba9c70f846762e\ATIDEMOS.dll MOD - [2008/11/14 04:28:55 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3223.36835__90ba9c70f846762e\APM.Server.dll MOD - [2008/11/14 04:28:55 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3223.36836__90ba9c70f846762e\AEM.Server.dll MOD - [2008/11/14 04:28:55 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2008/11/14 04:28:55 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3223.36953__90ba9c70f846762e\CCC.Implementation.dll MOD - [2008/11/14 04:28:55 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3184.27521__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2008/10/30 15:39:12 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll MOD - [2007/05/18 04:43:00 | 000,430,080 | ---- | M] () -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe ========== Win32 Services (SafeList) ========== SRV - [2012/07/11 23:08:35 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/06/28 05:51:53 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012/06/17 18:37:58 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/05/26 12:04:52 | 000,913,792 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5) SRV - [2009/10/15 14:49:26 | 000,238,328 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService) SRV - [2008/12/04 00:12:16 | 000,077,824 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Disabled | Stopped] -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe -- (DigiRefresh) SRV - [2008/12/03 23:25:10 | 000,159,744 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Disabled | Stopped] -- C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe -- (digiSPTIService) SRV - [2008/10/18 22:58:24 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2008/05/02 02:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007/10/23 17:27:16 | 000,066,928 | ---- | M] () [Disabled | Stopped] -- c:\Toshiba\IVP\swupdate\swupdtmr.exe -- (Swupdtmr) SRV - [2007/08/01 15:39:18 | 000,077,824 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv) SRV - [2007/03/29 11:39:20 | 000,427,576 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv) SRV - [2007/03/20 16:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3) SRV - [2007/02/25 22:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service) SRV - [2007/01/25 19:47:50 | 000,136,816 | ---- | M] () [Auto | Running] -- C:\Toshiba\IVP\ISM\pinger.exe -- (pinger) SRV - [2006/11/14 21:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs) SRV - [2006/10/05 13:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2006/08/23 17:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper) SRV - [2006/05/25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv) SRV - [2005/03/30 16:46:56 | 000,411,920 | ---- | M] (Eastman Kodak Company) [On_Demand | Stopped] -- C:\Windows\System32\drivers\KodakCCS.exe -- (KodakCCS) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL) DRV - File not found [Kernel | Disabled | Stopped] -- system32\drivers\TfSysMon.sys -- (TfSysMon) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\TfNetMon.sys -- (TfNetMon) DRV - File not found [Kernel | Disabled | Stopped] -- system32\drivers\TfFsMon.sys -- (TfFsMon) DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\coShared\CW\1.5\CO_Mon.sys -- (CWMonitor) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2012/06/28 05:52:42 | 000,353,688 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2012/06/28 05:52:42 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2012/06/28 05:52:37 | 000,721,000 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2012/06/28 05:52:37 | 000,057,656 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2012/06/28 05:52:37 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2012/06/28 05:52:36 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2011/02/23 16:52:34 | 000,016,184 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver) DRV - [2010/06/23 09:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2009/02/25 15:59:51 | 004,385,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2008/12/04 04:02:08 | 000,021,904 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbx2midk.sys -- (MBX2MIDK) DRV - [2008/12/04 04:02:04 | 000,021,648 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbx2dfu.sys -- (MBX2DFU) DRV - [2008/12/04 04:02:02 | 000,016,400 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\diginet.sys -- (DigiNet) DRV - [2008/12/04 04:01:50 | 000,097,808 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Dalwdm.sys -- (dalwdmservice) DRV - [2008/09/08 14:04:46 | 000,093,232 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TPkd.sys -- (TPkd) DRV - [2008/04/28 06:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO) DRV - [2008/02/29 03:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2008/02/29 03:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2008/02/15 19:01:18 | 000,046,592 | ---- | M] (REDC) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2007/11/09 05:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ) DRV - [2007/10/11 18:40:00 | 000,010,632 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\amdide.sys -- (amdide) DRV - [2007/09/13 15:17:58 | 000,755,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2007/08/01 15:37:20 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32) DRV - [2007/07/30 12:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2007/07/30 11:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2007/03/28 08:51:40 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir) DRV - [2006/12/11 10:28:55 | 000,008,704 | ---- | M] (Inventec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\sysprep\PEDRV.SYS -- (SVRPEDRV) DRV - [2006/11/28 16:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006/11/20 00:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk) DRV - [2006/11/09 14:32:28 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10I.sys -- (KR10I) DRV - [2006/11/09 14:31:46 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10N.sys -- (KR10N) DRV - [2006/10/23 17:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec) DRV - [2006/10/18 12:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst) DRV - [2006/09/27 20:06:56 | 000,479,488 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\kr3npxp.sys -- (KR3NPXP) DRV - [2005/06/16 14:41:02 | 000,037,150 | ---- | M] (Eastman Kodak Company) [Kernel | System | Running] -- C:\Windows\System32\drivers\DcCam.sys -- (DCCAM) DRV - [2005/03/31 09:00:10 | 000,152,081 | ---- | M] (Eastman Kodak Company) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ExportIt.sys -- (Exportit) DRV - [2005/03/31 08:47:56 | 000,070,262 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DcPtp.sys -- (DcPTP) DRV - [2005/03/31 08:47:52 | 000,008,022 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DcLps.sys -- (DcLps) DRV - [2005/03/31 08:47:48 | 000,038,673 | ---- | M] (Eastman Kodak Company) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\DCFS2k.sys -- (DCFS2K) DRV - [2005/03/31 08:47:42 | 000,061,564 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DcFpoint.sys -- (DcFpoint) DRV - [2001/04/13 20:18:24 | 000,188,276 | ---- | M] (Roland) [Kernel | Auto | Running] -- C:\Program Files\Roland\Virtual Sound Canvas VST\RVIEg01VST.sys -- (RVIEGVST) DRV - [2001/04/13 20:16:38 | 000,187,992 | ---- | M] (Roland) [Kernel | Auto | Running] -- C:\Program Files\Roland\Virtual Sound Canvas DXi\RVIEg01.sys -- (RVIEG01) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) IE - HKLM\..\URLSearchHook: {90eee664-34b1-422a-a782-779af65cdf6d} - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = {6C71B546-ABA6-43BF-B1F3-531BBA1FABA3} IE - HKLM\..\SearchScopes\{6C71B546-ABA6-43BF-B1F3-531BBA1FABA3}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage};'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}; IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7 IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-658057386-4236903089-2978409280-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=16148 IE - HKU\S-1-5-21-658057386-4236903089-2978409280-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-658057386-4236903089-2978409280-1000\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) IE - HKU\S-1-5-21-658057386-4236903089-2978409280-1000\..\URLSearchHook: {90eee664-34b1-422a-a782-779af65cdf6d} - No CLSID value found IE - HKU\S-1-5-21-658057386-4236903089-2978409280-1000\..\SearchScopes,DefaultScope = {6C71B546-ABA6-43BF-B1F3-531BBA1FABA3} IE - HKU\S-1-5-21-658057386-4236903089-2978409280-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\S-1-5-21-658057386-4236903089-2978409280-1000\..\SearchScopes\{4C2B5789-5F9B-4D32-A24C-F5DB1805AAB1}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=BCPA&o=16145&src=kw&q={searchTerms}&locale=&apn_ptnrs=QK&apn_dtid=YYYYYYYYUS&apn_uid=416FD3AE-D60F-4E82-8C78-DDE0FCB6E396&apn_sauid=F63B44C4-10AF-4864-929B-6F6FC57A3DFF& IE - HKU\S-1-5-21-658057386-4236903089-2978409280-1000\..\SearchScopes\{6C71B546-ABA6-43BF-B1F3-531BBA1FABA3}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGIE_en'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGIE_en IE - HKU\S-1-5-21-658057386-4236903089-2978409280-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={searchTerms} IE - HKU\S-1-5-21-658057386-4236903089-2978409280-1000\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7 IE - HKU\S-1-5-21-658057386-4236903089-2978409280-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-658057386-4236903089-2978409280-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll () FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files\Download Manager\npfpdlm.dll (IGN Entertainment) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\James\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\James\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/07/03 01:00:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/17 18:38:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/24 22:35:07 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1266764D-FC4F-4FA7-B63B-884D53B1680F}: C:\Users\James\AppData\Roaming\NetAssistant\ [2011/11/07 16:16:14 | 000,000,000 | ---D | M] [2009/01/16 09:35:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\James\AppData\Roaming\Mozilla\Extensions [2012/06/11 09:58:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\mn6ljrkc.default\extensions [2011/04/27 11:18:56 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\mn6ljrkc.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012/06/11 09:52:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/06/17 18:38:01 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/06/01 08:39:16 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/06/01 08:39:16 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - homepage: http://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: http://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\James\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\James\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\James\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\James\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.150.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll CHR - plugin: IGN Download Manager Plug-in (Enabled) = C:\Program Files\Download Manager\npfpdlm.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: YouTube = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: avast! WebRep = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1451_0\ CHR - Extension: Gmail = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009/01/15 21:34:35 | 000,000,734 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) O2 - BHO: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found. O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (no name) - {90eee664-34b1-422a-a782-779af65cdf6d} - No CLSID value found. O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll File not found O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found. O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (no name) - {90eee664-34b1-422a-a782-779af65cdf6d} - No CLSID value found. O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) O3 - HKU\S-1-5-21-658057386-4236903089-2978409280-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found O4 - HKLM..\Run: [skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [smoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-658057386-4236903089-2978409280-1000..\Run: [Advanced SystemCare 5] C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe (IObit) O4 - HKU\S-1-5-21-658057386-4236903089-2978409280-1000..\Run: [TOSCDSPD] TOSCDSPD.EXE File not found O4 - Startup: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2012/07/13 01:47:45 | 000,000,000 | ---D | M] O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html () O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\James\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\James\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKU\.DEFAULT\..Trusted Domains: internet ([]about in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: mcafee.com ([]http in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: mcafee.com ([]https in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Ranges: GD ([http] in Local intranet) O15 - HKU\S-1-5-18\..Trusted Domains: internet ([]about in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: mcafee.com ([]http in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: mcafee.com ([]https in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Ranges: GD ([http] in Local intranet) O15 - HKU\S-1-5-21-658057386-4236903089-2978409280-1000\..Trusted Domains: internet ([]about in Trusted sites) O15 - HKU\S-1-5-21-658057386-4236903089-2978409280-1000\..Trusted Domains: mcafee.com ([]http in Trusted sites) O15 - HKU\S-1-5-21-658057386-4236903089-2978409280-1000\..Trusted Domains: mcafee.com ([]https in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 10.4.1) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 10.4.1) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A4975A51-8323-4F12-865A-645026E9873D}: DhcpNameServer = 192.168.1.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\SYSTEM32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\James\Pictures\iguazu-falls-argentina-brazil-1.jpg O24 - Desktop BackupWallPaper: C:\Users\James\Pictures\iguazu-falls-argentina-brazil-1.jpg O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{8be44d1a-75d5-11df-90e9-00a0d193a685}\Shell\AutoRun\command - "" = E:\InstallSeagateManager.exe O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\InstallSeagateManager.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012/07/13 13:07:13 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis [2012/07/13 13:07:12 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2012/07/13 12:16:11 | 000,000,000 | ---D | C] -- C:\Users\James\Desktop\RK_Quarantine [2012/07/13 03:16:22 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\DigitalVolcano [2012/07/13 02:46:08 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Duplicate Cleaner [2012/07/13 02:46:08 | 000,000,000 | ---D | C] -- C:\Program Files\Duplicate Cleaner [2012/07/13 02:32:22 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\Microsoft Corporation [2012/07/13 02:30:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor [2012/07/13 02:05:01 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan [2012/07/13 02:04:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager [2012/07/13 02:04:55 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager [2012/07/13 01:47:45 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2012/07/12 09:59:06 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Roaming\SmartClose [2012/07/12 09:59:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartClose [2012/07/12 09:59:06 | 000,000,000 | ---D | C] -- C:\Program Files\SmartClose [2012/07/12 09:39:59 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit [2012/07/12 09:39:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 5 [2012/07/12 08:58:18 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Roaming\DriverCure [2012/07/12 08:58:17 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Roaming\SpeedMaxPc [2012/07/12 08:56:45 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedMaxPc [2012/07/10 18:01:35 | 000,000,000 | ---D | C] -- C:\Windows\$regcmp$ [2012/06/28 16:02:54 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\PackageAware [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/07/13 18:40:00 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8745BB72-2595-4446-9C56-D1AD525F29B7}.job [2012/07/13 18:32:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/07/13 18:20:01 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-658057386-4236903089-2978409280-1000UA.job [2012/07/13 18:08:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/07/13 17:47:32 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012/07/13 17:47:32 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012/07/13 14:39:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2012/07/13 14:09:59 | 000,002,483 | ---- | M] () -- C:\Users\James\Desktop\HiJackThis.lnk [2012/07/13 13:51:25 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/07/13 13:47:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/07/13 10:28:40 | 000,000,877 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/07/13 09:20:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-658057386-4236903089-2978409280-1000Core.job [2012/07/13 02:46:09 | 000,000,878 | ---- | M] () -- C:\Users\James\Desktop\Duplicate Cleaner.lnk [2012/07/13 02:30:58 | 000,001,955 | ---- | M] () -- C:\Users\Public\Desktop\Windows 7 Upgrade Advisor.lnk [2012/07/13 02:25:22 | 003,008,542 | ---- | M] () -- C:\Users\James\Documents\AutoRuns.arn [2012/07/12 14:26:05 | 000,002,053 | ---- | M] () -- C:\Users\James\Desktop\Google Chrome.lnk [2012/07/12 11:30:09 | 001,739,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012/07/12 11:26:01 | 000,021,130 | ---- | M] () -- C:\Windows\cscmondump.bin [2012/07/12 09:59:06 | 000,000,943 | ---- | M] () -- C:\Users\James\Application Data\Microsoft\Internet Explorer\Quick Launch\SmartClose.lnk [2012/07/12 09:59:06 | 000,000,919 | ---- | M] () -- C:\Users\Public\Desktop\SmartClose.lnk [2012/07/12 09:39:46 | 000,001,036 | ---- | M] () -- C:\Users\Public\Desktop\Uninstaller.lnk [2012/07/12 09:39:46 | 000,000,985 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare 5.lnk [2012/07/12 09:39:45 | 000,001,009 | ---- | M] () -- C:\Users\James\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare 5.lnk [2012/07/10 17:25:29 | 000,000,775 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012/07/08 03:34:13 | 000,002,463 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012/07/03 01:00:20 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2012/06/28 05:52:42 | 000,353,688 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2012/06/28 05:52:42 | 000,054,232 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys [2012/06/28 05:52:37 | 000,721,000 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys [2012/06/28 05:52:37 | 000,057,656 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2012/06/28 05:52:37 | 000,035,928 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys [2012/06/28 05:52:36 | 000,021,256 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2012/06/28 05:52:20 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2012/06/28 05:51:49 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2012/06/17 16:24:49 | 000,001,800 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2012/06/15 03:14:10 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/06/15 03:14:10 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/07/13 13:07:13 | 000,002,483 | ---- | C] () -- C:\Users\James\Desktop\HiJackThis.lnk [2012/07/13 02:46:09 | 000,000,878 | ---- | C] () -- C:\Users\James\Desktop\Duplicate Cleaner.lnk [2012/07/13 02:30:58 | 000,001,967 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk [2012/07/13 02:30:58 | 000,001,955 | ---- | C] () -- C:\Users\Public\Desktop\Windows 7 Upgrade Advisor.lnk [2012/07/13 02:25:21 | 003,008,542 | ---- | C] () -- C:\Users\James\Documents\AutoRuns.arn [2012/07/12 11:26:01 | 000,021,130 | ---- | C] () -- C:\Windows\cscmondump.bin [2012/07/12 09:59:06 | 000,000,943 | ---- | C] () -- C:\Users\James\Application Data\Microsoft\Internet Explorer\Quick Launch\SmartClose.lnk [2012/07/12 09:59:06 | 000,000,919 | ---- | C] () -- C:\Users\Public\Desktop\SmartClose.lnk [2012/07/12 09:39:46 | 000,001,036 | ---- | C] () -- C:\Users\Public\Desktop\Uninstaller.lnk [2012/07/12 09:39:46 | 000,000,985 | ---- | C] () -- C:\Users\Public\Desktop\Advanced SystemCare 5.lnk [2012/07/12 09:39:45 | 000,001,009 | ---- | C] () -- C:\Users\James\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare 5.lnk [2012/06/28 16:05:35 | 000,604,273 | ---- | C] () -- C:\Users\James\Documents\Stourhead-Garden-Wiltshire-England.jpg [2012/06/20 16:12:13 | 000,000,877 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2011/12/10 13:24:42 | 000,002,204 | ---- | C] () -- C:\Windows\System32\drivers\RtPCEE3.DAT [2011/12/10 13:24:42 | 000,000,852 | ---- | C] () -- C:\Windows\System32\drivers\RTKHDRC.dat [2011/12/10 13:24:42 | 000,000,712 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat [2011/12/10 13:24:42 | 000,000,712 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat [2011/12/10 13:24:42 | 000,000,048 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat [2011/08/18 10:14:07 | 000,000,510 | ---- | C] () -- C:\Users\James\AppData\Roaming\wklnhst.dat [2011/05/30 10:42:20 | 000,000,218 | ---- | C] () -- C:\Users\James\.recently-used.xbel [2011/04/29 14:54:33 | 000,000,018 | ---- | C] () -- C:\Windows\cmm.dat [2011/04/27 11:23:25 | 000,029,520 | ---- | C] () -- C:\Windows\System32\SmartDefragBootTime.exe [2011/04/27 11:23:25 | 000,016,184 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys [2011/01/10 17:23:42 | 000,000,186 | ---- | C] () -- C:\Windows\System32\CleanMem.ini [2009/07/26 11:44:42 | 000,000,000 | ---- | C] () -- C:\Users\James\AppData\Roaming\AVSMediaPlayer.m3u [2009/03/24 11:02:03 | 000,000,552 | ---- | C] () -- C:\Users\James\AppData\Local\d3d8caps.dat [2009/01/15 20:31:17 | 000,061,224 | ---- | C] () -- C:\Users\James\GoToAssistDownloadHelper.exe [2008/09/24 21:19:38 | 000,023,552 | ---- | C] () -- C:\Users\James\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/02/03 09:23:53 | 000,001,356 | ---- | C] () -- C:\Users\James\AppData\Local\d3d9caps.dat ========== LOP Check ========== [2012/06/06 18:50:41 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\WinPatrol [2012/07/12 09:10:08 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Auslogics [2012/05/02 05:59:18 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\calibre [2012/06/14 08:09:29 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\CloneSpy [2009/12/08 00:47:21 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Digidesign [2012/07/12 08:58:18 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\DriverCure [2012/02/29 05:18:15 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\DVDVideoSoft [2011/05/20 06:22:20 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\DVDVideoSoftIEHelpers [2011/06/13 08:09:50 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Easeware [2011/12/05 19:42:08 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\FileZilla [2010/07/22 02:14:22 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\FrostWire [2009/11/08 14:59:13 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\GetRightToGo [2011/11/07 17:05:37 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\gtk-2.0 [2012/07/12 09:39:50 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\IObit [2011/11/23 17:57:03 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\KompoZer [2009/10/28 03:23:06 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\LucasArts [2011/11/07 16:16:14 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\NetAssistant [2009/08/10 10:55:54 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\OpenOffice.org [2009/12/04 00:01:56 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\PACE Anti-Piracy [2011/05/30 09:51:07 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Participatory Culture Foundation [2012/05/25 06:39:22 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\PC Cleaners [2011/05/30 10:42:20 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\PCF-VLC [2012/05/25 06:39:28 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\PCPro [2009/11/08 15:13:35 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\PlayFirst [2008/10/03 17:52:43 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Skinux [2012/07/12 09:59:06 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\SmartClose [2012/07/12 08:58:17 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\SpeedMaxPc [2011/08/18 10:14:09 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Template [2008/02/02 22:42:15 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\TOSHIBA [2009/12/04 00:05:22 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Trillium Lane [2009/05/27 22:00:07 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Ulead Systems [2008/02/03 18:24:29 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\WildTangent [2008/03/24 02:16:04 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\WinBatch [2011/12/17 13:03:49 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\WinPatrol [2012/07/13 13:45:19 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012/07/13 18:40:00 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{8745BB72-2595-4446-9C56-D1AD525F29B7}.job ========== Purity Check ========== ========== Files - Unicode (All) ========== [2011/04/27 11:06:20 | 000,000,001 | ---- | M] ()(C:\Windows\System32\?????????O) -- C:\Windows\System32\噒瞉羺瞋嘨瞉㜇畳䝔Ɵ [2011/04/27 11:06:20 | 000,000,001 | ---- | C] ()(C:\Windows\System32\?????????O) -- C:\Windows\System32\噒瞉羺瞋嘨瞉㜇畳䝔Ɵ ========== Alternate Data Streams ========== @Alternate Data Stream - 64 bytes -> C:\Windows\System32:Yƒwz…wYƒw–d;tøô²pctlsp.log @Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:D1B5B4F1 @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:07BF512B @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:1CA73D29 @Alternate Data Stream - 1198 bytes -> C:\ProgramData\Microsoft:zCUo1CzPDfF4jZ0NTL9RVU5 @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:972211C4 @Alternate Data Stream - 1168 bytes -> C:\Users\James\AppData\Local\hepkXEEzFF60MD:UT9TcqxQ7w4lLfji5L8h4 @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:A8ADE5D8 @Alternate Data Stream - 1139 bytes -> C:\ProgramData\Microsoft:lWJPAVJkzNJgzfPAOg031 @Alternate Data Stream - 1127 bytes -> C:\Users\James\AppData\Local\MjABJ1do3QqU:GDQ3PjED4pGxrBeuyGI @Alternate Data Stream - 1078 bytes -> C:\ProgramData\Microsoft:9Y4GrHMyVFA9ZodFBCYFv8ZwMTHEd2 < End of report >
C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

slamdunk replied to slamdunk's topic in Resolved Malware Removal Logs

Hi Maniac, Thanks for your help.. I'll get on this and get back to you.
C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

slamdunk posted a topic in Resolved Malware Removal Logs

Here is my HJ log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 2:16:09 PM, on 7/13/2012 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16447) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPStart.exe C:\Program Files\Toshiba\Power Saver\TPwrMain.exe C:\Program Files\Toshiba\SmoothView\SmoothView.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Toshiba\ConfigFree\NDSTray.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe C:\Windows\ehome\ehtray.exe C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Synaptics\SynTP\SynToshiba.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=16148 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll R3 - URLSearchHook: (no name) - {90eee664-34b1-422a-a782-779af65cdf6d} - (no file) O2 - BHO: (no name) - AutorunsDisabled - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - (no file) O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: (no name) - {90eee664-34b1-422a-a782-779af65cdf6d} - (no file) O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (file missing) O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O3 - Toolbar: (no name) - {90eee664-34b1-422a-a782-779af65cdf6d} - (no file) O3 - Toolbar: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - (no file) O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe O4 - HKLM\..\Run: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe O4 - HKLM\..\Run: [skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart O4 - Startup: AutorunsDisabled O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Free YouTube Download - C:\Users\James\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\James\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: http://*.mcafee.com O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\Windows\system32\drivers\KodakCCS.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: pinger - Unknown owner - C:\Toshiba\IVP\ISM\pinger.exe O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 11407 bytes

Sign In

slamdunk

Posts

Joined

Last visited

Content Type

Events

Profiles

Forums

Everything posted by slamdunk

C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information