Inactive Computer freezes after removing spyware

juddson · 2010/10/06

[Inactive] Computer freezes after removing spyware

I ran spybot search and destroy on my girlfriends sister's computer and it found over 500 problems after spybot fixed the problems it now freezes a few minutes after start up so I think there must be some other stuff going on.
Thank you for your help.

DDS Log:

DDS (Ver_10-03-17.01) - NTFSX64
Run by Cat at 14:07:26.40 on 06/10/2010
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6001.1.1252.2.1033.18.2939.1865 [GMT -4:00]

AV: Paladin Antivirus *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}
SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agr64svc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
c:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\ltmoh\ltmoh.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\ProgramData\Norton\NUA.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\Cat\AppData\Local\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\Java\jre1.6.0_06\bin\jusched.exe
c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\mobsync.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Internet Explorer\ieuser.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\PROGRA~2\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Cat\Desktop\dds.scr
C:\Windows\SysWOW64\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.facebook.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~2\spybot~1\SDHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files (x86)\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files (x86)\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [TOSCDSPD] TOSCDSPD.EXE
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [SpybotSD TeaTimer] c:\program files (x86)\spybot - search & destroy\TeaTimer.exe
uRun: [NortonUpdateAgent] c:\programdata\norton\NUA.exe
uRun: [swg] "c:\program files (x86)\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
uRun: [EA Core] "c:\program files (x86)\electronic arts\eadm\Core.exe" -silent
uRun: [eventcreatexp.exe] c:\users\cat\appdata\local\temp\eventcreatexp.exe
uRun: [Paladin Antivirus] "c:\users\cat\appdata\roaming\paladin antivirus\pav.exe" -noscan
uRun: [WeatherEye] c:\users\cat\appdata\local\theweathernetwork\weathereye\WeatherEye.exe
uRun: [WMPNSCFG] c:\program files (x86)\windows media player\WMPNSCFG.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [cfFncEnabler.exe] cfFncEnabler.exe
mRun: [ccApp] "c:\program files (x86)\common files\symantec shared\ccApp.exe "
mRun: [osCheck] "c:\program files (x86)\norton 360\osCheck.exe "
mRun: [SunJavaUpdateSched] "c:\program files (x86)\java\jre1.6.0_06\bin\jusched.exe "
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 8.0\reader\Reader_sl.exe "
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start
mRun: [DivXUpdate] "c:\program files (x86)\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [AppleSyncNotifier] c:\program files (x86)\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe "
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [BlackBerryAutoUpdate] c:\program files (x86)\common files\research in motion\auto update\RIMAutoUpdate.exe /background
StartupFolder: c:\users\cat\appdata\roaming\micros~1\windows\startm~1\programs\startup\limewi~1.lnk - c:\program files (x86)\limewire\LimeWire.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\deskto~1.lnk - c:\blackberry\DesktopMgr.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files (x86)\mcafee security scan\1.0.150\SSScheduler.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Search - ?s=100000341&p=GRxdm049YYCA&si=&a=9H2BB7NBAEt_nmycb4HP6w&n=2010031111
IE: E&xport to Microsoft Excel - c:\progra~2\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {003E07C0-CA63-4be3-BD0A-A60B64102C97} - c:\bingo\bingo day\casino.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\program files (x86)\java\jre1.6.0_06\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~2\spybot~1\SDHelper.dll
DPF: {5334504D-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/mpg4sax.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg64.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll
TB-X64: Show Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -
TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun-x64: [RtHDVCpl] RAVCpl64.exe
mRun-x64: [Skytel] Skytel.exe
mRun-x64: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun-x64: [Persistence] c:\windows\system32\igfxpers.exe
mRun-x64: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun-x64: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun-x64: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun-x64: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
IE-X64: { c:\microgaming\casino\mummysgoldcasino\Casinogame.exe
IE-X64: {02AF1A20-EF73-43A1-9C82-5756C03FE8BE} - c:\microgaming\casino\jackpotcity\casinogame.exe
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2009-10-2 55856]
R0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\drivers\tos_sps64.sys [2009-10-2 504912]
R1 IDSvia64;Symantec Intrusion Prevention Driver;c:\progra~3\symantec\defini~1\symcdata\ipsdefs\20091120.002\IDSvia64.sys [2009-12-1 396336]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\drivers\RtlProt.sys [2009-10-2 31016]
R2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\toshiba\configfree\CFProcSRVC.exe [2008-4-4 36864]
R2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\toshiba\configfree\CFSvcs.exe [2008-4-17 40960]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files (x86)\common files\symantec shared\CCSVCHST.EXE [2008-2-17 149352]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\spybot - search & destroy\SDWinSec.exe [2010-9-26 1153368]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 175104]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-7-10 8704]
R3 rtl819xpn64;Realtek RTL8190\RTL8192E 802.11n Wireless LAN (Mini-)PCI NIC NT Driver;c:\windows\system32\drivers\rtl819xp.sys [2009-10-2 557568]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\toshiba\smartfacev\SmartFaceVWatchSrv.exe [2008-8-25 89600]
R3 Symantec Core LC;Symantec Core LC;c:\progra~2\common~1\symant~1\ccpd-lc\symlcsvc.exe [2009-10-2 1245064]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2009-2-19 47664]
S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-2-16 135664]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2008-1-20 93696]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2009-10-2 25424]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl64.sys [2010-4-19 22528]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2010-4-19 50688]

=============== Created Last 30 ================

2010-10-06 15:10:28 0 d-sh--w- C:\found.001
2010-10-02 18:31:21 65536 --sha-w- c:\users\cat\NTUSER.DAT{1988a1ce-ce53-11df-9e37-001e33de5114}.TM.blf
2010-10-02 18:31:21 524288 --sha-w- c:\users\cat\NTUSER.DAT{1988a1ce-ce53-11df-9e37-001e33de5114}.TMContainer00000000000000000002.regtrans-ms
2010-10-02 18:31:21 524288 --sha-w- c:\users\cat\NTUSER.DAT{1988a1ce-ce53-11df-9e37-001e33de5114}.TMContainer00000000000000000001.regtrans-ms
2010-10-01 22:04:52 0 d-----w- c:\windows\pss
2010-10-01 21:41:17 65536 --sha-w- c:\users\cat\NTUSER.DAT{7bddbd4a-cda4-11df-b71c-001e33de5114}.TM.blf
2010-10-01 21:41:17 524288 --sha-w- c:\users\cat\NTUSER.DAT{7bddbd4a-cda4-11df-b71c-001e33de5114}.TMContainer00000000000000000002.regtrans-ms
2010-10-01 21:41:17 524288 --sha-w- c:\users\cat\NTUSER.DAT{7bddbd4a-cda4-11df-b71c-001e33de5114}.TMContainer00000000000000000001.regtrans-ms
2010-10-01 21:37:00 0 d-sh--w- C:\found.000
2010-09-30 23:06:48 841216 ----a-w- c:\windows\system32\WindowsCodecs.dll
2010-09-30 23:06:48 470016 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2010-09-30 23:06:48 425472 ----a-w- c:\windows\syswow64\PhotoMetadataHandler.dll
2010-09-30 23:06:48 386560 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2010-09-30 23:06:48 347136 ----a-w- c:\windows\syswow64\WindowsCodecsExt.dll
2010-09-30 23:06:47 712704 ----a-w- c:\windows\syswow64\WindowsCodecs.dll
2010-09-30 23:06:07 176640 ----a-w- c:\windows\system32\Faultrep.dll
2010-09-30 23:06:06 147456 ----a-w- c:\windows\syswow64\Faultrep.dll
2010-09-30 23:06:06 120832 ----a-w- c:\windows\system32\wersvc.dll
2010-09-30 23:05:48 466944 ----a-w- c:\windows\syswow64\netapi32.dll
2010-09-30 22:59:52 2621440 ----a-w- c:\windows\system32\wucltux.dll
2010-09-30 22:59:30 36864 ----a-w- c:\windows\system32\wuapp.exe
2010-09-30 22:59:30 33792 ----a-w- c:\windows\syswow64\wuapp.exe
2010-09-30 22:59:30 185416 ----a-w- c:\windows\system32\wuwebv.dll
2010-09-30 22:59:30 171608 ----a-w- c:\windows\syswow64\wuwebv.dll
2010-09-27 10:49:14 376832 ----a-w- c:\windows\system32\wlansec.dll
2010-09-27 10:49:14 353280 ----a-w- c:\windows\system32\wlanmsm.dll
2010-09-27 10:49:14 302592 ----a-w- c:\windows\syswow64\wlansec.dll
2010-09-27 10:49:14 293376 ----a-w- c:\windows\syswow64\wlanmsm.dll
2010-09-27 10:49:14 2608803 ----a-w- c:\windows\system32\wlan.tmf
2010-09-27 10:49:14 157184 ----a-w- c:\windows\system32\L2SecHC.dll
2010-09-27 10:49:14 127488 ----a-w- c:\windows\syswow64\L2SecHC.dll
2010-09-27 10:49:13 97792 ----a-w- c:\windows\system32\wlanhlp.dll
2010-09-27 10:49:13 86528 ----a-w- c:\windows\system32\wlanapi.dll
2010-09-27 10:49:13 615936 ----a-w- c:\windows\system32\wlansvc.dll
2010-09-27 04:33:19 0 d-----w- c:\program files (x86)\Network Stumbler
2010-09-27 04:32:23 0 d-----w- c:\program files\WinRAR
2010-09-27 03:58:55 174592 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-09-27 00:45:30 4479 ----a-w- c:\windows\wininit.ini
2010-09-27 00:14:03 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-09-27 00:14:03 0 d-----w- c:\program files (x86)\Spybot - Search & Destroy
2010-09-21 22:10:37 31744 ----a-w- c:\windows\system32\drivers\RimSerial_AMD64.sys
2010-09-21 22:09:30 0 d-----w- c:\programdata\Research In Motion
2010-09-21 22:08:59 0 d-----w- C:\BLACKBERRY

==================== Find3M ====================

2010-09-22 02:04:54 86016 ----a-w- c:\windows\inf\infstor.dat
2010-09-22 02:04:54 51200 ----a-w- c:\windows\inf\infpub.dat
2010-09-22 02:04:54 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-08-29 19:15:39 10348231 ----a-w- c:\users\cat\20 min workout.zip
2010-08-24 00:53:50 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_netaapl64_01009.Wdf
2010-08-24 00:53:45 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2008-11-25 22:48:44 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 03:21:59 174 --sha-w- c:\program files\desktop.ini
2008-01-21 03:21:59 174 --sha-w- c:\program files (x86)\desktop.ini
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2010-06-16 23:08:49 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2010-06-16 23:08:49 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2010-06-16 23:08:49 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat

============= FINISH: 14:08:04.51 ===============

Attach Log:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft® Windows Vistaâ„¢ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 03/10/2009 9:55:08 AM
System Uptime: 10/06/2010 1:57:56 PM (2833 hours ago)

Motherboard: TOSHIBA | | Portable PC
Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz | CPU | 2000/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 214 GiB total, 154.995 GiB free.
D: is FIXED (NTFS) - 9 GiB total, 8.58 GiB free.
E: is CDROM ()
F: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

==== Installed Programs ======================

360Share Pro(remove only)
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.2
AppCore
Apple Application Support
Apple Software Update
Backup
Bingo Day
BlackBerry Desktop Software 5.0.1
BlackBerry® Media Sync
Camera Assistant Software for Toshiba
ccCommon
CD/DVD Drive Acoustic Silencer
Coby Media Manager
Compatibility Pack for the 2007 Office system
DivX Setup
DVD MovieFactory for TOSHIBA
EA Download Manager
Facebook Plug-In
Fix-it-up 2
GearDrvs
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Graboid Video 1.73
Jackpot City Online Casino
Java(TM) 6 Update 6
LimeWire 5.3.6
LiveUpdate (Symantec Corporation)
McAfee Security Scan
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Microsoft WSE 3.0 Runtime
Microsoft XML Parser
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
Mummys Gold Casino
Network Stumbler 0.4.0 (remove only)
Norton 360
Norton 360 (Symantec Corporation)
Norton 360 HTMLHelp
Norton Confidential Core
OnlinePlay 1.0
QuickTime
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Realtek WiFi Protected Setup Library
Realtek WLAN driver
RegWork
Safari
Spybot - Search & Destroy
Symantec Technical Support Controls
The Simsâ„¢ 3
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
Toshiba Registration
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Office 2007 (KB934528)
Update for Office System 2007 Setup (KB929722)
VC80CRTRedist - 8.0.50727.4053
VLC media player 1.0.1
WeatherEye
WildTangent Games
Windows Media Encoder 9 Series

==== End Of File ===========================

Admin. · 2010/10/06

I see you have P2P software ( Azures, Limewire, BitTorrent, uTorrent etc…) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

References for the risk of these programs are here, and here.

I would strongly recommend that you uninstall them, and read the links above for educational value!

Note: Please be advised that continued use of these programs after being warned of the danger of infections from them, may result in the discontinued help of future cleaning of your system here at WindowsBBS Malware and Virus removal.

A Malware expert will have a look at your log in due course.

Admin. · 2010/10/06

You have rogue software installed. Paladin Antivirus is a rogue security application.

juddson · 2010/10/06

I thought it was I uninstalled it but I guess that didnt completely remove it any advice on what I should do to completely get rid of it?
Thanks for the speedy reply.

Admin. · 2010/10/06

You'll have to wait for a Malware expert, that can take even a few days, depending how busy they are.

juddson · 2010/10/06

Ok Thank you and on a side note it seems updating windows also make the computer freeze

broni · 2010/10/06

STEP 1. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick Scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
Do NOT use the computer while GMER is running!
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

STEP 3. Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

juddson · 2010/10/06

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4762

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

06/10/2010 8:47:23 PM
mbam-log-2010-10-06 (20-47-23).txt

Scan type: Quick scan
Objects scanned: 138450
Time elapsed: 6 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 15
Registry Values Infected: 3
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a3ba40a2-74f0-42bd-f434-00b15a2c8953} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\TOY5KNQ8OC (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CLASSES_ROOT\secfile\shell\open\command\(default) (Rogue.MultipleAV) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\eventcreatexp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ( "C:\Users\Cat\AppData\Local\av.exe" /START "C:\Program Files (x86)\Internet Explorer\iexplore.exe ") Good: (iexplore.exe) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\ProgramData\mswintmp.dat (Malware.Trace) -> Quarantined and deleted successfully.

juddson · 2010/10/06

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-10-07 00:17:32
Windows 6.0.6001 Service Pack 1
Running: p8tv270i.exe

---- Files - GMER 1.0.15 ----

File C:\Windows\SoftwareDistribution\Download\4880d6ad97b17be9b325dda3ae72a068\amd64_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6002.18244_none_6a031169a7ea450f.manifest 0 bytes
File C:\Windows\winsxs\Manifests\wow64_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6001.22509_none_73292546f81f30ca.manifest 0 bytes
File C:\Windows\winsxs\Manifests\wow64_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6001.22672_none_72d675b2f85e4027.manifest 3231 bytes
File C:\Windows\winsxs\Manifests\wow64_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6002.18101_none_747df813dc2f1b6c.manifest 0 bytes
File C:\Windows\winsxs\Manifests\wow64_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6002.18244_none_7455bb27dc4cd45c.manifest 3231 bytes
File C:\Windows\winsxs\Manifests\wow64_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6002.22213_none_74fec586f55309d5.manifest 3231 bytes
File C:\Windows\winsxs\Manifests\wow64_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6002.22384_none_74b41842f58ae3ea.manifest 3231 bytes
File C:\Windows\winsxs\Manifests\wow64_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16386_none_7062bd2be21bf386.manifest 5003 bytes
File C:\Windows\winsxs\Manifests\wow64_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.22233_none_7301adcaf83ddbc7.manifest 4111 bytes
File C:\Windows\winsxs\Manifests\wow64_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.22509_none_732824fcf8201773.manifest 4111 bytes
File C:\Windows\winsxs\Manifests\wow64_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.22672_none_72d57568f85f26d0.manifest 4111 bytes
File C:\Windows\winsxs\Manifests\wow64_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6002.18101_none_747cf7c9dc300215.manifest 4364 bytes
File C:\Windows\winsxs\Manifests\wow64_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6002.18244_none_7454badddc4dbb05.manifest 4364 bytes
File C:\Windows\winsxs\Manifests\wow64_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6002.22213_none_74fdc53cf553f07e.manifest 4111 bytes
File C:\Windows\winsxs\Manifests\wow64_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6002.22384_none_74b317f8f58bca93.manifest 4111 bytes

---- EOF - GMER 1.0.15 ----

juddson · 2010/10/06

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 1 (build 6001), 64-bit
Base Board Manufacturer: TOSHIBA
BIOS Manufacturer: INSYDE
System Manufacturer: TOSHIBA
System Product Name: Satellite L300
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 151):
0x0200C000 \SystemRoot\system32\ntoskrnl.exe
0x02524000 \SystemRoot\system32\hal.dll
0x00609000 \SystemRoot\system32\kdcom.dll
0x00613000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00640000 \SystemRoot\system32\PSHED.dll
0x00654000 \SystemRoot\system32\CLFS.SYS
0x006B1000 \SystemRoot\system32\CI.dll
0x00806000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008AA000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x008B9000 \SystemRoot\system32\drivers\acpi.sys
0x0090F000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00918000 \SystemRoot\system32\drivers\msisadrv.sys
0x00922000 \SystemRoot\system32\drivers\pci.sys
0x00952000 \SystemRoot\System32\drivers\partmgr.sys
0x00967000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x0096B000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00977000 \SystemRoot\system32\drivers\volmgr.sys
0x0098B000 \SystemRoot\System32\drivers\volmgrx.sys
0x00763000 \SystemRoot\System32\drivers\mountmgr.sys
0x009F1000 \SystemRoot\system32\DRIVERS\pciide.sys
0x00776000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00A0D000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x00B1B000 \SystemRoot\system32\drivers\atapi.sys
0x00B23000 \SystemRoot\system32\drivers\ataport.SYS
0x00B47000 \SystemRoot\system32\drivers\msahci.sys
0x00B51000 \SystemRoot\system32\drivers\fltmgr.sys
0x00B97000 \SystemRoot\system32\drivers\fileinfo.sys
0x00BAB000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x00C06000 \SystemRoot\System32\Drivers\ksecdd.sys
0x00E06000 \SystemRoot\system32\drivers\ndis.sys
0x00C8B000 \SystemRoot\system32\drivers\msrpc.sys
0x00CDB000 \SystemRoot\system32\drivers\NETIO.SYS
0x01002000 \SystemRoot\System32\drivers\tcpip.sys
0x01176000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01201000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01385000 \SystemRoot\system32\drivers\volsnap.sys
0x013C9000 \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
0x00D33000 \SystemRoot\system32\DRIVERS\tos_sps64.sys
0x013CE000 \SystemRoot\System32\Drivers\spldr.sys
0x013D6000 \SystemRoot\System32\Drivers\mup.sys
0x011A2000 \SystemRoot\System32\drivers\ecache.sys
0x013E8000 \SystemRoot\system32\drivers\disk.sys
0x011CE000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x00FC9000 \SystemRoot\system32\drivers\crcdisk.sys
0x00FD3000 \SystemRoot\system32\DRIVERS\avgrkx64.sys
0x00FDD000 \SystemRoot\system32\DRIVERS\AVGIDSEH.Sys
0x0230E000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x0231A000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x02323000 \SystemRoot\system32\DRIVERS\FwLnk.sys
0x0232B000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x0233E000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x02403000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x02C05000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x02CE4000 \SystemRoot\System32\drivers\watchdog.sys
0x02CF3000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x02CFF000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x02D45000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x02D56000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x02D69000 \SystemRoot\system32\DRIVERS\Rtlh64.sys
0x02343000 \SystemRoot\system32\DRIVERS\rtl819xp.sys
0x02D94000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x02DAA000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x02DB8000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x02DFE000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x02B8F000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x02B9B000 \SystemRoot\system32\DRIVERS\tdcmdpst.sys
0x02BA5000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x02BC1000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x00DB2000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x00786000 \SystemRoot\system32\DRIVERS\storport.sys
0x02BCE000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02BDB000 \SystemRoot\System32\Drivers\RootMdm.sys
0x02BE3000 \SystemRoot\system32\drivers\modem.sys
0x00BB8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x02BF2000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x03007000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x03038000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x03048000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x03066000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x0307E000 \SystemRoot\system32\DRIVERS\RimSerial_AMD64.sys
0x03086000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03098000 \SystemRoot\system32\DRIVERS\swenum.sys
0x0309A000 \SystemRoot\system32\DRIVERS\ks.sys
0x030CE000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x030D9000 \SystemRoot\system32\DRIVERS\umbus.sys
0x030E9000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x03130000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x02E04000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x02F58000 \SystemRoot\system32\drivers\portcls.sys
0x02F93000 \SystemRoot\system32\drivers\drmk.sys
0x02FB6000 \SystemRoot\system32\drivers\ksthunk.sys
0x03201000 \SystemRoot\system32\DRIVERS\agrsm64.sys
0x0333D000 \SystemRoot\system32\DRIVERS\avgmfx64.sys
0x0334C000 \SystemRoot\System32\DRIVERS\cmdguard.sys
0x0338E000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x03398000 \SystemRoot\System32\Drivers\Null.SYS
0x033A1000 \SystemRoot\System32\drivers\vga.sys
0x033AF000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x033D4000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x033DD000 \SystemRoot\system32\drivers\rdpencdd.sys
0x033E6000 \SystemRoot\System32\Drivers\Msfs.SYS
0x02FBC000 \SystemRoot\System32\Drivers\Npfs.SYS
0x033F1000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x02FCD000 \SystemRoot\system32\DRIVERS\tdx.sys
0x02FEA000 \SystemRoot\System32\DRIVERS\cmdhlp.sys
0x03144000 \SystemRoot\system32\DRIVERS\smb.sys
0x0315F000 \SystemRoot\system32\DRIVERS\avgtdia.sys
0x03405000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03449000 \SystemRoot\system32\drivers\afd.sys
0x034B6000 \SystemRoot\system32\DRIVERS\pacer.sys
0x034D4000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x034F0000 \SystemRoot\system32\DRIVERS\rtlprot.sys
0x034FB000 \SystemRoot\system32\DRIVERS\inspect.sys
0x03513000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03522000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x0353D000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x0358B000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03597000 \SystemRoot\System32\Drivers\dfsc.sys
0x03650000 \SystemRoot\System32\Drivers\UVCFTR_S.SYS
0x03658000 \SystemRoot\System32\Drivers\usbvideo.sys
0x03682000 \SystemRoot\system32\drivers\RTSTOR64.SYS
0x03696000 \SystemRoot\System32\Drivers\crashdmp.sys
0x036A4000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x00030000 \SystemRoot\System32\win32k.sys
0x037B2000 \SystemRoot\System32\drivers\Dxapi.sys
0x037BE000 \SystemRoot\system32\DRIVERS\monitor.sys
0x004D0000 \SystemRoot\System32\TSDDD.dll
0x006A0000 \SystemRoot\System32\cdd.dll
0x037D1000 \SystemRoot\system32\drivers\luafv.sys
0x02200000 \SystemRoot\system32\drivers\spsys.sys
0x03600000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x03614000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x037F3000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x035B4000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x15608000 \SystemRoot\system32\drivers\HTTP.sys
0x156A3000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x156CB000 \SystemRoot\system32\DRIVERS\bowser.sys
0x156E9000 \SystemRoot\System32\drivers\mpsdrv.sys
0x15703000 \SystemRoot\system32\drivers\mrxdav.sys
0x1572A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x15752000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x1579B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x157BA000 \SystemRoot\System32\DRIVERS\srv2.sys
0x1580D000 \SystemRoot\System32\DRIVERS\srv.sys
0x158A1000 \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys
0x158AD000 \SystemRoot\system32\drivers\peauth.sys
0x15963000 \SystemRoot\System32\Drivers\secdrv.SYS
0x1596E000 \SystemRoot\System32\drivers\tcpipreg.sys
0x1597D000 \SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys
0x159AB000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x77C90000 \Windows\System32\ntdll.dll

Processes (total 89):
0 System Idle Process
4 System
576 C:\Windows\System32\smss.exe
612 C:\PROGRA~2\AVG\AVG10\avgchsva.exe.old
716 csrss.exe
752 C:\Windows\System32\wininit.exe
772 csrss.exe
808 C:\Windows\System32\services.exe
820 C:\Windows\System32\lsass.exe
828 C:\Windows\System32\lsm.exe
880 C:\Windows\System32\winlogon.exe
1016 C:\Windows\System32\svchost.exe
376 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
504 C:\Windows\System32\svchost.exe
664 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
1004 C:\Windows\System32\svchost.exe
1116 C:\Windows\System32\svchost.exe
1160 C:\Windows\System32\svchost.exe
1176 C:\Windows\System32\svchost.exe
1248 C:\Windows\System32\audiodg.exe
1280 C:\Windows\System32\SLsvc.exe
1312 C:\Windows\servicing\TrustedInstaller.exe
1364 C:\Windows\System32\svchost.exe
1692 C:\Windows\System32\spoolsv.exe
1724 C:\Windows\System32\svchost.exe
1996 C:\Windows\System32\agr64svc.exe
2024 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1096 C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe.old
1204 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1504 C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
1852 C:\Windows\System32\svchost.exe
2056 C:\Windows\System32\svchost.exe
2172 C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
2204 C:\Windows\System32\TODDSrv.exe
2244 C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
2320 C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
2416 C:\Program Files (x86)\AVG\AVG10\avgnsa.exe.old
2432 C:\Program Files (x86)\AVG\AVG10\avgemca.exe
2588 C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
2608 C:\Windows\System32\svchost.exe
2832 C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe.old
2876 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
2748 C:\Windows\System32\taskeng.exe
2820 C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
3980 C:\Windows\System32\dwm.exe
3848 C:\Windows\explorer.exe
3184 C:\Windows\System32\taskeng.exe
3756 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3508 C:\Windows\RAVCpl64.exe
3028 C:\Windows\System32\igfxtray.exe
3764 C:\Windows\System32\hkcmd.exe
1192 C:\Windows\System32\igfxpers.exe
2252 C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
3912 C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
3964 C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
964 C:\Program Files\ltmoh\ltmoh.exe
2964 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
3344 C:\Program Files\Windows Sidebar\sidebar.exe
3288 C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
1256 C:\Windows\ehome\ehtray.exe
3296 C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
3108 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3752 C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
2896 C:\Program Files (x86)\Java\jre1.6.0_06\bin\jusched.exe
1228 C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
3068 C:\Program Files (x86)\iTunes\iTunesHelper.exe
3948 C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
3304 C:\Program Files (x86)\AVG\AVG10\avgtray.exe.old
3372 C:\Program Files\Windows Media Player\wmpnscfg.exe
3196 C:\Program Files\Windows Media Player\wmpnetwk.exe
2852 C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe.old
1708 C:\Program Files\iPod\bin\iPodService.exe
4292 C:\Windows\System32\wbem\unsecapp.exe
4376 WmiPrvSE.exe
4576 C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
4648 C:\Windows\System32\igfxsrvc.exe
4704 C:\Windows\ehome\ehmsas.exe
5044 C:\Windows\System32\igfxext.exe
4512 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
1268 C:\Windows\System32\wuauclt.exe
1732 C:\Windows\System32\notepad.exe
4024 C:\Program Files (x86)\Internet Explorer\ieuser.exe
3952 C:\Program Files (x86)\Internet Explorer\iexplore.exe
2904 C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
4616 C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10c.exe
3696 dllhost.exe
4680 dllhost.exe
4268 C:\Users\Cat\Desktop\MBRCheck.exe
3340 C:\Windows\SysWOW64\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000035`f0300000 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK2555GSX, Rev: FG001M

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: BBAD517F7EAC529451E4B9586C847AE190574F61

Done!

broni · 2010/10/06

Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/

Double-click SUPERAntiSpyware.exe and use the default settings for installation.

An icon will be created on your desktop. Double-click that icon to launch the program.

If asked to update the program definitions, click "Yes ". If not, update the definitions before scanning by selecting "Check for Updates ". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)

Close SUPERAntiSpyware.

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen

Open SUPERAntiSpyware.

Under "Configuration and Preferences ", click the Preferences button.

Click the Scanning Control tab.

Under Scanner Options make sure the following are checked (leave all others unchecked):

Close browsers before scanning.

Terminate memory threats before quarantining.

Click the "Close" button to leave the control center screen.

Back on the main screen, under "Scan for Harmful Software" click Scan your computer.

On the left, make sure you check C:\Fixed Drive.

On the right, under "Complete Scan ", choose Perform Complete Scan.

Click "Next" to start the scan. Please be patient while it scans your computer.

After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK ".

Make sure everything has a checkmark next to it and click "Next ".

A notification will appear that "Quarantine and Removal is Complete ". Click "OK" and then click the "Finish" button to return to the main menu.

If asked if you want to reboot, click "Yes ".

To retrieve the removal information after reboot, launch SUPERAntispyware again.

Click Preferences, then click the Statistics/Logs tab.

Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.

Copy and paste the Scan Log results in your next reply with a new HijackThis log.

Click Close to exit the program.

Post SUPERAntiSpyware log.

================================================================

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

juddson · 2010/10/07

I've been running superantispyware in safemode on the settings you told me to and its going very slow its been running for 9 hours now and hasnt detected anything is it normally this slow? Thanks for all your help so far

broni · 2010/10/07

If it shows progress, let it run.
If it's stuck, let me know.

juddson · 2010/10/11

sorry I have replied in a few days I was home for Thanksgiving I will post the logs in a few minutes

juddson · 2010/10/11

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/08/2010 at 02:34 PM

Application Version : 4.44.1000

Core Rules Database Version : 5648
Trace Rules Database Version: 3460

Scan type : Complete Scan
Total Scan Time : 02:04:42

Memory items scanned : 265
Memory threats detected : 0
Registry items scanned : 11708
Registry threats detected : 0
File items scanned : 89996
File threats detected : 0

juddson · 2010/10/11

OTL logfile created on: 11/10/2010 10:09:20 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Cat\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 51.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 214.29 Gb Total Space | 133.91 Gb Free Space | 62.49% Space Free | Partition Type: NTFS
Drive D: | 8.65 Gb Total Space | 8.57 Gb Free Space | 99.07% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CAT-PC
Current User Name: Cat
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/10/07 00:43:20 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Users\Cat\Desktop\OTL.exe
PRC - [2010/09/15 05:29:10 | 002,745,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgtray.exe
PRC - [2010/09/10 01:45:22 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
PRC - [2010/09/03 10:35:52 | 000,725,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010/09/03 10:35:50 | 006,104,144 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/06/02 20:50:58 | 001,144,104 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2009/10/26 20:42:42 | 000,718,232 | ---- | M] (Pelmorex Media Inc.) -- C:\Users\Cat\AppData\Local\TheWeatherNetwork\WeatherEye\WeatherEye.exe
PRC - [2009/10/02 07:33:01 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/08/24 15:27:46 | 000,623,960 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2009/07/17 23:12:12 | 000,257,440 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10c.exe
PRC - [2009/03/28 17:11:38 | 003,325,952 | ---- | M] (Electronic Arts) -- C:\Program Files (x86)\Electronic Arts\EADM\Core.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/01/14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/09/26 15:22:44 | 000,417,792 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
PRC - [2008/07/18 21:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/04/17 03:21:24 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2008/04/17 03:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2008/04/17 03:19:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2008/03/25 07:28:02 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre1.6.0_06\bin\jusched.exe
PRC - [2008/01/20 22:50:38 | 000,299,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ieuser.exe
PRC - [2007/01/09 02:23:04 | 000,191,552 | ---- | M] (Agere Systems) -- C:\Program Files\ltmoh\ltmoh.exe
PRC - [2006/08/23 17:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

========== Modules (SafeList) ==========

MOD - [2010/10/07 00:43:20 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Users\Cat\Desktop\OTL.exe
MOD - [2008/01/20 22:50:01 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2008/01/20 22:48:06 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/10 23:41:42 | 002,528,856 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:64bit: - [2010/06/29 13:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2008/08/25 10:58:12 | 000,089,600 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV:64bit: - [2008/02/06 14:50:18 | 000,434,016 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/12/10 23:11:30 | 000,015,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2007/12/03 18:04:48 | 000,175,104 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV:64bit: - [2007/11/21 19:53:16 | 000,135,168 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2010/09/10 01:45:22 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/09/03 10:35:50 | 006,104,144 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 14:27:14 | 001,020,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2009/01/14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/07/18 21:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/05/28 19:20:16 | 000,164,600 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/04/17 03:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/04/04 00:01:28 | 000,036,864 | ---- | M] (TOSHIBA Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)
SRV - [2006/08/23 17:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)

========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
DRV:64bit: - [2010/09/13 16:27:46 | 000,027,216 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV:64bit: - [2010/09/07 03:48:58 | 000,381,008 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2010/09/07 03:48:56 | 000,041,040 | ---- | M] () [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2010/09/07 03:48:52 | 000,305,232 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysNative\DRIVERS\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2010/09/07 03:48:50 | 000,030,288 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2010/08/19 21:42:38 | 000,035,920 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\AVGIDSFilter.Sys -- (AVGIDSFilter)
DRV:64bit: - [2010/08/19 21:42:36 | 000,133,712 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\AVGIDSDriver.Sys -- (AVGIDSDriver)
DRV:64bit: - [2010/04/27 14:40:40 | 000,055,856 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/04/19 20:29:18 | 000,022,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2010/02/17 14:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 14:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2009/07/09 13:48:00 | 000,573,440 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\rtl819xp.sys -- (rtl819xpn64) Realtek RTL8190\RTL8192E 802.11n Wireless LAN (Mini-)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/08/14 10:40:44 | 000,260,144 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2008/07/22 07:42:34 | 000,170,496 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/07/18 19:52:16 | 000,504,912 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2008/06/26 17:24:18 | 000,020,520 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV:64bit: - [2008/06/12 06:51:36 | 007,911,840 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2008/05/20 18:33:36 | 000,028,416 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2008/04/15 20:54:16 | 000,388,120 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2008/04/02 20:27:18 | 000,065,024 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
DRV:64bit: - [2008/02/29 02:59:32 | 001,252,352 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/01/20 22:49:47 | 000,011,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RootMdm.sys -- (ROOTMODEM)
DRV:64bit: - [2008/01/20 22:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2007/12/11 17:03:36 | 000,027,272 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2007/11/09 15:00:30 | 000,026,968 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2007/04/23 14:15:48 | 000,031,016 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\rtlprot.sys -- (RtlProt)
DRV:64bit: - [2006/11/20 01:11:06 | 000,008,704 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2006/09/18 17:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.shoptoshiba.ca/welcome
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.shoptoshiba.ca/welcome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG10\Firefox\ [2010/10/06 14:53:58 | 000,000,000 | ---D | M]

[2009/10/03 10:35:06 | 000,000,000 | ---D | M] -- C:\Users\Cat\AppData\Roaming\Mozilla\Extensions
[2009/10/03 10:35:06 | 000,000,000 | ---D | M] -- C:\Users\Cat\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2010/09/26 23:20:19 | 000,419,434 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 14475 more lines...
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll (Google Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe ()
O4:64bit: - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [cfFncEnabler.exe] File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre1.6.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKCU..\Run: [Paladin Antivirus] C:\Users\Cat\AppData\Roaming\Paladin Antivirus\pav.exe File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [TOSCDSPD] File not found
O4 - HKCU..\Run: [WeatherEye] C:\Users\Cat\AppData\Local\TheWeatherNetwork\WeatherEye\WeatherEye.exe (Pelmorex Media Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\Cat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files (x86)\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {5334504D-0000-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/mpg4sax.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll ()
O24 - Desktop WallPaper: C:\Users\Cat\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Cat\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{77a3fba8-b024-11de-86cd-806e6f6e6963}\Shell - " " = AutoRun
O33 - MountPoints2\{77a3fba8-b024-11de-86cd-806e6f6e6963}\Shell\AutoRun\command - " " = E:\start.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync) - C:\Program Files (x86)\AVG\AVG10\avgchsva.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart) - C:\Program Files (x86)\AVG\AVG10\avgrsa.exe (AVG Technologies CZ, s.r.o.)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm ()
Drivers32: msacm.dvacm - C:\Program Files (x86)\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/10/07 00:44:16 | 000,000,000 | ---D | C] -- C:\Users\Cat\AppData\Roaming\SUPERAntiSpyware.com
[2010/10/07 00:44:16 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/10/07 00:44:12 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\AppLogs
[2010/10/07 00:44:12 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2010/10/07 00:44:08 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/10/07 00:43:20 | 000,576,512 | ---- | C] (OldTimer Tools) -- C:\Users\Cat\Desktop\OTL.exe
[2010/10/07 00:36:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2010/10/07 00:36:32 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010/10/07 00:29:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2010/10/06 19:35:18 | 000,000,000 | ---D | C] -- C:\Users\Cat\AppData\Roaming\Malwarebytes
[2010/10/06 19:35:12 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/10/06 19:35:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/10/06 19:35:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/10/06 16:19:56 | 000,000,000 | -HSD | C] -- C:\found.002
[2010/10/06 15:14:54 | 000,000,000 | ---D | C] -- C:\Users\Cat\AppData\Roaming\LimeWire
[2010/10/06 15:10:26 | 000,000,000 | -HSD | C] -- C:\found.000
[2010/10/06 15:02:24 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2010/10/06 15:00:02 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/10/06 14:59:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2010/10/06 14:58:17 | 000,000,000 | ---D | C] -- C:\Users\Cat\AppData\Roaming\AVG10
[2010/10/06 14:55:26 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2010/10/06 14:55:03 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2010/10/06 14:53:23 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2010/10/06 14:53:23 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2010/10/06 14:51:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2010/10/06 14:45:18 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2010/10/06 14:37:01 | 000,000,000 | ---D | C] -- C:\Users\Cat\Desktop\Desktop Icons
[2010/10/06 14:30:20 | 004,283,672 | ---- | C] (AVG Technologies) -- C:\Users\Cat\Desktop\avg_free_stb_all_2011_1120_cnet.exe
[2010/10/06 14:19:41 | 000,000,000 | ---D | C] -- C:\Windows\BDOSCAN8
[2010/10/06 11:10:28 | 000,000,000 | ---D | C] -- C:\found.001
[2010/10/01 18:04:52 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/09/27 00:32:23 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/09/26 20:14:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/09/26 20:14:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/09/21 18:09:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Research In Motion
[2010/09/21 18:08:59 | 000,000,000 | ---D | C] -- C:\BLACKBERRY
[2010/08/30 12:42:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/08/25 01:20:30 | 000,000,000 | ---D | C] -- C:\Users\Cat\AppData\Roaming\WinRAR
[2010/08/24 23:37:52 | 000,000,000 | ---D | C] -- C:\Users\Cat\AppData\Roaming\vlc
[2010/08/24 23:33:13 | 000,000,000 | ---D | C] -- C:\Users\Cat\Documents\Graboid
[2010/08/24 23:31:23 | 000,000,000 | ---D | C] -- C:\Users\Cat\AppData\Local\Graboid_Inc
[2010/08/24 23:31:22 | 000,000,000 | ---D | C] -- C:\Users\Cat\AppData\Local\Graboid
[2010/08/24 23:31:19 | 000,000,000 | ---D | C] -- C:\Users\Cat\AppData\Roaming\MozillaControl
[2010/08/24 23:31:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla ActiveX Control v1.7.12
[2010/08/24 23:30:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2010/08/24 23:30:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Graboid
[2010/07/23 04:33:53 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/07/14 13:00:22 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/07/14 13:00:10 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/07/14 12:55:31 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/07/14 12:55:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/10/11 22:10:22 | 006,291,456 | -HS- | M] () -- C:\Users\Cat\NTUSER.DAT
[2010/10/11 22:01:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/08 18:48:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/08 14:43:09 | 000,870,072 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/10/08 14:43:09 | 000,238,904 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/10/08 14:43:09 | 000,177,192 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/10/08 14:36:35 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/08 14:36:14 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/08 14:36:14 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/08 14:36:13 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/10/08 14:36:08 | 3082,809,344 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/08 14:34:34 | 000,524,288 | -HS- | M] () -- C:\Users\Cat\NTUSER.DAT{1988a1ce-ce53-11df-9e37-001e33de5114}.TMContainer00000000000000000001.regtrans-ms
[2010/10/08 14:34:34 | 000,065,536 | -HS- | M] () -- C:\Users\Cat\NTUSER.DAT{1988a1ce-ce53-11df-9e37-001e33de5114}.TM.blf
[2010/10/07 00:44:12 | 000,001,767 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/10/07 00:43:20 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Users\Cat\Desktop\OTL.exe
[2010/10/06 23:43:13 | 000,080,384 | ---- | M] () -- C:\Users\Cat\Desktop\MBRCheck.exe
[2010/10/06 23:37:17 | 000,082,736 | ---- | M] () -- C:\Users\Cat\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/10/06 23:29:57 | 457,644,299 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/10/06 23:29:48 | 000,325,152 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/10/06 21:44:04 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01007.Wdf
[2010/10/06 19:35:15 | 000,000,859 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/06 18:09:40 | 095,473,018 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2010/10/06 16:04:13 | 000,000,286 | ---- | M] () -- C:\Windows\tasks\Regwork.job
[2010/10/06 15:35:59 | 000,000,629 | ---- | M] () -- C:\Windows\SysNative\mapisvc.inf
[2010/10/06 15:34:19 | 000,001,866 | ---- | M] () -- C:\Users\Cat\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/10/06 15:02:46 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
[2010/10/06 14:55:05 | 000,000,871 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2010/10/06 14:55:03 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2010/10/06 14:36:40 | 000,007,438 | ---- | M] () -- C:\ProgramData\N360BUOptions.ini
[2010/10/06 14:30:23 | 004,283,672 | ---- | M] (AVG Technologies) -- C:\Users\Cat\Desktop\avg_free_stb_all_2011_1120_cnet.exe
[2010/10/02 14:34:39 | 000,524,288 | -HS- | M] () -- C:\Users\Cat\NTUSER.DAT{1988a1ce-ce53-11df-9e37-001e33de5114}.TMContainer00000000000000000002.regtrans-ms
[2010/10/01 18:06:12 | 000,524,288 | -HS- | M] () -- C:\Users\Cat\NTUSER.DAT{7bddbd4a-cda4-11df-b71c-001e33de5114}.TMContainer00000000000000000001.regtrans-ms
[2010/10/01 18:06:12 | 000,065,536 | -HS- | M] () -- C:\Users\Cat\NTUSER.DAT{7bddbd4a-cda4-11df-b71c-001e33de5114}.TM.blf
[2010/10/01 17:57:09 | 000,000,732 | ---- | M] () -- C:\Users\Cat\AppData\Local\d3d9caps64.dat
[2010/10/01 17:41:17 | 000,524,288 | -HS- | M] () -- C:\Users\Cat\NTUSER.DAT{7bddbd4a-cda4-11df-b71c-001e33de5114}.TMContainer00000000000000000002.regtrans-ms
[2010/09/30 21:50:37 | 000,524,288 | -HS- | M] () -- C:\Users\Cat\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2010/09/30 21:50:37 | 000,065,536 | -HS- | M] () -- C:\Users\Cat\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2010/09/30 14:48:57 | 000,002,036 | ---- | M] () -- C:\Users\Cat\Desktop\Google Chrome.lnk
[2010/09/30 11:12:50 | 000,525,824 | ---- | M] () -- C:\Users\Cat\Desktop\dds.scr
[2010/09/26 23:20:19 | 000,419,434 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010/09/26 20:45:51 | 000,004,479 | ---- | M] () -- C:\Windows\wininit.ini
[2010/09/26 20:21:10 | 000,419,434 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20100926-232019.backup
[2010/09/26 20:14:08 | 000,001,132 | ---- | M] () -- C:\Users\Cat\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/09/26 20:14:08 | 000,001,108 | ---- | M] () -- C:\Users\Cat\Desktop\Spybot - Search & Destroy.lnk
[2010/09/21 18:09:38 | 000,001,521 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Manager.lnk
[2010/09/13 16:27:46 | 000,027,216 | ---- | M] () -- C:\Windows\SysNative\drivers\AVGIDSEH.sys
[2010/09/10 23:41:40 | 000,362,784 | ---- | M] () -- C:\Windows\SysNative\guard64.dll
[2010/09/10 23:40:34 | 000,020,864 | ---- | M] () -- C:\Windows\SysNative\drivers\cmderd.sys
[2010/09/07 03:48:58 | 000,381,008 | ---- | M] () -- C:\Windows\SysNative\drivers\avgtdia.sys
[2010/09/07 03:48:56 | 000,041,040 | ---- | M] () -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2010/09/07 03:48:52 | 000,305,232 | ---- | M] () -- C:\Windows\SysNative\drivers\avgldx64.sys
[2010/09/07 03:48:50 | 000,030,288 | ---- | M] () -- C:\Windows\SysNative\drivers\avgrkx64.sys
[2010/08/29 15:15:39 | 010,348,231 | ---- | M] () -- C:\Users\Cat\20 min workout.zip
[2010/08/29 14:13:30 | 000,012,288 | ---- | M] () -- C:\Users\Cat\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/23 20:53:50 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_netaapl64_01009.Wdf
[2010/08/23 20:53:45 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2010/08/19 21:42:38 | 000,035,920 | ---- | M] () -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys
[2010/08/19 21:42:36 | 000,133,712 | ---- | M] () -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys
[2010/08/12 12:23:57 | 000,381,019 | ---- | M] () -- C:\Users\Cat\Documents\Rental_Application[1].pdf
[2010/07/30 14:51:32 | 000,001,804 | ---- | M] () -- C:\Users\Cat\Desktop\iTunes.lnk
[2010/07/27 07:27:10 | 000,000,680 | ---- | M] () -- C:\Users\Cat\AppData\Local\d3d9caps.dat
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/08 14:36:08 | 3082,809,344 | -HS- | C] () -- C:\hiberfil.sys
[2010/10/07 00:44:12 | 000,001,767 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/10/07 00:37:44 | 004,398,360 | ---- | C] () -- C:\Windows\SysNative\d3dx9_32.dll
[2010/10/06 23:43:13 | 000,080,384 | ---- | C] () -- C:\Users\Cat\Desktop\MBRCheck.exe
[2010/10/06 23:29:05 | 457,644,299 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/10/06 21:44:04 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01007.Wdf
[2010/10/06 19:35:15 | 000,000,859 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/06 19:35:10 | 000,024,664 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2010/10/06 18:09:40 | 095,473,018 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2010/10/06 15:02:46 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
[2010/10/06 14:55:05 | 000,000,871 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2010/10/06 14:55:03 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2010/10/06 14:36:40 | 000,007,438 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2010/10/06 11:25:59 | 000,525,824 | ---- | C] () -- C:\Users\Cat\Desktop\dds.scr
[2010/10/02 14:31:21 | 000,524,288 | -HS- | C] () -- C:\Users\Cat\NTUSER.DAT{1988a1ce-ce53-11df-9e37-001e33de5114}.TMContainer00000000000000000002.regtrans-ms
[2010/10/02 14:31:21 | 000,524,288 | -HS- | C] () -- C:\Users\Cat\NTUSER.DAT{1988a1ce-ce53-11df-9e37-001e33de5114}.TMContainer00000000000000000001.regtrans-ms
[2010/10/02 14:31:21 | 000,065,536 | -HS- | C] () -- C:\Users\Cat\NTUSER.DAT{1988a1ce-ce53-11df-9e37-001e33de5114}.TM.blf
[2010/10/01 18:06:04 | 000,001,711 | ---- | C] () -- C:\Users\Cat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
[2010/10/01 18:06:04 | 000,001,521 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Manager.lnk
[2010/10/01 17:41:17 | 000,524,288 | -HS- | C] () -- C:\Users\Cat\NTUSER.DAT{7bddbd4a-cda4-11df-b71c-001e33de5114}.TMContainer00000000000000000002.regtrans-ms
[2010/10/01 17:41:17 | 000,524,288 | -HS- | C] () -- C:\Users\Cat\NTUSER.DAT{7bddbd4a-cda4-11df-b71c-001e33de5114}.TMContainer00000000000000000001.regtrans-ms
[2010/10/01 17:41:17 | 000,065,536 | -HS- | C] () -- C:\Users\Cat\NTUSER.DAT{7bddbd4a-cda4-11df-b71c-001e33de5114}.TM.blf
[2010/09/30 19:06:48 | 000,841,216 | ---- | C] () -- C:\Windows\SysNative\WindowsCodecs.dll
[2010/09/30 19:06:48 | 000,470,016 | ---- | C] () -- C:\Windows\SysNative\PhotoMetadataHandler.dll
[2010/09/30 19:06:48 | 000,386,560 | ---- | C] () -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2010/09/30 19:06:07 | 000,176,640 | ---- | C] () -- C:\Windows\SysNative\Faultrep.dll
[2010/09/30 19:06:06 | 000,120,832 | ---- | C] () -- C:\Windows\SysNative\wersvc.dll
[2010/09/30 19:05:48 | 000,648,704 | ---- | C] () -- C:\Windows\SysNative\netapi32.dll
[2010/09/30 18:59:52 | 002,621,440 | ---- | C] () -- C:\Windows\SysNative\wucltux.dll
[2010/09/30 18:59:52 | 002,424,024 | ---- | C] () -- C:\Windows\SysNative\wuaueng.dll
[2010/09/30 18:59:52 | 000,057,560 | ---- | C] () -- C:\Windows\SysNative\wuauclt.exe
[2010/09/30 18:59:52 | 000,043,744 | ---- | C] () -- C:\Windows\SysNative\wups2.dll
[2010/09/30 18:59:30 | 000,185,416 | ---- | C] () -- C:\Windows\SysNative\wuwebv.dll
[2010/09/30 18:59:30 | 000,036,864 | ---- | C] () -- C:\Windows\SysNative\wuapp.exe
[2010/09/27 06:49:14 | 002,608,803 | ---- | C] () -- C:\Windows\SysNative\wlan.tmf
[2010/09/27 06:49:14 | 000,376,832 | ---- | C] () -- C:\Windows\SysNative\wlansec.dll
[2010/09/27 06:49:14 | 000,353,280 | ---- | C] () -- C:\Windows\SysNative\wlanmsm.dll
[2010/09/27 06:49:14 | 000,157,184 | ---- | C] () -- C:\Windows\SysNative\L2SecHC.dll
[2010/09/27 06:49:13 | 000,615,936 | ---- | C] () -- C:\Windows\SysNative\wlansvc.dll
[2010/09/27 06:49:13 | 000,097,792 | ---- | C] () -- C:\Windows\SysNative\wlanhlp.dll
[2010/09/27 06:49:13 | 000,086,528 | ---- | C] () -- C:\Windows\SysNative\wlanapi.dll
[2010/09/26 23:58:55 | 000,174,592 | ---- | C] () -- C:\Windows\SysNative\drivers\srv2.sys
[2010/09/26 20:45:30 | 000,004,479 | ---- | C] () -- C:\Windows\wininit.ini
[2010/09/26 20:14:08 | 000,001,132 | ---- | C] () -- C:\Users\Cat\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/09/26 20:14:08 | 000,001,108 | ---- | C] () -- C:\Users\Cat\Desktop\Spybot - Search & Destroy.lnk
[2010/09/21 18:10:37 | 000,031,744 | ---- | C] () -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys
[2010/09/13 16:27:46 | 000,027,216 | ---- | C] () -- C:\Windows\SysNative\drivers\AVGIDSEH.sys
[2010/09/10 23:41:40 | 000,362,784 | ---- | C] () -- C:\Windows\SysNative\guard64.dll
[2010/09/10 23:40:38 | 000,088,304 | ---- | C] () -- C:\Windows\SysNative\drivers\inspect.sys
[2010/09/10 23:40:36 | 000,033,208 | ---- | C] () -- C:\Windows\SysNative\drivers\cmdhlp.sys
[2010/09/10 23:40:34 | 000,249,496 | ---- | C] () -- C:\Windows\SysNative\drivers\cmdGuard.sys
[2010/09/10 23:40:34 | 000,020,864 | ---- | C] () -- C:\Windows\SysNative\drivers\cmderd.sys
[2010/09/07 03:48:58 | 000,381,008 | ---- | C] () -- C:\Windows\SysNative\drivers\avgtdia.sys
[2010/09/07 03:48:56 | 000,041,040 | ---- | C] () -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2010/09/07 03:48:52 | 000,305,232 | ---- | C] () -- C:\Windows\SysNative\drivers\avgldx64.sys
[2010/09/07 03:48:50 | 000,030,288 | ---- | C] () -- C:\Windows\SysNative\drivers\avgrkx64.sys
[2010/08/29 15:17:17 | 010,348,231 | ---- | C] () -- C:\Users\Cat\20 min workout.zip
[2010/08/23 20:53:50 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_netaapl64_01009.Wdf
[2010/08/23 20:53:45 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2010/08/23 20:53:24 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
[2010/08/23 20:53:20 | 000,654,928 | ---- | C] () -- C:\Windows\SysNative\drivers\Wdf01000.sys
[2010/08/23 20:53:20 | 000,042,064 | ---- | C] () -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2010/08/19 21:42:38 | 000,035,920 | ---- | C] () -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys
[2010/08/19 21:42:36 | 000,133,712 | ---- | C] () -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys
[2010/08/12 12:23:57 | 000,381,019 | ---- | C] () -- C:\Users\Cat\Documents\Rental_Application[1].pdf
[2010/07/30 14:51:32 | 000,001,804 | ---- | C] () -- C:\Users\Cat\Desktop\iTunes.lnk
[2010/07/27 07:27:10 | 000,000,680 | ---- | C] () -- C:\Users\Cat\AppData\Local\d3d9caps.dat
[2010/07/23 04:29:04 | 000,000,629 | ---- | C] () -- C:\Windows\SysNative\mapisvc.inf
[2010/04/12 09:30:09 | 000,031,049 | ---- | C] () -- C:\Users\Cat\AppData\Roaming\UserTile.png
[2010/04/11 11:51:36 | 000,000,000 | ---- | C] () -- C:\Users\Cat\AppData\Roaming\wklnhst.dat
[2010/02/23 22:13:12 | 000,763,832 | ---- | C] () -- C:\Windows\BDTSupport.dll.old
[2010/02/23 22:10:55 | 000,423,058 | ---- | C] () -- C:\Users\Cat\AppData\Local\dd_vcredistMSI7275.txt
[2010/02/23 22:10:54 | 000,010,610 | ---- | C] () -- C:\Users\Cat\AppData\Local\dd_vcredistUI7279.txt
[2010/02/23 22:10:53 | 000,011,358 | ---- | C] () -- C:\Users\Cat\AppData\Local\dd_vcredistUI7275.txt
[2009/10/04 15:49:18 | 000,012,288 | ---- | C] () -- C:\Users\Cat\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/02 07:21:49 | 000,131,072 | ---- | C] () -- C:\Windows\SysWow64\EnumDevLib.dll
[2009/10/02 07:19:48 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll
[2009/10/02 07:19:48 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll
[2009/10/02 07:19:48 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll
[2009/10/02 07:19:48 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll
[2009/10/02 07:19:48 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll
[2009/10/02 07:19:48 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll
[2009/10/02 07:03:56 | 000,128,113 | ---- | C] () -- C:\Windows\SysWow64\csellang.ini
[2009/10/02 07:03:56 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\csellang.dll
[2009/10/02 07:03:56 | 000,007,671 | ---- | C] () -- C:\Windows\SysWow64\cseltbl.ini
[2009/10/02 07:01:27 | 000,000,732 | ---- | C] () -- C:\Users\Cat\AppData\Local\d3d9caps64.dat
[2008/07/10 21:53:00 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 22:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/10/06 14:58:17 | 000,000,000 | ---D | M] -- C:\Users\Cat\AppData\Roaming\AVG10
[2009/12/07 10:51:45 | 000,000,000 | ---D | M] -- C:\Users\Cat\AppData\Roaming\Coby
[2009/12/07 11:30:02 | 000,000,000 | ---D | M] -- C:\Users\Cat\AppData\Roaming\Coby Media Manager
[2010/03/03 14:00:29 | 000,000,000 | ---D | M] -- C:\Users\Cat\AppData\Roaming\Facebook
[2010/10/11 22:02:08 | 000,000,000 | ---D | M] -- C:\Users\Cat\AppData\Roaming\LimeWire
[2010/02/20 01:22:41 | 000,000,000 | ---D | M] -- C:\Users\Cat\AppData\Roaming\PlayFirst
[2010/09/23 11:36:02 | 000,000,000 | ---D | M] -- C:\Users\Cat\AppData\Roaming\Research In Motion
[2010/04/11 11:51:38 | 000,000,000 | ---D | M] -- C:\Users\Cat\AppData\Roaming\Template
[2009/10/07 16:44:09 | 000,000,000 | ---D | M] -- C:\Users\Cat\AppData\Roaming\toshiba
[2010/05/29 16:18:39 | 000,000,000 | ---D | M] -- C:\Users\Cat\AppData\Roaming\Ulead Systems
[2010/04/01 12:47:49 | 000,000,000 | ---D | M] -- C:\Users\Cat\AppData\Roaming\Valusoft
[2010/02/05 20:02:12 | 000,000,000 | ---D | M] -- C:\Users\Cat\AppData\Roaming\WildTangent
[2010/04/07 00:25:22 | 000,000,000 | ---D | M] -- C:\Users\Cat\AppData\Roaming\World-Loom
[2010/10/06 16:04:13 | 000,000,286 | ---- | M] () -- C:\Windows\Tasks\Regwork.job
[2010/10/07 12:21:55 | 000,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2008/01/20 22:50:15 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2008/07/10 21:53:08 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2010/10/08 14:36:08 | 3082,809,344 | -HS- | M] () -- C:\hiberfil.sys
[2006/12/02 00:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2010/10/08 14:36:06 | 3396,538,368 | -HS- | M] () -- C:\pagefile.sys
[2010/10/06 19:34:11 | 000,058,268 | ---- | M] () -- C:\TDSSKiller.2.4.4.0_06.10.2010_19.33.25_log.txt

< %systemroot%\Fonts\*.com >
[2006/11/02 11:06:41 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 11:06:41 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 11:06:41 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 11:06:41 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 17:35:48 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/20 23:21:59 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/10/07 16:45:09 | 000,000,574 | -HS- | M] () -- C:\Users\Cat\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2010/10/06 14:30:23 | 004,283,672 | ---- | M] (AVG Technologies) -- C:\Users\Cat\Desktop\avg_free_stb_all_2011_1120_cnet.exe
[2010/10/06 23:43:13 | 000,080,384 | ---- | M] () -- C:\Users\Cat\Desktop\MBRCheck.exe
[2010/10/07 00:43:20 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Users\Cat\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >
[2010/03/06 03:38:50 | 002,110,728 | ---- | M] (Facebook, Inc.) -- C:\Users\Cat\Install_Facebook_Plug-In_1.0.3.exe

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/10/02 21:20:46 | 000,000,402 | -HS- | M] () -- C:\Users\Cat\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/10/06 14:36:40 | 000,007,438 | ---- | M] () -- C:\ProgramData\N360BUOptions.ini

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

juddson · 2010/10/11

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >
[2009/07/10 00:05:02 | 000,585,728 | ---- | M] (Research In Motion Limited) -- C:\Windows\Installer\BBMediaSyncUninstall.exe
[10 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMPFC5A2B2
< End of report >

OTL Extras logfile created on: 11/10/2010 10:09:20 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Cat\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 51.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 214.29 Gb Total Space | 133.91 Gb Free Space | 62.49% Space Free | Partition Type: NTFS
Drive D: | 8.65 Gb Total Space | 8.57 Gb Free Space | 99.07% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CAT-PC
Current User Name: Cat
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l ()
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1 ",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{013B4327-FA1B-4FBB-AAF6-1406244BA4F6}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |
"{08D6D829-C523-42D3-8782-6670398EECCF}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |
"{24127380-7862-486F-BE7F-31A1DAEF7BC2}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{2468D94E-BDE9-4ABD-A45B-C1FDD5048920}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{488DA28B-7756-45F1-B827-CBE7EA2B4A41}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |
"{48A16877-9D55-4952-8972-9E4AF55D90CE}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{49B124ED-195D-4612-BCFA-C7725B446DA8}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |
"{4DC4BE21-C41E-43FF-956E-1C5001052277}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{4FE94749-0907-47BD-9CE3-BB7B4492CD9A}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{7EBBCDDA-34D0-4652-9909-F87CACFC4ACA}" = protocol=6 | dir=in | app=c:\program files (x86)\360share pro\jre\bin\javaw.exe |
"{8C4147BC-19FB-4BC8-B500-CC7B8F614AB7}" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"{9A594AF5-D5F9-41D3-BB19-54B2FBA94F0E}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{9D0AE4E4-ADA3-474A-82C0-82EC01E383B6}" = protocol=17 | dir=in | app=c:\program files (x86)\360share pro\jre\bin\javaw.exe |
"{AF8E836D-A74E-4142-869B-BBE12EA774A6}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |
"{B0F149B8-A020-4C47-A17B-7404EBC9CA36}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{B32466E9-4975-4303-B79C-FA99C7F74B26}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |
"{EA942BFE-73E2-4AE4-AA86-C45AED343D05}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{F89F150D-05BC-48DC-9B3E-98E0843A74A4}" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"TCP Query User{0CB89F01-2F57-4278-8168-2C32C089B2AD}C:\program files (x86)\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"TCP Query User{C922792F-026E-4677-A993-6ADA2C943EAD}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"TCP Query User{DF3DDEFA-C966-4E58-A0D5-7C7BD2E8C855}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{4709DBF4-E173-443D-91E5-083FE5BD545D}C:\program files (x86)\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"UDP Query User{5CCE41E9-7135-489B-A732-ECB4AB2F1A5E}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{8EB4C7E5-0495-4519-A35C-73DBD7E4B81E}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{23B45E10-0CA5-43E9-BD6D-C2BD6CBE11AC}" = iTunes
"{328CC232-CFDC-468B-A214-2E21300E4CB5}" = Apple Mobile Device Support
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{6DA2E7DC-BC1E-4595-83A9-99BAD907AA1C}" = AVG 2011
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{A019FB54-F9D4-42BE-937D-5A4B9A36428D}" = AVG 2011
"{A336F8B0-7ADD-48E8-98A2-296040C1EC3F}" = MobileMe Control Panel
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security
"AVG" = AVG 2011
"D27D7E9318CFA89EDDE8D448B507A8EB725F5A52" = Windows Driver Package - TOSHIBA (FwLnk) System (11/19/2006 1.0.0.3)
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{02CA24DD-C8B0-4280-BE53-7862869C2EB1}" = Realtek WiFi Protected Setup Library
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}" = Adobe Flash Player 10 Plugin
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = TOSHIBA Assist
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{2E8131B2-8DAF-41E2-B954-18FD5DEF0B54}" = BlackBerry Desktop Software 5.0.1
"{2F9EEAFC-F952-4771-9AD3-23F724D7FDFE}" = Coby Media Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{4C3F3228-13BE-41D0-A782-3DDE7CB2479A}" = CD/DVD Drive Acoustic Silencer
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}" = BlackBerry® Media Sync
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{895722FE-25FE-4854-95AC-B0C42F9DBEDA}" = Realtek WLAN driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"BlackBerry_{2E8131B2-8DAF-41E2-B954-18FD5DEF0B54}" = BlackBerry Desktop Software 5.0.1
"DivX Setup.divx.com" = DivX Setup
"EADM" = EA Download Manager
"Google Chrome" = Google Chrome
"Graboid Video" = Graboid Video 1.73
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"LimeWire" = LimeWire 5.3.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"OnlinePlay" = OnlinePlay 1.0
"VLC media player" = VLC media player 1.0.1
"WildTangent toshiba Master Uninstall" = WildTangent Games
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WT085532" = Fix-it-up 2

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"WeatherEye" = WeatherEye

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 08/10/2010 3:20:41 AM | Computer Name = Cat-PC | Source = Microsoft-Windows-CAPI2 | ID = 131329
Description =

Error - 08/10/2010 3:20:41 AM | Computer Name = Cat-PC | Source = Microsoft-Windows-CAPI2 | ID = 131328
Description =

Error - 08/10/2010 3:20:51 AM | Computer Name = Cat-PC | Source = ESENT | ID = 489
Description = Catalog Database (832) Catalog Database: An attempt to open the file
"C:\Windows\system32\CatRoot2\edb.log" for read only access failed with system
error 5 (0x00000005): "Access is denied. ". The open file operation will fail with
error -1032 (0xfffffbf8).

Error - 08/10/2010 3:20:51 AM | Computer Name = Cat-PC | Source = ESENT | ID = 455
Description = Catalog Database (832) Catalog Database: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\Windows\system32\CatRoot2\edb.log.

Error - 08/10/2010 3:21:01 AM | Computer Name = Cat-PC | Source = ESENT | ID = 489
Description = Catalog Database (832) Catalog Database: An attempt to open the file
"C:\Windows\system32\CatRoot2\edb.log" for read only access failed with system
error 5 (0x00000005): "Access is denied. ". The open file operation will fail with
error -1032 (0xfffffbf8).

Error - 08/10/2010 3:21:01 AM | Computer Name = Cat-PC | Source = ESENT | ID = 455
Description = Catalog Database (832) Catalog Database: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\Windows\system32\CatRoot2\edb.log.

Error - 08/10/2010 3:21:01 AM | Computer Name = Cat-PC | Source = Microsoft-Windows-CAPI2 | ID = 131329
Description =

Error - 08/10/2010 3:21:01 AM | Computer Name = Cat-PC | Source = Microsoft-Windows-CAPI2 | ID = 131328
Description =

Error - 08/10/2010 3:21:11 AM | Computer Name = Cat-PC | Source = ESENT | ID = 489
Description = Catalog Database (832) Catalog Database: An attempt to open the file
"C:\Windows\system32\CatRoot2\edb.log" for read only access failed with system
error 5 (0x00000005): "Access is denied. ". The open file operation will fail with
error -1032 (0xfffffbf8).

Error - 08/10/2010 3:21:11 AM | Computer Name = Cat-PC | Source = ESENT | ID = 455
Description = Catalog Database (832) Catalog Database: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\Windows\system32\CatRoot2\edb.log.

[ Media Center Events ]
Error - 29/12/2009 4:29:57 PM | Computer Name = Cat-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 23/02/2010 8:17:42 PM | Computer Name = Cat-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 23/02/2010 10:05:41 PM | Computer Name = Cat-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 23/02/2010 10:06:11 PM | Computer Name = Cat-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 23/02/2010 10:07:18 PM | Computer Name = Cat-PC | Source = HTTP | ID = 15016
Description =

Error - 23/02/2010 10:08:54 PM | Computer Name = Cat-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 23/02/2010 10:26:47 PM | Computer Name = Cat-PC | Source = DCOM | ID = 10010
Description =

Error - 24/02/2010 11:20:09 AM | Computer Name = Cat-PC | Source = HTTP | ID = 15016
Description =

Error - 24/02/2010 11:21:45 AM | Computer Name = Cat-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 01/03/2010 5:19:44 PM | Computer Name = Cat-PC | Source = HTTP | ID = 15016
Description =

Error - 01/03/2010 5:21:19 PM | Computer Name = Cat-PC | Source = Service Control Manager | ID = 7009
Description =

< End of report >

broni · 2010/10/11

Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

===============================================================

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
O4 - HKLM..\Run: [cfFncEnabler.exe] File not found
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKCU..\Run: [TOSCDSPD] File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe File not found
O16 - DPF: {5334504D-0000-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/mpg4sax.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O33 - MountPoints2\{77a3fba8-b024-11de-86cd-806e6f6e6963}\Shell - " " = AutoRun
O33 - MountPoints2\{77a3fba8-b024-11de-86cd-806e6f6e6963}\Shell\AutoRun\command - " " = E:\start.exe -- File not found
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:DFC5A2B2

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
===============================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

IMPORTANT! UN-check Remove found threats

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, push List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

juddson · 2010/10/11

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\cfFncEnabler.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NDSTray.exe deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\TOSCDSPD deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\WMPNSCFG deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{85d1f590-48f4-11d9-9669-0800200c9a66}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85d1f590-48f4-11d9-9669-0800200c9a66}\ not found.
Starting removal of ActiveX control {5334504D-0000-0010-8000-00AA00389B71}
C:\Windows\Downloaded Program Files\mpg4sax.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{5334504D-0000-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5334504D-0000-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5334504D-0000-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5334504D-0000-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{314111c7-a502-11d2-bbca-00c04f8ec294}\ not found.
File {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-itss\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A9007C0-4076-11D3-8789-0000F8105754}\ not found.
File {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77a3fba8-b024-11de-86cd-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77a3fba8-b024-11de-86cd-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77a3fba8-b024-11de-86cd-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77a3fba8-b024-11de-86cd-806e6f6e6963}\ not found.
File E:\start.exe not found.
File delete failed. C:\Windows\SysNative\SETE600.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\SysNative\SETE661.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\SysNative\SETEF50.tmp scheduled to be deleted on reboot.
C:\Windows\msdownld.tmp folder deleted successfully.
ADS C:\ProgramData\TEMP:A8ADE5D8 deleted successfully.
ADS C:\ProgramData\TEMP:430C6D84 deleted successfully.
ADS C:\ProgramData\TEMPFC5A2B2 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Cat
->Temp folder emptied: 13366992 bytes
->Temporary Internet Files folder emptied: 689407893 bytes
->Java cache emptied: 1676494 bytes
->Google Chrome cache emptied: 6736395 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 139102 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 726528 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 81420 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 115911313 bytes

Total Files Cleaned = 790.00 mb

[EMPTYFLASH]

User: All Users

User: Cat
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.14.1 log created on 10112010_233154

Files\Folders moved on Reboot...
File move failed. C:\Windows\SysNative\SETE600.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\SETE661.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\SETEF50.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UMTEMYCJ\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RRW31JTX\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GM7COSYE\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BZTA37AD\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot.

Registry entries deleted on Reboot...

juddson · 2010/10/11

Results of screen317's Security Check version 0.99.5
Windows Vista (UAC is enabled)
Out of date service pack!!
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Antivirus out of date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 21
Adobe Flash Player 10.0.32.18
Adobe Reader 8.1.2
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgtray.exe
Comodo Firewall cmdagent.exe
Comodo Firewall cfp.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

Log in or Sign up

Inactive Computer freezes after removing spyware

juddson Inactive Thread Starter

Admin. Administrator Administrator Staff

Admin. Administrator Administrator Staff

juddson Inactive Thread Starter

Admin. Administrator Administrator Staff

juddson Inactive Thread Starter

broni Moderator Malware Analyst

juddson Inactive Thread Starter

juddson Inactive Thread Starter

juddson Inactive Thread Starter

broni Moderator Malware Analyst

juddson Inactive Thread Starter

broni Moderator Malware Analyst

juddson Inactive Thread Starter

juddson Inactive Thread Starter

juddson Inactive Thread Starter

juddson Inactive Thread Starter

broni Moderator Malware Analyst

juddson Inactive Thread Starter

juddson Inactive Thread Starter

Share This Page

Log in or Sign up

Inactive Computer freezes after removing spyware

juddson Inactive Thread Starter

Admin. Administrator Administrator Staff

Admin. Administrator Administrator Staff

juddson Inactive Thread Starter

Admin. Administrator Administrator Staff

juddson Inactive Thread Starter

broni Moderator Malware Analyst

juddson Inactive Thread Starter

juddson Inactive Thread Starter

juddson Inactive Thread Starter

broni Moderator Malware Analyst

juddson Inactive Thread Starter

broni Moderator Malware Analyst

juddson Inactive Thread Starter

juddson Inactive Thread Starter

juddson Inactive Thread Starter

juddson Inactive Thread Starter

broni Moderator Malware Analyst

juddson Inactive Thread Starter

juddson Inactive Thread Starter

Share This Page

Useful Searches