Jump to content


Photo
- - - - -

Windows hot process error?


  • This topic is locked This topic is locked
18 replies to this topic

#1 wormit

wormit

    Enthusiast

  • Members
  • PipPipPipPip
  • 138 posts

Posted 10 August 2012 - 08:41 PM

I've been getting this error saying windows hot process has stopped working and then the computer freezes and i have to start the computer again.
Please help!!

#2 wormit

wormit

    Enthusiast

  • Members
  • PipPipPipPip
  • 138 posts

Posted 10 August 2012 - 09:07 PM

HJT done in safe mode with networking. I downloaded something called drop box which is when i think this error started. I uninstalled it today but the error seems to have worsened. Then it froze after i watched a clip on youtube and then the other times were when i was on yahoo messenger

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:54:33 PM, on 11/08/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Erandi\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\CleanUp!\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4128.1656\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_82E8758A37DCD509.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\CleanUp!\getflash.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [Flashget] "C:\Program Files\CleanUp!\FlashGet.exe" /min
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall\feedback.exe" /dump:os_startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\CleanUp!\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\CleanUp!\jc_link.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\CleanUp!\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\CleanUp!\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx...owserPlugin.cab
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.ad...Plus/1.6/gp.cab
O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} (CAScanner Control) - http://cainternetsec...r/cascanner.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: c:\PROGRA~1\Agnitum\OUTPOS~1\wl_hook.dll c:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
O20 - Winlogon Notify: !SASWinLogon - Invalid registry found
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 10236 bytes

#3 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 11 August 2012 - 08:38 AM

Download OTL.exe by OldTimer to your Desktop.
  • Right click on OTL.exe and choose to "Run as Administrator"
  • Click Run Scan and let the program run uninterrupted.
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#4 wormit

wormit

    Enthusiast

  • Members
  • PipPipPipPip
  • 138 posts

Posted 11 August 2012 - 05:20 PM

OTL.txt

OTL logfile created on: 12/08/2012 8:38:06 AM - Run 3
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\User\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1.87 Gb Total Physical Memory | 0.75 Gb Available Physical Memory | 39.87% Memory free
3.98 Gb Paging File | 2.78 Gb Available in Paging File | 69.92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.06 Gb Total Space | 209.80 Gb Free Space | 72.83% Space Free | Partition Type: NTFS

Computer Name: NONONO-PC | User Name: User| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/12 08:22:12 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
PRC - [2012/07/18 18:05:10 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012/07/18 18:05:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/07/18 18:04:50 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/07/18 18:04:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/11/23 23:05:44 | 006,497,592 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2011/08/12 10:50:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2009/04/11 15:57:48 | 000,182,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\osk.exe
PRC - [2009/04/11 15:57:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/07/19 00:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/06/02 17:26:48 | 000,505,720 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2008/05/09 15:49:30 | 000,716,800 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2008/05/08 14:11:58 | 004,787,712 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
PRC - [2008/04/29 14:33:28 | 000,417,792 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
PRC - [2008/04/25 05:33:12 | 000,430,080 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2008/04/24 22:35:46 | 000,073,728 | ---- | M] (Toshiba) -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
PRC - [2008/04/17 16:51:24 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2008/04/17 16:49:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2008/04/17 16:49:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2008/04/08 16:44:50 | 006,037,504 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/02/06 17:52:52 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2008/02/06 17:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2008/01/11 21:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/12/03 21:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
PRC - [2007/11/22 09:53:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2007/09/25 18:59:38 | 002,007,088 | ---- | M] (FlashGet.com) -- C:\Program Files\CleanUp!\flashget.exe
PRC - [2006/10/05 13:40:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/08/23 20:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2002/04/17 14:49:16 | 000,077,824 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
PRC - [2002/04/17 14:42:56 | 000,069,632 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/23 23:05:40 | 000,921,600 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2011/11/23 23:05:26 | 000,078,336 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\pcre.dll
MOD - [2009/08/16 21:06:02 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008/05/08 14:11:58 | 004,787,712 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
MOD - [2008/03/06 14:14:54 | 005,121,912 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
MOD - [2007/12/25 16:03:40 | 000,015,184 | ---- | M] () -- C:\Program Files\TOSHIBA\PCDiag\NotifyPCD.dll
MOD - [2007/12/15 01:40:00 | 000,090,112 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll
MOD - [2007/09/11 20:51:34 | 001,327,184 | ---- | M] () -- C:\Program Files\CleanUp!\FGEMCORE.dll
MOD - [2007/09/11 20:51:34 | 000,626,688 | ---- | M] () -- C:\Program Files\CleanUp!\FGBTCORE.dll
MOD - [2006/11/02 19:16:12 | 000,028,672 | ---- | M] () -- C:\Windows\System32\perfos.dll
MOD - [2006/10/11 04:14:16 | 000,009,728 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
MOD - [2006/10/08 04:27:04 | 000,053,248 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
MOD - [2002/04/17 14:49:22 | 000,024,576 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnfps.dll
MOD - [2002/04/17 14:49:16 | 000,077,824 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2012/08/03 14:29:38 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/18 18:05:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/07/18 18:04:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/08/12 10:50:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2009/04/28 10:06:06 | 001,195,008 | ---- | M] (Agnitum Ltd.) [Auto | Running] -- C:\Program Files\Agnitum\Outpost Firewall\acs.exe -- (acssrv)
SRV - [2008/07/19 00:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/04/24 22:35:46 | 000,073,728 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV - [2008/04/17 16:49:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/02/06 17:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2008/01/21 11:53:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/11 21:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/12/03 21:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/22 09:53:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2006/10/05 13:40:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 20:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\User\AppData\Local\Temp\cpuz134\cpuz134_x32.sys -- (cpuz134)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\User\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/07/18 18:05:10 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/07/18 18:05:10 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012/07/18 18:05:10 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/01/06 17:41:23 | 000,077,004 | ---- | M] (Oak Technology Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AFS.SYS -- (AFS)
DRV - [2009/06/30 09:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\pavboot.sys -- (pavboot)
DRV - [2009/04/06 11:37:12 | 000,704,384 | ---- | M] (Agnitum Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\SandBox.sys -- (SandBox)
DRV - [2009/02/18 17:27:54 | 000,029,208 | ---- | M] (Agnitum Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\afw.sys -- (afw)
DRV - [2009/02/10 16:12:48 | 000,307,224 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afwcore.sys -- (afwcore)
DRV - [2008/07/18 22:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2008/04/28 07:59:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008/04/15 11:35:08 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/12/17 15:45:20 | 000,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007/12/15 04:23:24 | 000,024,200 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2007/11/09 18:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2006/11/28 16:41:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/21 06:41:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2004/05/12 18:46:56 | 000,542,893 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\torususb.sys -- (TaurusUsb)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {87394793-8317-426A-A380-443282519A7D}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{87394793-8317-426A-A380-443282519A7D}: "URL" = http://www.google.co...ie7&rlz=1I7TSHN

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\..\SearchScopes,DefaultScope = {87394793-8317-426A-A380-443282519A7D}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:466...q={searchTerms}
IE - HKCU\..\SearchScopes\{87394793-8317-426A-A380-443282519A7D}: "URL" = http://www.google.co...ie7&rlz=1I7TSHN
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



O1 HOSTS File: ([2012/01/19 07:39:28 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\CleanUp!\jccatch.dll (www.flashget.com)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4128.1656\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_82E8758A37DCD509.dll File not found
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\CleanUp!\getflash.dll (www.flashget.com)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll File not found
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [Flashget] C:\Program Files\CleanUp!\FlashGet.exe (FlashGet.com)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall\feedback.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [OutpostMonitor] C:\Program Files\Agnitum\Outpost Firewall\op_mon.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [TOSCDSPD] TOSCDSPD.EXE File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\CleanUp!\JC_ALL.HTM ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\CleanUp!\JC_LINK.HTM ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - Reg Error: Value error. File not found
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\CleanUp!\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\CleanUp!\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe File not found
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe File not found
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoft...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} http://cainternetsec...r/cascanner.cab (CAScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{32675EF0-751A-4CBA-B96D-A4CFD3F78CCD}: DhcpNameServer = 192.168.1.1
O20 - AppInit_DLLs: (c:\PROGRA~1\Agnitum\OUTPOS~1\wl_hook.dll) - c:\Program Files\Agnitum\Outpost Firewall\wl_hook.dll (Agnitum Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - c:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (Reg Error: Key error.) - Reg Error: Key error. File not found
O20 - Winlogon\Notify\igfxcui: DllName - (Reg Error: Key error.) - Reg Error: Key error. File not found
O24 - Desktop WallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 07:13:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/12 08:22:12 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2012/08/12 08:22:02 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/08/12 08:10:59 | 000,000,000 | ---D | C] -- C:\2bc6ff6eb45fa40c2e72a9da
[2012/08/11 16:45:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
[2012/08/11 16:38:09 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Yahoo!
[2012/08/11 16:25:54 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Yahoo! Messenger
[2012/08/11 16:18:44 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Avira
[2012/08/11 16:11:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012/08/11 16:10:46 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012/08/11 16:10:43 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012/08/11 16:10:43 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012/08/11 16:10:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012/08/11 16:10:34 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012/08/11 12:53:05 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\User\Desktop\HijackThis.exe
[2012/08/11 11:56:58 | 000,000,000 | ---D | C] -- C:\30b62bf096ec33a4f3
[2012/08/11 11:25:31 | 000,000,000 | ---D | C] -- C:\4f9917abb87b11c5f3025fb6bb39871d
[2012/08/11 10:00:28 | 000,000,000 | ---D | C] -- C:\a984d1e6e984a9910ad0
[2012/08/10 16:22:45 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\New Folder
[2012/08/10 16:05:33 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Dropbox
[2012/08/10 15:57:10 | 017,798,272 | ---- | C] (Dropbox, Inc.) -- C:\Users\User\Desktop\Dropbox 1.4.12.exe
[2012/08/10 15:41:53 | 000,000,000 | ---D | C] -- C:\89d6130398c774102b17
[2012/08/06 12:55:05 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\New Folder (9)
[2012/08/01 12:06:32 | 000,439,312 | ---- | C] (Yahoo! Inc.) -- C:\Users\User\Desktop\msgr11au.exe
[2012/07/31 19:19:43 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\New Folder (8)
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/12 08:35:01 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/12 08:35:01 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/12 08:33:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/12 08:33:21 | 2009,071,616 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/12 08:33:19 | 313,906,979 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/08/12 08:22:12 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2012/08/12 01:29:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/11 16:45:07 | 000,000,987 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/08/11 16:45:07 | 000,000,963 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2012/08/11 16:42:37 | 017,565,528 | ---- | M] () -- C:\Users\User\Desktop\ymsgr1100_1751_us.exe
[2012/08/11 16:41:25 | 019,373,912 | ---- | M] () -- C:\Users\User\Desktop\ymsgr1150_0192_us.exe
[2012/08/11 16:41:11 | 019,216,216 | ---- | M] () -- C:\Users\User\Desktop\ymsgr1150_0152_us.exe
[2012/08/11 16:16:30 | 004,764,224 | ---- | M] () -- C:\Users\User\Desktop\yahoo_6.0.0.1922.exe
[2012/08/11 16:11:55 | 000,001,858 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/08/11 12:53:05 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\User\Desktop\HijackThis.exe
[2012/08/11 12:42:13 | 000,001,356 | ---- | M] () -- C:\Users\User\AppData\Local\d3d9caps.dat
[2012/08/11 12:15:50 | 000,000,292 | ---- | M] () -- C:\Users\User\Desktop\How to Fix Host process for windows services stopped working and was closed.url
[2012/08/11 11:46:27 | 090,098,552 | ---- | M] () -- C:\Users\User\Desktop\avira_free_antivirus_en.exe
[2012/08/10 15:57:11 | 017,798,272 | ---- | M] (Dropbox, Inc.) -- C:\Users\User\Desktop\Dropbox 1.4.12.exe
[2012/08/06 21:40:34 | 000,707,222 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/08/06 21:40:34 | 000,146,386 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/08/06 17:25:24 | 000,133,120 | ---- | M] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/03 14:29:35 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/08/03 14:29:35 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/08/01 12:06:33 | 000,439,312 | ---- | M] (Yahoo! Inc.) -- C:\Users\User\Desktop\msgr11au.exe
[2012/07/18 18:05:10 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012/07/18 18:05:10 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012/07/18 18:05:10 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012/07/13 16:24:43 | 000,411,040 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/11 16:45:07 | 000,000,987 | ---- | C] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/08/11 16:45:07 | 000,000,963 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2012/08/11 16:41:47 | 017,565,528 | ---- | C] () -- C:\Users\User\Desktop\ymsgr1100_1751_us.exe
[2012/08/11 16:40:24 | 019,373,912 | ---- | C] () -- C:\Users\User\Desktop\ymsgr1150_0192_us.exe
[2012/08/11 16:39:53 | 019,216,216 | ---- | C] () -- C:\Users\User\Desktop\ymsgr1150_0152_us.exe
[2012/08/11 16:16:29 | 004,764,224 | ---- | C] () -- C:\Users\User\Desktop\yahoo_6.0.0.1922.exe
[2012/08/11 16:11:55 | 000,001,858 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/08/11 16:08:26 | 2009,071,616 | -HS- | C] () -- C:\hiberfil.sys
[2012/08/11 12:15:50 | 000,000,292 | ---- | C] () -- C:\Users\User\Desktop\How to Fix Host process for windows services stopped working and was closed.url
[2012/08/11 11:40:54 | 090,098,552 | ---- | C] () -- C:\Users\User\Desktop\avira_free_antivirus_en.exe
[2012/01/19 07:18:00 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/19 07:17:59 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/19 07:17:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/19 07:17:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/19 07:17:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/18 23:03:14 | 000,000,272 | ---- | C] () -- C:\Windows\reimage.ini
[2010/01/06 18:00:25 | 000,000,000 | -H-- | C] () -- C:\Users\User\hpothb07.tif
[2010/01/06 18:00:25 | 000,000,000 | -H-- | C] () -- C:\Users\User\hpothb07.dat
[2009/09/16 15:32:29 | 000,000,235 | ---- | C] () -- C:\Users\User\AppData\Roaming\devices.xml
[2009/09/16 15:32:29 | 000,000,012 | ---- | C] () -- C:\Users\User\AppData\Roaming\settings.xml
[2009/07/07 16:22:28 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/04/19 18:25:03 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLec.DAT
[2009/04/19 18:21:59 | 000,133,120 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/19 17:35:05 | 000,001,356 | ---- | C] () -- C:\Users\User\AppData\Local\d3d9caps.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

#5 wormit

wormit

    Enthusiast

  • Members
  • PipPipPipPip
  • 138 posts

Posted 11 August 2012 - 05:25 PM

Theres no file named extras saved on my desktop? OTL.txt opened up and was also saved on my desktop.
The comp crashed twice this morning while i was on the internet. But last night it worked perfectly fine. It may be happening only in the mornings and afternoons?

In safemode theres no issue

#6 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 12 August 2012 - 10:50 AM

I would like to see that Extras.txt also
Can you right click on OTL.exe and choose to "Run as admin"
When it opens put all selections to NONE
Except under "Extra Registry" select "use safelist"
Then click the Run Scan button
It will scan quickly, close OTL.txt, post back the contents of Extras.txt

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#7 wormit

wormit

    Enthusiast

  • Members
  • PipPipPipPip
  • 138 posts

Posted 12 August 2012 - 05:58 PM

Extras.txt


OTL Extras logfile created on: 13/08/2012 9:26:37 AM - Run 4
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\User\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1.87 Gb Total Physical Memory | 0.86 Gb Available Physical Memory | 46.13% Memory free
3.98 Gb Paging File | 2.70 Gb Available in Paging File | 67.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.06 Gb Total Space | 211.71 Gb Free Space | 73.49% Space Free | Partition Type: NTFS

Computer Name: NONONO-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
jsfile [edit] -- "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B743A7C-D484-4B6F-A740-1887C81F2F6E}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{18170D96-F8F6-453B-8E25-FA63D9163655}" = protocol=17 | dir=in | app=c:\users\User\appdata\roaming\dropbox\bin\dropbox.exe |
"{A4A3F174-059E-4640-9027-A4E0D422C0D7}" = protocol=6 | dir=in | app=c:\users\User\appdata\roaming\dropbox\bin\dropbox.exe |
"{C67F0C4C-5C91-4F5A-B283-6E41465BE01E}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\ypager.exe |
"{E4849FE7-6853-4596-8516-83E253C553E4}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\ypager.exe |
"{F7FF3889-77E0-4432-9189-90D60A6CDA35}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"TCP Query User{BBE2158E-4776-4FC8-9D21-9EA04BA735D6}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{E2890BC1-3973-4A35-9196-F34CC73F1583}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 20
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2D0822EC-391F-4D67-A59A-F6EC1087C732}" = Seven Kingdoms Conquest
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java™ 6 Update 6
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{40C03514-89C3-41BA-0090-3B440256DB87}" = The Sims 2
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{590D4F8F-98FE-47FA-AC2B-3F22FDCF7C09}" = ShareIns
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6DEF11C0-35FF-4160-A543-FDD336C4DAE5}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{6F7ECD56-E224-4263-9B7E-158E5CECC43B}" = HP Photo and Imaging 2.1 - Scanjet 2400 Series
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{AC76BA86-7AD7-5670-0000-900000000003}" = Korean Fonts Support For Adobe Reader 9
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{BEE759C3-D111-470C-B815-36B647FA9EED}_is1" = Surprise Party v1.0
"{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}" = QuickTime
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EE48D800-A3B5-43E3-B846-1CC556B8170D}" = SPSS 15.0 for Windows Evaluation Version
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FF3999BE-1A7B-4738-88AA-97BF14094A4A}" = PictureProject
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agnitum Outpost Firewall_is1" = Outpost Firewall 2009
"Avira AntiVir Desktop" = Avira Free Antivirus
"Binverse_is1" = Binverse
"BLOX Forever Free Trial" = BLOX Forever Free Trial
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CleanUp!" = CleanUp!
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FlashGet" = FlashGet 1.9.6.1073
"Google Desktop" = Google Desktop
"HDMI" = Intel® Graphics Media Accelerator Driver
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}" = QuickTime
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Picasa 3" = Picasa 3
"PokerStars" = PokerStars
"PROHYBRIDR" = 2007 Microsoft Office system
"Reimage Repair" = Reimage Repair
"SpywareBlaster_is1" = SpywareBlaster 4.3
"StmAdsl" = Prolink H8600 ADSL Modem
"Sveerz" = Sveerz
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinRAR archiver" = WinRAR archiver
"Yahoo! Messenger" = Yahoo! Messenger
"Zylom Games Player Plugin" = Zylom Games Player Plugin

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/08/2012 2:38:46 AM | Computer Name = NoNoNo-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/08/2012 2:41:37 AM | Computer Name = NoNoNo-PC | Source = MsiInstaller | ID = 11606
Description =

Error - 11/08/2012 2:41:37 AM | Computer Name = NoNoNo-PC | Source = MsiInstaller | ID = 11606
Description =

Error - 11/08/2012 9:35:52 AM | Computer Name = NoNoNo-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/08/2012 9:56:45 AM | Computer Name = NoNoNo-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/08/2012 6:36:05 PM | Computer Name = NoNoNo-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/08/2012 6:46:08 PM | Computer Name = NoNoNo-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/08/2012 7:04:19 PM | Computer Name = NoNoNo-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/08/2012 1:35:45 AM | Computer Name = NoNoNo-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/08/2012 7:34:40 PM | Computer Name = NoNoNo-PC | Source = WinMgmt | ID = 10
Description =

[ OSession Events ]
Error - 24/02/2010 4:01:53 AM | Computer Name = NoNoNo-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2942
seconds with 2040 seconds of active time. This session ended with a crash.

Error - 12/04/2010 4:57:12 AM | Computer Name = NoNoNo-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 62
seconds with 60 seconds of active time. This session ended with a crash.

Error - 5/07/2011 8:53:12 AM | Computer Name = NoNoNo-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11224
seconds with 4440 seconds of active time. This session ended with a crash.

Error - 24/08/2011 6:41:49 PM | Computer Name = NoNoNo-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1039
seconds with 180 seconds of active time. This session ended with a crash.

Error - 24/09/2011 10:42:05 AM | Computer Name = NoNoNo-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11165
seconds with 3300 seconds of active time. This session ended with a crash.

Error - 3/03/2012 11:06:19 AM | Computer Name = NoNoNo-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 22413
seconds with 2820 seconds of active time. This session ended with a crash.

Error - 16/03/2012 1:09:10 AM | Computer Name = NoNoNo-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 17127
seconds with 2220 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 11/08/2012 7:03:45 PM | Computer Name = NoNoNo-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 8:22:42 AM on 12/08/2012 was unexpected.

Error - 11/08/2012 7:03:19 PM | Computer Name = NoNoNo-PC | Source = volsnap | ID = 393243
Description = The shadow copies of volume C: were aborted during detection because
a critical control file could not be opened.

Error - 11/08/2012 7:05:03 PM | Computer Name = NoNoNo-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 11/08/2012 9:16:48 PM | Computer Name = NoNoNo-PC | Source = DCOM | ID = 10010
Description =

Error - 12/08/2012 1:35:08 AM | Computer Name = NoNoNo-PC | Source = volmgr | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 12/08/2012 1:35:36 AM | Computer Name = NoNoNo-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.101 for the Network Card with network
address 00216B244F28 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 12/08/2012 1:36:00 AM | Computer Name = NoNoNo-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 12/08/2012 7:34:03 PM | Computer Name = NoNoNo-PC | Source = volmgr | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 12/08/2012 7:34:56 PM | Computer Name = NoNoNo-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 12/08/2012 7:40:05 PM | Computer Name = NoNoNo-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.101 for the Network Card with network
address 00216B244F28 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).


< End of report >

#8 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 12 August 2012 - 10:32 PM

Could very well be a problem with some of your security software.... Let's do the following
Your version of SpywareBlaster is quite out of date
Can you open SpywareBlaster, from the main window, after it opens, select "Disable All Protections"
Close SpywareBlaster when done and then Uninstall it from 'Programs and Features' in Windows Control Panel

Afterwards, I don't see Superantispyware installed any longer, but I do see residuals.. Even if it is still installed
It looks corrupt
Download the Uninstall tool from the following location and save it directly to your desktop:
http://www.superanti...s/SASUNINST.EXE

After you have it saved to your desktop, Right click on SASUNINST.EXE
and choose to "Run as Administrator"
You should be prompted to allow the tool to Reboot your computer, do so

Back in Windows: Run your computer as usual, any problems?
Can you again Right click on OTL.exe and choose to 'Run as Admin'
Leave all defaults selected... Choose to Run Scan.. When done, post the contents of OTL.txt that opens

Note: there is more programs to Remove/update, but let's start with the above and see how things run as we go

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#9 wormit

wormit

    Enthusiast

  • Members
  • PipPipPipPip
  • 138 posts

Posted 13 August 2012 - 05:29 AM

Hey guestolo,

I did the things which u asked me to do in ur latest post. Today there seemed to be no issue with the computer.

Below is the OTL.txt

OTL logfile created on: 13/08/2012 6:42:43 PM - Run 5
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\User\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1.87 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 49.13% Memory free
3.98 Gb Paging File | 2.69 Gb Available in Paging File | 67.58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.06 Gb Total Space | 211.68 Gb Free Space | 73.49% Space Free | Partition Type: NTFS

Computer Name: NONONO-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/12 08:22:12 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
PRC - [2012/08/03 14:29:35 | 000,686,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_3_300_270_ActiveX.exe
PRC - [2012/07/18 18:05:10 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012/07/18 18:05:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/07/18 18:04:50 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/07/18 18:04:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/04/11 15:57:48 | 000,182,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\osk.exe
PRC - [2009/04/11 15:57:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/07/19 00:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/06/02 17:26:48 | 000,505,720 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2008/05/09 15:49:30 | 000,716,800 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2008/05/08 14:11:58 | 004,787,712 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
PRC - [2008/04/29 14:33:28 | 000,417,792 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
PRC - [2008/04/25 05:33:12 | 000,430,080 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2008/04/24 22:35:46 | 000,073,728 | ---- | M] (Toshiba) -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
PRC - [2008/04/17 16:51:24 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2008/04/17 16:49:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2008/04/17 16:49:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2008/04/08 16:44:50 | 006,037,504 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/02/06 17:52:52 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2008/02/06 17:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2008/01/11 21:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/12/03 21:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
PRC - [2007/11/22 09:53:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2007/09/25 18:59:38 | 002,007,088 | ---- | M] (FlashGet.com) -- C:\Program Files\CleanUp!\flashget.exe
PRC - [2006/10/05 13:40:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/08/23 20:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2002/04/17 14:49:16 | 000,077,824 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
PRC - [2002/04/17 14:42:56 | 000,069,632 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/23 23:05:40 | 000,921,600 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2010/08/06 21:28:26 | 000,034,816 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\gzlib.dll
MOD - [2009/08/16 21:06:02 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008/05/08 14:11:58 | 004,787,712 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
MOD - [2008/03/06 14:14:54 | 005,121,912 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
MOD - [2007/12/25 16:03:40 | 000,015,184 | ---- | M] () -- C:\Program Files\TOSHIBA\PCDiag\NotifyPCD.dll
MOD - [2007/12/15 01:40:00 | 000,090,112 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll
MOD - [2007/09/11 20:51:34 | 001,327,184 | ---- | M] () -- C:\Program Files\CleanUp!\FGEMCORE.dll
MOD - [2007/09/11 20:51:34 | 000,626,688 | ---- | M] () -- C:\Program Files\CleanUp!\FGBTCORE.dll
MOD - [2006/10/11 04:14:16 | 000,009,728 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
MOD - [2006/10/08 04:27:04 | 000,053,248 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
MOD - [2002/04/17 14:49:22 | 000,024,576 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnfps.dll
MOD - [2002/04/17 14:49:16 | 000,077,824 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2012/08/03 14:29:38 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/18 18:05:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/07/18 18:04:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/04/28 10:06:06 | 001,195,008 | ---- | M] (Agnitum Ltd.) [Auto | Running] -- C:\Program Files\Agnitum\Outpost Firewall\acs.exe -- (acssrv)
SRV - [2008/07/19 00:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/04/24 22:35:46 | 000,073,728 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV - [2008/04/17 16:49:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/02/06 17:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2008/01/21 11:53:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/11 21:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/12/03 21:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/22 09:53:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2006/10/05 13:40:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 20:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\User\AppData\Local\Temp\cpuz134\cpuz134_x32.sys -- (cpuz134)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\User\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/07/18 18:05:10 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/07/18 18:05:10 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012/07/18 18:05:10 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/01/06 17:41:23 | 000,077,004 | ---- | M] (Oak Technology Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AFS.SYS -- (AFS)
DRV - [2009/06/30 09:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\pavboot.sys -- (pavboot)
DRV - [2009/04/06 11:37:12 | 000,704,384 | ---- | M] (Agnitum Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\SandBox.sys -- (SandBox)
DRV - [2009/02/18 17:27:54 | 000,029,208 | ---- | M] (Agnitum Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\afw.sys -- (afw)
DRV - [2009/02/10 16:12:48 | 000,307,224 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afwcore.sys -- (afwcore)
DRV - [2008/07/18 22:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2008/04/28 07:59:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008/04/15 11:35:08 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/12/17 15:45:20 | 000,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007/12/15 04:23:24 | 000,024,200 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2007/11/09 18:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2006/11/28 16:41:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/21 06:41:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2004/05/12 18:46:56 | 000,542,893 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\torususb.sys -- (TaurusUsb)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {87394793-8317-426A-A380-443282519A7D}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{87394793-8317-426A-A380-443282519A7D}: "URL" = http://www.google.co...ie7&rlz=1I7TSHN

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\..\SearchScopes,DefaultScope = {87394793-8317-426A-A380-443282519A7D}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:466...q={searchTerms}
IE - HKCU\..\SearchScopes\{87394793-8317-426A-A380-443282519A7D}: "URL" = http://www.google.co...ie7&rlz=1I7TSHN
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



O1 HOSTS File: ([2012/01/19 07:39:28 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\CleanUp!\jccatch.dll (www.flashget.com)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4128.1656\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_82E8758A37DCD509.dll File not found
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\CleanUp!\getflash.dll (www.flashget.com)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll File not found
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [Flashget] C:\Program Files\CleanUp!\FlashGet.exe (FlashGet.com)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall\feedback.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [OutpostMonitor] C:\Program Files\Agnitum\Outpost Firewall\op_mon.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [TOSCDSPD] TOSCDSPD.EXE File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\CleanUp!\JC_ALL.HTM ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\CleanUp!\JC_LINK.HTM ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - Reg Error: Value error. File not found
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\CleanUp!\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\CleanUp!\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe File not found
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe File not found
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoft...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} http://cainternetsec...r/cascanner.cab (CAScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{32675EF0-751A-4CBA-B96D-A4CFD3F78CCD}: DhcpNameServer = 192.168.1.1
O20 - AppInit_DLLs: (c:\PROGRA~1\Agnitum\OUTPOS~1\wl_hook.dll) - c:\Program Files\Agnitum\Outpost Firewall\wl_hook.dll (Agnitum Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - c:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (Reg Error: Key error.) - Reg Error: Key error. File not found
O20 - Winlogon\Notify\igfxcui: DllName - (Reg Error: Key error.) - Reg Error: Key error. File not found
O24 - Desktop WallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 07:13:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/13 18:01:05 | 000,101,832 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\User\Desktop\SASUNINST.EXE
[2012/08/12 08:22:12 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2012/08/12 08:22:02 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/08/12 08:10:59 | 000,000,000 | ---D | C] -- C:\2bc6ff6eb45fa40c2e72a9da
[2012/08/11 16:45:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
[2012/08/11 16:38:09 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Yahoo!
[2012/08/11 16:25:54 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Yahoo! Messenger
[2012/08/11 16:18:44 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Avira
[2012/08/11 16:11:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012/08/11 16:10:46 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012/08/11 16:10:43 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012/08/11 16:10:43 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012/08/11 16:10:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012/08/11 16:10:34 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012/08/11 12:53:05 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\User\Desktop\HijackThis.exe
[2012/08/11 11:56:58 | 000,000,000 | ---D | C] -- C:\30b62bf096ec33a4f3
[2012/08/11 11:25:31 | 000,000,000 | ---D | C] -- C:\4f9917abb87b11c5f3025fb6bb39871d
[2012/08/11 10:00:28 | 000,000,000 | ---D | C] -- C:\a984d1e6e984a9910ad0
[2012/08/10 16:22:45 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\New Folder
[2012/08/10 16:05:33 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Dropbox
[2012/08/10 15:57:10 | 017,798,272 | ---- | C] (Dropbox, Inc.) -- C:\Users\User\Desktop\Dropbox 1.4.12.exe
[2012/08/10 15:41:53 | 000,000,000 | ---D | C] -- C:\89d6130398c774102b17
[2012/08/06 12:55:05 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\New Folder (9)
[2012/08/01 12:06:32 | 000,439,312 | ---- | C] (Yahoo! Inc.) -- C:\Users\User\Desktop\msgr11au.exe
[2012/07/31 19:19:43 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\New Folder (8)
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/13 18:29:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/13 18:10:24 | 000,707,222 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/08/13 18:10:24 | 000,146,386 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/08/13 18:04:07 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/13 18:04:07 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/13 18:03:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/13 18:03:37 | 2009,071,616 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/13 18:01:05 | 000,101,832 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\User\Desktop\SASUNINST.EXE
[2012/08/12 15:43:16 | 000,243,442 | ---- | M] () -- C:\Users\User\Desktop\B.jpg
[2012/08/12 15:17:06 | 000,077,941 | ---- | M] () -- C:\Users\User\Desktop\488377_10151032060311137_578366357_n.jpg
[2012/08/12 15:16:05 | 000,067,931 | ---- | M] () -- C:\Users\User\Desktop\574514_10151032059261137_32734532_n.jpg
[2012/08/12 08:33:19 | 313,906,979 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/08/12 08:22:12 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2012/08/11 16:45:07 | 000,000,987 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/08/11 16:45:07 | 000,000,963 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2012/08/11 16:42:37 | 017,565,528 | ---- | M] () -- C:\Users\User\Desktop\ymsgr1100_1751_us.exe
[2012/08/11 16:41:25 | 019,373,912 | ---- | M] () -- C:\Users\User\Desktop\ymsgr1150_0192_us.exe
[2012/08/11 16:41:11 | 019,216,216 | ---- | M] () -- C:\Users\User\Desktop\ymsgr1150_0152_us.exe
[2012/08/11 16:16:30 | 004,764,224 | ---- | M] () -- C:\Users\User\Desktop\yahoo_6.0.0.1922.exe
[2012/08/11 16:11:55 | 000,001,858 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/08/11 12:53:05 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\User\Desktop\HijackThis.exe
[2012/08/11 12:42:13 | 000,001,356 | ---- | M] () -- C:\Users\User\AppData\Local\d3d9caps.dat
[2012/08/11 12:15:50 | 000,000,292 | ---- | M] () -- C:\Users\User\Desktop\How to Fix Host process for windows services stopped working and was closed.url
[2012/08/11 11:46:27 | 090,098,552 | ---- | M] () -- C:\Users\User\Desktop\avira_free_antivirus_en.exe
[2012/08/10 15:57:11 | 017,798,272 | ---- | M] (Dropbox, Inc.) -- C:\Users\User\Desktop\Dropbox 1.4.12.exe
[2012/08/06 17:25:24 | 000,133,120 | ---- | M] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/03 14:29:35 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/08/03 14:29:35 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/08/01 12:06:33 | 000,439,312 | ---- | M] (Yahoo! Inc.) -- C:\Users\User\Desktop\msgr11au.exe
[2012/07/18 18:05:10 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012/07/18 18:05:10 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012/07/18 18:05:10 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/12 15:48:26 | 000,504,561 | ---- | C] () -- C:\Users\User\Desktop\HC.JPG
[2012/08/12 15:43:14 | 000,243,442 | ---- | C] () -- C:\Users\User\Desktop\B.jpg
[2012/08/11 16:45:07 | 000,000,987 | ---- | C] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/08/11 16:45:07 | 000,000,963 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2012/08/11 16:41:47 | 017,565,528 | ---- | C] () -- C:\Users\User\Desktop\ymsgr1100_1751_us.exe
[2012/08/11 16:40:24 | 019,373,912 | ---- | C] () -- C:\Users\User\Desktop\ymsgr1150_0192_us.exe
[2012/08/11 16:39:53 | 019,216,216 | ---- | C] () -- C:\Users\User\Desktop\ymsgr1150_0152_us.exe
[2012/08/11 16:16:29 | 004,764,224 | ---- | C] () -- C:\Users\User\Desktop\yahoo_6.0.0.1922.exe
[2012/08/11 16:11:55 | 000,001,858 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/08/11 16:08:26 | 2009,071,616 | -HS- | C] () -- C:\hiberfil.sys
[2012/08/11 12:15:50 | 000,000,292 | ---- | C] () -- C:\Users\User\Desktop\How to Fix Host process for windows services stopped working and was closed.url
[2012/08/11 11:40:54 | 090,098,552 | ---- | C] () -- C:\Users\User\Desktop\avira_free_antivirus_en.exe
[2012/01/19 07:18:00 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/19 07:17:59 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/19 07:17:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/19 07:17:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/19 07:17:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/18 23:03:14 | 000,000,272 | ---- | C] () -- C:\Windows\reimage.ini
[2010/01/06 18:00:25 | 000,000,000 | -H-- | C] () -- C:\Users\User\hpothb07.tif
[2010/01/06 18:00:25 | 000,000,000 | -H-- | C] () -- C:\Users\User\hpothb07.dat
[2009/09/16 15:32:29 | 000,000,235 | ---- | C] () -- C:\Users\User\AppData\Roaming\devices.xml
[2009/09/16 15:32:29 | 000,000,012 | ---- | C] () -- C:\Users\User\AppData\Roaming\settings.xml
[2009/07/07 16:22:28 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/04/19 18:25:03 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLec.DAT
[2009/04/19 18:21:59 | 000,133,120 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/19 17:35:05 | 000,001,356 | ---- | C] () -- C:\Users\User\AppData\Local\d3d9caps.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

#10 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 13 August 2012 - 11:26 AM

Let's continue with removing programs that may be causing problems, or outdated

To make sure you have the latest version of Adobe Flash Player installed:
1. To uninstall an older version, download this file to your Desktop: uninstall_flash_player.exe
2. Quit ALL running applications, including all Internet Explorer or other browser windows, and messenger applications (like AOL Instant Messenger, Yahoo Messenger, MSN Messenger).
3. Right-click on the file you've downloaded and choose to "Run as Admin", follow the prompts to uninstall Flash.
We'll update it in a bit
You can now delete the uninstaller

Let's get older versions of Java uninstalled
Close down All browser windows and uninstall the following from 'Programs and Features' in Windows Control Panel
Java™ 6 Update 20
Java™ 6 Update 6


After you uninstalled both of those Java versions
Let's also uninstall Panda ActiveScan 2.0
I don't believe it's conflicting, but it's a free scanner you can redownload at a later date if needed

Let's also remove your copy of Spybot S&D
Open Spybot S&D, after it opens, under the main window, click on MODE>>Advanced Mode
Ensure your browser windows are now closed
Ok the prompt... Under the Immunize section: Click UNDO..Allow to finish disabling protections
Then click on TOOLS on the bottom Left..
Select RESIDENT>> Ensure both SD Helper and SD Teamtimer are both deselected
Close Spybot and uninstall it
If prompted as to why uninstalling, just select the "Just uninstall" selection
Reboot when prompted

Back in Windows
Let's get Sun Java and Adobe Flash updated
Install the latest version of Sun Java from the following location:
http://www.java.com/...nload/index.jsp
NOTE: If there is an option to install a Toolbar or Security Scan, Untick that option during installation

Adobe Flash:
Download and save to desktop this installer:
http://download.macr...11_active_x.exe
Right click the installer and choose to "Run as Admin", follow prompts
You can delete the installer after successfully installed

Could you again Run a Scan with OTL.exe and post the new log that opens
Keep me informed how things are still running

With the above log, can you then do the following:
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#11 wormit

wormit

    Enthusiast

  • Members
  • PipPipPipPip
  • 138 posts

Posted 16 August 2012 - 01:30 AM

There were many crashes today in the morning and then the chkdsk would run. I did the changes u mentioned in ur latest post. After one of the crashes there was an error message saying adobe speed something stopped working. Couldnt get the java to install as computer kept crashing so i had to install flash first and then install java.



OTL.txt

OTL logfile created on: 16/08/2012 4:55:27 PM - Run 6
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\User\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1.87 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 49.32% Memory free
3.98 Gb Paging File | 2.87 Gb Available in Paging File | 72.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.06 Gb Total Space | 211.71 Gb Free Space | 73.49% Space Free | Partition Type: NTFS

Computer Name: NONONO-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/12 08:22:12 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
PRC - [2012/07/18 18:05:10 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012/07/18 18:05:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/07/18 18:04:50 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/07/18 18:04:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/04/11 15:57:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/07/19 00:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/06/02 17:26:48 | 000,505,720 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2008/05/09 15:49:30 | 000,716,800 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2008/05/08 14:11:58 | 004,787,712 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
PRC - [2008/04/29 14:33:28 | 000,417,792 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
PRC - [2008/04/25 05:33:12 | 000,430,080 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2008/04/24 22:35:46 | 000,073,728 | ---- | M] (Toshiba) -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
PRC - [2008/04/17 16:51:24 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2008/04/17 16:49:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2008/04/17 16:49:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2008/04/08 16:44:50 | 006,037,504 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/02/06 17:52:52 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2008/02/06 17:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2008/01/11 21:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/12/03 21:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
PRC - [2007/11/22 09:53:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2006/10/05 13:40:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/08/23 20:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2002/04/17 14:49:16 | 000,077,824 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
PRC - [2002/04/17 14:42:56 | 000,069,632 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/23 23:05:40 | 000,921,600 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2009/08/16 21:06:02 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008/05/08 14:11:58 | 004,787,712 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
MOD - [2008/03/06 14:14:54 | 005,121,912 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
MOD - [2007/12/25 16:03:40 | 000,015,184 | ---- | M] () -- C:\Program Files\TOSHIBA\PCDiag\NotifyPCD.dll
MOD - [2007/12/15 01:40:00 | 000,090,112 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll
MOD - [2006/10/11 04:14:16 | 000,009,728 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
MOD - [2006/10/08 04:27:04 | 000,053,248 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
MOD - [2002/04/17 14:49:22 | 000,024,576 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnfps.dll
MOD - [2002/04/17 14:49:16 | 000,077,824 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe


========== Win32 Services (SafeList) ==========

SRV - [2012/08/16 16:43:26 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/18 18:05:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/07/18 18:04:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/04/28 10:06:06 | 001,195,008 | ---- | M] (Agnitum Ltd.) [Auto | Running] -- C:\Program Files\Agnitum\Outpost Firewall\acs.exe -- (acssrv)
SRV - [2008/07/19 00:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/04/24 22:35:46 | 000,073,728 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV - [2008/04/17 16:49:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/02/06 17:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2008/01/21 11:53:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/11 21:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/12/03 21:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/22 09:53:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2006/10/05 13:40:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 20:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\User\AppData\Local\Temp\cpuz134\cpuz134_x32.sys -- (cpuz134)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\User\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/07/18 18:05:10 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/07/18 18:05:10 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012/07/18 18:05:10 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/01/06 17:41:23 | 000,077,004 | ---- | M] (Oak Technology Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AFS.SYS -- (AFS)
DRV - [2009/04/06 11:37:12 | 000,704,384 | ---- | M] (Agnitum Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\SandBox.sys -- (SandBox)
DRV - [2009/02/18 17:27:54 | 000,029,208 | ---- | M] (Agnitum Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\afw.sys -- (afw)
DRV - [2009/02/10 16:12:48 | 000,307,224 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afwcore.sys -- (afwcore)
DRV - [2008/07/18 22:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2008/04/28 07:59:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008/04/15 11:35:08 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/12/17 15:45:20 | 000,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007/12/15 04:23:24 | 000,024,200 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2007/11/09 18:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2006/11/28 16:41:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/21 06:41:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2004/05/12 18:46:56 | 000,542,893 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\torususb.sys -- (TaurusUsb)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {87394793-8317-426A-A380-443282519A7D}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{87394793-8317-426A-A380-443282519A7D}: "URL" = http://www.google.co...ie7&rlz=1I7TSHN

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\..\SearchScopes,DefaultScope = {87394793-8317-426A-A380-443282519A7D}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:466...q={searchTerms}
IE - HKCU\..\SearchScopes\{87394793-8317-426A-A380-443282519A7D}: "URL" = http://www.google.co...ie7&rlz=1I7TSHN
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



O1 HOSTS File: ([2012/01/19 07:39:28 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\CleanUp!\jccatch.dll (www.flashget.com)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4128.1656\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_82E8758A37DCD509.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\CleanUp!\getflash.dll (www.flashget.com)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll File not found
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [Flashget] C:\Program Files\CleanUp!\FlashGet.exe (FlashGet.com)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall\feedback.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [OutpostMonitor] C:\Program Files\Agnitum\Outpost Firewall\op_mon.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [TOSCDSPD] TOSCDSPD.EXE File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\CleanUp!\JC_ALL.HTM ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\CleanUp!\JC_LINK.HTM ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - Reg Error: Value error. File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - Reg Error: Value error. File not found
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\CleanUp!\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\CleanUp!\flashget.exe (FlashGet.com)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe File not found
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe File not found
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} http://cainternetsec...r/cascanner.cab (CAScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{32675EF0-751A-4CBA-B96D-A4CFD3F78CCD}: DhcpNameServer = 192.168.1.1
O20 - AppInit_DLLs: (c:\PROGRA~1\Agnitum\OUTPOS~1\wl_hook.dll) - c:\Program Files\Agnitum\Outpost Firewall\wl_hook.dll (Agnitum Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - c:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (Reg Error: Key error.) - Reg Error: Key error. File not found
O20 - Winlogon\Notify\igfxcui: DllName - (Reg Error: Key error.) - Reg Error: Key error. File not found
O24 - Desktop WallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 07:13:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/16 16:54:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/08/16 16:53:32 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/08/16 16:52:33 | 000,772,544 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012/08/16 16:52:33 | 000,227,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/08/16 16:52:10 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/08/16 16:52:10 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/08/16 16:48:45 | 000,893,936 | ---- | C] (Oracle Corporation) -- C:\Users\User\Desktop\JavaSetupkku5.exe
[2012/08/16 16:43:25 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/08/16 16:43:25 | 000,070,344 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/08/16 16:42:40 | 009,232,584 | ---- | C] (Adobe Systems Incorporated) -- C:\Users\User\Desktop\install_flash_player_11_active_x.exe
[2012/08/16 16:21:42 | 000,893,936 | ---- | C] (Oracle Corporation) -- C:\Users\User\Desktop\JavaSetup7uj5.exe
[2012/08/16 16:09:53 | 000,893,936 | ---- | C] (Oracle Corporation) -- C:\Users\User\Desktop\JavaSetup7u5.exe
[2012/08/14 00:19:33 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\New Folder (3)
[2012/08/13 18:01:05 | 000,101,832 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\User\Desktop\SASUNINST.EXE
[2012/08/12 08:22:12 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2012/08/12 08:10:59 | 000,000,000 | ---D | C] -- C:\2bc6ff6eb45fa40c2e72a9da
[2012/08/11 16:45:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
[2012/08/11 16:38:09 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Yahoo!
[2012/08/11 16:25:54 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Yahoo! Messenger
[2012/08/11 16:18:44 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Avira
[2012/08/11 16:11:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012/08/11 16:10:46 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012/08/11 16:10:43 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012/08/11 16:10:43 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012/08/11 16:10:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012/08/11 16:10:34 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012/08/11 12:53:05 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\User\Desktop\HijackThis.exe
[2012/08/11 11:56:58 | 000,000,000 | ---D | C] -- C:\30b62bf096ec33a4f3
[2012/08/11 11:25:31 | 000,000,000 | ---D | C] -- C:\4f9917abb87b11c5f3025fb6bb39871d
[2012/08/11 10:00:28 | 000,000,000 | ---D | C] -- C:\a984d1e6e984a9910ad0
[2012/08/10 16:22:45 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\New Folder
[2012/08/10 16:05:33 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Dropbox
[2012/08/10 15:57:10 | 017,798,272 | ---- | C] (Dropbox, Inc.) -- C:\Users\User\Desktop\Dropbox 1.4.12.exe
[2012/08/10 15:41:53 | 000,000,000 | ---D | C] -- C:\89d6130398c774102b17
[2012/08/06 12:55:05 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\New Folder (9)
[2012/08/01 12:06:32 | 000,439,312 | ---- | C] (Yahoo! Inc.) -- C:\Users\User\Desktop\msgr11au.exe
[2012/07/31 19:19:43 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\New Folder (8)
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/16 16:53:28 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/16 16:51:51 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/08/16 16:51:51 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/08/16 16:48:45 | 000,893,936 | ---- | M] (Oracle Corporation) -- C:\Users\User\Desktop\JavaSetupkku5.exe
[2012/08/16 16:43:25 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/08/16 16:43:25 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/08/16 16:42:40 | 009,232,584 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\User\Desktop\install_flash_player_11_active_x.exe
[2012/08/16 16:37:41 | 000,707,222 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/08/16 16:37:41 | 000,146,386 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/08/16 16:36:40 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/16 16:36:40 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/16 16:31:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/16 16:30:56 | 2007,011,328 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/16 16:21:43 | 000,893,936 | ---- | M] (Oracle Corporation) -- C:\Users\User\Desktop\JavaSetup7uj5.exe
[2012/08/16 16:14:34 | 311,670,499 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/08/16 16:09:54 | 000,893,936 | ---- | M] (Oracle Corporation) -- C:\Users\User\Desktop\JavaSetup7u5.exe
[2012/08/13 18:01:05 | 000,101,832 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\User\Desktop\SASUNINST.EXE
[2012/08/12 08:22:12 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2012/08/11 16:45:07 | 000,000,987 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/08/11 16:45:07 | 000,000,963 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2012/08/11 16:42:37 | 017,565,528 | ---- | M] () -- C:\Users\User\Desktop\ymsgr1100_1751_us.exe
[2012/08/11 16:41:25 | 019,373,912 | ---- | M] () -- C:\Users\User\Desktop\ymsgr1150_0192_us.exe
[2012/08/11 16:41:11 | 019,216,216 | ---- | M] () -- C:\Users\User\Desktop\ymsgr1150_0152_us.exe
[2012/08/11 16:16:30 | 004,764,224 | ---- | M] () -- C:\Users\User\Desktop\yahoo_6.0.0.1922.exe
[2012/08/11 16:11:55 | 000,001,858 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/08/11 12:53:05 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\User\Desktop\HijackThis.exe
[2012/08/11 12:42:13 | 000,001,356 | ---- | M] () -- C:\Users\User\AppData\Local\d3d9caps.dat
[2012/08/11 12:15:50 | 000,000,292 | ---- | M] () -- C:\Users\User\Desktop\How to Fix Host process for windows services stopped working and was closed.url
[2012/08/11 11:46:27 | 090,098,552 | ---- | M] () -- C:\Users\User\Desktop\avira_free_antivirus_en.exe
[2012/08/10 15:57:11 | 017,798,272 | ---- | M] (Dropbox, Inc.) -- C:\Users\User\Desktop\Dropbox 1.4.12.exe
[2012/08/06 17:25:24 | 000,133,120 | ---- | M] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/01 12:06:33 | 000,439,312 | ---- | M] (Yahoo! Inc.) -- C:\Users\User\Desktop\msgr11au.exe
[2012/07/18 18:05:10 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012/07/18 18:05:10 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012/07/18 18:05:10 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/16 16:43:27 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/11 16:45:07 | 000,000,987 | ---- | C] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/08/11 16:45:07 | 000,000,963 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2012/08/11 16:41:47 | 017,565,528 | ---- | C] () -- C:\Users\User\Desktop\ymsgr1100_1751_us.exe
[2012/08/11 16:40:24 | 019,373,912 | ---- | C] () -- C:\Users\User\Desktop\ymsgr1150_0192_us.exe
[2012/08/11 16:39:53 | 019,216,216 | ---- | C] () -- C:\Users\User\Desktop\ymsgr1150_0152_us.exe
[2012/08/11 16:16:29 | 004,764,224 | ---- | C] () -- C:\Users\User\Desktop\yahoo_6.0.0.1922.exe
[2012/08/11 16:11:55 | 000,001,858 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/08/11 16:08:26 | 2007,011,328 | -HS- | C] () -- C:\hiberfil.sys
[2012/08/11 12:15:50 | 000,000,292 | ---- | C] () -- C:\Users\User\Desktop\How to Fix Host process for windows services stopped working and was closed.url
[2012/08/11 11:40:54 | 090,098,552 | ---- | C] () -- C:\Users\User\Desktop\avira_free_antivirus_en.exe
[2012/01/19 07:18:00 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/19 07:17:59 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/19 07:17:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/19 07:17:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/19 07:17:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/18 23:03:14 | 000,000,272 | ---- | C] () -- C:\Windows\reimage.ini
[2010/01/06 18:00:25 | 000,000,000 | -H-- | C] () -- C:\Users\User\hpothb07.tif
[2010/01/06 18:00:25 | 000,000,000 | -H-- | C] () -- C:\Users\User\hpothb07.dat
[2009/09/16 15:32:29 | 000,000,235 | ---- | C] () -- C:\Users\User\AppData\Roaming\devices.xml
[2009/09/16 15:32:29 | 000,000,012 | ---- | C] () -- C:\Users\User\AppData\Roaming\settings.xml
[2009/07/07 16:22:28 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/04/19 18:25:03 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLec.DAT
[2009/04/19 18:21:59 | 000,133,120 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/19 17:35:05 | 000,001,356 | ---- | C] () -- C:\Users\User\AppData\Local\d3d9caps.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

#12 wormit

wormit

    Enthusiast

  • Members
  • PipPipPipPip
  • 138 posts

Posted 16 August 2012 - 01:36 AM

Results of screen317's Security Check version 0.99.44
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Avira Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.60.0.1800
JavaFX 2.1.1
Java™ 7 Update 5
Java version out of Date!
Adobe Reader 9 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 6 % Defragment your hard drive soon!
````````````````````End of Log``````````````````````

#13 wormit

wormit

    Enthusiast

  • Members
  • PipPipPipPip
  • 138 posts

Posted 16 August 2012 - 06:29 PM

hi guestolo,

the problem seems to exist still. My computer is freezing again this morning

#14 wormit

wormit

    Enthusiast

  • Members
  • PipPipPipPip
  • 138 posts

Posted 17 August 2012 - 07:59 PM

today in the morning i got this message after my laptop crashed with blue screen
Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.0.6002.2.2.0.768.3
Locale ID: 3081

Additional information about the problem:
BCCode: 7f
BCP1: 0000000D
BCP2: 00000000
BCP3: 00000000
BCP4: 00000000
OS Version: 6_0_6002
Service Pack: 2_0
Product: 768_1

Files that help describe the problem:
C:\Windows\Minidump\Mini081812-01.dmp
C:\Users\User\AppData\Local\Temp\WER-52915-0.sysdata.xml
C:\Users\User\AppData\Local\Temp\WER6C49.tmp.version.txt

Read our privacy statement:
http://go.microsoft....63&clcid=0x0409

#15 wormit

wormit

    Enthusiast

  • Members
  • PipPipPipPip
  • 138 posts

Posted 18 August 2012 - 01:19 AM

i did an avira scan in safe mode and found 2 virusus- EXP/CVE-2011-3544.A.13 and Java/Dldr.Lamar.EG What shd i do??

Also during the blue screens i get memory management as the error




Avira Free Antivirus
Report file date: Saturday, 18 August 2012 15:36

Scanning for 4121282 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available.

Licensee : Avira AntiVir Personal - Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows Vista ™ Home Premium
Windows version : (Service Pack 2) [6.0.6002]
Boot mode : Safe mode with network
Username : User
Computer name : NONONO-PC

Version information:
BUILD.DAT : 12.0.0.1167 40870 Bytes 18/07/2012 20:07:00
AVSCAN.EXE : 12.3.0.33 468472 Bytes 18/07/2012 08:34:51
AVSCAN.DLL : 12.3.0.15 54736 Bytes 18/07/2012 08:35:06
LUKE.DLL : 12.3.0.15 68304 Bytes 18/07/2012 08:34:59
AVSCPLR.DLL : 12.3.0.27 97064 Bytes 18/07/2012 08:34:51
AVREG.DLL : 12.3.0.33 232232 Bytes 18/07/2012 08:34:51
VBASE000.VDF : 7.10.0.0 19875328 Bytes 6/11/2009 10:48:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 15:53:21
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20/12/2011 16:02:24
VBASE003.VDF : 7.11.21.238 4472832 Bytes 1/02/2012 02:28:50
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28/03/2012 15:08:13
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29/06/2012 08:35:05
VBASE006.VDF : 7.11.34.117 2048 Bytes 29/06/2012 08:35:05
VBASE007.VDF : 7.11.34.118 2048 Bytes 29/06/2012 08:35:05
VBASE008.VDF : 7.11.34.119 2048 Bytes 29/06/2012 08:35:05
VBASE009.VDF : 7.11.34.120 2048 Bytes 29/06/2012 08:35:05
VBASE010.VDF : 7.11.34.121 2048 Bytes 29/06/2012 08:35:05
VBASE011.VDF : 7.11.34.122 2048 Bytes 29/06/2012 08:35:05
VBASE012.VDF : 7.11.34.123 2048 Bytes 29/06/2012 08:35:05
VBASE013.VDF : 7.11.34.124 2048 Bytes 29/06/2012 08:35:05
VBASE014.VDF : 7.11.38.18 2554880 Bytes 30/07/2012 11:01:51
VBASE015.VDF : 7.11.38.70 556032 Bytes 31/07/2012 11:01:55
VBASE016.VDF : 7.11.38.143 171008 Bytes 2/08/2012 11:01:57
VBASE017.VDF : 7.11.38.221 178176 Bytes 6/08/2012 11:02:01
VBASE018.VDF : 7.11.39.37 168448 Bytes 8/08/2012 11:02:03
VBASE019.VDF : 7.11.39.89 131072 Bytes 9/08/2012 11:02:06
VBASE020.VDF : 7.11.39.145 142336 Bytes 11/08/2012 11:01:45
VBASE021.VDF : 7.11.39.207 165888 Bytes 14/08/2012 11:18:28
VBASE022.VDF : 7.11.40.9 156160 Bytes 16/08/2012 11:18:32
VBASE023.VDF : 7.11.40.10 2048 Bytes 16/08/2012 11:18:33
VBASE024.VDF : 7.11.40.11 2048 Bytes 16/08/2012 11:18:34
VBASE025.VDF : 7.11.40.12 2048 Bytes 16/08/2012 11:18:35
VBASE026.VDF : 7.11.40.13 2048 Bytes 16/08/2012 11:18:35
VBASE027.VDF : 7.11.40.14 2048 Bytes 16/08/2012 11:18:36
VBASE028.VDF : 7.11.40.15 2048 Bytes 16/08/2012 11:18:37
VBASE029.VDF : 7.11.40.16 2048 Bytes 16/08/2012 11:18:38
VBASE030.VDF : 7.11.40.17 2048 Bytes 16/08/2012 11:18:39
VBASE031.VDF : 7.11.40.34 78336 Bytes 17/08/2012 11:18:42
Engine version : 8.2.10.132
AEVDF.DLL : 8.1.2.10 102772 Bytes 11/08/2012 11:02:54
AESCRIPT.DLL : 8.1.4.42 459129 Bytes 11/08/2012 11:02:53
AESCN.DLL : 8.1.8.2 131444 Bytes 16/02/2012 08:41:36
AESBX.DLL : 8.2.5.12 606578 Bytes 18/07/2012 08:34:48
AERDL.DLL : 8.1.9.15 639348 Bytes 20/01/2012 15:52:40
AEPACK.DLL : 8.3.0.24 811381 Bytes 11/08/2012 11:02:51
AEOFFICE.DLL : 8.1.2.42 201083 Bytes 11/08/2012 11:02:47
AEHEUR.DLL : 8.1.4.86 5165429 Bytes 11/08/2012 11:02:45
AEHELP.DLL : 8.1.23.2 258422 Bytes 18/07/2012 08:34:45
AEGEN.DLL : 8.1.5.34 434548 Bytes 11/08/2012 11:02:25
AEEXP.DLL : 8.1.0.74 86387 Bytes 11/08/2012 11:02:54
AEEMU.DLL : 8.1.3.2 393587 Bytes 11/08/2012 11:02:21
AECORE.DLL : 8.1.27.4 201078 Bytes 11/08/2012 11:02:19
AEBB.DLL : 8.1.1.0 53618 Bytes 20/01/2012 15:52:35
AVWINLL.DLL : 12.3.0.15 27344 Bytes 18/07/2012 08:34:53
AVPREF.DLL : 12.3.0.15 51920 Bytes 18/07/2012 08:34:51
AVREP.DLL : 12.3.0.15 179208 Bytes 18/07/2012 08:34:51
AVARKT.DLL : 12.3.0.15 211408 Bytes 18/07/2012 08:34:49
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 18/07/2012 08:34:50
SQLITE3.DLL : 3.7.0.1 398288 Bytes 18/07/2012 08:35:02
AVSMTP.DLL : 12.3.0.32 63480 Bytes 18/07/2012 08:34:52
NETNT.DLL : 12.3.0.15 17104 Bytes 18/07/2012 08:34:59
RCIMAGE.DLL : 12.3.0.31 4445944 Bytes 18/07/2012 08:35:09
RCTEXT.DLL : 12.3.0.31 97784 Bytes 18/07/2012 08:35:09

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: default
Primary action......................: Interactive
Secondary action....................: Ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: extended
Deviating risk categories...........: +SPR,

Start of the scan: Saturday, 18 August 2012 15:36

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting search for hidden objects.
The driver could not be initialized.

The scan of running processes will be started
Scan process 'avscan.exe' - '75' Module(s) have been scanned
Scan process 'osk.exe' - '25' Module(s) have been scanned
Scan process 'avcenter.exe' - '80' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '34' Module(s) have been scanned
Scan process 'unsecapp.exe' - '27' Module(s) have been scanned
Scan process 'hpgs2wnf.exe' - '28' Module(s) have been scanned
Scan process 'Explorer.EXE' - '140' Module(s) have been scanned
Scan process 'svchost.exe' - '42' Module(s) have been scanned
Scan process 'svchost.exe' - '52' Module(s) have been scanned
Scan process 'svchost.exe' - '43' Module(s) have been scanned
Scan process 'svchost.exe' - '64' Module(s) have been scanned
Scan process 'svchost.exe' - '95' Module(s) have been scanned
Scan process 'svchost.exe' - '70' Module(s) have been scanned
Scan process 'svchost.exe' - '35' Module(s) have been scanned
Scan process 'svchost.exe' - '38' Module(s) have been scanned
Scan process 'svchost.exe' - '41' Module(s) have been scanned
Scan process 'lsm.exe' - '22' Module(s) have been scanned
Scan process 'lsass.exe' - '59' Module(s) have been scanned
Scan process 'services.exe' - '32' Module(s) have been scanned
Scan process 'winlogon.exe' - '26' Module(s) have been scanned
Scan process 'wininit.exe' - '25' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting to scan executable files (registry).
C:\Program Files\Electrotank\Trick or Treat Smash\uninstall.exe
[WARNING] Unsupported archive version
The registry was scanned ( '3088' files ).


Starting the file scan:

Begin scan in 'C:\' <S3A6609D003>
C:\Program Files\Electrotank\Trick or Treat Smash\uninstall.exe
[WARNING] Unsupported archive version
C:\Program Files\WinRAR\rarnew.dat
[WARNING] Error no files to extract
C:\ProgramData\Spybot - Search & Destroy\Recovery\FraudSysguard.zip
[WARNING] The file is password protected
C:\ProgramData\Spybot - Search & Destroy\Recovery\FraudSysguard1.zip
[WARNING] The file is password protected
C:\ProgramData\Spybot - Search & Destroy\Recovery\FraudSysguard2.zip
[WARNING] The file is password protected
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondesci.zip
[WARNING] The file is password protected
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondesci1.zip
[WARNING] The file is password protected
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondesci10.zip
[WARNING] The file is password protected
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondesci11.zip
[WARNING] The file is password protected
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondesci12.zip
[WARNING] The file is password protected
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondesci13.zip
[WARNING] The file is password protected
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondesci14.zip
[WARNING] The file is password protected
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondesci15.zip
[WARNING] The file is password protected
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondesci16.zip
[WARNING] The file is password protected
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondesci17.zip
[WARNING] The file is password protected
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondesci18.zip
[WARNING] The file is password protected
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondesci19.zip
[WARNING] The file is password protected
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondesci2.zip
[WARNING] The file is password protected
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondesci20.zip
[WARNING] The file is password protected
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondesci21.zip
[WARNING] The file is password protected
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondesci22.zip
[WARNING] The file is password protected
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondesci23.zip
[WARNING] The file is password protected
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondesci24.zip
[WARNING] The file is password protected
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondesci25.zip
[WARNING] The file is password protected
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondesci26.zip
[WARNING] The file is password protected
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondesci27.zip
[WARNING] The file is password protected
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondesci28.zip
[WARNING] The file is password protected
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondesci29.zip
[WARNING] The file is password protected
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondesci3.zip
[WARNING] The file is password protected
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondesci30.zip
[WARNING] The file is password protected
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondesci31.zip
[WARNING] The file is password protected
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondesci32.zip
[WARNING] The file is password protected
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondesci33.zip
[WARNING] The file is password protected
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondesci34.zip
[WARNING] The file is password protected
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondesci35.zip
[WARNING] The file is password protected
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondesci36.zip
[WARNING] The file is password protected
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondesci37.zip
[WARNING] The file is password protected
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondesci4.zip
[WARNING] The file is password protected
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondesci5.zip
[WARNING] The file is password protected
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondesci6.zip
[WARNING] The file is password protected
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondesci7.zip
[WARNING] The file is password protected
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondesci8.zip
[WARNING] The file is password protected
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondesci9.zip
[WARNING] The file is password protected
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\194a1e65-79314379
[0] Archive type: ZIP
--> CL1.class
[DETECTION] Contains recognition pattern of the JAVA/Dldr.Lamar.EG Java virus
--> CL2.class
[DETECTION] Contains recognition pattern of the JAVA/Dldr.Lamar.EH Java virus
--> CL3.class
[DETECTION] Contains recognition pattern of the EXP/2012-1723.K exploit
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\305b7a69-57129fef
[0] Archive type: ZIP
--> Field.class
[DETECTION] Contains recognition pattern of the EXP/CVE-2010-0840.A.22 exploit
--> Matrix.class
[DETECTION] Contains recognition pattern of the EXP/CVE-2010-0840.A.4 exploit
--> Photo.class
[DETECTION] Contains recognition pattern of the EXP/CVE-2011-3544.A.13 exploit
C:\Users\User\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 06-12-2011 - 10-16-31.SBU
[WARNING] The file is password protected
C:\Users\User\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 06-30-2010 - 20-57-55.SBU
[WARNING] The file is password protected
C:\Users\User\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 07-12-2010 - 17-15-36.SBU
[WARNING] The file is password protected
C:\Users\User\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 07-24-2010 - 19-36-54.SBU
[WARNING] The file is password protected
C:\Users\User\Desktop\Cambridge_Practice_Tests_Book_for_IELTS_7m\avira_free_antivirus_en.exe
[WARNING] The file is password protected
C:\Users\User\Desktop\New Folder (2)\260CANON\247CANON\avira_free_antivirus_en.exe
[WARNING] The file is password protected
C:\Users\User\Desktop\New Folder (2)\260CANON\247CANON\incon\ammi\243CANON\239CANON\cps\print\ach\ielts\Cambridge1.rar
[WARNING] The file is password protected
C:\Users\User\Desktop\New Folder (2)\260CANON\247CANON\incon\ammi\243CANON\239CANON\cps\print\ach\ielts\Cambridge2.rar
[WARNING] The file is password protected
C:\Users\User\Desktop\New Folder (2)\260CANON\247CANON\incon\ammi\243CANON\239CANON\cps\print\ach\ielts\Cambridge3(1).rar
[WARNING] The file is password protected
C:\Users\User\Desktop\New Folder (2)\260CANON\247CANON\incon\ammi\243CANON\239CANON\cps\print\ach\ielts\Cambridge4.rar
[WARNING] The file is password protected
C:\Users\User\Desktop\New Folder (2)\260CANON\247CANON\incon\ammi\243CANON\239CANON\cps\print\ach\ielts\Cambridge6.rar
[WARNING] The file is password protected
C:\Users\User\Desktop\New Folder (2)\260CANON\247CANON\incon\ammi\243CANON\239CANON\cps\print\ach\New Folder\e10 un\2 year\213 f\213 f\ao_setup_1010.exe.dap
[WARNING] Unsupported archive version
C:\Users\User\Desktop\New Folder (2)\260CANON\247CANON\incon\ammi\243CANON\239CANON\cps\print\ach\New Folder\e10 un\2 year\213 f\213 f\ao_setup_1010_1.exe.dap
[WARNING] Unsupported archive version

Beginning disinfection:
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\305b7a69-57129fef
[DETECTION] Contains recognition pattern of the EXP/CVE-2011-3544.A.13 exploit
[WARNING] The file was ignored!
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\194a1e65-79314379
[DETECTION] Contains recognition pattern of the JAVA/Dldr.Lamar.EG Java virus
[WARNING] The file was ignored!


End of the scan: Saturday, 18 August 2012 17:10
Used time: 1:21:23 Hour(s)

The scan has been done completely.

27106 Scanned directories
531385 Files were scanned
7 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
531378 Files not concerned
3889 Archives were scanned
59 Warnings
0 Notes

#16 wormit

wormit

    Enthusiast

  • Members
  • PipPipPipPip
  • 138 posts

Posted 18 August 2012 - 08:19 AM

My laptop has gone from bad to worse. now i cant use my laptop without it shutting down every 5 minutes. i can only use safe mode. Some 1 pls help??? Howdo i remove the viruses that i mentioned in my earlier post, could that be the cause?

#17 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 18 August 2012 - 07:24 PM

I don't think the crashes are viral related, but let's take a closer look.
NOTE: I'm away from my home computer for the next 4 weeks, have minimal time online
I can only reply back when I can find the time

Can you please do the following
Download ComboFix from the following location

Link 1
Save it ONLY to your Desktop
--------------------------------------------------------------------
Temporarily Disable your AntiVirus/AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with this tool


  • Double click on ComboFix.exe & follow the prompts.


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply

NOTE: Do not mouseclick inside ComboFix window as it's running, it may cause it to stall
ComboFix will/may run again on startup, it will prompt that it's creating a log
This process could take up to 10 minutes, let it run uninterrupted please

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#18 wormit

wormit

    Enthusiast

  • Members
  • PipPipPipPip
  • 138 posts

Posted 18 August 2012 - 08:13 PM

combofix freezes during the normal mode and in safe mode is asking for administrator rights to perform some processes? when i right click and run it as administrator it still says the same

#19 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 20 August 2012 - 05:30 AM

But will ComboFix complete anyways in Safe mode, did you give it time?

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here