Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - wormit

Pages: [1] 2 3 ... 7

Tech Clinic / TR/kazy virus playing with my computer

« on: May 12, 2013, 10:29:54 AM »

hi,

Avira keeps bleeping to announce detections when i start my pc but when i scan it freezes. in safemode it doesnt detect any viruses. cant download yahoo mail attachments either

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12:58:29 AM, on 13/05/2013

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v9.00 (9.00.8112.16450)

Boot mode: Safe mode with network support

Running processes:

C:\\Windows\\Explorer.EXE

C:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnf.exe

C:\\Windows\\system32\\wbem\\unsecapp.exe

C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe

C:\\Windows\\System32\\osk.exe

C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe

C:\\Program Files\\Internet Explorer\\iexplore.exe

C:\\Program Files\\Internet Explorer\\iexplore.exe

C:\\Program Files\\Trend Micro\\HiJackThis\\HiJackThis.exe

R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = about:blank

R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar,LinksFolderName =

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\\Program Files\\Yahoo!\\Companion\\Installs\\cpn0\\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\\Program Files\\Microsoft Office\\Office12\\GrooveShellExtensions.dll

O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\\Program Files\\Oracle\\JavaFX 2.1 Runtime\\bin\\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\\Program Files\\Google\\Google Toolbar\\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\\Program Files\\Google\\GoogleToolbarNotifier\\5.2.4128.1656\\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\\Program Files\\Google\\Google Toolbar\\Component\\fastsearch_82E8758A37DCD509.dll (file missing)

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\\Program Files\\Oracle\\JavaFX 2.1 Runtime\\bin\\jp2ssv.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\\Program Files\\Yahoo!\\Companion\\Installs\\cpn0\\YTSingleInstance.dll (file missing)

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\\Program Files\\Google\\Google Toolbar\\GoogleToolbar_32.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\\Program Files\\Yahoo!\\Companion\\Installs\\cpn0\\yt.dll

O4 - HKLM\\..\\Run: [NDSTray.exe] NDSTray.exe

O4 - HKLM\\..\\Run: [SynTPEnh] C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe

O4 - HKLM\\..\\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\\..\\Run: [IgfxTray] C:\\Windows\\system32\\igfxtray.exe

O4 - HKLM\\..\\Run: [HotKeysCmds] C:\\Windows\\system32\\hkcmd.exe

O4 - HKLM\\..\\Run: [Persistence] C:\\Windows\\system32\\igfxpers.exe

O4 - HKLM\\..\\Run: [TPwrMain] %ProgramFiles%\\TOSHIBA\\Power Saver\\TPwrMain.EXE

O4 - HKLM\\..\\Run: [SmoothView] %ProgramFiles%\\Toshiba\\SmoothView\\SmoothView.exe

O4 - HKLM\\..\\Run: [00TCrdMain] %ProgramFiles%\\TOSHIBA\\FlashCards\\TCrdMain.exe

O4 - HKLM\\..\\Run: [Camera Assistant Software] \"C:\\Program Files\\Camera Assistant Software for Toshiba\\traybar.exe\" /start

O4 - HKLM\\..\\Run: [Google Desktop Search] \"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup

O4 - HKLM\\..\\Run: [QuickTime Task] \"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime

O4 - HKLM\\..\\Run: [GrooveMonitor] \"C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe\"

O4 - HKLM\\..\\Run: [Share-to-Web Namespace Daemon] C:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe

O4 - HKLM\\..\\Run: [Skytel] Skytel.exe

O4 - HKLM\\..\\Run: [OutpostFeedBack] \"C:\\Program Files\\Agnitum\\Outpost Firewall\\feedback.exe\" /dump:os_startup

O4 - HKLM\\..\\Run: [OutpostMonitor] C:\\PROGRA~1\\Agnitum\\OUTPOS~1\\op_mon.exe /tray /noservice

O4 - HKLM\\..\\Run: [avgnt] \"C:\\Program Files\\Avira\\AntiVir Desktop\\avgnt.exe\" /min

O4 - HKLM\\..\\Run: [SunJavaUpdateSched] \"C:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe\"

O4 - HKLM\\..\\Run: [Adobe Reader Speed Launcher] \"C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\"

O4 - HKLM\\..\\Run: [Adobe ARM] \"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"

O4 - HKCU\\..\\Run: [TOSCDSPD] TOSCDSPD.EXE

O4 - HKCU\\..\\Run: [Messenger (Yahoo!)] \"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YahooMessenger.exe\" -quiet

O4 - HKCU\\..\\Run: [Skype] \"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /minimized /regrun

O4 - HKCU\\..\\Run: [Aceroqyti] C:\\Users\\compi\\AppData\\Roaming\\Exne\\pipy.exe

O4 - HKUS\\S-1-5-18\\..\\RunOnce: [] OSK.exe (User \'SYSTEM\')

O4 - HKUS\\.DEFAULT\\..\\RunOnce: [] OSK.exe (User \'Default user\')

O4 - Global Startup: ImageBrowser EX Agent.lnk = C:\\Program Files\\Canon\\ImageBrowser EX\\MFManager.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\\Windows\\system32\\GPhotos.scr/200

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\\PROGRA~1\\MICROS~4\\Office12\\ONBttnIE.dll

O9 - Extra \'Tools\' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\\PROGRA~1\\MICROS~4\\Office12\\ONBttnIE.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\\Program Files\\PokerStars\\PokerStarsUpdate.exe (file missing)

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\\Windows\\bdoscandel.exe

O9 - Extra \'Tools\' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\\Windows\\bdoscandel.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\\PROGRA~1\\MICROS~4\\Office12\\REFIEBAR.DLL

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YPager.exe (file missing)

O9 - Extra \'Tools\' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YPager.exe (file missing)

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} (CAScanner Control) - http://cainternetsecurity.net/scanner/cascanner.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\\Program Files\\Microsoft Office\\Office12\\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\\PROGRA~1\\COMMON~1\\Skype\\SKYPE4~1.DLL

O20 - AppInit_DLLs: c:\\PROGRA~1\\Google\\GOOGLE~1\\GoogleDesktopNetwork3.dll

O20 - Winlogon Notify: !SASWinLogon - Invalid registry found

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\\Windows\\system32\\browseui.dll

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\\Windows\\system32\\agrsmsvc.exe

O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\\Program Files\\Avira\\AntiVir Desktop\\sched.exe

O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\\Program Files\\Avira\\AntiVir Desktop\\avguard.exe

O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\\Program Files\\TOSHIBA\\ConfigFree\\CFSvcs.exe

O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\\Program Files\\Common Files\\InstallShield\\Driver\\1150\\Intel 32\\IDriverT.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\\Program Files\\Skype\\Updater\\Updater.exe

O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\\Program Files\\TOSHIBA\\SmartFaceV\\SmartFaceVWatchSrv.exe

O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\\Program Files\\TOSHIBA\\TOSHIBA DVD PLAYER\\TNaviSrv.exe

O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\\Windows\\system32\\TODDSrv.exe

O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\\Program Files\\TOSHIBA\\Power Saver\\TosCoSrv.exe

O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\\Program Files\\TOSHIBA\\SMARTLogService\\TosIPCSrv.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\\Program Files\\Common Files\\Ulead Systems\\DVD\\ULCDRSvr.exe

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\\Program Files\\Yahoo!\\SoftwareUpdate\\YahooAUService.exe

--

End of file - 9371 bytes

Tech Clinic / Windows hot process error?

« on: August 18, 2012, 09:13:17 PM »

combofix freezes during the normal mode and in safe mode is asking for administrator rights to perform some processes? when i right click and run it as administrator it still says the same

Tech Clinic / Windows hot process error?

« on: August 18, 2012, 09:19:00 AM »

My laptop has gone from bad to worse. now i cant use my laptop without it shutting down every 5 minutes. i can only use safe mode. Some 1 pls help??? Howdo i remove the viruses that i mentioned in my earlier post, could that be the cause?

Tech Clinic / Windows hot process error?

« on: August 18, 2012, 02:19:56 AM »

i did an avira scan in safe mode and found 2 virusus- EXP/CVE-2011-3544.A.13 and Java/Dldr.Lamar.EG What shd i do??

Also during the blue screens i get memory management as the error

Avira Free Antivirus
Report file date: Saturday, 18 August 2012 15:36

Scanning for 4121282 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available.

Licensee : Avira AntiVir Personal - Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows Vista (TM) Home Premium
Windows version : (Service Pack 2) [6.0.6002]
Boot mode : Safe mode with network
Username : User
Computer name : NONONO-PC

Version information:
BUILD.DAT : 12.0.0.1167 40870 Bytes 18/07/2012 20:07:00
AVSCAN.EXE : 12.3.0.33 468472 Bytes 18/07/2012 08:34:51
AVSCAN.DLL : 12.3.0.15 54736 Bytes 18/07/2012 08:35:06
LUKE.DLL : 12.3.0.15 68304 Bytes 18/07/2012 08:34:59
AVSCPLR.DLL : 12.3.0.27 97064 Bytes 18/07/2012 08:34:51
AVREG.DLL : 12.3.0.33 232232 Bytes 18/07/2012 08:34:51
VBASE000.VDF : 7.10.0.0 19875328 Bytes 6/11/2009 10:48:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 15:53:21
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20/12/2011 16:02:24
VBASE003.VDF : 7.11.21.238 4472832 Bytes 1/02/2012 02:28:50
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28/03/2012 15:08:13
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29/06/2012 08:35:05
VBASE006.VDF : 7.11.34.117 2048 Bytes 29/06/2012 08:35:05
VBASE007.VDF : 7.11.34.118 2048 Bytes 29/06/2012 08:35:05
VBASE008.VDF : 7.11.34.119 2048 Bytes 29/06/2012 08:35:05
VBASE009.VDF : 7.11.34.120 2048 Bytes 29/06/2012 08:35:05
VBASE010.VDF : 7.11.34.121 2048 Bytes 29/06/2012 08:35:05
VBASE011.VDF : 7.11.34.122 2048 Bytes 29/06/2012 08:35:05
VBASE012.VDF : 7.11.34.123 2048 Bytes 29/06/2012 08:35:05
VBASE013.VDF : 7.11.34.124 2048 Bytes 29/06/2012 08:35:05
VBASE014.VDF : 7.11.38.18 2554880 Bytes 30/07/2012 11:01:51
VBASE015.VDF : 7.11.38.70 556032 Bytes 31/07/2012 11:01:55
VBASE016.VDF : 7.11.38.143 171008 Bytes 2/08/2012 11:01:57
VBASE017.VDF : 7.11.38.221 178176 Bytes 6/08/2012 11:02:01
VBASE018.VDF : 7.11.39.37 168448 Bytes 8/08/2012 11:02:03
VBASE019.VDF : 7.11.39.89 131072 Bytes 9/08/2012 11:02:06
VBASE020.VDF : 7.11.39.145 142336 Bytes 11/08/2012 11:01:45
VBASE021.VDF : 7.11.39.207 165888 Bytes 14/08/2012 11:18:28
VBASE022.VDF : 7.11.40.9 156160 Bytes 16/08/2012 11:18:32
VBASE023.VDF : 7.11.40.10 2048 Bytes 16/08/2012 11:18:33
VBASE024.VDF : 7.11.40.11 2048 Bytes 16/08/2012 11:18:34
VBASE025.VDF : 7.11.40.12 2048 Bytes 16/08/2012 11:18:35
VBASE026.VDF : 7.11.40.13 2048 Bytes 16/08/2012 11:18:35
VBASE027.VDF : 7.11.40.14 2048 Bytes 16/08/2012 11:18:36
VBASE028.VDF : 7.11.40.15 2048 Bytes 16/08/2012 11:18:37
VBASE029.VDF : 7.11.40.16 2048 Bytes 16/08/2012 11:18:38
VBASE030.VDF : 7.11.40.17 2048 Bytes 16/08/2012 11:18:39
VBASE031.VDF : 7.11.40.34 78336 Bytes 17/08/2012 11:18:42
Engine version : 8.2.10.132
AEVDF.DLL : 8.1.2.10 102772 Bytes 11/08/2012 11:02:54
AESCRIPT.DLL : 8.1.4.42 459129 Bytes 11/08/2012 11:02:53
AESCN.DLL : 8.1.8.2 131444 Bytes 16/02/2012 08:41:36
AESBX.DLL : 8.2.5.12 606578 Bytes 18/07/2012 08:34:48
AERDL.DLL : 8.1.9.15 639348 Bytes 20/01/2012 15:52:40
AEPACK.DLL : 8.3.0.24 811381 Bytes 11/08/2012 11:02:51
AEOFFICE.DLL : 8.1.2.42 201083 Bytes 11/08/2012 11:02:47
AEHEUR.DLL : 8.1.4.86 5165429 Bytes 11/08/2012 11:02:45
AEHELP.DLL : 8.1.23.2 258422 Bytes 18/07/2012 08:34:45
AEGEN.DLL : 8.1.5.34 434548 Bytes 11/08/2012 11:02:25
AEEXP.DLL : 8.1.0.74 86387 Bytes 11/08/2012 11:02:54
AEEMU.DLL : 8.1.3.2 393587 Bytes 11/08/2012 11:02:21
AECORE.DLL : 8.1.27.4 201078 Bytes 11/08/2012 11:02:19
AEBB.DLL : 8.1.1.0 53618 Bytes 20/01/2012 15:52:35
AVWINLL.DLL : 12.3.0.15 27344 Bytes 18/07/2012 08:34:53
AVPREF.DLL : 12.3.0.15 51920 Bytes 18/07/2012 08:34:51
AVREP.DLL : 12.3.0.15 179208 Bytes 18/07/2012 08:34:51
AVARKT.DLL : 12.3.0.15 211408 Bytes 18/07/2012 08:34:49
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 18/07/2012 08:34:50
SQLITE3.DLL : 3.7.0.1 398288 Bytes 18/07/2012 08:35:02
AVSMTP.DLL : 12.3.0.32 63480 Bytes 18/07/2012 08:34:52
NETNT.DLL : 12.3.0.15 17104 Bytes 18/07/2012 08:34:59
RCIMAGE.DLL : 12.3.0.31 4445944 Bytes 18/07/2012 08:35:09
RCTEXT.DLL : 12.3.0.31 97784 Bytes 18/07/2012 08:35:09

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: default
Primary action......................: Interactive
Secondary action....................: Ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: extended
Deviating risk categories...........: +SPR,

Start of the scan: Saturday, 18 August 2012 15:36

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting search for hidden objects.
The driver could not be initialized.

The scan of running processes will be started
Scan process 'avscan.exe' - '75' Module(s) have been scanned
Scan process 'osk.exe' - '25' Module(s) have been scanned
Scan process 'avcenter.exe' - '80' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '34' Module(s) have been scanned
Scan process 'unsecapp.exe' - '27' Module(s) have been scanned
Scan process 'hpgs2wnf.exe' - '28' Module(s) have been scanned
Scan process 'Explorer.EXE' - '140' Module(s) have been scanned
Scan process 'svchost.exe' - '42' Module(s) have been scanned
Scan process 'svchost.exe' - '52' Module(s) have been scanned
Scan process 'svchost.exe' - '43' Module(s) have been scanned
Scan process 'svchost.exe' - '64' Module(s) have been scanned
Scan process 'svchost.exe' - '95' Module(s) have been scanned
Scan process 'svchost.exe' - '70' Module(s) have been scanned
Scan process 'svchost.exe' - '35' Module(s) have been scanned
Scan process 'svchost.exe' - '38' Module(s) have been scanned
Scan process 'svchost.exe' - '41' Module(s) have been scanned
Scan process 'lsm.exe' - '22' Module(s) have been scanned
Scan process 'lsass.exe' - '59' Module(s) have been scanned
Scan process 'services.exe' - '32' Module(s) have been scanned
Scan process 'winlogon.exe' - '26' Module(s) have been scanned
Scan process 'wininit.exe' - '25' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting to scan executable files (registry).
C:\Program Files\Electrotank\Trick or Treat Smash\uninstall.exe
[WARNING] Unsupported archive version
The registry was scanned ( '3088' files ).

Starting the file scan:

Begin scan in 'C:\' <S3A6609D003>
C:\Program Files\Electrotank\Trick or Treat Smash\uninstall.exe
[WARNING] Unsupported archive version
C:\Program Files\WinRAR\rarnew.dat
[WARNING] Error no files to extract
C:\ProgramData\Spybot - Search & Destroy\Recovery\FraudSysguard.zip
[WARNING] The file is password protected
C:\ProgramData\Spybot - Search & Destroy\Recovery\FraudSysguard1.zip
[WARNING] The file is password protected
C:\ProgramData\Spybot - Search & Destroy\Recovery\FraudSysguard2.zip
[WARNING] The file is password protected
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondesci.zip
[WARNING] The file is password protected
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondesci1.zip
[WARNING] The file is password protected
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondesci10.zip
[WARNING] The file is password protected
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondesci11.zip
[WARNING] The file is password protected
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondesci12.zip
[WARNING] The file is password protected
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondesci13.zip
[WARNING] The file is password protected
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondesci14.zip
[WARNING] The file is password protected
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondesci15.zip
[WARNING] The file is password protected
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondesci16.zip
[WARNING] The file is password protected
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondesci17.zip
[WARNING] The file is password protected
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondesci18.zip
[WARNING] The file is password protected
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondesci19.zip
[WARNING] The file is password protected
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondesci2.zip
[WARNING] The file is password protected
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondesci20.zip
[WARNING] The file is password protected
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondesci21.zip
[WARNING] The file is password protected
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondesci22.zip
[WARNING] The file is password protected
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondesci23.zip
[WARNING] The file is password protected
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondesci24.zip
[WARNING] The file is password protected
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondesci25.zip
[WARNING] The file is password protected
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondesci26.zip
[WARNING] The file is password protected
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondesci27.zip
[WARNING] The file is password protected
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondesci28.zip
[WARNING] The file is password protected
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondesci29.zip
[WARNING] The file is password protected
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondesci3.zip
[WARNING] The file is password protected
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondesci30.zip
[WARNING] The file is password protected
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondesci31.zip
[WARNING] The file is password protected
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondesci32.zip
[WARNING] The file is password protected
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondesci33.zip
[WARNING] The file is password protected
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondesci34.zip
[WARNING] The file is password protected
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondesci35.zip
[WARNING] The file is password protected
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondesci36.zip
[WARNING] The file is password protected
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondesci37.zip
[WARNING] The file is password protected
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondesci4.zip
[WARNING] The file is password protected
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondesci5.zip
[WARNING] The file is password protected
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondesci6.zip
[WARNING] The file is password protected
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondesci7.zip
[WARNING] The file is password protected
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondesci8.zip
[WARNING] The file is password protected
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondesci9.zip
[WARNING] The file is password protected
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\194a1e65-79314379

Archive type: ZIP

--> CL1.class
[DETECTION] Contains recognition pattern of the JAVA/Dldr.Lamar.EG Java virus
--> CL2.class
[DETECTION] Contains recognition pattern of the JAVA/Dldr.Lamar.EH Java virus
--> CL3.class
[DETECTION] Contains recognition pattern of the EXP/2012-1723.K exploit
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\305b7a69-57129fef

Archive type: ZIP

--> Field.class
[DETECTION] Contains recognition pattern of the EXP/CVE-2010-0840.A.22 exploit
--> Matrix.class
[DETECTION] Contains recognition pattern of the EXP/CVE-2010-0840.A.4 exploit
--> Photo.class
[DETECTION] Contains recognition pattern of the EXP/CVE-2011-3544.A.13 exploit
C:\Users\User\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 06-12-2011 - 10-16-31.SBU
[WARNING] The file is password protected
C:\Users\User\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 06-30-2010 - 20-57-55.SBU
[WARNING] The file is password protected
C:\Users\User\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 07-12-2010 - 17-15-36.SBU
[WARNING] The file is password protected
C:\Users\User\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 07-24-2010 - 19-36-54.SBU
[WARNING] The file is password protected
C:\Users\User\Desktop\Cambridge_Practice_Tests_Book_for_IELTS_7m\avira_free_antivirus_en.exe
[WARNING] The file is password protected
C:\Users\User\Desktop\New Folder (2)\260CANON\247CANON\avira_free_antivirus_en.exe
[WARNING] The file is password protected
C:\Users\User\Desktop\New Folder (2)\260CANON\247CANON\incon\ammi\243CANON\239CANON\cps\print\ach\ielts\Cambridge1.rar
[WARNING] The file is password protected
C:\Users\User\Desktop\New Folder (2)\260CANON\247CANON\incon\ammi\243CANON\239CANON\cps\print\ach\ielts\Cambridge2.rar
[WARNING] The file is password protected
C:\Users\User\Desktop\New Folder (2)\260CANON\247CANON\incon\ammi\243CANON\239CANON\cps\print\ach\ielts\Cambridge3(1).rar
[WARNING] The file is password protected
C:\Users\User\Desktop\New Folder (2)\260CANON\247CANON\incon\ammi\243CANON\239CANON\cps\print\ach\ielts\Cambridge4.rar
[WARNING] The file is password protected
C:\Users\User\Desktop\New Folder (2)\260CANON\247CANON\incon\ammi\243CANON\239CANON\cps\print\ach\ielts\Cambridge6.rar
[WARNING] The file is password protected
C:\Users\User\Desktop\New Folder (2)\260CANON\247CANON\incon\ammi\243CANON\239CANON\cps\print\ach\New Folder\e10 un\2 year\213 f\213 f\ao_setup_1010.exe.dap
[WARNING] Unsupported archive version
C:\Users\User\Desktop\New Folder (2)\260CANON\247CANON\incon\ammi\243CANON\239CANON\cps\print\ach\New Folder\e10 un\2 year\213 f\213 f\ao_setup_1010_1.exe.dap
[WARNING] Unsupported archive version

Beginning disinfection:
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\305b7a69-57129fef
[DETECTION] Contains recognition pattern of the EXP/CVE-2011-3544.A.13 exploit
[WARNING] The file was ignored!
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\194a1e65-79314379
[DETECTION] Contains recognition pattern of the JAVA/Dldr.Lamar.EG Java virus
[WARNING] The file was ignored!

End of the scan: Saturday, 18 August 2012 17:10
Used time: 1:21:23 Hour(s)

The scan has been done completely.

27106 Scanned directories
531385 Files were scanned
7 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
531378 Files not concerned
3889 Archives were scanned
59 Warnings
0 Notes

Tech Clinic / Windows hot process error?

« on: August 17, 2012, 08:59:48 PM »

today in the morning i got this message after my laptop crashed with blue screen
Problem signature:
Problem Event Name:   BlueScreen
OS Version:   6.0.6002.2.2.0.768.3
Locale ID:   3081

Additional information about the problem:
BCCode:   7f
BCP1:   0000000D
BCP2:   00000000
BCP3:   00000000
BCP4:   00000000
OS Version:   6_0_6002
Service Pack:   2_0
Product:   768_1

Files that help describe the problem:
C:\Windows\Minidump\Mini081812-01.dmp
C:\Users\User\AppData\Local\Temp\WER-52915-0.sysdata.xml
C:\Users\User\AppData\Local\Temp\WER6C49.tmp.version.txt

Read our privacy statement:
http://go.microsoft.com/fwlink/?linkid=50163&clcid=0x0409

Tech Clinic / Windows hot process error?

« on: August 16, 2012, 07:29:41 PM »

hi guestolo,

the problem seems to exist still. My computer is freezing again this morning

Tech Clinic / Windows hot process error?

« on: August 16, 2012, 02:36:38 AM »

Results of screen317's Security Check version 0.99.44
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Disabled!
Avira Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````[/u]
Malwarebytes Anti-Malware version 1.60.0.1800
JavaFX 2.1.1
Java(TM) 7 Update 5
Java version out of Date!
Adobe Reader 9 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````[/u]
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C: 6 % Defragment your hard drive soon!
````````````````````End of Log``````````````````````[/u]

Tech Clinic / Windows hot process error?

« on: August 16, 2012, 02:30:15 AM »

There were many crashes today in the morning and then the chkdsk would run. I did the changes u mentioned in ur latest post. After one of the crashes there was an error message saying adobe speed something stopped working. Couldnt get the java to install as computer kept crashing so i had to install flash first and then install java.

OTL.txt

OTL logfile created on: 16/08/2012 4:55:27 PM - Run 6
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\User\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1.87 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 49.32% Memory free
3.98 Gb Paging File | 2.87 Gb Available in Paging File | 72.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.06 Gb Total Space | 211.71 Gb Free Space | 73.49% Space Free | Partition Type: NTFS

Computer Name: NONONO-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/12 08:22:12 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
PRC - [2012/07/18 18:05:10 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012/07/18 18:05:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/07/18 18:04:50 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/07/18 18:04:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/04/11 15:57:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/07/19 00:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/06/02 17:26:48 | 000,505,720 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2008/05/09 15:49:30 | 000,716,800 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2008/05/08 14:11:58 | 004,787,712 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
PRC - [2008/04/29 14:33:28 | 000,417,792 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
PRC - [2008/04/25 05:33:12 | 000,430,080 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2008/04/24 22:35:46 | 000,073,728 | ---- | M] (Toshiba) -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
PRC - [2008/04/17 16:51:24 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2008/04/17 16:49:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2008/04/17 16:49:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2008/04/08 16:44:50 | 006,037,504 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/02/06 17:52:52 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2008/02/06 17:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2008/01/11 21:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/12/03 21:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
PRC - [2007/11/22 09:53:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2006/10/05 13:40:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/08/23 20:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2002/04/17 14:49:16 | 000,077,824 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
PRC - [2002/04/17 14:42:56 | 000,069,632 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

========== Modules (No Company Name) ==========

MOD - [2011/11/23 23:05:40 | 000,921,600 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2009/08/16 21:06:02 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008/05/08 14:11:58 | 004,787,712 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
MOD - [2008/03/06 14:14:54 | 005,121,912 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
MOD - [2007/12/25 16:03:40 | 000,015,184 | ---- | M] () -- C:\Program Files\TOSHIBA\PCDiag\NotifyPCD.dll
MOD - [2007/12/15 01:40:00 | 000,090,112 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll
MOD - [2006/10/11 04:14:16 | 000,009,728 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
MOD - [2006/10/08 04:27:04 | 000,053,248 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
MOD - [2002/04/17 14:49:22 | 000,024,576 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnfps.dll
MOD - [2002/04/17 14:49:16 | 000,077,824 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

========== Win32 Services (SafeList) ==========

SRV - [2012/08/16 16:43:26 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/18 18:05:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/07/18 18:04:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/04/28 10:06:06 | 001,195,008 | ---- | M] (Agnitum Ltd.) [Auto | Running] -- C:\Program Files\Agnitum\Outpost Firewall\acs.exe -- (acssrv)
SRV - [2008/07/19 00:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/04/24 22:35:46 | 000,073,728 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV - [2008/04/17 16:49:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/02/06 17:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2008/01/21 11:53:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/11 21:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/12/03 21:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/22 09:53:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2006/10/05 13:40:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 20:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\User\AppData\Local\Temp\cpuz134\cpuz134_x32.sys -- (cpuz134)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\User\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/07/18 18:05:10 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/07/18 18:05:10 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012/07/18 18:05:10 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/01/06 17:41:23 | 000,077,004 | ---- | M] (Oak Technology Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AFS.SYS -- (AFS)
DRV - [2009/04/06 11:37:12 | 000,704,384 | ---- | M] (Agnitum Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\SandBox.sys -- (SandBox)
DRV - [2009/02/18 17:27:54 | 000,029,208 | ---- | M] (Agnitum Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\afw.sys -- (afw)
DRV - [2009/02/10 16:12:48 | 000,307,224 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afwcore.sys -- (afwcore)
DRV - [2008/07/18 22:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2008/04/28 07:59:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008/04/15 11:35:08 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/12/17 15:45:20 | 000,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007/12/15 04:23:24 | 000,024,200 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2007/11/09 18:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2006/11/28 16:41:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/21 06:41:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2004/05/12 18:46:56 | 000,542,893 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\torususb.sys -- (TaurusUsb)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {87394793-8317-426A-A380-443282519A7D}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{87394793-8317-426A-A380-443282519A7D}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TSHN

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\..\SearchScopes,DefaultScope = {87394793-8317-426A-A380-443282519A7D}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=1-pMTqY5nbpXuGtfpIn_M-H46QM?q={searchTerms}
IE - HKCU\..\SearchScopes\{87394793-8317-426A-A380-443282519A7D}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TSHN
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

O1 HOSTS File: ([2012/01/19 07:39:28 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\CleanUp!\jccatch.dll (www.flashget.com)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4128.1656\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_82E8758A37DCD509.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\CleanUp!\getflash.dll (www.flashget.com)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll File not found
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [Flashget] C:\Program Files\CleanUp!\FlashGet.exe (FlashGet.com)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall\feedback.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [OutpostMonitor] C:\Program Files\Agnitum\Outpost Firewall\op_mon.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [TOSCDSPD] TOSCDSPD.EXE File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\CleanUp!\JC_ALL.HTM ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\CleanUp!\JC_LINK.HTM ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - Reg Error: Value error. File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - Reg Error: Value error. File not found
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\CleanUp!\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\CleanUp!\flashget.exe (FlashGet.com)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe File not found
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe File not found
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} http://cainternetsecurity.net/scanner/cascanner.cab (CAScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{32675EF0-751A-4CBA-B96D-A4CFD3F78CCD}: DhcpNameServer = 192.168.1.1
O20 - AppInit_DLLs: (c:\PROGRA~1\Agnitum\OUTPOS~1\wl_hook.dll) - c:\Program Files\Agnitum\Outpost Firewall\wl_hook.dll (Agnitum Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - c:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (Reg Error: Key error.) - Reg Error: Key error. File not found
O20 - Winlogon\Notify\igfxcui: DllName - (Reg Error: Key error.) - Reg Error: Key error. File not found
O24 - Desktop WallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 07:13:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/16 16:54:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/08/16 16:53:32 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/08/16 16:52:33 | 000,772,544 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012/08/16 16:52:33 | 000,227,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/08/16 16:52:10 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/08/16 16:52:10 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/08/16 16:48:45 | 000,893,936 | ---- | C] (Oracle Corporation) -- C:\Users\User\Desktop\JavaSetupkku5.exe
[2012/08/16 16:43:25 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/08/16 16:43:25 | 000,070,344 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/08/16 16:42:40 | 009,232,584 | ---- | C] (Adobe Systems Incorporated) -- C:\Users\User\Desktop\install_flash_player_11_active_x.exe
[2012/08/16 16:21:42 | 000,893,936 | ---- | C] (Oracle Corporation) -- C:\Users\User\Desktop\JavaSetup7uj5.exe
[2012/08/16 16:09:53 | 000,893,936 | ---- | C] (Oracle Corporation) -- C:\Users\User\Desktop\JavaSetup7u5.exe
[2012/08/14 00:19:33 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\New Folder (3)
[2012/08/13 18:01:05 | 000,101,832 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\User\Desktop\SASUNINST.EXE
[2012/08/12 08:22:12 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2012/08/12 08:10:59 | 000,000,000 | ---D | C] -- C:\2bc6ff6eb45fa40c2e72a9da
[2012/08/11 16:45:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
[2012/08/11 16:38:09 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Yahoo!
[2012/08/11 16:25:54 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Yahoo! Messenger
[2012/08/11 16:18:44 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Avira
[2012/08/11 16:11:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012/08/11 16:10:46 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012/08/11 16:10:43 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012/08/11 16:10:43 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012/08/11 16:10:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012/08/11 16:10:34 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012/08/11 12:53:05 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\User\Desktop\HijackThis.exe
[2012/08/11 11:56:58 | 000,000,000 | ---D | C] -- C:\30b62bf096ec33a4f3
[2012/08/11 11:25:31 | 000,000,000 | ---D | C] -- C:\4f9917abb87b11c5f3025fb6bb39871d
[2012/08/11 10:00:28 | 000,000,000 | ---D | C] -- C:\a984d1e6e984a9910ad0
[2012/08/10 16:22:45 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\New Folder
[2012/08/10 16:05:33 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Dropbox
[2012/08/10 15:57:10 | 017,798,272 | ---- | C] (Dropbox, Inc.) -- C:\Users\User\Desktop\Dropbox 1.4.12.exe
[2012/08/10 15:41:53 | 000,000,000 | ---D | C] -- C:\89d6130398c774102b17
[2012/08/06 12:55:05 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\New Folder (9)
[2012/08/01 12:06:32 | 000,439,312 | ---- | C] (Yahoo! Inc.) -- C:\Users\User\Desktop\msgr11au.exe
[2012/07/31 19:19:43 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\New Folder (

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/16 16:53:28 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/16 16:51:51 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/08/16 16:51:51 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/08/16 16:48:45 | 000,893,936 | ---- | M] (Oracle Corporation) -- C:\Users\User\Desktop\JavaSetupkku5.exe
[2012/08/16 16:43:25 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/08/16 16:43:25 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/08/16 16:42:40 | 009,232,584 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\User\Desktop\install_flash_player_11_active_x.exe
[2012/08/16 16:37:41 | 000,707,222 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/08/16 16:37:41 | 000,146,386 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/08/16 16:36:40 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/16 16:36:40 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/16 16:31:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/16 16:30:56 | 2007,011,328 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/16 16:21:43 | 000,893,936 | ---- | M] (Oracle Corporation) -- C:\Users\User\Desktop\JavaSetup7uj5.exe
[2012/08/16 16:14:34 | 311,670,499 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/08/16 16:09:54 | 000,893,936 | ---- | M] (Oracle Corporation) -- C:\Users\User\Desktop\JavaSetup7u5.exe
[2012/08/13 18:01:05 | 000,101,832 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\User\Desktop\SASUNINST.EXE
[2012/08/12 08:22:12 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2012/08/11 16:45:07 | 000,000,987 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/08/11 16:45:07 | 000,000,963 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2012/08/11 16:42:37 | 017,565,528 | ---- | M] () -- C:\Users\User\Desktop\ymsgr1100_1751_us.exe
[2012/08/11 16:41:25 | 019,373,912 | ---- | M] () -- C:\Users\User\Desktop\ymsgr1150_0192_us.exe
[2012/08/11 16:41:11 | 019,216,216 | ---- | M] () -- C:\Users\User\Desktop\ymsgr1150_0152_us.exe
[2012/08/11 16:16:30 | 004,764,224 | ---- | M] () -- C:\Users\User\Desktop\yahoo_6.0.0.1922.exe
[2012/08/11 16:11:55 | 000,001,858 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/08/11 12:53:05 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\User\Desktop\HijackThis.exe
[2012/08/11 12:42:13 | 000,001,356 | ---- | M] () -- C:\Users\User\AppData\Local\d3d9caps.dat
[2012/08/11 12:15:50 | 000,000,292 | ---- | M] () -- C:\Users\User\Desktop\How to Fix Host process for windows services stopped working and was closed.url
[2012/08/11 11:46:27 | 090,098,552 | ---- | M] () -- C:\Users\User\Desktop\avira_free_antivirus_en.exe
[2012/08/10 15:57:11 | 017,798,272 | ---- | M] (Dropbox, Inc.) -- C:\Users\User\Desktop\Dropbox 1.4.12.exe
[2012/08/06 17:25:24 | 000,133,120 | ---- | M] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/01 12:06:33 | 000,439,312 | ---- | M] (Yahoo! Inc.) -- C:\Users\User\Desktop\msgr11au.exe
[2012/07/18 18:05:10 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012/07/18 18:05:10 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012/07/18 18:05:10 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/16 16:43:27 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/11 16:45:07 | 000,000,987 | ---- | C] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/08/11 16:45:07 | 000,000,963 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2012/08/11 16:41:47 | 017,565,528 | ---- | C] () -- C:\Users\User\Desktop\ymsgr1100_1751_us.exe
[2012/08/11 16:40:24 | 019,373,912 | ---- | C] () -- C:\Users\User\Desktop\ymsgr1150_0192_us.exe
[2012/08/11 16:39:53 | 019,216,216 | ---- | C] () -- C:\Users\User\Desktop\ymsgr1150_0152_us.exe
[2012/08/11 16:16:29 | 004,764,224 | ---- | C] () -- C:\Users\User\Desktop\yahoo_6.0.0.1922.exe
[2012/08/11 16:11:55 | 000,001,858 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/08/11 16:08:26 | 2007,011,328 | -HS- | C] () -- C:\hiberfil.sys
[2012/08/11 12:15:50 | 000,000,292 | ---- | C] () -- C:\Users\User\Desktop\How to Fix Host process for windows services stopped working and was closed.url
[2012/08/11 11:40:54 | 090,098,552 | ---- | C] () -- C:\Users\User\Desktop\avira_free_antivirus_en.exe
[2012/01/19 07:18:00 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/19 07:17:59 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/19 07:17:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/19 07:17:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/19 07:17:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/18 23:03:14 | 000,000,272 | ---- | C] () -- C:\Windows\reimage.ini
[2010/01/06 18:00:25 | 000,000,000 | -H-- | C] () -- C:\Users\User\hpothb07.tif
[2010/01/06 18:00:25 | 000,000,000 | -H-- | C] () -- C:\Users\User\hpothb07.dat
[2009/09/16 15:32:29 | 000,000,235 | ---- | C] () -- C:\Users\User\AppData\Roaming\devices.xml
[2009/09/16 15:32:29 | 000,000,012 | ---- | C] () -- C:\Users\User\AppData\Roaming\settings.xml
[2009/07/07 16:22:28 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/04/19 18:25:03 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLec.DAT
[2009/04/19 18:21:59 | 000,133,120 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/19 17:35:05 | 000,001,356 | ---- | C] () -- C:\Users\User\AppData\Local\d3d9caps.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

Tech Clinic / Windows hot process error?

« on: August 13, 2012, 06:29:31 AM »

Hey guestolo,

I did the things which u asked me to do in ur latest post. Today there seemed to be no issue with the computer.

Below is the OTL.txt

OTL logfile created on: 13/08/2012 6:42:43 PM - Run 5
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\User\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1.87 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 49.13% Memory free
3.98 Gb Paging File | 2.69 Gb Available in Paging File | 67.58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.06 Gb Total Space | 211.68 Gb Free Space | 73.49% Space Free | Partition Type: NTFS

Computer Name: NONONO-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/12 08:22:12 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
PRC - [2012/08/03 14:29:35 | 000,686,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_3_300_270_ActiveX.exe
PRC - [2012/07/18 18:05:10 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012/07/18 18:05:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/07/18 18:04:50 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/07/18 18:04:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/04/11 15:57:48 | 000,182,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\osk.exe
PRC - [2009/04/11 15:57:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/07/19 00:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/06/02 17:26:48 | 000,505,720 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2008/05/09 15:49:30 | 000,716,800 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2008/05/08 14:11:58 | 004,787,712 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
PRC - [2008/04/29 14:33:28 | 000,417,792 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
PRC - [2008/04/25 05:33:12 | 000,430,080 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2008/04/24 22:35:46 | 000,073,728 | ---- | M] (Toshiba) -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
PRC - [2008/04/17 16:51:24 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2008/04/17 16:49:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2008/04/17 16:49:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2008/04/08 16:44:50 | 006,037,504 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/02/06 17:52:52 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2008/02/06 17:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2008/01/11 21:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/12/03 21:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
PRC - [2007/11/22 09:53:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2007/09/25 18:59:38 | 002,007,088 | ---- | M] (FlashGet.com) -- C:\Program Files\CleanUp!\flashget.exe
PRC - [2006/10/05 13:40:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/08/23 20:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2002/04/17 14:49:16 | 000,077,824 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
PRC - [2002/04/17 14:42:56 | 000,069,632 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

========== Modules (No Company Name) ==========

MOD - [2011/11/23 23:05:40 | 000,921,600 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2010/08/06 21:28:26 | 000,034,816 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\gzlib.dll
MOD - [2009/08/16 21:06:02 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008/05/08 14:11:58 | 004,787,712 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
MOD - [2008/03/06 14:14:54 | 005,121,912 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
MOD - [2007/12/25 16:03:40 | 000,015,184 | ---- | M] () -- C:\Program Files\TOSHIBA\PCDiag\NotifyPCD.dll
MOD - [2007/12/15 01:40:00 | 000,090,112 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll
MOD - [2007/09/11 20:51:34 | 001,327,184 | ---- | M] () -- C:\Program Files\CleanUp!\FGEMCORE.dll
MOD - [2007/09/11 20:51:34 | 000,626,688 | ---- | M] () -- C:\Program Files\CleanUp!\FGBTCORE.dll
MOD - [2006/10/11 04:14:16 | 000,009,728 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
MOD - [2006/10/08 04:27:04 | 000,053,248 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
MOD - [2002/04/17 14:49:22 | 000,024,576 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnfps.dll
MOD - [2002/04/17 14:49:16 | 000,077,824 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2012/08/03 14:29:38 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/18 18:05:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/07/18 18:04:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/04/28 10:06:06 | 001,195,008 | ---- | M] (Agnitum Ltd.) [Auto | Running] -- C:\Program Files\Agnitum\Outpost Firewall\acs.exe -- (acssrv)
SRV - [2008/07/19 00:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/04/24 22:35:46 | 000,073,728 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV - [2008/04/17 16:49:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/02/06 17:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2008/01/21 11:53:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/11 21:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/12/03 21:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/22 09:53:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2006/10/05 13:40:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 20:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\User\AppData\Local\Temp\cpuz134\cpuz134_x32.sys -- (cpuz134)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\User\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/07/18 18:05:10 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/07/18 18:05:10 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012/07/18 18:05:10 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/01/06 17:41:23 | 000,077,004 | ---- | M] (Oak Technology Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AFS.SYS -- (AFS)
DRV - [2009/06/30 09:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\pavboot.sys -- (pavboot)
DRV - [2009/04/06 11:37:12 | 000,704,384 | ---- | M] (Agnitum Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\SandBox.sys -- (SandBox)
DRV - [2009/02/18 17:27:54 | 000,029,208 | ---- | M] (Agnitum Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\afw.sys -- (afw)
DRV - [2009/02/10 16:12:48 | 000,307,224 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afwcore.sys -- (afwcore)
DRV - [2008/07/18 22:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2008/04/28 07:59:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008/04/15 11:35:08 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/12/17 15:45:20 | 000,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007/12/15 04:23:24 | 000,024,200 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2007/11/09 18:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2006/11/28 16:41:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/21 06:41:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2004/05/12 18:46:56 | 000,542,893 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\torususb.sys -- (TaurusUsb)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {87394793-8317-426A-A380-443282519A7D}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{87394793-8317-426A-A380-443282519A7D}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TSHN

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\..\SearchScopes,DefaultScope = {87394793-8317-426A-A380-443282519A7D}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=1-pMTqY5nbpXuGtfpIn_M-H46QM?q={searchTerms}
IE - HKCU\..\SearchScopes\{87394793-8317-426A-A380-443282519A7D}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TSHN
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

O1 HOSTS File: ([2012/01/19 07:39:28 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\CleanUp!\jccatch.dll (www.flashget.com)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4128.1656\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_82E8758A37DCD509.dll File not found
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\CleanUp!\getflash.dll (www.flashget.com)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll File not found
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [Flashget] C:\Program Files\CleanUp!\FlashGet.exe (FlashGet.com)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall\feedback.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [OutpostMonitor] C:\Program Files\Agnitum\Outpost Firewall\op_mon.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [TOSCDSPD] TOSCDSPD.EXE File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\CleanUp!\JC_ALL.HTM ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\CleanUp!\JC_LINK.HTM ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - Reg Error: Value error. File not found
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\CleanUp!\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\CleanUp!\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe File not found
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe File not found
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} http://cainternetsecurity.net/scanner/cascanner.cab (CAScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{32675EF0-751A-4CBA-B96D-A4CFD3F78CCD}: DhcpNameServer = 192.168.1.1
O20 - AppInit_DLLs: (c:\PROGRA~1\Agnitum\OUTPOS~1\wl_hook.dll) - c:\Program Files\Agnitum\Outpost Firewall\wl_hook.dll (Agnitum Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - c:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (Reg Error: Key error.) - Reg Error: Key error. File not found
O20 - Winlogon\Notify\igfxcui: DllName - (Reg Error: Key error.) - Reg Error: Key error. File not found
O24 - Desktop WallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 07:13:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/13 18:01:05 | 000,101,832 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\User\Desktop\SASUNINST.EXE
[2012/08/12 08:22:12 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2012/08/12 08:22:02 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/08/12 08:10:59 | 000,000,000 | ---D | C] -- C:\2bc6ff6eb45fa40c2e72a9da
[2012/08/11 16:45:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
[2012/08/11 16:38:09 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Yahoo!
[2012/08/11 16:25:54 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Yahoo! Messenger
[2012/08/11 16:18:44 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Avira
[2012/08/11 16:11:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012/08/11 16:10:46 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012/08/11 16:10:43 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012/08/11 16:10:43 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012/08/11 16:10:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012/08/11 16:10:34 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012/08/11 12:53:05 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\User\Desktop\HijackThis.exe
[2012/08/11 11:56:58 | 000,000,000 | ---D | C] -- C:\30b62bf096ec33a4f3
[2012/08/11 11:25:31 | 000,000,000 | ---D | C] -- C:\4f9917abb87b11c5f3025fb6bb39871d
[2012/08/11 10:00:28 | 000,000,000 | ---D | C] -- C:\a984d1e6e984a9910ad0
[2012/08/10 16:22:45 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\New Folder
[2012/08/10 16:05:33 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Dropbox
[2012/08/10 15:57:10 | 017,798,272 | ---- | C] (Dropbox, Inc.) -- C:\Users\User\Desktop\Dropbox 1.4.12.exe
[2012/08/10 15:41:53 | 000,000,000 | ---D | C] -- C:\89d6130398c774102b17
[2012/08/06 12:55:05 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\New Folder (9)
[2012/08/01 12:06:32 | 000,439,312 | ---- | C] (Yahoo! Inc.) -- C:\Users\User\Desktop\msgr11au.exe
[2012/07/31 19:19:43 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\New Folder (

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/13 18:29:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/13 18:10:24 | 000,707,222 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/08/13 18:10:24 | 000,146,386 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/08/13 18:04:07 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/13 18:04:07 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/13 18:03:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/13 18:03:37 | 2009,071,616 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/13 18:01:05 | 000,101,832 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\User\Desktop\SASUNINST.EXE
[2012/08/12 15:43:16 | 000,243,442 | ---- | M] () -- C:\Users\User\Desktop\B.jpg
[2012/08/12 15:17:06 | 000,077,941 | ---- | M] () -- C:\Users\User\Desktop\488377_10151032060311137_578366357_n.jpg
[2012/08/12 15:16:05 | 000,067,931 | ---- | M] () -- C:\Users\User\Desktop\574514_10151032059261137_32734532_n.jpg
[2012/08/12 08:33:19 | 313,906,979 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/08/12 08:22:12 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2012/08/11 16:45:07 | 000,000,987 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/08/11 16:45:07 | 000,000,963 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2012/08/11 16:42:37 | 017,565,528 | ---- | M] () -- C:\Users\User\Desktop\ymsgr1100_1751_us.exe
[2012/08/11 16:41:25 | 019,373,912 | ---- | M] () -- C:\Users\User\Desktop\ymsgr1150_0192_us.exe
[2012/08/11 16:41:11 | 019,216,216 | ---- | M] () -- C:\Users\User\Desktop\ymsgr1150_0152_us.exe
[2012/08/11 16:16:30 | 004,764,224 | ---- | M] () -- C:\Users\User\Desktop\yahoo_6.0.0.1922.exe
[2012/08/11 16:11:55 | 000,001,858 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/08/11 12:53:05 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\User\Desktop\HijackThis.exe
[2012/08/11 12:42:13 | 000,001,356 | ---- | M] () -- C:\Users\User\AppData\Local\d3d9caps.dat
[2012/08/11 12:15:50 | 000,000,292 | ---- | M] () -- C:\Users\User\Desktop\How to Fix Host process for windows services stopped working and was closed.url
[2012/08/11 11:46:27 | 090,098,552 | ---- | M] () -- C:\Users\User\Desktop\avira_free_antivirus_en.exe
[2012/08/10 15:57:11 | 017,798,272 | ---- | M] (Dropbox, Inc.) -- C:\Users\User\Desktop\Dropbox 1.4.12.exe
[2012/08/06 17:25:24 | 000,133,120 | ---- | M] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/03 14:29:35 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/08/03 14:29:35 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/08/01 12:06:33 | 000,439,312 | ---- | M] (Yahoo! Inc.) -- C:\Users\User\Desktop\msgr11au.exe
[2012/07/18 18:05:10 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012/07/18 18:05:10 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012/07/18 18:05:10 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/12 15:48:26 | 000,504,561 | ---- | C] () -- C:\Users\User\Desktop\HC.JPG
[2012/08/12 15:43:14 | 000,243,442 | ---- | C] () -- C:\Users\User\Desktop\B.jpg
[2012/08/11 16:45:07 | 000,000,987 | ---- | C] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/08/11 16:45:07 | 000,000,963 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2012/08/11 16:41:47 | 017,565,528 | ---- | C] () -- C:\Users\User\Desktop\ymsgr1100_1751_us.exe
[2012/08/11 16:40:24 | 019,373,912 | ---- | C] () -- C:\Users\User\Desktop\ymsgr1150_0192_us.exe
[2012/08/11 16:39:53 | 019,216,216 | ---- | C] () -- C:\Users\User\Desktop\ymsgr1150_0152_us.exe
[2012/08/11 16:16:29 | 004,764,224 | ---- | C] () -- C:\Users\User\Desktop\yahoo_6.0.0.1922.exe
[2012/08/11 16:11:55 | 000,001,858 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/08/11 16:08:26 | 2009,071,616 | -HS- | C] () -- C:\hiberfil.sys
[2012/08/11 12:15:50 | 000,000,292 | ---- | C] () -- C:\Users\User\Desktop\How to Fix Host process for windows services stopped working and was closed.url
[2012/08/11 11:40:54 | 090,098,552 | ---- | C] () -- C:\Users\User\Desktop\avira_free_antivirus_en.exe
[2012/01/19 07:18:00 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/19 07:17:59 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/19 07:17:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/19 07:17:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/19 07:17:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/18 23:03:14 | 000,000,272 | ---- | C] () -- C:\Windows\reimage.ini
[2010/01/06 18:00:25 | 000,000,000 | -H-- | C] () -- C:\Users\User\hpothb07.tif
[2010/01/06 18:00:25 | 000,000,000 | -H-- | C] () -- C:\Users\User\hpothb07.dat
[2009/09/16 15:32:29 | 000,000,235 | ---- | C] () -- C:\Users\User\AppData\Roaming\devices.xml
[2009/09/16 15:32:29 | 000,000,012 | ---- | C] () -- C:\Users\User\AppData\Roaming\settings.xml
[2009/07/07 16:22:28 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/04/19 18:25:03 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLec.DAT
[2009/04/19 18:21:59 | 000,133,120 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/19 17:35:05 | 000,001,356 | ---- | C] () -- C:\Users\User\AppData\Local\d3d9caps.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

Tech Clinic / Windows hot process error?

« on: August 12, 2012, 06:58:24 PM »

Extras.txt

OTL Extras logfile created on: 13/08/2012 9:26:37 AM - Run 4
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\User\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1.87 Gb Total Physical Memory | 0.86 Gb Available Physical Memory | 46.13% Memory free
3.98 Gb Paging File | 2.70 Gb Available in Paging File | 67.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.06 Gb Total Space | 211.71 Gb Free Space | 73.49% Space Free | Partition Type: NTFS

Computer Name: NONONO-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
jsfile [edit] -- "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B743A7C-D484-4B6F-A740-1887C81F2F6E}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{18170D96-F8F6-453B-8E25-FA63D9163655}" = protocol=17 | dir=in | app=c:\users\User\appdata\roaming\dropbox\bin\dropbox.exe |
"{A4A3F174-059E-4640-9027-A4E0D422C0D7}" = protocol=6 | dir=in | app=c:\users\User\appdata\roaming\dropbox\bin\dropbox.exe |
"{C67F0C4C-5C91-4F5A-B283-6E41465BE01E}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\ypager.exe |
"{E4849FE7-6853-4596-8516-83E253C553E4}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\ypager.exe |
"{F7FF3889-77E0-4432-9189-90D60A6CDA35}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"TCP Query User{BBE2158E-4776-4FC8-9D21-9EA04BA735D6}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{E2890BC1-3973-4A35-9196-F34CC73F1583}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 20
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2D0822EC-391F-4D67-A59A-F6EC1087C732}" = Seven Kingdoms Conquest
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{40C03514-89C3-41BA-0090-3B440256DB87}" = The Sims 2
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{590D4F8F-98FE-47FA-AC2B-3F22FDCF7C09}" = ShareIns
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6DEF11C0-35FF-4160-A543-FDD336C4DAE5}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{6F7ECD56-E224-4263-9B7E-158E5CECC43B}" = HP Photo and Imaging 2.1 - Scanjet 2400 Series
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{AC76BA86-7AD7-5670-0000-900000000003}" = Korean Fonts Support For Adobe Reader 9
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{BEE759C3-D111-470C-B815-36B647FA9EED}_is1" = Surprise Party v1.0
"{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}" = QuickTime
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EE48D800-A3B5-43E3-B846-1CC556B8170D}" = SPSS 15.0 for Windows Evaluation Version
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FF3999BE-1A7B-4738-88AA-97BF14094A4A}" = PictureProject
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agnitum Outpost Firewall_is1" = Outpost Firewall 2009
"Avira AntiVir Desktop" = Avira Free Antivirus
"Binverse_is1" = Binverse
"BLOX Forever Free Trial" = BLOX Forever Free Trial
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CleanUp!" = CleanUp!
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FlashGet" = FlashGet 1.9.6.1073
"Google Desktop" = Google Desktop
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}" = QuickTime
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Picasa 3" = Picasa 3
"PokerStars" = PokerStars
"PROHYBRIDR" = 2007 Microsoft Office system
"Reimage Repair" = Reimage Repair
"SpywareBlaster_is1" = SpywareBlaster 4.3
"StmAdsl" = Prolink H8600 ADSL Modem
"Sveerz" = Sveerz
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinRAR archiver" = WinRAR archiver
"Yahoo! Messenger" = Yahoo! Messenger
"Zylom Games Player Plugin" = Zylom Games Player Plugin

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/08/2012 2:38:46 AM | Computer Name = NoNoNo-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/08/2012 2:41:37 AM | Computer Name = NoNoNo-PC | Source = MsiInstaller | ID = 11606
Description =

Error - 11/08/2012 2:41:37 AM | Computer Name = NoNoNo-PC | Source = MsiInstaller | ID = 11606
Description =

Error - 11/08/2012 9:35:52 AM | Computer Name = NoNoNo-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/08/2012 9:56:45 AM | Computer Name = NoNoNo-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/08/2012 6:36:05 PM | Computer Name = NoNoNo-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/08/2012 6:46:08 PM | Computer Name = NoNoNo-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/08/2012 7:04:19 PM | Computer Name = NoNoNo-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/08/2012 1:35:45 AM | Computer Name = NoNoNo-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/08/2012 7:34:40 PM | Computer Name = NoNoNo-PC | Source = WinMgmt | ID = 10
Description =

[ OSession Events ]
Error - 24/02/2010 4:01:53 AM | Computer Name = NoNoNo-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2942
seconds with 2040 seconds of active time. This session ended with a crash.

Error - 12/04/2010 4:57:12 AM | Computer Name = NoNoNo-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 62
seconds with 60 seconds of active time. This session ended with a crash.

Error - 5/07/2011 8:53:12 AM | Computer Name = NoNoNo-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11224
seconds with 4440 seconds of active time. This session ended with a crash.

Error - 24/08/2011 6:41:49 PM | Computer Name = NoNoNo-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1039
seconds with 180 seconds of active time. This session ended with a crash.

Error - 24/09/2011 10:42:05 AM | Computer Name = NoNoNo-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11165
seconds with 3300 seconds of active time. This session ended with a crash.

Error - 3/03/2012 11:06:19 AM | Computer Name = NoNoNo-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 22413
seconds with 2820 seconds of active time. This session ended with a crash.

Error - 16/03/2012 1:09:10 AM | Computer Name = NoNoNo-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 17127
seconds with 2220 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 11/08/2012 7:03:45 PM | Computer Name = NoNoNo-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 8:22:42 AM on 12/08/2012 was unexpected.

Error - 11/08/2012 7:03:19 PM | Computer Name = NoNoNo-PC | Source = volsnap | ID = 393243
Description = The shadow copies of volume C: were aborted during detection because
a critical control file could not be opened.

Error - 11/08/2012 7:05:03 PM | Computer Name = NoNoNo-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 11/08/2012 9:16:48 PM | Computer Name = NoNoNo-PC | Source = DCOM | ID = 10010
Description =

Error - 12/08/2012 1:35:08 AM | Computer Name = NoNoNo-PC | Source = volmgr | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 12/08/2012 1:35:36 AM | Computer Name = NoNoNo-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.101 for the Network Card with network
address 00216B244F28 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 12/08/2012 1:36:00 AM | Computer Name = NoNoNo-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 12/08/2012 7:34:03 PM | Computer Name = NoNoNo-PC | Source = volmgr | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 12/08/2012 7:34:56 PM | Computer Name = NoNoNo-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 12/08/2012 7:40:05 PM | Computer Name = NoNoNo-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.101 for the Network Card with network
address 00216B244F28 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

< End of report >

Tech Clinic / Windows hot process error?

« on: August 11, 2012, 06:25:03 PM »

Theres no file named extras saved on my desktop? OTL.txt opened up and was also saved on my desktop.
The comp crashed twice this morning while i was on the internet. But last night it worked perfectly fine. It may be happening only in the mornings and afternoons?

In safemode theres no issue

Tech Clinic / Windows hot process error?

« on: August 11, 2012, 06:20:18 PM »

OTL.txt

OTL logfile created on: 12/08/2012 8:38:06 AM - Run 3
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\User\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1.87 Gb Total Physical Memory | 0.75 Gb Available Physical Memory | 39.87% Memory free
3.98 Gb Paging File | 2.78 Gb Available in Paging File | 69.92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.06 Gb Total Space | 209.80 Gb Free Space | 72.83% Space Free | Partition Type: NTFS

Computer Name: NONONO-PC | User Name: User| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/12 08:22:12 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
PRC - [2012/07/18 18:05:10 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012/07/18 18:05:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/07/18 18:04:50 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/07/18 18:04:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/11/23 23:05:44 | 006,497,592 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2011/08/12 10:50:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2009/04/11 15:57:48 | 000,182,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\osk.exe
PRC - [2009/04/11 15:57:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/07/19 00:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/06/02 17:26:48 | 000,505,720 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2008/05/09 15:49:30 | 000,716,800 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2008/05/08 14:11:58 | 004,787,712 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
PRC - [2008/04/29 14:33:28 | 000,417,792 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
PRC - [2008/04/25 05:33:12 | 000,430,080 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2008/04/24 22:35:46 | 000,073,728 | ---- | M] (Toshiba) -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
PRC - [2008/04/17 16:51:24 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2008/04/17 16:49:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2008/04/17 16:49:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2008/04/08 16:44:50 | 006,037,504 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/02/06 17:52:52 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2008/02/06 17:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2008/01/11 21:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/12/03 21:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
PRC - [2007/11/22 09:53:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2007/09/25 18:59:38 | 002,007,088 | ---- | M] (FlashGet.com) -- C:\Program Files\CleanUp!\flashget.exe
PRC - [2006/10/05 13:40:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/08/23 20:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2002/04/17 14:49:16 | 000,077,824 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
PRC - [2002/04/17 14:42:56 | 000,069,632 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

========== Modules (No Company Name) ==========

MOD - [2011/11/23 23:05:40 | 000,921,600 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2011/11/23 23:05:26 | 000,078,336 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\pcre.dll
MOD - [2009/08/16 21:06:02 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008/05/08 14:11:58 | 004,787,712 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
MOD - [2008/03/06 14:14:54 | 005,121,912 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
MOD - [2007/12/25 16:03:40 | 000,015,184 | ---- | M] () -- C:\Program Files\TOSHIBA\PCDiag\NotifyPCD.dll
MOD - [2007/12/15 01:40:00 | 000,090,112 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll
MOD - [2007/09/11 20:51:34 | 001,327,184 | ---- | M] () -- C:\Program Files\CleanUp!\FGEMCORE.dll
MOD - [2007/09/11 20:51:34 | 000,626,688 | ---- | M] () -- C:\Program Files\CleanUp!\FGBTCORE.dll
MOD - [2006/11/02 19:16:12 | 000,028,672 | ---- | M] () -- C:\Windows\System32\perfos.dll
MOD - [2006/10/11 04:14:16 | 000,009,728 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
MOD - [2006/10/08 04:27:04 | 000,053,248 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
MOD - [2002/04/17 14:49:22 | 000,024,576 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnfps.dll
MOD - [2002/04/17 14:49:16 | 000,077,824 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2012/08/03 14:29:38 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/18 18:05:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/07/18 18:04:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/08/12 10:50:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2009/04/28 10:06:06 | 001,195,008 | ---- | M] (Agnitum Ltd.) [Auto | Running] -- C:\Program Files\Agnitum\Outpost Firewall\acs.exe -- (acssrv)
SRV - [2008/07/19 00:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/04/24 22:35:46 | 000,073,728 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV - [2008/04/17 16:49:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/02/06 17:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2008/01/21 11:53:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/11 21:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/12/03 21:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/22 09:53:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2006/10/05 13:40:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 20:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\User\AppData\Local\Temp\cpuz134\cpuz134_x32.sys -- (cpuz134)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\User\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/07/18 18:05:10 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/07/18 18:05:10 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012/07/18 18:05:10 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/01/06 17:41:23 | 000,077,004 | ---- | M] (Oak Technology Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AFS.SYS -- (AFS)
DRV - [2009/06/30 09:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\pavboot.sys -- (pavboot)
DRV - [2009/04/06 11:37:12 | 000,704,384 | ---- | M] (Agnitum Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\SandBox.sys -- (SandBox)
DRV - [2009/02/18 17:27:54 | 000,029,208 | ---- | M] (Agnitum Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\afw.sys -- (afw)
DRV - [2009/02/10 16:12:48 | 000,307,224 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afwcore.sys -- (afwcore)
DRV - [2008/07/18 22:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2008/04/28 07:59:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008/04/15 11:35:08 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/12/17 15:45:20 | 000,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007/12/15 04:23:24 | 000,024,200 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2007/11/09 18:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2006/11/28 16:41:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/21 06:41:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2004/05/12 18:46:56 | 000,542,893 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\torususb.sys -- (TaurusUsb)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {87394793-8317-426A-A380-443282519A7D}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{87394793-8317-426A-A380-443282519A7D}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TSHN

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\..\SearchScopes,DefaultScope = {87394793-8317-426A-A380-443282519A7D}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=1-pMTqY5nbpXuGtfpIn_M-H46QM?q={searchTerms}
IE - HKCU\..\SearchScopes\{87394793-8317-426A-A380-443282519A7D}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TSHN
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

O1 HOSTS File: ([2012/01/19 07:39:28 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\CleanUp!\jccatch.dll (www.flashget.com)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4128.1656\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_82E8758A37DCD509.dll File not found
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\CleanUp!\getflash.dll (www.flashget.com)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll File not found
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [Flashget] C:\Program Files\CleanUp!\FlashGet.exe (FlashGet.com)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall\feedback.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [OutpostMonitor] C:\Program Files\Agnitum\Outpost Firewall\op_mon.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [TOSCDSPD] TOSCDSPD.EXE File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\CleanUp!\JC_ALL.HTM ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\CleanUp!\JC_LINK.HTM ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - Reg Error: Value error. File not found
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\CleanUp!\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\CleanUp!\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe File not found
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe File not found
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} http://cainternetsecurity.net/scanner/cascanner.cab (CAScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{32675EF0-751A-4CBA-B96D-A4CFD3F78CCD}: DhcpNameServer = 192.168.1.1
O20 - AppInit_DLLs: (c:\PROGRA~1\Agnitum\OUTPOS~1\wl_hook.dll) - c:\Program Files\Agnitum\Outpost Firewall\wl_hook.dll (Agnitum Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - c:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (Reg Error: Key error.) - Reg Error: Key error. File not found
O20 - Winlogon\Notify\igfxcui: DllName - (Reg Error: Key error.) - Reg Error: Key error. File not found
O24 - Desktop WallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 07:13:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/12 08:22:12 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2012/08/12 08:22:02 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/08/12 08:10:59 | 000,000,000 | ---D | C] -- C:\2bc6ff6eb45fa40c2e72a9da
[2012/08/11 16:45:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
[2012/08/11 16:38:09 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Yahoo!
[2012/08/11 16:25:54 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Yahoo! Messenger
[2012/08/11 16:18:44 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Avira
[2012/08/11 16:11:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012/08/11 16:10:46 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012/08/11 16:10:43 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012/08/11 16:10:43 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012/08/11 16:10:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012/08/11 16:10:34 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012/08/11 12:53:05 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\User\Desktop\HijackThis.exe
[2012/08/11 11:56:58 | 000,000,000 | ---D | C] -- C:\30b62bf096ec33a4f3
[2012/08/11 11:25:31 | 000,000,000 | ---D | C] -- C:\4f9917abb87b11c5f3025fb6bb39871d
[2012/08/11 10:00:28 | 000,000,000 | ---D | C] -- C:\a984d1e6e984a9910ad0
[2012/08/10 16:22:45 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\New Folder
[2012/08/10 16:05:33 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Dropbox
[2012/08/10 15:57:10 | 017,798,272 | ---- | C] (Dropbox, Inc.) -- C:\Users\User\Desktop\Dropbox 1.4.12.exe
[2012/08/10 15:41:53 | 000,000,000 | ---D | C] -- C:\89d6130398c774102b17
[2012/08/06 12:55:05 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\New Folder (9)
[2012/08/01 12:06:32 | 000,439,312 | ---- | C] (Yahoo! Inc.) -- C:\Users\User\Desktop\msgr11au.exe
[2012/07/31 19:19:43 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\New Folder (

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/12 08:35:01 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/12 08:35:01 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/12 08:33:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/12 08:33:21 | 2009,071,616 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/12 08:33:19 | 313,906,979 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/08/12 08:22:12 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2012/08/12 01:29:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/11 16:45:07 | 000,000,987 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/08/11 16:45:07 | 000,000,963 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2012/08/11 16:42:37 | 017,565,528 | ---- | M] () -- C:\Users\User\Desktop\ymsgr1100_1751_us.exe
[2012/08/11 16:41:25 | 019,373,912 | ---- | M] () -- C:\Users\User\Desktop\ymsgr1150_0192_us.exe
[2012/08/11 16:41:11 | 019,216,216 | ---- | M] () -- C:\Users\User\Desktop\ymsgr1150_0152_us.exe
[2012/08/11 16:16:30 | 004,764,224 | ---- | M] () -- C:\Users\User\Desktop\yahoo_6.0.0.1922.exe
[2012/08/11 16:11:55 | 000,001,858 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/08/11 12:53:05 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\User\Desktop\HijackThis.exe
[2012/08/11 12:42:13 | 000,001,356 | ---- | M] () -- C:\Users\User\AppData\Local\d3d9caps.dat
[2012/08/11 12:15:50 | 000,000,292 | ---- | M] () -- C:\Users\User\Desktop\How to Fix Host process for windows services stopped working and was closed.url
[2012/08/11 11:46:27 | 090,098,552 | ---- | M] () -- C:\Users\User\Desktop\avira_free_antivirus_en.exe
[2012/08/10 15:57:11 | 017,798,272 | ---- | M] (Dropbox, Inc.) -- C:\Users\User\Desktop\Dropbox 1.4.12.exe
[2012/08/06 21:40:34 | 000,707,222 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/08/06 21:40:34 | 000,146,386 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/08/06 17:25:24 | 000,133,120 | ---- | M] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/03 14:29:35 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/08/03 14:29:35 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/08/01 12:06:33 | 000,439,312 | ---- | M] (Yahoo! Inc.) -- C:\Users\User\Desktop\msgr11au.exe
[2012/07/18 18:05:10 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012/07/18 18:05:10 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012/07/18 18:05:10 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012/07/13 16:24:43 | 000,411,040 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/11 16:45:07 | 000,000,987 | ---- | C] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/08/11 16:45:07 | 000,000,963 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2012/08/11 16:41:47 | 017,565,528 | ---- | C] () -- C:\Users\User\Desktop\ymsgr1100_1751_us.exe
[2012/08/11 16:40:24 | 019,373,912 | ---- | C] () -- C:\Users\User\Desktop\ymsgr1150_0192_us.exe
[2012/08/11 16:39:53 | 019,216,216 | ---- | C] () -- C:\Users\User\Desktop\ymsgr1150_0152_us.exe
[2012/08/11 16:16:29 | 004,764,224 | ---- | C] () -- C:\Users\User\Desktop\yahoo_6.0.0.1922.exe
[2012/08/11 16:11:55 | 000,001,858 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/08/11 16:08:26 | 2009,071,616 | -HS- | C] () -- C:\hiberfil.sys
[2012/08/11 12:15:50 | 000,000,292 | ---- | C] () -- C:\Users\User\Desktop\How to Fix Host process for windows services stopped working and was closed.url
[2012/08/11 11:40:54 | 090,098,552 | ---- | C] () -- C:\Users\User\Desktop\avira_free_antivirus_en.exe
[2012/01/19 07:18:00 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/19 07:17:59 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/19 07:17:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/19 07:17:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/19 07:17:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/18 23:03:14 | 000,000,272 | ---- | C] () -- C:\Windows\reimage.ini
[2010/01/06 18:00:25 | 000,000,000 | -H-- | C] () -- C:\Users\User\hpothb07.tif
[2010/01/06 18:00:25 | 000,000,000 | -H-- | C] () -- C:\Users\User\hpothb07.dat
[2009/09/16 15:32:29 | 000,000,235 | ---- | C] () -- C:\Users\User\AppData\Roaming\devices.xml
[2009/09/16 15:32:29 | 000,000,012 | ---- | C] () -- C:\Users\User\AppData\Roaming\settings.xml
[2009/07/07 16:22:28 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/04/19 18:25:03 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLec.DAT
[2009/04/19 18:21:59 | 000,133,120 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/19 17:35:05 | 000,001,356 | ---- | C] () -- C:\Users\User\AppData\Local\d3d9caps.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

Tech Clinic / Windows hot process error?

« on: August 10, 2012, 10:07:41 PM »

HJT done in safe mode with networking. I downloaded something called drop box which is when i think this error started. I uninstalled it today but the error seems to have worsened. Then it froze after i watched a clip on youtube and then the other times were when i was on yahoo messenger

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:54:33 PM, on 11/08/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Erandi\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\CleanUp!\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4128.1656\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_82E8758A37DCD509.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\CleanUp!\getflash.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [Flashget] "C:\Program Files\CleanUp!\FlashGet.exe" /min
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall\feedback.exe" /dump:os_startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\CleanUp!\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\CleanUp!\jc_link.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\CleanUp!\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\CleanUp!\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} (CAScanner Control) - http://cainternetsecurity.net/scanner/cascanner.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: c:\PROGRA~1\Agnitum\OUTPOS~1\wl_hook.dll c:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
O20 - Winlogon Notify: !SASWinLogon - Invalid registry found
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 10236 bytes

Tech Clinic / Windows hot process error?

« on: August 10, 2012, 09:41:27 PM »

I've been getting this error saying windows hot process has stopped working and then the computer freezes and i have to start the computer again.
Please help!!

Tech Clinic / internet trouble

« on: January 21, 2012, 06:28:43 PM »

GUestolo, another housemate has the same problem and isn't able to access the internet...so i'm guessing, as u said, it might be something wrong with the configuration of the wireless. A technician will be coming to check the issue. Meanwhile I will do the updating and other stuff u have suggested and let u know how it goes

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' /> Thanks alot for all ur help!!

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />

P.S Like I mentioned earlier, after I clear the cookies and etc and restart everything, the internet runs perfectly fine until I turn the pc off and try to use the internet again. So it may be a ip adderess or other issue. I also noticed that the windows cleanup cleared a Telnet MRU list. Was just thinking whether it being clearerd had something to do with the whole issue. Anyway, I will let u know how everything goes after the updating and after the technician comes over.

Tech Clinic / internet trouble

« on: January 20, 2012, 09:23:02 PM »

[quote name='guestolo' timestamp='1327112199' post='480787']
Which wireless router do you have?
Are you right up to date on it's firmware?
Is it a seperate router/modem?

Is it always the same time of day that the wireless is inaccessible?
You could try rebooting in safe mode with networking during the troubled times, can you connect and stay connected?
[/quote]

i think its a adsl wireless
Im not sure about it being upto date though.Sorry, its not mine so I'm not quite sure.
Yes seperate one that connects to the phone line i think.

I guess it goes off at different times and I have to use cleanup, reboot and restart the wireless after which im able to stay connected for some hours.

Tech Clinic / internet trouble

« on: January 20, 2012, 09:12:56 PM »

[quote name='guestolo' timestamp='1327111780' post='480785']
How are things now running?
Did you disable both Avira and outpost before redownloading Flash_Disinfector?
[/quote]

Yes, disabled both. At the momentthe internet is accessible but last night it wasnt after like 4 to 5 hours after being able to

Tech Clinic / internet trouble

« on: January 20, 2012, 08:39:48 PM »

I scanned my laptop using Avira, malwarebites and spybot. Only avira found some viruses. The following is that log. I scanned theexternal drives and no viruses were ditected. Avira version 9.0.0.429. Outpost version 2009 ver. 6.5.1 (2725.381.0687). I disabled both av and outpost but I still cant get the flash disinfector to run.

Avira AntiVir Personal
Report file date: Saturday, 21 January 2012 04:17

Scanning for 3174701 virus strains and unwanted programs.

Licensee : Avira Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows Vista
Windows version : (Service Pack 2) [6.0.6002]
Boot mode : Normally booted
Username : SYSTEM
Computer name : NONONO-PC

Version information:
BUILD.DAT : 9.0.0.429 21701 Bytes 6/10/2010 10:04:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 21/11/2009 09:32:00
AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/02/2009 06:28:24
LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 07:05:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 27/02/2009 06:28:52
VBASE000.VDF : 7.10.0.0 19875328 Bytes 6/11/2009 09:31:59
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 02:43:39
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20/12/2011 10:21:18
VBASE003.VDF : 7.11.19.171 2048 Bytes 20/12/2011 10:21:18
VBASE004.VDF : 7.11.19.172 2048 Bytes 20/12/2011 10:21:19
VBASE005.VDF : 7.11.19.173 2048 Bytes 20/12/2011 10:21:19
VBASE006.VDF : 7.11.19.174 2048 Bytes 20/12/2011 10:21:20
VBASE007.VDF : 7.11.19.175 2048 Bytes 20/12/2011 10:21:20
VBASE008.VDF : 7.11.19.176 2048 Bytes 20/12/2011 10:21:21
VBASE009.VDF : 7.11.19.177 2048 Bytes 20/12/2011 10:21:21
VBASE010.VDF : 7.11.19.178 2048 Bytes 20/12/2011 10:21:21
VBASE011.VDF : 7.11.19.179 2048 Bytes 20/12/2011 10:21:22
VBASE012.VDF : 7.11.19.180 2048 Bytes 20/12/2011 10:21:22
VBASE013.VDF : 7.11.19.217 182784 Bytes 22/12/2011 10:29:05
VBASE014.VDF : 7.11.19.255 148480 Bytes 24/12/2011 13:32:13
VBASE015.VDF : 7.11.20.29 164352 Bytes 27/12/2011 04:19:59
VBASE016.VDF : 7.11.20.70 180224 Bytes 29/12/2011 04:25:02
VBASE017.VDF : 7.11.20.102 240640 Bytes 2/01/2012 05:07:05
VBASE018.VDF : 7.11.20.139 164864 Bytes 4/01/2012 07:05:59
VBASE019.VDF : 7.11.20.178 167424 Bytes 6/01/2012 07:08:08
VBASE020.VDF : 7.11.20.207 230400 Bytes 10/01/2012 09:02:41
VBASE021.VDF : 7.11.20.236 150528 Bytes 11/01/2012 09:02:37
VBASE022.VDF : 7.11.21.13 135168 Bytes 13/01/2012 10:58:04
VBASE023.VDF : 7.11.21.40 163840 Bytes 16/01/2012 12:47:29
VBASE024.VDF : 7.11.21.65 1001472 Bytes 17/01/2012 12:51:10
VBASE025.VDF : 7.11.21.66 2048 Bytes 17/01/2012 12:51:12
VBASE026.VDF : 7.11.21.67 2048 Bytes 17/01/2012 12:51:14
VBASE027.VDF : 7.11.21.68 2048 Bytes 17/01/2012 12:51:17
VBASE028.VDF : 7.11.21.69 2048 Bytes 17/01/2012 12:51:17
VBASE029.VDF : 7.11.21.70 2048 Bytes 17/01/2012 12:51:17
VBASE030.VDF : 7.11.21.71 2048 Bytes 17/01/2012 12:51:18
VBASE031.VDF : 7.11.21.95 233472 Bytes 19/01/2012 12:54:45
Engineversion : 8.2.8.28
AEVDF.DLL : 8.1.2.2 106868 Bytes 26/10/2011 12:24:06
AESCRIPT.DLL : 8.1.3.97 426363 Bytes 14/01/2012 10:59:23
AESCN.DLL : 8.1.7.2 127349 Bytes 22/11/2010 21:43:03
AESBX.DLL : 8.2.4.5 434549 Bytes 2/12/2011 23:09:58
AERDL.DLL : 8.1.9.15 639348 Bytes 9/09/2011 22:34:20
AEPACK.DLL : 8.2.16.1 799094 Bytes 18/01/2012 12:52:16
AEOFFICE.DLL : 8.1.2.25 201084 Bytes 30/12/2011 04:27:39
AEHEUR.DLL : 8.1.3.18 4297079 Bytes 14/01/2012 10:59:16
AEHELP.DLL : 8.1.18.0 254327 Bytes 26/10/2011 12:22:43
AEGEN.DLL : 8.1.5.17 405877 Bytes 9/12/2011 13:19:56
AEEMU.DLL : 8.1.3.0 393589 Bytes 22/11/2010 21:42:43
AECORE.DLL : 8.1.24.3 201079 Bytes 29/12/2011 04:19:45
AEBB.DLL : 8.1.1.0 53618 Bytes 24/04/2010 07:50:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 04:17:59
AVPREF.DLL : 9.0.3.0 44289 Bytes 10/09/2009 11:57:58
AVREP.DLL : 10.0.0.9 174120 Bytes 5/03/2011 13:05:43
AVREG.DLL : 9.0.0.0 36609 Bytes 5/12/2008 06:02:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 10:35:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 06:07:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 10:33:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/02/2009 03:51:33
NETNT.DLL : 9.0.0.0 11521 Bytes 5/12/2008 06:02:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 15/05/2009 11:09:58
RCTEXT.DLL : 9.0.73.0 86785 Bytes 21/11/2009 09:31:57

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +SPR,

Start of the scan: Saturday, 21 January 2012 04:17

Starting search for hidden objects.
'132614' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'SynTPHelper.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'YahooMessenger.exe' - '1' Module(s) have been scanned
Scan process 'CFSwMgr.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'igfxext.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'CEC_MAIN.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'Skype.exe' - '1' Module(s) have been scanned
Scan process 'YahooMessenger.exe' - '1' Module(s) have been scanned
Scan process 'TOSCDSPD.exe' - '1' Module(s) have been scanned
Scan process 'op_mon.exe' - '0' Module(s) have been scanned
Scan process 'flashget.exe' - '1' Module(s) have been scanned
Scan process 'hpgs2wnd.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'GrooveMonitor.exe' - '1' Module(s) have been scanned
Scan process 'qttask.exe' - '1' Module(s) have been scanned
Scan process 'GoogleDesktop.exe' - '1' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '1' Module(s) have been scanned
Scan process 'traybar.exe' - '1' Module(s) have been scanned
Scan process 'TCrdMain.exe' - '1' Module(s) have been scanned
Scan process 'SmoothView.exe' - '1' Module(s) have been scanned
Scan process 'TPwrMain.exe' - '1' Module(s) have been scanned
Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'RtHDVCpl.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'NDSTray.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'hpgs2wnf.exe' - '1' Module(s) have been scanned
Scan process 'osk.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SmartFaceVWatchSrv.exe' - '1' Module(s) have been scanned
Scan process 'SDWinSec.exe' - '1' Module(s) have been scanned
Scan process 'YahooAUService.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ULCDRSvr.exe' - '1' Module(s) have been scanned
Scan process 'TosIPCSrv.exe' - '1' Module(s) have been scanned
Scan process 'TosCoSrv.exe' - '1' Module(s) have been scanned
Scan process 'TODDSrv.exe' - '1' Module(s) have been scanned
Scan process 'TNaviSrv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sqlwriter.exe' - '1' Module(s) have been scanned
Scan process 'sqlbrowser.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sqlservr.exe' - '1' Module(s) have been scanned
Scan process 'CFSvcs.exe' - '1' Module(s) have been scanned
Scan process 'BcmSqlStartupSvc.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'agrsmsvc.exe' - '1' Module(s) have been scanned
Scan process 'acs.exe' - '0' Module(s) have been scanned
Scan process 'SASCORE.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'PresentationFontCache.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
79 processes with 79 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '51' files ).

Starting the file scan:

Begin scan in 'C:\' <S3A6609D003>
C:\hiberfil.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Users\EDE\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\42cc9baf-7f72fa93

Archive type: ZIP

--> vload.class
[DETECTION] Contains recognition pattern of the JAVA/Stutter.U Java virus
--> vmain.class
[DETECTION] Contains recognition pattern of the JAVA/Stutter.K Java virus
C:\Users\EDE\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\c6bd976-2c45b397

Archive type: ZIP

--> pap.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.JJ Java virus
C:\Users\EDE\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\ef1d97e-7aa9540a

Archive type: ZIP

--> lort/border.class
[DETECTION] Contains recognition pattern of the EXP/CVE-2010-0840.BN exploit
--> lort/cooter.class
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.E Java virus
--> menu/edit.class
[DETECTION] Contains recognition pattern of the EXP/CVE-2010-0840.BL exploit
--> menu/file.class
[DETECTION] Contains recognition pattern of the EXP/CVE-2010-0840.BW exploit
--> menu/help.class
[DETECTION] Contains recognition pattern of the EXP/CVE-2010-0840.U exploit

Beginning disinfection:
C:\Users\EDE\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\42cc9baf-7f72fa93
[NOTE] The file was moved to '4f7ce375.qua'!
C:\Users\EDE\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\c6bd976-2c45b397
[NOTE] The file was moved to '4f7be379.qua'!
C:\Users\EDE\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\ef1d97e-7aa9540a
[NOTE] The file was moved to '4f4ae3a9.qua'!

End of the scan: Saturday, 21 January 2012 08:27
Used time: 2:31:21 Hour(s)

The scan has been done completely.

26085 Scanned directories
523145 Files were scanned
8 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
3 Files were moved to quarantine
0 Files were renamed
2 Files cannot be scanned
523135 Files not concerned
3734 Archives were scanned
2 Warnings
5 Notes
132614 Objects were scanned with rootkit scan
0 Hidden objects were found

Tech Clinic / internet trouble

« on: January 20, 2012, 07:53:04 AM »

Nope its not the Windows media player! After like 4 hours it happened again.

Tech Clinic / internet trouble

« on: January 20, 2012, 06:36:53 AM »

I havent run the flash disinfecting tool yet but after I was connected to the internet for around 1 hour I wasnt able to access the internet again and had to restart the modem. The only things I had going on at that time was my windows media player, yahoo messenger and skype. But I was only using the windows media player. I didnt have any external drives connected to the laptop this time around. I will run the tool now.

Edit: I cant get the flash disinfectant to run? double cliecked it, redownloaded it but nothings happening?

Guestolo, something that worked for me meanwhile was using windows cleanup then restarting the laptop and the wirelss and not using windows media player. I wonder whether the problem has anything to do with either the windows media player or the mp3 files I play? I've used windows cleanup before when this happened previously but the problem continued to happen probably since I use windows media player alot. But this time since I didnt use windows media player the problem hasnt appeared for now.

Pages: [1] 2 3 ... 7

TheTechGuide Forum

News:

Show Posts

Messages - wormit

Tech Clinic / TR/kazy virus playing with my computer

Tech Clinic / Windows hot process error?

Tech Clinic / Windows hot process error?

Tech Clinic / Windows hot process error?

Tech Clinic / Windows hot process error?

Tech Clinic / Windows hot process error?

Tech Clinic / Windows hot process error?

Tech Clinic / Windows hot process error?

Tech Clinic / Windows hot process error?

Tech Clinic / Windows hot process error?

Tech Clinic / Windows hot process error?

Tech Clinic / Windows hot process error?

Tech Clinic / Windows hot process error?

Tech Clinic / Windows hot process error?

Tech Clinic / internet trouble

Tech Clinic / internet trouble

Tech Clinic / internet trouble

Tech Clinic / internet trouble

Tech Clinic / internet trouble

Tech Clinic / internet trouble