PDA

View Full Version : Blue screen, I think it may be virus related


swatspeedman
2011-09-24, 15:39
My girlfriend's computer has a problem. Every time she tries to run the program 'Traktor' she is left with a blue screen, apparent crash dump and a computer shutdown. She says it has only started recently so my guess is it is virus related.

DDS from her computer:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by owner at 13:25:04 on 2011-09-24
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2811.1307 [GMT 1:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\BSD\AppUpdater\BSDChecker.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://toshiba.msn.com
uDefault_Page_URL = hxxp://toshiba.msn.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFree.dll
mURLSearchHooks: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFree.dll
mWinlogon: Userinit=userinit.exe
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
BHO: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFree.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll
TB: @c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll
TB: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFree.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
uRun: [EPSON Stylus DX4400 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICAE.EXE /FU "C:\Windows\TEMP\E_S9AAA.tmp" /EF "HKCU"
uRun: [Facebook Update] "C:\Users\owner\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [NBAgent] "c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" /WinStart
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [BSDAppUpdater] C:\Program Files (x86)\Common Files\BSD\AppUpdater\BSDChecker.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
dRun: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe
StartupFolder: C:\Users\owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\TRDCRE~1.LNK - C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{6BA28154-0FE3-4065-BA8B-4AAE38A65DD2} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{6BA28154-0FE3-4065-BA8B-4AAE38A65DD2}\244584F6D65684572623D2831523A4 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{6BA28154-0FE3-4065-BA8B-4AAE38A65DD2}\4456D6F675962756C6563737 : DhcpNameServer = 85.189.102.5 85.189.39.5
TCP: Interfaces\{6BA28154-0FE3-4065-BA8B-4AAE38A65DD2}\4514C4B44514C4B4D2232423931473 : DhcpNameServer = 192.168.1.1 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
BHO-X64: Conduit Engine - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
BHO-X64: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFree.dll
BHO-X64: FreeOnlineRadioPlayerRecorder - No File
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll
TB-X64: @c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll
TB-X64: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFree.dll
TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun-x64: [NBAgent] "c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" /WinStart
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [BSDAppUpdater] C:\Program Files (x86)\Common Files\BSD\AppUpdater\BSDChecker.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\6pgdkqph.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\owner\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20110909.001\BHDrvx64.sys [2011-9-9 1152632]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20110923.030\IDSviA64.sys [2011-9-24 488568]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\N360x64\0501000.01D\SYMNETS.SYS --> C:\Windows\system32\Drivers\N360x64\0501000.01D\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-1-28 249200]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccsvchst.exe [2011-6-1 130008]
R2 NIHardwareService;NIHardwareService;C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2010-10-19 5250048]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-3-17 258928]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\Windows\system32\DRIVERS\TVALZFL.sys --> C:\Windows\system32\DRIVERS\TVALZFL.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 CnxtHdmiAudService;Conexant UAA HDMI Function Driver for High Definition Audio Service;C:\Windows\system32\drivers\CHDMI64.sys --> C:\Windows\system32\drivers\CHDMI64.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-7-28 136824]
R3 FwLnk;FwLnk Driver;C:\Windows\system32\DRIVERS\FwLnk.sys --> C:\Windows\system32\DRIVERS\FwLnk.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 PGEffect;Pangu effect driver;C:\Windows\system32\DRIVERS\pgeffect.sys --> C:\Windows\system32\DRIVERS\pgeffect.sys [?]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\system32\DRIVERS\rtl8192se.sys --> C:\Windows\system32\DRIVERS\rtl8192se.sys [?]
R3 stdriver;Sound tap driver Upper Class Filter Driver v2.0.0.0;C:\Windows\system32\DRIVERS\stdriver64.sys --> C:\Windows\system32\DRIVERS\stdriver64.sys [?]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-5-25 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-2-23 835952]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2011-9-24 24176]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-2-11 124368]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-09-24 12:12:37 -------- d-----w- C:\Users\owner\AppData\Local\{326E66B3-8393-4CB7-8BC4-F1900154181D}
2011-09-24 12:11:58 -------- d-----w- C:\Users\owner\AppData\Local\{09854266-02BE-435E-BDDF-750841F23FAA}
2011-09-24 12:06:53 -------- dc-h--w- C:\ProgramData\{F2D48FDD-4AFE-43FE-8931-682ACFF8E6D4}
2011-09-24 12:06:12 -------- d-----w- C:\Program Files (x86)\Common Files\Native Instruments
2011-09-24 12:06:02 -------- dc-h--w- C:\ProgramData\{BB25779E-744C-48F3-94DE-CD6F60A5AC55}
2011-09-24 12:05:30 -------- dc-h--w- C:\ProgramData\{A6DB2A6F-FF9D-453F-99D6-C1AA54BC0C14}
2011-09-24 11:54:28 -------- d-----w- C:\Users\owner\AppData\Local\{CB27DE2B-5561-483F-9905-E8FFA9335C40}
2011-09-24 11:54:02 -------- d-----w- C:\Users\owner\AppData\Local\{D64D8B09-142C-4841-81BE-03ADED687337}
2011-09-24 11:47:32 -------- d-----w- C:\Program Files\Native Instruments
2011-09-24 11:40:51 -------- d-----w- C:\Program Files\PeerBlock
2011-09-24 11:01:31 -------- d-----w- C:\Users\owner\AppData\Local\{4DA91F92-8A66-4D70-9FE6-5BBF31E0A8D4}
2011-09-24 11:01:14 -------- d-----w- C:\Users\owner\AppData\Local\{54422A5E-E624-40C1-AEFC-4BCADA0946E5}
2011-09-23 21:45:51 -------- d-----w- C:\Windows\System32\SPReview
2011-09-23 21:45:02 -------- d-----w- C:\Windows\System32\EventProviders
2011-09-23 21:32:33 -------- d-----w- C:\Users\owner\AppData\Local\{3C0F47E3-C1A4-4C5D-A143-99403BEF215B}
2011-09-23 21:32:17 -------- d-----w- C:\Users\owner\AppData\Local\{336EB378-31BF-489E-BB14-D6A17A47C93A}
2011-09-23 21:24:52 -------- d-----w- C:\Users\owner\AppData\Local\{E9D891D0-72D7-44DA-8A06-94CC2B69AE75}
2011-09-23 21:24:40 -------- d-----w- C:\Users\owner\AppData\Local\{4493653B-4176-4AE6-BEE9-CD162EDBD0FE}
2011-09-22 21:24:49 -------- d-----w- C:\Users\owner\AppData\Local\{53C97796-024B-4B46-BCE1-29ACD12AC4DD}
2011-09-22 21:24:38 -------- d-----w- C:\Users\owner\AppData\Local\{22E14451-08CC-4AC7-A2E8-8567773C7760}
2011-09-22 06:37:27 -------- d-----w- C:\Users\owner\AppData\Local\{2C669A9E-1369-4E48-BE63-734481961BF4}
2011-09-22 06:37:11 -------- d-----w- C:\Users\owner\AppData\Local\{73659EE6-7A26-4642-A0F8-3AA0A6BC100D}
2011-09-21 19:09:48 -------- d-----w- C:\Users\owner\AppData\Local\{BC2B2C18-996D-498B-BD68-63AD3D276AB7}
2011-09-21 19:09:36 -------- d-----w- C:\Users\owner\AppData\Local\{FA3C1DF6-1108-41BC-BBD9-DA44011813A8}
2011-09-21 18:25:28 -------- d-----w- C:\Users\owner\AppData\Local\{756D1852-C5B1-4F3F-9659-72F318321A19}
2011-09-21 18:25:16 -------- d-----w- C:\Users\owner\AppData\Local\{754A4168-A52B-4657-B5D9-0903D7CAEE6E}
2011-09-20 21:58:31 -------- d-----w- C:\Users\owner\AppData\Local\{CC08E80E-D666-46EA-A904-E23911932831}
2011-09-20 21:58:18 -------- d-----w- C:\Users\owner\AppData\Local\{98A0B2EA-51DC-457A-8691-31E4738FD56A}
2011-09-18 20:53:10 -------- d-----w- C:\Users\owner\AppData\Local\{226D6EBF-0059-4211-A63B-462618354645}
2011-09-18 20:52:55 -------- d-----w- C:\Users\owner\AppData\Local\{2897E290-C013-466F-A430-4C8534DDF13C}
2011-09-18 14:37:42 -------- d-----w- C:\Users\owner\AppData\Local\{4FD5592F-E6F5-41C8-865F-BB9E80AE5367}
2011-09-18 14:37:30 -------- d-----w- C:\Users\owner\AppData\Local\{FC681B1D-4674-44FA-BE89-ECD5160F1BD7}
2011-09-17 12:03:46 -------- d-----w- C:\Users\owner\AppData\Local\{C95DD9FF-1E12-4AF6-98D2-0A310E86FC0F}
2011-09-17 12:03:28 -------- d-----w- C:\Users\owner\AppData\Local\{9CCB4672-1170-4625-89A2-2C8E64811011}
2011-09-16 21:30:31 -------- d-----w- C:\Users\owner\AppData\Local\{21F59087-F59A-4BFA-858C-1B57A1913B8F}
2011-09-16 21:29:48 -------- d-----w- C:\Users\owner\AppData\Local\{48DCA2E0-2D8C-4376-B7A5-FB4E31D4E0DD}
2011-09-16 21:23:41 -------- d-----w- C:\Users\owner\AppData\Local\{8EB9D61B-BF3D-45DD-9F3B-ED16B7AC91E6}
2011-09-16 21:23:21 -------- d-----w- C:\Users\owner\AppData\Local\{53C1D4E9-96E2-47DF-B4C3-B47E5821FCE1}
2011-09-16 21:19:21 -------- d-----w- C:\Users\owner\AppData\Local\{8B925002-115E-44CE-965E-41AE31E51A23}
2011-09-16 21:19:08 -------- d-----w- C:\Users\owner\AppData\Local\{FC1FF61C-58CE-488E-B22E-1BD4512BD0F6}
2011-09-16 20:54:39 -------- d-----w- C:\Users\owner\AppData\Local\{EEB1148C-5297-4AA9-8C62-E912B9BC9050}
2011-09-16 20:54:22 -------- d-----w- C:\Users\owner\AppData\Local\{AA04F235-A0FE-448A-A0B4-CBA047F6890F}
2011-09-16 05:34:13 -------- d-----w- C:\Users\owner\AppData\Local\{A9213D04-8B50-402A-9E63-7FE339DCFBDD}
2011-09-16 05:33:58 -------- d-----w- C:\Users\owner\AppData\Local\{8C11BD39-D2D0-4804-8367-58BE00C3A43E}
2011-09-15 15:49:54 -------- d-----w- C:\Users\owner\AppData\Local\{4FE1B5CC-4ECB-4E05-BFC9-4752CB7A1522}
2011-09-15 15:49:39 -------- d-----w- C:\Users\owner\AppData\Local\{D26FBCF1-2BBC-4122-A6C8-121058499B0A}
2011-09-15 14:53:52 -------- d-----w- C:\Users\owner\AppData\Local\{49E4D4D3-ABB2-4BB1-8E09-E6DF59A0C115}
2011-09-15 14:53:38 -------- d-----w- C:\Users\owner\AppData\Local\{CE99CA9A-EE9B-4EBC-8E65-E3B925E21F5D}
2011-09-15 06:19:20 -------- d-----w- C:\Users\owner\AppData\Local\{D0A86DEE-7347-4012-8646-C34D452F4483}
2011-09-15 06:19:09 -------- d-----w- C:\Users\owner\AppData\Local\{0EC51304-604E-4401-AA06-1C6870D08D3A}
2011-09-14 06:19:09 -------- d-----w- C:\Users\owner\AppData\Local\{35E0AE1D-D731-4287-969F-89ADFF480E41}
2011-09-14 06:18:58 -------- d-----w- C:\Users\owner\AppData\Local\{1B6E356B-F3D7-41E7-8A62-717292CC1379}
2011-09-13 06:15:31 -------- d-----w- C:\Users\owner\AppData\Local\{403A3A81-1DBD-4E0B-86B7-7678FA534EFE}
2011-09-13 06:15:15 -------- d-----w- C:\Users\owner\AppData\Local\{F8E6BB9B-6677-4FD6-B05A-5BE9C7F3F066}
2011-09-12 06:21:52 -------- d-----w- C:\Users\owner\AppData\Local\{C16C3CB9-8AC9-4EC5-B7A1-D9BCF27FCEF7}
2011-09-12 06:21:41 -------- d-----w- C:\Users\owner\AppData\Local\{80DAFE41-92BE-49AC-8C4B-2E79ADB9FFF8}
2011-09-11 11:52:22 -------- d-----w- C:\Users\owner\AppData\Local\{3F050367-2B24-4231-887C-3BFE1CB26CFC}
2011-09-11 11:52:03 -------- d-----w- C:\Users\owner\AppData\Local\{A85C08E9-7F54-4DF8-86C5-F033735D26CE}
2011-09-10 20:58:48 -------- d-----w- C:\Users\owner\AppData\Local\{EF75399C-467E-4189-A9EF-1AF1CE9A01BB}
2011-09-10 20:58:33 -------- d-----w- C:\Users\owner\AppData\Local\{11A6429F-30D9-46D3-A7CF-65E6960A1BF9}
2011-09-10 16:05:05 -------- d-----w- C:\Users\owner\AppData\Local\HP
2011-09-10 16:04:05 -------- d-----w- C:\ProgramData\WEBREG
2011-09-10 16:01:27 254464 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpfpp101.dll
2011-09-10 15:59:17 -------- d-----w- C:\Program Files (x86)\Coupons
2011-09-10 15:58:41 -------- d-----w- C:\ProgramData\HP Photo Creations
2011-09-10 15:58:41 -------- d-----w- C:\Program Files (x86)\HP Photo Creations
2011-09-10 15:58:11 -------- d-----w- C:\Users\owner\AppData\Roaming\HpUpdate
2011-09-10 15:52:22 -------- d-----w- C:\Program Files (x86)\Common Files\HP
2011-09-10 15:52:14 -------- d-----w- C:\Program Files (x86)\Common Files\Hewlett-Packard
2011-09-10 15:49:54 521216 ----a-w- C:\Windows\System32\hposc_p04a.dll
2011-09-10 15:49:54 1408000 ----a-w- C:\Windows\System32\hpost_p04b.dll
2011-09-10 15:49:54 1175552 ----a-w- C:\Windows\System32\hposwia_p04b.dll
2011-09-10 15:49:40 643200 ----a-w- C:\Windows\System32\hpzids40.dll
2011-09-10 15:49:36 138752 ----a-w- C:\Windows\System32\hpf3l101.dll
2011-09-10 15:48:53 -------- d-----w- C:\Program Files (x86)\HP
2011-09-10 15:41:18 -------- d-----w- C:\Users\owner\AppData\Local\{6B08444F-96B8-4BF8-90CA-9343DD955EBF}
2011-09-10 15:41:08 -------- d-----w- C:\Users\owner\AppData\Local\{805A80D1-8B42-4E1F-9ABC-314919340B3A}
2011-09-09 22:46:23 -------- d-----w- C:\Users\owner\AppData\Local\{9C4FB9CB-9BA3-4DB0-8E27-ADB324A04D04}
2011-09-09 22:46:13 -------- d-----w- C:\Users\owner\AppData\Local\{D08F7436-C563-4D51-8546-E7B5946CEB19}
2011-09-09 22:40:35 -------- d-----w- C:\Users\owner\AppData\Local\{9A752B90-3852-440D-BA65-DDA5F13BE797}
2011-09-09 17:17:02 -------- d-----w- C:\Users\owner\AppData\Local\{FA3E775C-83F0-47D6-9EB4-EADC3E3F48F3}
2011-09-09 17:16:51 -------- d-----w- C:\Users\owner\AppData\Local\{26A9F663-323B-42BC-9EA0-007108EECF8D}
2011-09-09 16:12:27 -------- d-----w- C:\Users\owner\AppData\Local\{02815F14-717A-44F6-BFE6-56409022DD98}
2011-09-09 16:12:16 -------- d-----w- C:\Users\owner\AppData\Local\{F17FFFAC-80E9-432E-8793-31C5CDD76E1A}
2011-09-09 06:16:21 -------- d-----w- C:\Users\owner\AppData\Local\{396755B3-DE0F-4D9B-BFDC-B7B7A9AA5073}
2011-09-09 06:16:07 -------- d-----w- C:\Users\owner\AppData\Local\{F2E6CFEC-E04B-43E4-808A-07EC4CD948B9}
2011-09-08 15:49:10 -------- d-----w- C:\Users\owner\AppData\Local\Facebook
2011-09-08 15:00:57 -------- d-----w- C:\Users\owner\AppData\Local\{1119C8A0-9A41-4D14-A5D7-940B10779654}
2011-09-08 15:00:44 -------- d-----w- C:\Users\owner\AppData\Local\{CB9E3A17-7497-48DE-AFDB-71FD5D39D257}
2011-09-08 06:19:31 -------- d-----w- C:\Users\owner\AppData\Local\{BAF2AF89-094E-411A-9C33-EDBF2F1CB4BB}
2011-09-08 06:19:17 -------- d-----w- C:\Users\owner\AppData\Local\{5875013B-0900-40DC-8545-B05184AD561F}
2011-09-07 21:03:26 -------- d-----w- C:\Users\owner\AppData\Local\{B20BA3A0-3D37-4E7F-B80F-C301023BE920}
2011-09-07 21:02:55 -------- d-----w- C:\Users\owner\AppData\Local\{5689A57B-1434-421A-82EC-4BE2F274566A}
2011-09-05 14:40:11 -------- d-----w- C:\Users\owner\AppData\Local\{B05771A3-400C-437E-9621-B08BA57574AC}
2011-09-05 14:39:52 -------- d-----w- C:\Users\owner\AppData\Local\{1F1EB9A5-3C4F-44BB-94FF-53EE220DC91D}
2011-09-03 20:24:52 -------- d-----w- C:\Users\owner\AppData\Local\{1ED53507-C742-478A-889B-9F215B21BB15}
2011-09-03 20:24:37 -------- d-----w- C:\Users\owner\AppData\Local\{6A21D401-97C7-48E8-B162-6A88D4525558}
2011-09-02 14:34:34 -------- d-----w- C:\Users\owner\AppData\Local\{26DD8013-5D69-4B75-BC50-6735F56196ED}
2011-09-02 14:34:20 -------- d-----w- C:\Users\owner\AppData\Local\{6D8CACEC-72EB-44D3-8C30-2264A3E7A199}
2011-09-01 15:44:15 -------- d-----w- C:\Users\owner\AppData\Local\{1B51A323-FD59-4EA6-A99C-83DB7FE7C86A}
2011-09-01 15:44:04 -------- d-----w- C:\Users\owner\AppData\Local\{CB36FA6D-EE0F-433E-BADE-DBD9A205350E}
2011-09-01 15:01:41 -------- d-----w- C:\Users\owner\AppData\Local\{0EF0F313-8492-4B3F-9567-E2E53DC06EF3}
2011-09-01 15:01:26 -------- d-----w- C:\Users\owner\AppData\Local\{4EE26A64-B7DD-4BCF-9100-DA310EC9224D}
2011-09-01 14:30:49 -------- d-----w- C:\Users\owner\AppData\Local\{3371074A-4598-4349-B6E8-CFECF78D9DED}
2011-08-31 21:19:40 -------- d-----w- C:\Users\owner\AppData\Local\{B0D2D9F3-B580-43E8-9B27-154977AE947E}
2011-08-31 21:19:25 -------- d-----w- C:\Users\owner\AppData\Local\{495A813D-EA46-4FD6-BA65-819BCC3BDD41}
2011-08-30 12:37:00 -------- d-----w- C:\Users\owner\AppData\Local\{BDA04742-E2D8-4986-9B49-F8A672EC6DF8}
2011-08-30 12:35:50 -------- d-----w- C:\Users\owner\AppData\Local\{35ABD2A8-C733-4C04-9423-B5AFD9F8ABB9}
2011-08-30 00:13:32 -------- d-----w- C:\Users\owner\AppData\Local\{83EF636F-A7BF-4F28-A3F5-B70DF788344B}
2011-08-30 00:12:53 -------- d-----w- C:\Users\owner\AppData\Local\{401C705B-78FA-48E1-9D78-8A52927913A8}
2011-08-29 12:00:45 -------- d-----w- C:\Users\owner\AppData\Local\{5AFACBD9-E83A-446D-80F7-78E0A5CA51B3}
2011-08-29 12:00:02 -------- d-----w- C:\Users\owner\AppData\Local\{9D346BF8-82FB-4E28-A37E-1D5890B51DDD}
2011-08-28 23:49:31 -------- d-----w- C:\Users\owner\AppData\Local\{A7E87B05-42EF-47F5-A853-601FFD8B2289}
2011-08-28 23:48:58 -------- d-----w- C:\Users\owner\AppData\Local\{D2F25438-D401-40EA-AF7F-05B2E56D3949}
2011-08-28 14:02:30 103512 ----a-w- C:\Windows\System32\drivers\stdriver64.sys
2011-08-28 14:02:30 -------- d-----w- C:\Program Files (x86)\NCH Software
2011-08-28 14:02:28 -------- d-----w- C:\Users\owner\AppData\Roaming\NCH Software
2011-08-28 12:23:49 -------- d-----w- C:\Users\owner\AppData\Local\{D9782412-CD2C-4AB1-BA3C-6D30367BA146}
2011-08-28 12:23:32 -------- d-----w- C:\Users\owner\AppData\Local\{31B80B03-C52E-4EAE-A4AB-46A61D58CAD7}
2011-08-27 22:27:03 -------- d-----w- C:\Users\owner\AppData\Local\{CE052FF6-BDD1-4237-9708-ED64AAC19630}
2011-08-27 22:25:24 -------- d-----w- C:\Users\owner\AppData\Local\{C9744062-082F-4943-9F13-D4FC808DEA1B}
2011-08-27 21:56:14 -------- d-----w- C:\Users\owner\AppData\Local\{556952F7-4438-4464-928F-74331928B0B5}
2011-08-25 22:08:49 -------- d-----w- C:\Users\owner\AppData\Local\{4EC2AD9C-5F56-4F18-B327-68F2224477CF}
2011-08-25 19:50:27 233472 ----a-w- C:\Windows\SysWow64\REX Shared Library.dll
2011-08-25 19:50:27 -------- d-----w- C:\Users\owner\AppData\Roaming\Propellerhead Software
2011-08-25 19:50:27 -------- d-----w- C:\ProgramData\Propellerhead Software
2011-08-25 19:49:16 -------- d-----w- C:\Program Files (x86)\Propellerhead
2011-08-25 18:10:19 -------- d-----w- C:\Users\owner\AppData\Local\{CDAC459C-C8EB-498E-99EF-EE8794F1C34D}
2011-08-25 18:10:07 -------- d-----w- C:\Users\owner\AppData\Local\{97E35140-B5C5-4A7C-9C43-5EE0E5ED57ED}
2011-08-25 15:11:46 -------- d-----w- C:\Users\owner\AppData\Local\{A859CC7B-5654-461C-AFA1-82F16CDFC69E}
2011-08-25 15:11:35 -------- d-----w- C:\Users\owner\AppData\Local\{838660B3-5FFF-40EE-BC4E-EF6E7B4C135E}
.
==================== Find3M ====================
.
2011-09-23 22:03:46 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-09-23 22:03:46 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-08-20 21:13:11 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-22 05:22:26 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-07-22 04:54:18 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-09 05:26:20 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-07-09 04:29:46 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-07-09 02:46:28 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-07-08 16:45:12 386168 ----a-w- C:\Windows\System32\drivers\N360x64\0501000.01D\symnets.sys
.
============= FINISH: 13:26:20.96 ===============
ken545
2011-10-11, 02:35
:snwelcome:


Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

Sorry for the delay, sometimes a log or two falls thru the cracks


Download CKScanner by askey127 from Here (http://downloads.malwareremoval.com/CKScanner.exe) & save it to your Desktop.
Doubleclick CKScanner.exe then click Search For Files
When the cursor hourglass disappears, click Save List To File
A message box will verify the file saved
Double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply







Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
http://public.avast.com/~gmerek/aswMBR1.png

On completion of the scan click save log, save it to your desktop and post in your next reply
http://public.avast.com/~gmerek/aswMBR2.png





Run the above programs and then rerun DDS and post a new log
swatspeedman
2011-10-11, 18:47
We have hit a little problem since this was posted. Her Windows no longer starts up and she is having to boot from a Ubuntu disk. I bet this will really hinder progress, sorry.
ken545
2011-10-11, 19:54
Have you tried booting to LAST KNOWN GOOD CONFIGURATION ?

To Access Last Known Good

Go to Start> Shut off your Computer> Restart
Or if the computer is off press the power button
As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
this will bring up a menu.
Use the Up and Down Arrow Keys to scroll up to Last Known Good
Then press the Enter Key on your Keyboard

Tutorial if you need it How to boot into Safemode (http://www.bleepingcomputer.com/tutorials/tutorial61.html)



If no luck, do you have your windows CD to do a System Repair ?
ken545
2011-10-16, 13:16
Due to inactivity, this thread will now be closed.

If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a new DDS log with a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.