Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected w/ Trojan virus


  • This topic is locked This topic is locked
11 replies to this topic

#1 LaNoob

LaNoob

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:07 PM

Posted 17 July 2009 - 10:10 PM

Sometimes my IE window will start popping up new windows and as I close 1, others pop up. It is probably a trojan virus, can someone tell me what to do. The computer is running StopZilla, useless program if you ask me and McAfee antivirus, also not too good. Anyways any help would be great.

Attempted to fix problem by downloading StopZilla, did not purchase liscence so its not doing anything to help. Deleted file called Viewpoint via Control Panel and through HiJackThis program. Still no use. The Hijack report and DDS report below is the most current one I have as I cannot fix this alone.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:04:40, on 17.07.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\ehome\ehtray.exe
C:\Users\gena\Program Files\DNA\btdna.exe
C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\TechSmith\SnagIt 9\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 9\SnagPriv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\TechSmith\SnagIt 9\snagiteditor.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\conime.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
O1 - Hosts: ::1 localhost
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Mario Forever Toolbar Helper - {A20854FD-DDB5-4931-8F76-D11EA2364D94} - C:\Program Files\Mario Forever Toolbar\v3.3.0.1\MarioForever_Toolbar.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O3 - Toolbar: Mario Forever Toolbar - {71B6ACF7-4F0F-4FD8-BB69-6D1A4D271CB7} - C:\Program Files\Mario Forever Toolbar\v3.3.0.1\MarioForever_Toolbar.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [IVPServiceMgr] TAISNOTIFY.CAK
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\gena\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\ARO.exe -rem
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: SnagIt 9.lnk = C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: getPlus® Helper - Unknown owner - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe (file missing)
O23 - Service: McAfee Services (mcmscsvc) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (file missing)
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mctskshd.exe (file missing)
O23 - Service: McAfee User Manager (mcusrmgr) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: pinger - Unknown owner - C:\TOSHIBA\IVP\ISM\pinger.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA HD DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe

--
End of file - 13817 bytes

DDS Report
DDS (Ver_09-06-26.01) - NTFSx86
Run by gena at 23:14:00,54 on 17.07.2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2038.911 [GMT -4:00]

AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\TOSHIBA\IVP\ISM\ivpsvmgr.exe
C:\TOSHIBA\IVP\swupdate\TaisSoftIcon.exe
C:\Windows\system32\svchost.exe -k imgsvc
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\Toshiba\TOSHIBA HD DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\ehome\ehtray.exe
C:\Users\gena\Program Files\DNA\btdna.exe
C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\TechSmith\SnagIt 9\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 9\SnagPriv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\TechSmith\SnagIt 9\snagiteditor.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\aim toolbar\aimtbServer.exe
C:\Users\gena\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PCCRHUL8\dds[1].scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://google.com/
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://google.com/
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
mSearch Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 9\SnagItBHO.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ZILLAbar Browser Helper Object: {1827766b-9f49-4854-8034-f6ee26fcb1ec} - c:\program files\stopzilla!\SZSG.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptcl.dll
BHO: Mario Forever Toolbar Helper: {a20854fd-ddb5-4931-8f76-d11ea2364d94} - c:\program files\mario forever toolbar\v3.3.0.1\MarioForever_Toolbar.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: STOPzilla Browser Helper Object: {e3215f20-3212-11d6-9f8b-00d0b743919d} - c:\program files\stopzilla!\SZIEBHO.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 9\SnagItIEAddin.dll
TB: Mario Forever Toolbar: {71b6acf7-4f0f-4fd8-bb69-6d1a4d271cb7} - c:\program files\mario forever toolbar\v3.3.0.1\MarioForever_Toolbar.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: STOPzilla: {98828ded-a591-462f-83ba-d2f62a68b8b8} - c:\program files\stopzilla!\SZSG.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Aim6]
uRun: [BitTorrent DNA] "c:\users\gena\program files\dna\btdna.exe"
uRun: [AROReminder] c:\program files\advanced registry optimizer\ARO.exe -rem
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [IVPServiceMgr] TAISNOTIFY.CAK
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [Skytel] Skytel.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [TrojanScanner] c:\program files\trojan remover\Trjscan.exe /boot
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\snagit~1.lnk - c:\program files\techsmith\snagit 9\SnagIt32.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &AIM Toolbar Search - c:\programdata\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\ssv.dll
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: c:\program files\common files\is3\anti-spyware\iS3lsp.dll
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\gena\appdata\roaming\mozilla\firefox\profiles\ucfxgfa4.default\
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&query=
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\users\gena\program files\dna\plugins\npbtdna.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 szkg5;szkg;c:\windows\system32\drivers\SZKG.sys [2009-5-12 61328]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2007-6-12 7168]
S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getplus_helpersvc.exe --> c:\program files\nos\bin\getPlus_HelperSvc.exe [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

=============== Created Last 30 ================

2009-07-17 22:51 <DIR> --d----- c:\program files\XoftSpySE
2009-07-17 22:12 664 a------- c:\windows\system32\drivers\kgpcpy.cfg
2009-07-15 10:04 <DIR> --d----- c:\program files\common files\DivX Shared
2009-07-14 15:04 289,792 a------- c:\windows\system32\atmfd.dll
2009-07-14 15:04 156,672 a------- c:\windows\system32\t2embed.dll
2009-07-14 15:04 72,704 a------- c:\windows\system32\fontsub.dll
2009-07-14 15:04 10,240 a------- c:\windows\system32\dciman32.dll
2009-07-10 13:14 <DIR> --d----- c:\users\gena\appdata\roaming\Sammsoft
2009-07-10 13:14 <DIR> --d----- c:\program files\Advanced Registry Optimizer
2009-07-10 09:26 <DIR> --d----- c:\users\gena\2FADA80A5D894CC89ED7445527754A83.TMP
2009-07-10 08:23 162,304 a------- c:\windows\system32\ztvunrar36.dll
2009-07-10 08:23 153,088 a------- c:\windows\system32\UNRAR3.dll
2009-07-10 08:23 77,312 a------- c:\windows\system32\ztvunace26.dll
2009-07-10 08:23 75,264 a------- c:\windows\system32\unacev2.dll
2009-07-10 08:23 69,632 a------- c:\windows\system32\ztvcabinet.dll
2009-07-10 08:23 <DIR> --d----- c:\users\gena\appdata\roaming\Simply Super Software
2009-07-10 08:23 <DIR> --d----- c:\programdata\Simply Super Software
2009-07-10 08:23 <DIR> --d----- c:\program files\Trojan Remover
2009-07-10 08:23 <DIR> --d----- c:\progra~2\Simply Super Software
2009-07-09 23:38 <DIR> --d----- c:\programdata\SITEguard
2009-07-09 23:38 <DIR> --d----- c:\progra~2\SITEguard
2009-07-09 23:35 <DIR> --d----- c:\program files\STOPzilla!
2009-07-09 23:35 <DIR> --d----- c:\program files\common files\iS3
2009-07-09 23:35 <DIR> --d----- c:\programdata\STOPzilla!
2009-07-09 23:35 <DIR> --d----- c:\progra~2\STOPzilla!
2009-07-09 23:21 <DIR> --d----- c:\program files\CCleaner
2009-07-09 22:50 <DIR> --d----- c:\program files\sFX
2009-07-09 22:50 1 a------- c:\windows\934fdfg34fgjf23
2009-07-09 22:50 2 a------- c:\windows\010112010146118114.dat
2009-07-07 12:19 <DIR> --d----- c:\users\gena\Program Files
2009-06-30 23:54 <DIR> --d----- c:\users\gena\appdata\roaming\BitTorrent
2009-06-30 23:34 <DIR> --d----- c:\users\gena\appdata\roaming\DNA
2009-06-30 23:34 <DIR> --d----- c:\program files\DNA
2009-06-30 23:34 <DIR> --d----- c:\program files\BitTorrent
2009-06-18 16:53 <DIR> --d----- c:\program files\common files\Software Update Utility
2009-06-18 16:52 <DIR> --d----- c:\programdata\AIM Toolbar
2009-06-18 16:52 <DIR> --d----- c:\program files\AIM Toolbar
2009-06-18 16:52 <DIR> --d----- c:\progra~2\AIM Toolbar

==================== Find3M ====================

2009-05-28 14:16 17,408 a----r-- c:\windows\system32\SZIO5.dll
2009-05-28 14:15 294,912 a----r-- c:\windows\system32\SZBase5.dll
2009-05-28 14:14 540,672 a----r-- c:\windows\system32\SZComp5.dll
2009-05-13 17:56 129,784 -------- c:\windows\system32\PxAFS.DLL
2009-05-13 17:54 90,112 a------- c:\windows\system32\dpl100.dll
2009-05-13 17:54 823,296 a------- c:\windows\system32\divx_xx0c.dll
2009-05-13 17:54 823,296 a------- c:\windows\system32\divx_xx07.dll
2009-05-13 17:54 815,104 a------- c:\windows\system32\divx_xx0a.dll
2009-05-13 17:54 811,008 a------- c:\windows\system32\divx_xx16.dll
2009-05-13 17:54 802,816 a------- c:\windows\system32\divx_xx11.dll
2009-05-13 17:54 685,056 a------- c:\windows\system32\DivX.dll
2009-04-24 12:05 827,904 a------- c:\windows\system32\wininet.dll
2009-04-24 12:02 78,336 a------- c:\windows\system32\ieencode.dll
2009-04-24 09:44 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-04-23 08:43 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-04-23 08:42 636,928 a------- c:\windows\system32\localspl.dll
2009-04-21 07:55 2,033,152 a------- c:\windows\system32\win32k.sys
2008-09-29 22:10 174 a--sh--- c:\program files\desktop.ini
2008-09-29 22:03 143,360 a------- c:\windows\inf\infstrng.dat
2008-09-29 22:03 86,016 a------- c:\windows\inf\infstor.dat
2008-09-29 22:03 51,200 a------- c:\windows\inf\infpub.dat
2008-09-29 21:43 665,600 a------- c:\windows\inf\drvindex.dat
2008-07-03 00:20 32 a------- c:\programdata\ezsid.dat
2008-07-03 00:20 32 a------- c:\progra~2\ezsid.dat
2007-06-12 14:31 262,144 a------- c:\progra~2\ntuser.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2009-03-05 17:08 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-03-05 17:08 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-03-05 17:08 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat

============= FINISH: 23:15:33,50 ===============

Edited by LaNoob, 17 July 2009 - 10:22 PM.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:07 PM

Posted 27 July 2009 - 05:45 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Pleaseinclude a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  • Please download OTL from following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 LaNoob

LaNoob
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:07 PM

Posted 28 July 2009 - 10:58 PM

Descritpion of problem

Once in awhile, every few days, my internet browser, IE, will suddenly start opening up new tabs every 2-4secs, this continues for approximately 20-30 new tabs being opened up. After closing all of them, I restart the computer and the problem temporarily resolves

OTL Report
OTL logfile created on: 28.07.2009 23:48:49 - Run 1
OTL by OldTimer - Version 3.0.10.3 Folder = C:\Users\gena\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000419 | Country: Russia | Language: RUS | Date Format: dd.MM.yyyy

1,99 Gb Total Physical Memory | 0,82 Gb Available Physical Memory | 41,35% Memory free
4,00 Gb Paging File | 2,89 Gb Available in Paging File | 72,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 184,84 Gb Total Space | 114,96 Gb Free Space | 62,19% Space Free | Partition Type: NTFS
Drive D: | 58,99 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOMENET
Current User Name: gena
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2008.06.19 21:18:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
PRC - [2009.05.28 14:18:18 | 00,057,344 | R--- | M] (iS3, Inc.) -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
PRC - [2006.10.05 15:10:12 | 00,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2008.08.29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2006.11.14 23:33:10 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2007.03.06 19:55:42 | 00,643,072 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2006.11.17 13:37:44 | 00,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2006.11.29 08:50:00 | 00,144,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2006.11.29 08:50:00 | 00,054,872 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2006.11.17 13:40:56 | 00,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2008.10.29 02:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE
PRC - [2007.01.25 20:47:50 | 00,136,816 | ---- | M] () -- C:\TOSHIBA\IVP\ISM\pinger.exe
PRC - [2007.03.06 19:37:04 | 00,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2007.01.25 20:45:42 | 00,468,600 | ---- | M] (TOSHIBA Corporation) -- C:\TOSHIBA\IVP\ISM\ivpsvmgr.exe
PRC - [2007.05.25 16:55:16 | 00,154,392 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe
PRC - [2007.05.25 16:55:24 | 00,138,008 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe
PRC - [2007.04.10 19:40:28 | 00,413,696 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
PRC - [2008.01.19 03:38:38 | 01,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007.04.25 14:14:16 | 04,444,160 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.01.20 18:57:54 | 00,110,592 | ---- | M] () -- C:\TOSHIBA\IVP\swupdate\TaisSoftIcon.exe
PRC - [2007.01.25 20:50:26 | 00,063,096 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
PRC - [2007.06.16 00:46:08 | 00,077,824 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA HD DVD PLAYER\TNaviSrv.exe
PRC - [2006.05.25 21:30:16 | 00,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2007.03.29 13:39:20 | 00,427,576 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2007.02.26 00:55:18 | 00,125,048 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2006.08.23 19:39:48 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2007.05.17 19:03:24 | 04,813,312 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
PRC - [2008.01.19 03:33:39 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.19 03:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2007.05.04 19:31:20 | 00,865,840 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2006.11.15 01:02:36 | 01,372,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2007.03.29 13:39:18 | 00,411,192 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
PRC - [2007.05.04 18:47:14 | 00,192,512 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynToshiba.exe
PRC - [2007.03.22 14:46:54 | 00,448,632 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SmoothView\SmoothView.exe
PRC - [2007.05.22 19:32:52 | 00,538,744 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
PRC - [2006.11.29 08:50:00 | 00,112,216 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2006.11.17 13:39:58 | 00,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2007.04.20 18:09:16 | 00,430,080 | ---- | M] () -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2008.01.19 03:33:09 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe
PRC - [2009.07.07 12:19:17 | 00,321,344 | ---- | M] (BitTorrent, Inc.) -- C:\Users\gena\Program Files\DNA\btdna.exe
PRC - [2008.09.10 13:00:00 | 00,525,664 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2008.01.19 03:33:09 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe
PRC - [2006.11.17 03:06:00 | 00,086,016 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
PRC - [2006.11.15 00:19:42 | 00,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2008.01.19 03:33:12 | 00,299,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieuser.exe
PRC - [2009.05.06 14:14:28 | 00,140,584 | ---- | M] (AOL LLC.) -- c:\program files\aim toolbar\aimtbServer.exe
PRC - [2007.05.25 16:55:28 | 00,252,696 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe
PRC - [2009.04.24 12:08:04 | 00,634,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009.02.02 22:07:18 | 00,240,544 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10b.exe
PRC - [2009.06.10 18:28:26 | 12,973,336 | ---- | M] () -- C:\Program Files\RegCure\regcure.exe
PRC - [2009.06.01 16:21:34 | 00,157,120 | R--- | M] (iS3, Inc.) -- C:\Program Files\STOPzilla!\STOPzilla.exe
PRC - [2009.04.24 12:08:04 | 00,634,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009.07.28 23:46:44 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\gena\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2006.10.05 15:10:12 | 00,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio [Auto | Running])
SRV - [2008.08.29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2006.11.14 23:33:10 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs [Auto | Running])
SRV - [2008.07.27 14:00:25 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008.01.19 03:33:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])
SRV - [2006.11.02 08:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
SRV - [2006.11.02 08:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2008.01.19 03:36:53 | 01,013,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll -- (Eventlog [Auto | Running])
SRV - [2007.03.06 19:55:42 | 00,643,072 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng [Auto | Running])
SRV - [2008.06.19 21:18:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [Auto | Running])
SRV - File not found -- -- (getPlus® Helper [On_Demand | Stopped])
SRV - [2007.06.12 14:05:15 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2004.10.22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008.06.19 21:17:49 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2006.11.17 13:37:44 | 00,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework [Auto | Running])
SRV - File not found -- -- (McLogManagerService [Auto | Stopped])
SRV - File not found -- -- (mcmscsvc [Auto | Stopped])
SRV - [2006.11.29 08:50:00 | 00,144,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield [Auto | Running])
SRV - [2006.11.29 08:50:00 | 00,054,872 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager [Auto | Running])
SRV - File not found -- -- (mctskshd.exe [Auto | Stopped])
SRV - File not found -- -- (mcusrmgr [Auto | Stopped])
SRV - [2008.06.19 21:17:50 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2009.02.23 01:50:00 | 02,839,290 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Windows\System32\GameMon.des -- (npggsvc [On_Demand | Stopped])
SRV - [2006.10.26 22:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006.10.26 17:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2007.01.25 20:47:50 | 00,136,816 | ---- | M] () -- C:\TOSHIBA\IVP\ISM\pinger.exe -- (pinger [Auto | Running])
SRV - [2007.03.06 19:37:04 | 00,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc [Auto | Running])
SRV - [2007.07.24 05:14:08 | 00,088,560 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9 [On_Demand | Stopped])
SRV - [2007.07.24 05:14:06 | 00,358,896 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9 [Auto | Stopped])
SRV - [2007.08.16 08:56:16 | 00,309,744 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9 [Auto | Stopped])
SRV - [2007.08.16 08:56:10 | 01,092,080 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9 [On_Demand | Stopped])
SRV - [2007.08.16 08:56:14 | 00,166,384 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9 [Auto | Stopped])
SRV - [2007.01.25 20:50:26 | 00,063,096 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr [Auto | Running])
SRV - [2009.05.28 14:18:18 | 00,057,344 | R--- | M] (iS3, Inc.) -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe -- (szserver [Auto | Running])
SRV - [2007.06.16 00:46:08 | 00,077,824 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA HD DVD PLAYER\TNaviSrv.exe -- (TNaviSrv [Auto | Running])
SRV - [2006.05.25 21:30:16 | 00,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv [Auto | Running])
SRV - [2007.03.29 13:39:20 | 00,427,576 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv [Auto | Running])
SRV - [2007.02.26 00:55:18 | 00,125,048 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service [Auto | Running])
SRV - [2006.08.23 19:39:48 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper [Auto | Running])
SRV - [2008.01.18 01:37:26 | 00,024,635 | ---- | M] (Apache Software Foundation) -- c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe -- (wampapache [On_Demand | Stopped])
SRV - [2008.04.17 19:13:44 | 05,750,784 | ---- | M] () -- c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe -- (wampmysqld [On_Demand | Stopped])
SRV - [2008.01.19 03:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])
SRV - [2008.01.19 03:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Running])

========== Driver Services (SafeList) ==========

DRV - [2006.11.02 05:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
DRV - [2006.11.02 05:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
DRV - [2006.11.02 05:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
DRV - [2006.11.02 05:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
DRV - [2006.11.28 18:11:00 | 01,161,888 | ---- | M] (Agere Systems) -- C:\Windows\System32\DRIVERS\AGRSM.sys -- (AgereSoftModem [On_Demand | Running])
DRV - [2006.11.02 05:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
DRV - [2006.11.02 05:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
DRV - [2006.11.02 05:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc [Disabled | Stopped])
DRV - [2006.11.02 05:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
DRV - [2007.05.16 00:44:06 | 00,068,864 | ---- | M] (Broadcom Corporation) -- C:\Windows\System32\DRIVERS\BRCMHD32.sys -- (BRCMDECO [System | Running])
DRV - [2006.11.02 04:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo [On_Demand | Stopped])
DRV - [2006.11.02 04:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp [On_Demand | Stopped])
DRV - [2006.11.02 04:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid [Disabled | Stopped])
DRV - [2006.11.02 04:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm [Disabled | Stopped])
DRV - [2006.11.02 04:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm [Disabled | Stopped])
DRV - [2006.11.02 04:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer [On_Demand | Stopped])
DRV - [2006.11.02 05:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
DRV - [2006.11.02 03:30:54 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
DRV - [2006.11.02 05:51:34 | 00,316,520 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
DRV - [2006.11.20 01:11:14 | 00,007,168 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\DRIVERS\FwLnk.sys -- (FwLnk [On_Demand | Running])
DRV - [2008.08.21 10:45:12 | 00,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\DRIVERS\hamachi.sys -- (hamachi [On_Demand | Stopped])
DRV - [2006.11.02 05:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs [Disabled | Stopped])
DRV - [2006.11.02 05:51:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV [Disabled | Stopped])
DRV - [2007.05.22 15:28:44 | 01,771,008 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\igdkmd32.sys -- (igfx [On_Demand | Running])
DRV - [2006.11.02 05:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
DRV - [2007.04.25 20:03:58 | 01,771,944 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2006.11.02 05:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
DRV - [2006.11.02 05:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
DRV - [2007.01.03 04:43:18 | 00,216,320 | ---- | M] (TOSHIBA CORPORATION) -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I [Disabled | Stopped])
DRV - [2007.01.03 04:43:19 | 00,207,104 | ---- | M] (TOSHIBA CORPORATION) -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N [Disabled | Stopped])
DRV - [2007.01.03 04:43:19 | 00,479,488 | ---- | M] (TOSHIBA CORPORATION) -- C:\Windows\system32\drivers\kr3npxp.sys -- (KR3NPXP [Disabled | Stopped])
DRV - [2006.11.02 05:50:04 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
DRV - [2006.11.02 05:50:05 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
DRV - [2006.11.02 05:50:10 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
DRV - [2006.11.02 05:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
DRV - [2006.11.29 08:50:00 | 00,064,360 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk [On_Demand | Running])
DRV - [2006.11.29 08:50:00 | 00,072,264 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Running])
DRV - [2006.11.29 08:50:00 | 00,168,776 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk [On_Demand | Running])
DRV - [2006.11.29 08:50:00 | 00,031,944 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk [System | Running])
DRV - [2006.11.29 08:50:00 | 00,052,136 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfetdik.sys -- (mfetdik [System | Stopped])
DRV - [2006.11.02 05:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x [Disabled | Stopped])
DRV - [2006.11.02 03:30:54 | 01,781,760 | ---- | M] (Intel® Corporation) -- C:\Windows\System32\DRIVERS\NETw3v32.sys -- (NETw3v32 [On_Demand | Stopped])
DRV - [2007.09.26 14:12:22 | 02,251,776 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\NETw4v32.sys -- (NETw4v32 [On_Demand | Running])
DRV - [2006.11.02 05:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
DRV - [2006.11.02 03:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
DRV - [2006.11.02 05:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
DRV - [2006.11.02 05:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped])
DRV - [2008.04.07 19:16:45 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2006.11.02 05:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
DRV - [2006.11.02 05:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
DRV - [2007.05.31 13:39:50 | 00,022,656 | ---- | M] (Research In Motion Limited) -- C:\Windows\System32\Drivers\RimUsb.sys -- (RimUsb [On_Demand | Stopped])
DRV - [2007.01.18 10:24:58 | 00,026,496 | ---- | M] (Research in Motion Ltd) -- C:\Windows\System32\DRIVERS\RimSerial.sys -- (RimVSerPort [On_Demand | Running])
DRV - [2008.01.19 01:57:15 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Drivers\RootMdm.sys -- (ROOTMODEM [On_Demand | Running])
DRV - [2006.11.02 02:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
DRV - [2006.11.02 05:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2 [Disabled | Stopped])
DRV - [2006.11.02 05:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
DRV - [2006.11.02 05:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
DRV - [2006.11.02 05:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
DRV - [2006.11.02 05:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
DRV - [2007.05.04 19:31:26 | 00,187,064 | ---- | M] (Synaptics, Inc.) -- C:\Windows\System32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2009.05.12 14:13:12 | 00,061,328 | R--- | M] (iS3 Inc.) -- C:\Windows\system32\DRIVERS\szkg.sys -- (szkg5 [Boot | Running])
DRV - [2006.10.18 14:50:04 | 00,016,128 | ---- | M] (TOSHIBA Corporation.) -- C:\Windows\System32\DRIVERS\tdcmdpst.sys -- (tdcmdpst [On_Demand | Running])
DRV - [2007.01.24 17:44:06 | 00,290,304 | ---- | M] (Texas Instruments) -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21 [On_Demand | Running])
DRV - [2007.06.16 00:04:34 | 00,285,184 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32 [Boot | Running])
DRV - [2006.10.06 01:22:14 | 00,016,768 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ [Boot | Running])
DRV - [2006.11.02 05:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
DRV - [2006.11.02 05:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
DRV - [2006.11.02 05:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
DRV - [2007.04.16 13:19:10 | 00,011,776 | ---- | M] (Chicony Electronics Co., Ltd.) -- C:\Windows\System32\Drivers\UVCFTR_S.SYS -- (UVCFTR [On_Demand | Running])
DRV - [2006.11.02 05:49:30 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide [Disabled | Stopped])
DRV - [2006.11.02 05:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])
DRV - [2007.01.09 13:00:00 | 00,221,696 | ---- | M] (Marvell) -- C:\Windows\System32\DRIVERS\yk60x86.sys -- (yukonwlh [On_Demand | Running])
DRV - [2005.01.04 05:43:08 | 00,004,682 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Windows\System32\npptNT2.sys -- (NPPTNT2 [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-819412295-2399782739-3496327266-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-819412295-2399782739-3496327266-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.comlank.htm
IE - HKU\S-1-5-21-819412295-2399782739-3496327266-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\S-1-5-21-819412295-2399782739-3496327266-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKU\S-1-5-21-819412295-2399782739-3496327266-1000\S-1-5-21-819412295-2399782739-3496327266-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-819412295-2399782739-3496327266-1000\S-1-5-21-819412295-2399782739-3496327266-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "AIM Search"
FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.1
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&query="

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009.07.17 13:03:18 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009.07.17 22:59:42 | 00,000,000 | ---D | M]

[2009.07.14 22:14:54 | 00,000,000 | ---D | M] -- C:\Users\gena\AppData\Roaming\mozilla\Extensions
[2009.07.14 22:14:54 | 00,000,000 | ---D | M] -- C:\Users\gena\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009.06.26 11:53:38 | 00,000,000 | ---D | M] -- C:\Users\gena\AppData\Roaming\mozilla\Firefox\Profiles\ucfxgfa4.default\extensions
[2009.06.26 11:53:38 | 00,000,000 | ---D | M] -- C:\Users\gena\AppData\Roaming\mozilla\Firefox\Profiles\ucfxgfa4.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2009.06.18 16:53:08 | 00,000,000 | ---D | M] -- C:\Users\gena\AppData\Roaming\mozilla\Firefox\Profiles\ucfxgfa4.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2008.11.29 12:04:05 | 00,000,000 | ---D | M] -- C:\Users\gena\AppData\Roaming\mozilla\Firefox\Profiles\ucfxgfa4.default\extensions\moveplayer@movenetworks.com
[2008.11.29 12:04:05 | 00,000,000 | ---D | M] -- C:\Users\gena\AppData\Roaming\mozilla\Firefox\Profiles\ucfxgfa4.default\extensions\staged-xpis
[2009.07.14 22:14:40 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009.07.17 13:03:18 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009.07.17 13:03:12 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009.07.17 13:03:12 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009.05.13 17:55:22 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\libdivx.dll
[2008.09.03 20:11:24 | 00,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2009.05.13 17:54:50 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2009.05.26 22:18:22 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2008.09.26 12:40:34 | 00,053,248 | ---- | M] (AOL LLC) -- C:\Program Files\mozilla firefox\plugins\npdnu.dll
[2009.07.17 13:03:15 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009.04.29 16:38:26 | 00,239,432 | ---- | M] (Pando Networks) -- C:\Program Files\mozilla firefox\plugins\npPandoWebInst.dll
[2007.05.10 22:52:34 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008.11.27 18:11:31 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2008.11.27 18:11:31 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2008.11.27 18:11:31 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2008.11.27 18:11:31 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2008.11.27 18:11:32 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2008.11.27 18:11:33 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2008.11.27 18:11:33 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009.05.13 17:55:22 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
[2009.06.24 07:27:00 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009.06.24 07:27:00 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009.06.24 07:27:00 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009.06.24 07:27:00 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009.06.24 07:27:00 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009.06.24 07:27:00 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009.06.24 07:27:00 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ZILLAbar Browser Helper Object) - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll (iS3, Inc)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll (McAfee, Inc.)
O2 - BHO: (Mario Forever Toolbar Helper) - {A20854FD-DDB5-4931-8F76-D11EA2364D94} - C:\Program Files\Mario Forever Toolbar\v3.3.0.1\MarioForever_Toolbar.dll ()
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O2 - BHO: (STOPzilla Browser Helper Object) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll (iS3, Inc.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (Mario Forever Toolbar) - {71B6ACF7-4F0F-4FD8-BB69-6D1A4D271CB7} - C:\Program Files\Mario Forever Toolbar\v3.3.0.1\MarioForever_Toolbar.dll ()
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (STOPzilla) - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll (iS3, Inc)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-819412295-2399782739-3496327266-1000\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKU\S-1-5-21-819412295-2399782739-3496327266-1000\..\Toolbar\WebBrowser: (Mario Forever Toolbar) - {71B6ACF7-4F0F-4FD8-BB69-6D1A4D271CB7} - C:\Program Files\Mario Forever Toolbar\v3.3.0.1\MarioForever_Toolbar.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IVPServiceMgr] File not found
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [Skytel] C:\Windows\Skytel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE (TOSHIBA Corporation)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-21-819412295-2399782739-3496327266-1000..\Run: [Aim6] File not found
O4 - HKU\S-1-5-21-819412295-2399782739-3496327266-1000..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\ARO.exe (Sammsoft)
O4 - HKU\S-1-5-21-819412295-2399782739-3496327266-1000..\Run: [BitTorrent DNA] C:\Users\gena\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-819412295-2399782739-3496327266-1000..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-819412295-2399782739-3496327266-1000..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKU\S-1-5-21-819412295-2399782739-3496327266-1000..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-819412295-2399782739-3496327266-1000\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-819412295-2399782739-3496327266-1000\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-819412295-2399782739-3496327266-1000_Classes\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-819412295-2399782739-3496327266-1000_Classes\Software\Policies\Microsoft\Internet Explorer\restrictions present
O8 - Extra context menu item: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 17:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006.12.13 22:36:20 | 00,000,680 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{c4362140-5642-11dc-91a6-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c4362140-5642-11dc-91a6-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Setup.exe -- [2006.12.19 09:25:30 | 00,742,280 | R--- | M] (Dell Corporation)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009.07.28 23:46:28 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Users\gena\Desktop\OTL.exe
[2009.07.28 22:18:40 | 00,000,436 | ---- | C] () -- C:\Windows\tasks\RegCure Program Check.job
[2009.07.28 22:18:37 | 00,000,376 | ---- | C] () -- C:\Windows\tasks\RegCure Startup.job
[2009.07.28 22:18:34 | 00,000,370 | ---- | C] () -- C:\Windows\tasks\RegCure.job
[2009.07.28 22:18:31 | 00,000,000 | ---D | C] -- C:\ProgramData\RegCure
[2009.07.28 22:18:30 | 00,000,523 | ---- | C] () -- C:\Users\Public\Desktop\RegCure.lnk
[2009.07.28 22:18:30 | 00,000,000 | ---D | C] -- C:\Program Files\RegCure
[2009.07.26 18:21:16 | 00,000,000 | ---D | C] -- C:\Users\gena\Documents\Cross Fire
[2009.07.26 18:21:04 | 00,000,000 | ---D | C] -- C:\CFLog
[2009.07.26 18:08:58 | 00,000,956 | ---- | C] () -- C:\Users\gena\Desktop\CrossFire.lnk
[2009.07.26 18:05:50 | 00,000,000 | ---D | C] -- C:\Program Files\Subagames
[2009.07.26 18:03:22 | 00,000,176 | ---- | C] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2009.07.17 22:51:53 | 00,000,446 | ---- | C] () -- C:\Windows\tasks\XoftSpySE 2.job
[2009.07.17 22:51:50 | 00,000,360 | ---- | C] () -- C:\Windows\tasks\XoftSpySE.job
[2009.07.17 22:51:48 | 00,000,815 | ---- | C] () -- C:\Users\gena\Desktop\XoftSpySE.lnk
[2009.07.17 22:51:47 | 00,000,000 | ---D | C] -- C:\Program Files\XoftSpySE
[2009.07.17 22:16:47 | 00,000,000 | ---D | C] -- C:\Users\gena\AppData\Roaming\DivX
[2009.07.17 22:15:51 | 00,001,594 | ---- | C] () -- C:\Users\gena\Desktop\Clean Registry for Free!.lnk
[2009.07.17 22:06:44 | 00,124,560 | ---- | C] () -- C:\Users\gena\Documents\STOPzilla Black List Contents.htm
[2009.07.15 10:05:45 | 00,000,946 | ---- | C] () -- C:\Users\Public\Desktop\DivX Player.lnk
[2009.07.15 10:05:17 | 00,000,982 | ---- | C] () -- C:\Users\Public\Desktop\DivX Converter.lnk
[2009.07.15 10:04:42 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2009.07.15 10:04:26 | 00,001,404 | ---- | C] () -- C:\Users\gena\Desktop\DivX Movies.lnk
[2009.07.14 22:13:44 | 08,114,720 | ---- | C] (Mozilla) -- C:\Users\gena\Desktop\Firefox Setup 3.5.exe
[2009.07.14 15:04:20 | 00,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2009.07.14 15:04:20 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2009.07.14 15:04:20 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2009.07.14 15:04:20 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2009.07.14 08:53:00 | 00,498,688 | ---- | C] () -- C:\Users\gena\Desktop\09.10_PreceptorRequestforAssignment_Outside_March%202009.doc
[2009.07.14 08:50:39 | 00,501,760 | ---- | C] () -- C:\Users\gena\Desktop\09.10_Community%20Health%20Rotation_stud%20app.doc
[2009.07.13 22:54:13 | 00,394,002 | ---- | C] () -- C:\Users\gena\Desktop\fight.php
[2009.07.10 13:15:39 | 00,001,713 | ---- | C] () -- C:\Users\gena\Desktop\HijackThis.lnk
[2009.07.10 13:15:37 | 00,000,000 | ---D | C] -- C:\Program Files\HijackThis
[2009.07.10 13:14:16 | 00,000,000 | ---D | C] -- C:\Users\gena\AppData\Roaming\Sammsoft
[2009.07.10 13:14:10 | 00,000,000 | ---D | C] -- C:\Program Files\Advanced Registry Optimizer
[2009.07.10 08:23:05 | 00,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2009.07.10 08:23:05 | 00,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll
[2009.07.10 08:23:05 | 00,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2009.07.10 08:23:05 | 00,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll
[2009.07.10 08:23:05 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ztvcabinet.dll
[2009.07.10 08:23:02 | 00,000,000 | ---D | C] -- C:\Users\gena\Documents\Simply Super Software
[2009.07.10 08:23:02 | 00,000,000 | ---D | C] -- C:\Users\gena\AppData\Roaming\Simply Super Software
[2009.07.10 08:23:02 | 00,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2009.07.10 08:23:02 | 00,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2009.07.09 23:38:55 | 00,000,000 | ---D | C] -- C:\ProgramData\SITEguard
[2009.07.09 23:35:11 | 00,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
[2009.07.09 23:35:10 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2009.07.09 23:35:09 | 00,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2009.07.09 23:30:25 | 00,071,956 | ---- | C] () -- C:\Users\gena\Documents\cc_20090709_233021.reg
[2009.07.09 23:24:21 | 00,001,681 | ---- | C] () -- C:\Users\gena\Desktop\CCleaner.lnk
[2009.07.09 23:21:06 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009.07.09 22:50:57 | 00,000,000 | ---D | C] -- C:\Program Files\sFX
[2009.07.09 22:50:54 | 00,000,001 | ---- | C] () -- C:\Windows\934fdfg34fgjf23
[2009.07.09 22:50:52 | 00,000,002 | ---- | C] () -- C:\Windows\010112010146118114.dat
[2009.07.09 13:22:19 | 00,208,896 | ---- | C] () -- C:\Users\gena\Desktop\Preceptor Responsbilities.doc
[2009.07.09 13:02:28 | 00,514,048 | ---- | C] () -- C:\Users\gena\Desktop\09.10_Community Health Rotation Policies_Mar_ 2009.doc
[2009.07.09 13:00:31 | 00,496,128 | ---- | C] () -- C:\Users\gena\Desktop\09.10_Community Health Rotation-REV 2009.doc
[2009.07.01 13:21:34 | 00,094,208 | ---- | C] () -- C:\Users\gena\Desktop\09.10_OUT OF MAINE Community Health Preceptors_Mar2009.xls
[2009.07.01 08:43:36 | 00,001,807 | ---- | C] () -- C:\Users\gena\Desktop\Usmleworld Step1 QBank V2.lnk
[2009.06.30 23:55:01 | 00,013,814 | ---- | C] () -- C:\Users\gena\Desktop\b226.torrent
[2009.06.30 23:54:33 | 00,000,000 | ---D | C] -- C:\Users\gena\AppData\Roaming\BitTorrent
[2009.06.30 23:34:29 | 00,000,000 | ---D | C] -- C:\Users\gena\AppData\Local\DNA
[2009.06.30 23:34:24 | 00,000,000 | ---D | C] -- C:\Users\gena\AppData\Roaming\DNA
[2009.06.30 23:34:24 | 00,000,000 | ---D | C] -- C:\Program Files\DNA
[2009.06.30 23:34:20 | 00,000,000 | ---D | C] -- C:\Program Files\BitTorrent
[2009.06.30 23:33:55 | 01,739,664 | ---- | C] () -- C:\Users\gena\Desktop\BitTorrent-6.1.2.exe
[2009.06.30 23:33:06 | 02,260,608 | ---- | C] (Interactive Brands) -- C:\Users\gena\Desktop\QUAD_Registry_Cleaner_Installer.exe
[2009.03.12 21:02:28 | 00,000,000 | ---- | C] () -- C:\Windows\setup32.INI
[2008.10.28 17:34:18 | 00,000,020 | ---- | C] () -- C:\Windows\mafosav.INI
[2008.09.29 19:08:14 | 00,118,272 | ---- | C] () -- C:\Windows\System32\FSI_UNZDLL.DLL
[2008.09.13 21:35:31 | 00,000,280 | ---- | C] () -- C:\Windows\System32\epoPGPsdk.dll.sig
[2008.08.21 18:44:47 | 01,073,152 | ---- | C] () -- C:\Windows\System32\libmysql_c.dll
[2008.08.18 22:08:04 | 01,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll
[2008.07.11 13:36:40 | 00,000,021 | ---- | C] () -- C:\Windows\atid.ini
[2008.02.28 15:30:08 | 00,008,784 | ---- | C] () -- C:\Windows\System32\ractrlkeyhook.dll
[2007.08.29 11:47:56 | 00,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2007.08.29 11:47:56 | 00,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2007.08.29 11:47:56 | 00,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2007.08.29 11:47:55 | 00,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2007.06.12 14:39:21 | 00,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007.06.12 14:19:56 | 00,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007.06.12 14:19:56 | 00,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007.06.12 14:19:56 | 00,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007.06.12 14:19:56 | 00,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007.06.12 14:19:56 | 00,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007.06.12 14:19:56 | 00,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007.05.22 15:51:50 | 00,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1280.dll
[2007.05.22 15:26:48 | 00,910,720 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007.05.22 14:39:00 | 00,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007.03.06 19:54:04 | 00,995,328 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2006.12.05 16:05:06 | 00,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006.11.02 08:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 06:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006.11.02 06:23:31 | 00,000,144 | ---- | C] () -- C:\Windows\win.ini
[2006.11.02 03:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.03.09 13:58:00 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005.07.23 00:30:20 | 00,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

========== Files - Modified Within 30 Days ==========

[1 C:\Windows\*.tmp files]
[2009.07.28 23:46:44 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\gena\Desktop\OTL.exe
[2009.07.28 23:29:40 | 00,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009.07.28 23:29:40 | 00,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009.07.28 22:18:41 | 00,000,436 | ---- | M] () -- C:\Windows\tasks\RegCure Program Check.job
[2009.07.28 22:18:40 | 00,000,376 | ---- | M] () -- C:\Windows\tasks\RegCure Startup.job
[2009.07.28 22:18:37 | 00,000,370 | ---- | M] () -- C:\Windows\tasks\RegCure.job
[2009.07.28 22:18:30 | 00,000,523 | ---- | M] () -- C:\Users\Public\Desktop\RegCure.lnk
[2009.07.28 18:00:08 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009.07.28 17:00:10 | 00,000,446 | ---- | M] () -- C:\Windows\tasks\XoftSpySE 2.job
[2009.07.26 18:08:58 | 00,000,956 | ---- | M] () -- C:\Users\gena\Desktop\CrossFire.lnk
[2009.07.26 18:03:22 | 00,000,176 | ---- | M] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2009.07.25 18:45:04 | 00,001,594 | ---- | M] () -- C:\Users\gena\Desktop\Clean Registry for Free!.lnk
[2009.07.25 18:42:14 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009.07.25 18:41:52 | 21,374,15680 | -HS- | M] () -- C:\hiberfil.sys
[2009.07.25 10:05:10 | 00,000,360 | ---- | M] () -- C:\Windows\tasks\XoftSpySE.job
[2009.07.20 22:22:54 | 03,539,359 | -H-- | M] () -- C:\Users\gena\AppData\Local\IconCache.db
[2009.07.17 22:51:48 | 00,000,815 | ---- | M] () -- C:\Users\gena\Desktop\XoftSpySE.lnk
[2009.07.17 22:06:46 | 00,124,560 | ---- | M] () -- C:\Users\gena\Documents\STOPzilla Black List Contents.htm
[2009.07.15 10:05:45 | 00,000,946 | ---- | M] () -- C:\Users\Public\Desktop\DivX Player.lnk
[2009.07.15 10:05:17 | 00,000,982 | ---- | M] () -- C:\Users\Public\Desktop\DivX Converter.lnk
[2009.07.15 10:04:26 | 00,001,404 | ---- | M] () -- C:\Users\gena\Desktop\DivX Movies.lnk
[2009.07.15 03:14:43 | 00,360,488 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 22:14:45 | 00,001,735 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009.07.14 22:14:04 | 08,114,720 | ---- | M] (Mozilla) -- C:\Users\gena\Desktop\Firefox Setup 3.5.exe
[2009.07.14 08:53:00 | 00,498,688 | ---- | M] () -- C:\Users\gena\Desktop\09.10_PreceptorRequestforAssignment_Outside_March%202009.doc
[2009.07.14 08:50:36 | 00,501,760 | ---- | M] () -- C:\Users\gena\Desktop\09.10_Community%20Health%20Rotation_stud%20app.doc
[2009.07.13 22:54:16 | 00,394,002 | ---- | M] () -- C:\Users\gena\Desktop\fight.php
[2009.07.10 13:15:39 | 00,001,713 | ---- | M] () -- C:\Users\gena\Desktop\HijackThis.lnk
[2009.07.09 23:30:42 | 00,071,956 | ---- | M] () -- C:\Users\gena\Documents\cc_20090709_233021.reg
[2009.07.09 23:24:21 | 00,001,681 | ---- | M] () -- C:\Users\gena\Desktop\CCleaner.lnk
[2009.07.09 22:50:54 | 00,000,001 | ---- | M] () -- C:\Windows\934fdfg34fgjf23
[2009.07.09 22:50:52 | 00,000,002 | ---- | M] () -- C:\Windows\010112010146118114.dat
[2009.07.09 13:22:21 | 00,208,896 | ---- | M] () -- C:\Users\gena\Desktop\Preceptor Responsbilities.doc
[2009.07.09 13:02:31 | 00,514,048 | ---- | M] () -- C:\Users\gena\Desktop\09.10_Community Health Rotation Policies_Mar_ 2009.doc
[2009.07.09 13:00:37 | 00,496,128 | ---- | M] () -- C:\Users\gena\Desktop\09.10_Community Health Rotation-REV 2009.doc
[2009.07.07 11:10:56 | 24,539,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe
[2009.07.01 13:21:38 | 00,094,208 | ---- | M] () -- C:\Users\gena\Desktop\09.10_OUT OF MAINE Community Health Preceptors_Mar2009.xls
[2009.07.01 08:43:36 | 00,001,807 | ---- | M] () -- C:\Users\gena\Desktop\Usmleworld Step1 QBank V2.lnk
[2009.06.30 23:54:58 | 00,013,814 | ---- | M] () -- C:\Users\gena\Desktop\b226.torrent
[2009.06.30 23:33:58 | 01,739,664 | ---- | M] () -- C:\Users\gena\Desktop\BitTorrent-6.1.2.exe
[2009.06.30 23:33:08 | 02,260,608 | ---- | M] (Interactive Brands) -- C:\Users\gena\Desktop\QUAD_Registry_Cleaner_Installer.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 478 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:CB0AACC9
< End of report >

[/b]Extras.txt[/b]
OTL Extras logfile created on: 28.07.2009 23:48:49 - Run 1
OTL by OldTimer - Version 3.0.10.3 Folder = C:\Users\gena\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000419 | Country: Russia | Language: RUS | Date Format: dd.MM.yyyy

1,99 Gb Total Physical Memory | 0,82 Gb Available Physical Memory | 41,35% Memory free
4,00 Gb Paging File | 2,89 Gb Available in Paging File | 72,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 184,84 Gb Total Space | 114,96 Gb Free Space | 62,19% Space Free | Partition Type: NTFS
Drive D: | 58,99 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOMENET
Current User Name: gena
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-819412295-2399782739-3496327266-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- ()
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon)
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- (Nexon)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{021CEF9C-AFEB-4F35-8D3F-CDD4A7C5CD26}" = protocol=6 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{16DF70C7-DE86-470F-96E9-3097D2A01A7E}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{279DD132-12ED-4331-ACB2-9425480C04A3}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{375346D5-532E-4C3F-B425-CE43C8A79475}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{573D8207-3F63-4DD0-94F7-2D25B1954035}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{5FB2E816-BEAF-46B5-806F-8EEE1EEDDEAA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{61D025A4-5CAA-4612-8B0B-0064B62D0E54}" = protocol=17 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{684609BC-29B1-49AF-B449-8868E0A67AFB}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{722AC197-C62F-4889-8608-CD9B54D3D9AA}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{7C7F6305-5DF2-4B84-AABE-819AE0E0EFBF}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{978DADA3-1FDD-4A3D-B068-36E9D3AFC811}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{A4FDE0F7-09FC-4ED9-95A1-D1E888DDB7DA}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{A52E7E8A-EB79-43FB-8040-79524DD8C485}" = protocol=17 | dir=in | app=c:\program files\mcafee\common framework\frameworkservice.exe |
"{A6D02E37-5903-4B80-85D6-C2B9FA199440}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{A7AC6138-9B01-4948-9DB2-1EB44066C862}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B402BD61-665A-470B-9CE6-A234E677C5A6}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{BDA00EA5-8A90-45A8-80E2-59BD76CFF790}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{C10E25FE-9D46-42F1-AF6F-00FA4DE3A186}" = protocol=6 | dir=in | app=c:\program files\mcafee\common framework\frameworkservice.exe |
"{C36458EF-FAD2-40DE-9151-4B4C686AF57B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{CC5F8740-328A-4B46-AFC9-F47A27419A84}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"TCP Query User{0076DD29-E14C-4D80-B9AD-89424B21E2A7}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"TCP Query User{2498470E-038E-4BAB-A37F-22144AF35403}C:\nexon\maplestory\maplestory.exe" = protocol=6 | dir=in | app=c:\nexon\maplestory\maplestory.exe |
"TCP Query User{3059D37F-533F-4E71-B30F-7D600FDCE464}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{3E9326AF-37BD-4592-BCD9-5313B587037F}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{44186052-EE17-48D9-BB08-F8A7274AADE6}C:\program files\softnyx\gunboundwc\gunbound.gme" = protocol=6 | dir=in | app=c:\program files\softnyx\gunboundwc\gunbound.gme |
"TCP Query User{49257B64-E744-42BC-982F-EFF8D8E6059E}C:\program files\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"TCP Query User{6DFE9760-2483-4E87-8F61-1E393E477319}C:\program files\pando networks\media booster\pmb.exe" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"TCP Query User{9C4350F5-8E6E-482B-A4EE-FE16A3BBE023}C:\users\gena\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\gena\program files\dna\btdna.exe |
"TCP Query User{9DEC1C03-DD0F-46B4-9CE5-F4D292E6AED0}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{A149C3A5-A65A-4B9A-A99B-8E58B27DEDD2}C:\wamp\bin\apache\apache2.2.8\bin\httpd.exe" = protocol=6 | dir=in | app=c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe |
"TCP Query User{AB461D04-0458-48E4-B4DE-454386AEF77F}C:\program files\digitalfusion\beach head - desert war\bh2game\bh2.exe" = protocol=6 | dir=in | app=c:\program files\digitalfusion\beach head - desert war\bh2game\bh2.exe |
"TCP Query User{B343E8D2-F236-4C6B-8632-FD44A6486F14}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{CF482448-670A-4755-B2B3-8954D3A181D4}C:\abyss web server\abyssws.exe" = protocol=6 | dir=in | app=c:\abyss web server\abyssws.exe |
"TCP Query User{E29E8968-C56F-4E7D-81D0-033DFF9F92E8}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{E93BC02A-BD68-405F-83B8-4AF0EBBCFBB1}C:\abyss web server\abyssws.exe" = protocol=6 | dir=in | app=c:\abyss web server\abyssws.exe |
"TCP Query User{F79EC643-A00F-47C7-B44B-F1B6FBF1F5BB}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{FAF6AB39-513F-47AE-AF01-2ED329A99954}C:\program files\bittornado\btdownloadgui.exe" = protocol=6 | dir=in | app=c:\program files\bittornado\btdownloadgui.exe |
"UDP Query User{38256591-A3D0-4622-B6CC-413B9FC5D145}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{48C47EC2-A9FB-4F87-81D7-5AAD38BE7DA8}C:\program files\digitalfusion\beach head - desert war\bh2game\bh2.exe" = protocol=17 | dir=in | app=c:\program files\digitalfusion\beach head - desert war\bh2game\bh2.exe |
"UDP Query User{4B39829F-12DD-4822-825E-EB20D5A4A52D}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{5D8E666A-A59E-438E-BD99-C967618FEDD4}C:\program files\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"UDP Query User{608BDC8C-8719-4E51-9C96-76E23AF68C4D}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{69E128A4-9AED-47D2-9255-8B92F82DA90E}C:\program files\softnyx\gunboundwc\gunbound.gme" = protocol=17 | dir=in | app=c:\program files\softnyx\gunboundwc\gunbound.gme |
"UDP Query User{826C7DE6-2020-4496-8F18-76C562420C59}C:\program files\bittornado\btdownloadgui.exe" = protocol=17 | dir=in | app=c:\program files\bittornado\btdownloadgui.exe |
"UDP Query User{837092DA-AB9E-4621-81FB-68BA24543B41}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"UDP Query User{946EACF4-9CFF-4BC8-B1A5-9ECD203BD150}C:\users\gena\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\gena\program files\dna\btdna.exe |
"UDP Query User{A2AC534E-5F9B-4A3F-957B-FD0C0FA3D844}C:\program files\pando networks\media booster\pmb.exe" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"UDP Query User{AC341005-C74A-4F51-B2A3-1C8C7F37950F}C:\abyss web server\abyssws.exe" = protocol=17 | dir=in | app=c:\abyss web server\abyssws.exe |
"UDP Query User{BD814A1C-897B-4E99-AD15-B010DE359A1F}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{C25F85B9-D1ED-4B5B-8E9C-BA940C4B3910}C:\wamp\bin\apache\apache2.2.8\bin\httpd.exe" = protocol=17 | dir=in | app=c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe |
"UDP Query User{C8FC05B0-5F4B-470C-ABA6-DD8E9D20D768}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{CF435909-0DF3-427A-8975-C73BE54CB690}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{DF0A4DC8-0365-4CAC-98B6-76D2929A7C52}C:\nexon\maplestory\maplestory.exe" = protocol=17 | dir=in | app=c:\nexon\maplestory\maplestory.exe |
"UDP Query User{F72A559D-946E-4C19-BE11-CAA058BA21E3}C:\abyss web server\abyssws.exe" = protocol=17 | dir=in | app=c:\abyss web server\abyssws.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{03C06F70-506C-4DEC-BEA6-78979C9F27B7}" = MapleFantasy
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{0E9C4531-58C4-4349-AD2F-A4D999E451EC}" = TOSHIBA Music
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{12F4BE69-6614-41D3-BB3B-DF7F921DF2BB}" = Sony ACID Music Studio 5.0
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{2BDF38E0-1A7F-4220-B4B7-118DD45E5E13}" = TOSHIBA Supervisor Password
"{2EB5618E-E9CB-436A-841E-E68767E63A01}" = STOPzilla
"{2FADA80A-5D89-4CC8-9ED7-445527754A83}" = SnagIt 9
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{35C03C04-3F1F-42C2-A989-A757EE691F65}" = McAfee VirusScan Enterprise
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3AE87269-BD57-4A58-B13D-FC67664BCFB8}" = BlackBerry Desktop Software 4.3
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{48E16DC7-79EC-45F1-847A-F8D3C620515E}" = MapleStory
"{54A55DF7-BCC0-4C98-84AB-01CDA57687C7}" = Hex Workshop v5.1
"{582D2A53-F426-4C5E-A2E6-43C1AB36B907}" = Safari
"{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5EED93A8-33AD-46A7-A6AC-4DEAFBEFEEE1}" = Roxio Media Manager
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{62C81505-65E8-BBFF-5A9B-23958770F694}" = BannedStory
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA HD DVD PLAYER
"{706A6867-6CCB-4280-A1E3-BAFBA688D70E}" = MapleStory
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BFC85CDC-BD7C-4FDD-9507-8D74B5A79404}" = TOSHIBA Hardware Setup
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus®
"{D1846BA1-6118-3EDF-8C57-6E1A04646738}" = Microsoft Visual C++ 2008 Express Edition - ENU
"{D8087907-E255-3A41-A46D-D0F798709C71}" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"{D9D937B0-E842-4130-9588-B948E876904A}" = Microsoft SQL Server 2008 Native Client
"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}" = mCore
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"AC Tool" = AC Tool
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Advanced Registry Optimizer_is1" = Advanced Registry Optimizer
"AIM Password Recovery" = AIM Password Recovery (remove only)
"AIM Toolbar" = AIM Toolbar
"AIM_6" = AIM 6
"AIMTunes" = AIMTunes
"Avidemux 2.4" = Avidemux 2.4
"BCM70010" = Broadcom High Definition Video Decoder
"BitTornado" = BitTornado 0.3.17
"BlackBerry_{3AE87269-BD57-4A58-B13D-FC67664BCFB8}" = BlackBerry Desktop Software 4.3
"CCleaner" = CCleaner (remove only)
"Cheat Engine 5.4_is1" = Cheat Engine 5.4
"Combat Arms" = Combat Arms
"Cross Fire_is1" = Cross Fire En
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Fraps" = Fraps
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Mario Forever" = Mario Forever 4.0
"Mario Forever Toolbar" = Mario Forever Toolbar
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual C++ 2008 Express Edition - ENU" = Microsoft Visual C++ 2008 Express Edition - ENU
"Microsoft Visual C++ 2008 Express Edition with SP1 - ENU" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"Mozilla Firefox (3.5.1)" = Mozilla Firefox (3.5.1)
"Picasa 3" = Picasa 3
"PremiumSoft Navicat 8.0 for MySQL_is1" = PremiumSoft Navicat 8.0 for MySQL
"ProInst" = Intel® PROSet/Wireless Software
"Reader Rabbit Kindergarten® Bounce Down in Balloon Town!™" = Reader Rabbit Kindergarten® Bounce Down in Balloon Town!™
"RegCure" = RegCure 1.6.0.0
"RumbleFighter" = Rumble Fighter
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Game Console" = TOSHIBA Game Console
"TOSHIBA Media Center Game Console" = TOSHIBA Media Center Game Console
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Trojan Remover_is1" = Trojan Remover 6.7.9
"VLC media player" = VLC media player 0.9.8a
"WampServer 2_is1" = WampServer 2.0
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinRAR archiver" = WinRAR archiver
"XoftSpySE" = XoftSpySE

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-819412295-2399782739-3496327266-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Usmleworld Step1 QBank V2" = Usmleworld Step1 QBank V2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 09.07.2009 17:08:06 | Computer Name = HomeNet | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 09.07.2009 17:08:07 | Computer Name = HomeNet | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 09.07.2009 17:08:07 | Computer Name = HomeNet | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 09.07.2009 17:08:07 | Computer Name = HomeNet | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 09.07.2009 17:08:07 | Computer Name = HomeNet | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 09.07.2009 17:08:07 | Computer Name = HomeNet | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 09.07.2009 17:08:08 | Computer Name = HomeNet | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 09.07.2009 17:08:08 | Computer Name = HomeNet | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 09.07.2009 23:36:48 | Computer Name = HomeNet | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 7964 (0x1f1c) Thread address : 0x778C9A94 Thread message : Build VSCORE.13.3.1.100
/ 5301.4018 Object being scanned = \Device\HarddiskVolume2\Users\gena\Desktop\BannedStory_WIN.exe

by C:\Windows\Explorer.EXE 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0)

5006(0)(0) 5004(0)(0)

Error - 09.07.2009 23:36:58 | Computer Name = HomeNet | Source = McLogEvent | ID = 1008
Description = The McShield service terminated unexpectedly. Please review event 5019
or 5051 for details. The McShield service will be restarted in 5 seconds;

[ Media Center Events ]
Error - 29.06.2008 21:55:39 | Computer Name = HomeNet | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10.06.2009 15:03:09 | Computer Name = HomeNet | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ OSession Events ]
Error - 24.12.2008 22:42:43 | Computer Name = HomeNet | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 791
seconds with 0 seconds of active time. This session ended with a crash.

Error - 01.07.2009 11:45:01 | Computer Name = HomeNet | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 777
seconds with 180 seconds of active time. This session ended with a crash.

Error - 03.07.2009 20:30:32 | Computer Name = HomeNet | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 51
seconds with 0 seconds of active time. This session ended with a crash.

Error - 09.07.2009 13:02:17 | Computer Name = HomeNet | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 88
seconds with 0 seconds of active time. This session ended with a crash.

Error - 09.07.2009 13:11:51 | Computer Name = HomeNet | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 551
seconds with 120 seconds of active time. This session ended with a crash.

Error - 14.07.2009 12:05:47 | Computer Name = HomeNet | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 12054
seconds with 120 seconds of active time. This session ended with a crash.

Error - 16.07.2009 14:42:01 | Computer Name = HomeNet | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 169
seconds with 0 seconds of active time. This session ended with a crash.

Error - 22.07.2009 20:14:42 | Computer Name = HomeNet | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 761
seconds with 0 seconds of active time. This session ended with a crash.

Error - 23.07.2009 9:47:27 | Computer Name = HomeNet | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 136
seconds with 120 seconds of active time. This session ended with a crash.

Error - 27.07.2009 19:22:20 | Computer Name = HomeNet | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 169
seconds with 120 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 28.07.2009 23:33:35 | Computer Name = HomeNet | Source = DCOM | ID = 10016
Description =

Error - 28.07.2009 23:33:35 | Computer Name = HomeNet | Source = DCOM | ID = 10016
Description =

Error - 28.07.2009 23:33:36 | Computer Name = HomeNet | Source = DCOM | ID = 10016
Description =

Error - 28.07.2009 23:33:36 | Computer Name = HomeNet | Source = DCOM | ID = 10016
Description =

Error - 28.07.2009 23:33:37 | Computer Name = HomeNet | Source = DCOM | ID = 10016
Description =

Error - 28.07.2009 23:33:37 | Computer Name = HomeNet | Source = DCOM | ID = 10016
Description =

Error - 28.07.2009 23:33:38 | Computer Name = HomeNet | Source = DCOM | ID = 10016
Description =

Error - 28.07.2009 23:33:38 | Computer Name = HomeNet | Source = DCOM | ID = 10016
Description =

Error - 28.07.2009 23:33:39 | Computer Name = HomeNet | Source = DCOM | ID = 10016
Description =

Error - 28.07.2009 23:33:40 | Computer Name = HomeNet | Source = DCOM | ID = 10016
Description =


< End of report >

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:07 PM

Posted 29 July 2009 - 03:01 AM

Hi,

you seem to have some leftovers from an earlier infection, but I'm not sure if this is related to your pop-up problem.
We'll start by removing the malware and see if the problem persists.

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 LaNoob

LaNoob
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:07 PM

Posted 29 July 2009 - 09:07 AM

I cannot run the program, when I do it in normal mode, it scans then after sometime elapses I get a blue screen stating that windows is shutting down and something about dumping cache/page/memory with a timer counting up from 0 to 100%. When I tried running the program in safe mode, I get message windows has encountered an error, either close the program or look online for a solution.

Is there an alternative program I can try running? I disabled McAfee, windows defender/firewall, etc.

Below is the scan result from launching the program initially, prior to manually pressing scan button.

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-29 09:33:57
Windows 6.0.6001 Service Pack 1


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xAAFE62C7]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Edited by LaNoob, 29 July 2009 - 09:10 AM.


#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:07 PM

Posted 29 July 2009 - 09:33 AM

Hi,

ok, this happens sometimes and it's not a problem. :thumbup2: We will simply try something else.

Please try RootRepeal instead:
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract the contents of RootRepeal.zip, to your desktop.
  • Double click Posted Image on your desktop.
  • Click on the report tab, then click scan
  • Check all six boxes:
    Drivers
    Files
    Processes
    SSDT
    Stealth Objects
    Hidden Services
  • Click Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, Click the Save Report button. Save the log as RootRepeal.txt and post it in your next reply.
regards _temp_

Edited by _temp_, 29 July 2009 - 09:33 AM.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 LaNoob

LaNoob
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:07 PM

Posted 29 July 2009 - 10:30 AM

RootRepel Report
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/07/29 11:00
Program Version: Version 1.3.3.0
Windows Version: Windows Vista SP1
==================================================

Drivers
-------------------
Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x8CFAB000 Size: 45056 File Visible: No Signed: -
Status: -

Name: dump_msahci.sys
Image Path: C:\Windows\System32\Drivers\dump_msahci.sys
Address: 0x8CFB6000 Size: 40960 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xAAFC7000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{3aee44a5-7340-11de-8bf6-00a0d185d1b4}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{4d0abfe7-796c-11de-9c95-00a0d185d1b4}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{4d0ac011-796c-11de-9c95-00a0d185d1b4}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{4d0ac042-796c-11de-9c95-00a0d185d1b4}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{7b6aef5e-75a0-11de-b52c-00a0d185d1b4}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{7b6aef96-75a0-11de-b52c-00a0d185d1b4}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{7b6aefbf-75a0-11de-b52c-00a0d185d1b4}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{7b6aeff4-75a0-11de-b52c-00a0d185d1b4}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{7b6af01d-75a0-11de-b52c-00a0d185d1b4}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{f92ce91a-710e-11de-8310-00a0d185d1b4}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_b7e00e6c7b30b69b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_58843c41d2730d3f.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_e29d1181971ae11e.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9818.0_none_b7e811947b297f6d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.debugcrt_1fc8b3b9a1e18e3b_9.0.30729.1_none_bb1f6aa1308c35eb.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.21022.8_none_5926f98ceadc42c2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.debugcrt_1fc8b3b9a1e18e3b_9.0.21022.8_none_3c8576a8f974f0b8.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_none_10b3ea459bfee365.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.21022.8_none_b81d038aaf540e86.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9848.0_none_b7e811287b298060.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_abac38a907ee8801.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_ecdf8c290e547f39.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.1.microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_8b7b15c031cda6db.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.21022.8_none_bdf22a22ab9e15d5.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5df56e60dc5df.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_9193a620671dde41.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_7b33aa7d218504d2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_a6dea5dc0ea08098.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8dd7dea5d5a7a18a.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_d6c3e7af9bae13a2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_8e053e8c6967ba9d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_7ab8cc63a6e4c2a3.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8a14c0566bec5b24.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_none_91949b06671d08ae.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.1833_none_516c26fb0f4a960b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_54c11df268b7c6d9.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.debugcrt_1fc8b3b9a1e18e3b_9.0.30729.1_none_61305e07e4f1bc01.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_365945b9da656e4d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.1833_none_d08b763a442c70c2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.21022.8_none_5d1777c2e857a23b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_818f59bf601aa775.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_0e9c2a8d74fd3ce6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_7dd1e0ebd6590e0b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_81c25f21d3d46d84.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9848.0_none_a6e6a8980e994a5d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_8550c6b5d18a9128.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.debugcrt_1fc8b3b9a1e18e3b_9.0.21022.8_none_96748342450f6aa2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\df4c00155bfca5da82320089743bb386e8df43312c8d8b8112418980a2440f2d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\4bde3906e1ad59953a7d8592ff3860dd7fadc4e12abe4b5c828645390461a3aa.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\bd83dce340498e7c363093c2fc74dfb58e1ec17770453905172c7471fadd9333.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\8b414e757cb8b153bff77dd00a36556aea3adab25ce15f3e8b184ffbf41ba7a2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\71503c1b988fb27a41668f3ba35468d268daf07e8e79cf7b82a1ef64a8d213a1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\4a4e6de1088e614f7694727d621129512819bdecdb46cc6ebb7c1f192dfe380e.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\935df4549e21123a2efb986a707f54475380a037519679510e4b4dfc4bdb5767.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\msil_jsc_b03f5f7f11d50a3a_6.0.6000.16720_none_a7f9fcdcd724c803\JSCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\msil_jsc_b03f5f7f11d50a3a_6.0.6000.20883_none_91321380f0c70cf6\JSCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\msil_jsc_b03f5f7f11d50a3a_6.0.6001.18000_none_a7d3f834d777a15b\JSCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\msil_jsc_b03f5f7f11d50a3a_6.0.6001.18111_none_a7d4e192d776d4a4\JSCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\msil_jsc_b03f5f7f11d50a3a_6.0.6001.22230_none_9109522ef11c4db7\JSCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6001.18000_none_8201d9c660c35618\$$DeleteMe.Apphlpdm.dll.01c95b0a1024688a.0005
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.0.6000.16386_cs-cz_d9f4bc64420b8d63\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.0.6000.16386_da-dk_772e9c8b38518962\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.0.6000.16386_de-de_745a31c73a27ddfc\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.0.6000.16386_en-us_1d4b07c02905e9c1\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.0.6000.16386_es-es_1d1664a4292cdb66\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.0.6000.16386_fi-fi_bc3169511e46cd90\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.0.6000.16386_fr-fr_bfcddaa31bfef1c8\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.0.6000.16386_hu-hu_073e5aeb005ec0e4\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.0.6000.16386_it-it_a9f5d0e9f330d746\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.0.6000.16386_ja-jp_4c1b4ff6e64be921\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.0.6000.16386_nb-no_d817ade0b0e1dbf3\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.0.6000.16386_nl-nl_d656f91eb20de5c8\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.0.6000.16386_pl-pl_1c9353a09730537c\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.0.6000.16386_pt-br_1ee73e4495b9e760\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.0.6000.16386_pt-pt_1fc90db09529573c\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.0.6000.16386_ru-ru_666c1f747a0ae568\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.0.6000.16386_sv-se_026709e97133efc3\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.0.6000.16386_el-gr_1cf05f5a293d468a\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.0.6000.16386_ko-kr_ef852cabd8bcb037\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.0.6000.16386_tr-tr_ab7454305feff1b4\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.0.6000.16386_zh-cn_7cd1722e1027c3d3\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.0.6000.16386_zh-hk_7b7c6abc11033663\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.0.6000.16386_zh-tw_80cdaf840d98a043\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_6.0.6000.16386_cs-cz_7388dcab642949ec\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_6.0.6000.16386_da-dk_10c2bcd25a6f45eb\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_6.0.6000.16386_de-de_0dee520e5c459a85\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_6.0.6000.16386_el-gr_b6847fa14b5b0313\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_6.0.6000.16386_en-us_b6df28074b23a64a\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_6.0.6000.16386_fi-fi_55c5899840648a19\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_6.0.6000.16386_fr-fr_5961faea3e1cae51\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_6.0.6000.16386_hu-hu_a0d27b32227c7d6d\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_6.0.6000.16386_it-it_4389f131154e93cf\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_6.0.6000.16386_ja-jp_e5af703e0869a5aa\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_6.0.6000.16386_ko-kr_89194cf2fada6cc0\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_6.0.6000.16386_nb-no_71abce27d2ff987c\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_6.0.6000.16386_pl-pl_b62773e7b94e1005\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_6.0.6000.16386_pt-br_b87b5e8bb7d7a3e9\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_6.0.6000.16386_pt-pt_b95d2df7b74713c5\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_6.0.6000.16386_ru-ru_00003fbb9c28a1f1\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_6.0.6000.16386_sv-se_9bfb2a309351ac4c\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_6.0.6000.16386_tr-tr_45087477820dae3d\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_6.0.6000.16386_zh-cn_166592753245805c\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_6.0.6000.16386_zh-tw_1a61cfcb2fb65ccc\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_6.0.6000.16386_es-es_b6aa84eb4b4a97ef\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_6.0.6000.16386_nl-nl_6feb1965d42ba251\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_6.0.6000.16386_zh-hk_15108b033320f2ec\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-d..files-x64.resources_31bf3856ad364e35_6.0.6000.16386_da-dk_f6c4156327990cf2\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-d..files-x64.resources_31bf3856ad364e35_6.0.6000.16386_it-it_298b49c1e2785ad6\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-d..files-x64.resources_31bf3856ad364e35_6.0.6000.16386_ru-ru_e601984c695268f8\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-d..files-x64.resources_31bf3856ad364e35_6.0.6000.16386_cs-cz_598a353c315310f3\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-d..files-x64.resources_31bf3856ad364e35_6.0.6000.16386_de-de_f3efaa9f296f618c\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-d..files-x64.resources_31bf3856ad364e35_6.0.6000.16386_el-gr_9c85d8321884ca1a\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-d..files-x64.resources_31bf3856ad364e35_6.0.6000.16386_en-us_9ce08098184d6d51\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-d..files-x64.resources_31bf3856ad364e35_6.0.6000.16386_es-es_9cabdd7c18745ef6\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-d..files-x64.resources_31bf3856ad364e35_6.0.6000.16386_fi-fi_3bc6e2290d8e5120\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-d..files-x64.resources_31bf3856ad364e35_6.0.6000.16386_fr-fr_3f63537b0b467558\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-d..files-x64.resources_31bf3856ad364e35_6.0.6000.16386_hu-hu_86d3d3c2efa64474\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-d..files-x64.resources_31bf3856ad364e35_6.0.6000.16386_ja-jp_cbb0c8ced5936cb1\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-d..files-x64.resources_31bf3856ad364e35_6.0.6000.16386_ko-kr_6f1aa583c80433c7\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-d..files-x64.resources_31bf3856ad364e35_6.0.6000.16386_nb-no_57ad26b8a0295f83\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-d..files-x64.resources_31bf3856ad364e35_6.0.6000.16386_nl-nl_55ec71f6a1556958\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-d..files-x64.resources_31bf3856ad364e35_6.0.6000.16386_pl-pl_9c28cc788677d70c\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-d..files-x64.resources_31bf3856ad364e35_6.0.6000.16386_pt-br_9e7cb71c85016af0\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-d..files-x64.resources_31bf3856ad364e35_6.0.6000.16386_pt-pt_9f5e86888470dacc\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-d..files-x64.resources_31bf3856ad364e35_6.0.6000.16386_sv-se_81fc82c1607b7353\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-d..files-x64.resources_31bf3856ad364e35_6.0.6000.16386_tr-tr_2b09cd084f377544\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-d..files-x64.resources_31bf3856ad364e35_6.0.6000.16386_zh-cn_fc66eb05ff6f4763\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-d..files-x64.resources_31bf3856ad364e35_6.0.6000.16386_zh-hk_fb11e394004ab9f3\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-d..files-x64.resources_31bf3856ad364e35_6.0.6000.16386_zh-tw_0063285bfce023d3\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_mscorlib_b77a5c561934e089_6.0.6000.20883_none_b114a0b2daaae406\$$DeleteMe.sortkey.nlp.01c9229f9672e58d.013e
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_mscorlib_b77a5c561934e089_6.0.6000.20883_none_b114a0b2daaae406\$$DeleteMe.sorttbls.nlp.01c91113fbbdf466.000c
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16772_none_3fd0636ec44d63f6\WGXINS~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.20949_none_408173e9dd4c5e75\WGXINS~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18000_none_42004f0ec13d017b\WGXINS~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18165_none_41c472dec16924fb\WGXINS~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22299_none_4231a10dda9b7df4\WGXINS~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_6.0.6000.16386_none_ea83414c2e75b887\Microsoft.Interop.Security.AzRoles.config
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18157_none_01b9e7cda1f54c23\$$DeleteMe.wininet.dll.01c98d67ce99f505.0002
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18226_none_479410098c8efa7d\$$DeleteMe.iertutil.dll.01c9e9fedc740949.0001
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18000_none_93bde541564b88ae\$$DeleteMe.kernel32.dll.01c9c90d68f615cc.0005
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_0278b57e8399bfdb\MI2095~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.18000_none_9c5f2f3c0cc1aa83\$$DeleteMe.mf.dll.01c95b0a0970292a.0000
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-p..ooler-core-localspl_31bf3856ad364e35_6.0.6001.18000_none_301b5dfb92ae18db\$$DeleteMe.localspl.dll.01c9e9fede3d0909.0004
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.18062_none_6bea4bea122ac813\$$DeleteMe.shell32.dll.01c95b0a0d25edca.0004
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wmi-core-fastprox-dll_31bf3856ad364e35_6.0.6001.18000_none_fb49535a79bca3e8\$$DeleteMe.fastprox.dll.01c9c90d6ba1406c.0007
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_mscorlib_b77a5c561934e089_6.0.6000.16386_none_c7e203aac103cf9f\$$DeleteMe.sortkey.nlp.01c9229f9672e58d.013e
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_mscorlib_b77a5c561934e089_6.0.6000.16386_none_c7e203aac103cf9f\$$DeleteMe.sorttbls.nlp.01c91113fbbdf466.000c
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_mscorlib_b77a5c561934e089_6.0.6000.16720_none_c7dc8a0ec1089f13\$$DeleteMe.sortkey.nlp.01c9229f9672e58d.013e
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_mscorlib_b77a5c561934e089_6.0.6000.16720_none_c7dc8a0ec1089f13\$$DeleteMe.sorttbls.nlp.01c91113fbbdf466.000c
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6000.16720_none_4ef4fbb8699d6b09\CREATE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6000.16720_none_4ef4fbb8699d6b09\DEFINE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6000.16720_none_4ef4fbb8699d6b09\MANAGE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6000.20883_none_382d125c833faffc\CREATE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6000.20883_none_382d125c833faffc\DEFINE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6000.20883_none_382d125c833faffc\MANAGE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6001.18111_none_4ecfe06e69ef77aa\CREATE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6001.18111_none_4ecfe06e69ef77aa\DEFINE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6001.18111_none_4ecfe06e69ef77aa\MANAGE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6001.22230_none_3804510a8394f0bd\CREATE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6001.22230_none_3804510a8394f0bd\DEFINE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6001.22230_none_3804510a8394f0bd\MANAGE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_b03f5f7f11d50a3a_6.0.6000.16720_none_e000b84a44323b9f\WEBADM~2.MAS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_b03f5f7f11d50a3a_6.0.6000.16720_none_e000b84a44323b9f\WEBADM~3.MAS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_b03f5f7f11d50a3a_6.0.6000.16720_none_e000b84a44323b9f\WE5915~1.MAS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_b03f5f7f11d50a3a_6.0.6000.16720_none_e000b84a44323b9f\WEBE69~1.MAS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_b03f5f7f11d50a3a_6.0.6000.20883_none_c938ceee5dd48092\WEBADM~2.MAS
Status: Locked to the Windows API!

Path:Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1240 Status: Locked to the Windows API!

==EOF==

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:07 PM

Posted 29 July 2009 - 10:56 AM

Hi,

Your log(s) show that you are using so called peer-to-peer or file-sharing programmes (in your case BitTorrent). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

If you do not wish to remove the programs from your PC, I would ask you not to use them until we have finished cleaning your PC.


They also show the presence of Reg Cure Registry Cleaner on your pc.

I don't personally recommend the use of ANY registry cleaners.
Here is an excerpt from a discussion on regcleaners

Most reg cleaners aren't "bad" as such, but they aren't perfect and even the best have been known to cause problems.
The point we are trying to make is that the risk of using one far outweighs any benefit.
If it does work perfectly you will not see any difference
If it doesn't work properly you may end up with an expensive doorstop.


http://miekiemoes.blogspot.com/2008/02/reg...weaking_13.html
http://forums.whatthetech.com/Regcleaner_t42862.html

There are some remains of malware on your PC, please run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :files
    C:\Program Files\sFX
    C:\Windows\934fdfg34fgjf23
    C:\Windows\010112010146118114.dat
    :commands
    [emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply.

    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
    If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
================================Follow up scan=================================
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTListIt.Txt a This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.
Do the pop ups display some specific sites or are they empty?
regards _temp_

Edited by _temp_, 29 July 2009 - 10:57 AM.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 LaNoob

LaNoob
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:07 PM

Posted 29 July 2009 - 12:30 PM

The popups are from a specific site I think, but I honestly cannot remember since its happens infrequently. I know for certain when it occurs its the same URL on each popup.

On a side note, is there a safe way I can remove StopZilla and all these unhelpful 3rd party applications, which you cannot even use unless you purchase it? I will try to do it from Control Panel > Add/Delete Programs

OTL Scan
OTL logfile created on: 29.07.2009 13:22:14 - Run 2
OTL by OldTimer - Version 3.0.10.3 Folder = C:\Users\gena\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000419 | Country: Russia | Language: RUS | Date Format: dd.MM.yyyy

1,99 Gb Total Physical Memory | 0,99 Gb Available Physical Memory | 49,78% Memory free
4,00 Gb Paging File | 3,15 Gb Available in Paging File | 78,67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 184,84 Gb Total Space | 115,99 Gb Free Space | 62,75% Space Free | Partition Type: NTFS
Drive D: | 58,99 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOMENET
Current User Name: gena
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe (iS3, Inc.)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.)
PRC - C:\TOSHIBA\IVP\ISM\pinger.exe ()
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\TOSHIBA\IVP\ISM\ivpsvmgr.exe (TOSHIBA Corporation)
PRC - C:\TOSHIBA\IVP\swupdate\TaisSoftIcon.exe ()
PRC - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe ()
PRC - C:\Program Files\Toshiba\TOSHIBA HD DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Windows\System32\hkcmd.exe (Intel Corporation)
PRC - C:\Windows\System32\igfxpers.exe (Intel Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\System32\igfxsrvc.exe (Intel Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe ()
PRC - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Program Files\Toshiba\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
PRC - C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)
PRC - C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe ()
PRC - C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
PRC - C:\Users\gena\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
PRC - C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
PRC - C:\Program Files\McAfee\Common Framework\McTray.exe (McAfee, Inc.)
PRC - C:\Windows\ehome\ehmsas.exe (Microsoft Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynToshiba.exe (Synaptics, Inc.)
PRC - C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Users\gena\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (AgereModemAudio [Auto | Running]) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (CFSvcs [Auto | Running]) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (Eventlog [Auto | Running]) -- C:\Windows\System32\wevtsvc.dll (Microsoft Corporation)
SRV - (EvtEng [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (FontCache3.0.0.0 [Auto | Running]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (getPlus® Helper [On_Demand | Stopped]) -- File not found
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (McAfeeFramework [Auto | Running]) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
SRV - (McLogManagerService [Auto | Stopped]) -- File not found
SRV - (mcmscsvc [Auto | Stopped]) -- File not found
SRV - (McShield [Auto | Paused]) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)
SRV - (McTaskManager [Auto | Running]) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
SRV - (mctskshd.exe [Auto | Stopped]) -- File not found
SRV - (mcusrmgr [Auto | Stopped]) -- File not found
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (npggsvc [On_Demand | Stopped]) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (pinger [Auto | Running]) -- C:\TOSHIBA\IVP\ISM\pinger.exe ()
SRV - (RegSrvc [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (Roxio UPnP Renderer 9 [On_Demand | Stopped]) -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe (Sonic Solutions)
SRV - (Roxio Upnp Server 9 [Auto | Stopped]) -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe (Sonic Solutions)
SRV - (RoxLiveShare9 [Auto | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (Sonic Solutions)
SRV - (RoxMediaDB9 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (Sonic Solutions)
SRV - (RoxWatch9 [Auto | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (Sonic Solutions)
SRV - (Swupdtmr [Auto | Running]) -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe ()
SRV - (szserver [Auto | Running]) -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe (iS3, Inc.)
SRV - (TNaviSrv [Auto | Running]) -- C:\Program Files\Toshiba\TOSHIBA HD DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (TODDSrv [Auto | Running]) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (TosCoSrv [Auto | Running]) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (TOSHIBA Bluetooth Service [Auto | Running]) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (UleadBurningHelper [Auto | Running]) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (wampapache [On_Demand | Stopped]) -- c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe (Apache Software Foundation)
SRV - (wampmysqld [On_Demand | Stopped]) -- c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe ()
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Running]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (adp94xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (adpahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (adpu160m [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (adpu320 [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (AgereSoftModem [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\AGRSM.sys (Agere Systems)
DRV - (aic78xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (aliide [Disabled | Stopped]) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (arc [Disabled | Stopped]) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (arcsas [Disabled | Stopped]) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (BRCMDECO [System | Running]) -- C:\Windows\System32\DRIVERS\BRCMHD32.sys (Broadcom Corporation)
DRV - (BrFiltLo [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (Brserid [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrSerWdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (cmdide [Disabled | Stopped]) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (E1G60 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\E1G60I32.sys (Intel Corporation)
DRV - (elxstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (FwLnk [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\FwLnk.sys (TOSHIBA Corporation)
DRV - (hamachi [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\hamachi.sys (LogMeIn, Inc.)
DRV - (HpCISSs [Disabled | Stopped]) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (iaStorV [Disabled | Stopped]) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (igfx [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\igdkmd32.sys (Intel Corporation)
DRV - (iirsp [Disabled | Stopped]) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (iteatapi [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (iteraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (KR10I [Disabled | Stopped]) -- C:\Windows\system32\drivers\kr10i.sys (TOSHIBA CORPORATION)
DRV - (KR10N [Disabled | Stopped]) -- C:\Windows\system32\drivers\kr10n.sys (TOSHIBA CORPORATION)
DRV - (KR3NPXP [Disabled | Stopped]) -- C:\Windows\system32\drivers\kr3npxp.sys (TOSHIBA CORPORATION)
DRV - (LSI_FC [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (LSI_SAS [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (LSI_SCSI [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (megasas [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (mfeapfk [On_Demand | Running]) -- C:\Windows\System32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mfeavfk [On_Demand | Running]) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfehidk [On_Demand | Running]) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mferkdk [System | Running]) -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys (McAfee, Inc.)
DRV - (mfetdik [System | Stopped]) -- C:\Windows\System32\drivers\mfetdik.sys (McAfee, Inc.)
DRV - (Mraid35x [Disabled | Stopped]) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (NETw3v32 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\NETw3v32.sys (Intel® Corporation)
DRV - (NETw4v32 [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\NETw4v32.sys (Intel Corporation)
DRV - (nfrd960 [Disabled | Stopped]) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (NPPTNT2 [On_Demand | Stopped]) -- C:\Windows\System32\npptNT2.sys (INCA Internet Co., Ltd.)
DRV - (ntrigdigi [Disabled | Stopped]) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (nvraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (PxHelp20 [Boot | Running]) -- C:\Windows\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql2300 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (ql40xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (RimUsb [On_Demand | Stopped]) -- C:\Windows\System32\Drivers\RimUsb.sys (Research In Motion Limited)
DRV - (RimVSerPort [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\RimSerial.sys (Research in Motion Ltd)
DRV - (ROOTMODEM [On_Demand | Running]) -- C:\Windows\System32\Drivers\RootMdm.sys (Microsoft Corporation)
DRV - (secdrv [Auto | Running]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SiSRaid2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (SiSRaid4 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (Symc8xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_hi [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Sym_u3 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (SynTP [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (szkg5 [Boot | Running]) -- C:\Windows\system32\DRIVERS\szkg.sys (iS3 Inc.)
DRV - (tdcmdpst [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (tifm21 [On_Demand | Running]) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments)
DRV - (tos_sps32 [Boot | Running]) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
DRV - (TVALZ [Boot | Running]) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (uliahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (UlSata [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (ulsata2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (UVCFTR [On_Demand | Running]) -- C:\Windows\System32\Drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)
DRV - (viaide [Disabled | Stopped]) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (vsmraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (yukonwlh [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\yk60x86.sys (Marvell)

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.comternet Explorer\Main
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "AIM Search"
FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.1
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&query="

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009.07.17 13:03:18 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009.07.17 22:59:42 | 00,000,000 | ---D | M]

[2009.07.14 22:14:54 | 00,000,000 | ---D | M] -- C:\Users\gena\AppData\Roaming\mozilla\Extensions
[2009.07.14 22:14:54 | 00,000,000 | ---D | M] -- C:\Users\gena\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009.06.26 11:53:38 | 00,000,000 | ---D | M] -- C:\Users\gena\AppData\Roaming\mozilla\Firefox\Profiles\ucfxgfa4.default\extensions
[2009.06.26 11:53:38 | 00,000,000 | ---D | M] -- C:\Users\gena\AppData\Roaming\mozilla\Firefox\Profiles\ucfxgfa4.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2009.06.18 16:53:08 | 00,000,000 | ---D | M] -- C:\Users\gena\AppData\Roaming\mozilla\Firefox\Profiles\ucfxgfa4.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2008.11.29 12:04:05 | 00,000,000 | ---D | M] -- C:\Users\gena\AppData\Roaming\mozilla\Firefox\Profiles\ucfxgfa4.default\extensions\moveplayer@movenetworks.com
[2008.11.29 12:04:05 | 00,000,000 | ---D | M] -- C:\Users\gena\AppData\Roaming\mozilla\Firefox\Profiles\ucfxgfa4.default\extensions\staged-xpis
[2009.07.14 22:14:40 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009.07.17 13:03:18 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009.07.17 13:03:12 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009.07.17 13:03:12 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009.05.13 17:55:22 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\libdivx.dll
[2008.09.03 20:11:24 | 00,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2009.05.13 17:54:50 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2009.05.26 22:18:22 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2008.09.26 12:40:34 | 00,053,248 | ---- | M] (AOL LLC) -- C:\Program Files\mozilla firefox\plugins\npdnu.dll
[2009.07.17 13:03:15 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009.04.29 16:38:26 | 00,239,432 | ---- | M] (Pando Networks) -- C:\Program Files\mozilla firefox\plugins\npPandoWebInst.dll
[2007.05.10 22:52:34 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008.11.27 18:11:31 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2008.11.27 18:11:31 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2008.11.27 18:11:31 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2008.11.27 18:11:31 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2008.11.27 18:11:32 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2008.11.27 18:11:33 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2008.11.27 18:11:33 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009.05.13 17:55:22 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
[2009.06.24 07:27:00 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009.06.24 07:27:00 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009.06.24 07:27:00 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009.06.24 07:27:00 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009.06.24 07:27:00 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009.06.24 07:27:00 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009.06.24 07:27:00 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ZILLAbar Browser Helper Object) - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll (iS3, Inc)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll (McAfee, Inc.)
O2 - BHO: (Mario Forever Toolbar Helper) - {A20854FD-DDB5-4931-8F76-D11EA2364D94} - C:\Program Files\Mario Forever Toolbar\v3.3.0.1\MarioForever_Toolbar.dll ()
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O2 - BHO: (STOPzilla Browser Helper Object) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll (iS3, Inc.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (Mario Forever Toolbar) - {71B6ACF7-4F0F-4FD8-BB69-6D1A4D271CB7} - C:\Program Files\Mario Forever Toolbar\v3.3.0.1\MarioForever_Toolbar.dll ()
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (STOPzilla) - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll (iS3, Inc)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Mario Forever Toolbar) - {71B6ACF7-4F0F-4FD8-BB69-6D1A4D271CB7} - C:\Program Files\Mario Forever Toolbar\v3.3.0.1\MarioForever_Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IVPServiceMgr] File not found
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [Skytel] C:\Windows\Skytel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE (TOSHIBA Corporation)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\ARO.exe (Sammsoft)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Users\gena\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O8 - Extra context menu item: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/octet-stream - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 17:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006.12.13 22:36:20 | 00,000,680 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{c4362140-5642-11dc-91a6-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c4362140-5642-11dc-91a6-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Setup.exe -- [2006.12.19 09:25:30 | 00,742,280 | R--- | M] (Dell Corporation)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009.07.29 13:22:53 | 00,000,176 | ---- | C] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2009.07.29 13:12:41 | 00,000,000 | ---D | C] -- C:\_OTL
[2009.07.29 10:57:43 | 00,000,000 | ---- | C] () -- C:\Users\gena\Desktop\settings.dat
[2009.07.29 10:57:08 | 00,471,040 | ---- | C] ( ) -- C:\Users\gena\Desktop\RootRepeal.exe
[2009.07.29 09:57:36 | 21,374,15680 | -HS- | C] () -- C:\hiberfil.sys
[2009.07.29 09:05:49 | 24,741,3153 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2009.07.29 08:52:58 | 00,286,208 | ---- | C] () -- C:\Users\gena\Desktop\ezrxj9xz.exe
[2009.07.28 23:46:28 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Users\gena\Desktop\OTL.exe
[2009.07.28 22:18:40 | 00,000,436 | ---- | C] () -- C:\Windows\tasks\RegCure Program Check.job
[2009.07.28 22:18:37 | 00,000,376 | ---- | C] () -- C:\Windows\tasks\RegCure Startup.job
[2009.07.28 22:18:34 | 00,000,370 | ---- | C] () -- C:\Windows\tasks\RegCure.job
[2009.07.28 22:18:31 | 00,000,000 | ---D | C] -- C:\ProgramData\RegCure
[2009.07.28 22:18:30 | 00,000,523 | ---- | C] () -- C:\Users\Public\Desktop\RegCure.lnk
[2009.07.28 22:18:30 | 00,000,000 | ---D | C] -- C:\Program Files\RegCure
[2009.07.26 18:21:16 | 00,000,000 | ---D | C] -- C:\Users\gena\Documents\Cross Fire
[2009.07.26 18:21:04 | 00,000,000 | ---D | C] -- C:\CFLog
[2009.07.26 18:08:58 | 00,000,956 | ---- | C] () -- C:\Users\gena\Desktop\CrossFire.lnk
[2009.07.26 18:05:50 | 00,000,000 | ---D | C] -- C:\Program Files\Subagames
[2009.07.17 22:51:53 | 00,000,446 | ---- | C] () -- C:\Windows\tasks\XoftSpySE 2.job
[2009.07.17 22:51:50 | 00,000,360 | ---- | C] () -- C:\Windows\tasks\XoftSpySE.job
[2009.07.17 22:51:48 | 00,000,815 | ---- | C] () -- C:\Users\gena\Desktop\XoftSpySE.lnk
[2009.07.17 22:51:47 | 00,000,000 | ---D | C] -- C:\Program Files\XoftSpySE
[2009.07.17 22:16:47 | 00,000,000 | ---D | C] -- C:\Users\gena\AppData\Roaming\DivX
[2009.07.17 22:15:51 | 00,001,594 | ---- | C] () -- C:\Users\gena\Desktop\Clean Registry for Free!.lnk
[2009.07.17 22:06:44 | 00,124,560 | ---- | C] () -- C:\Users\gena\Documents\STOPzilla Black List Contents.htm
[2009.07.15 10:05:45 | 00,000,946 | ---- | C] () -- C:\Users\Public\Desktop\DivX Player.lnk
[2009.07.15 10:05:17 | 00,000,982 | ---- | C] () -- C:\Users\Public\Desktop\DivX Converter.lnk
[2009.07.15 10:04:42 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2009.07.15 10:04:26 | 00,001,404 | ---- | C] () -- C:\Users\gena\Desktop\DivX Movies.lnk
[2009.07.14 22:13:44 | 08,114,720 | ---- | C] (Mozilla) -- C:\Users\gena\Desktop\Firefox Setup 3.5.exe
[2009.07.14 15:04:20 | 00,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2009.07.14 15:04:20 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2009.07.14 15:04:20 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2009.07.14 15:04:20 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2009.07.14 08:53:00 | 00,498,688 | ---- | C] () -- C:\Users\gena\Desktop\09.10_PreceptorRequestforAssignment_Outside_March%202009.doc
[2009.07.14 08:50:39 | 00,501,760 | ---- | C] () -- C:\Users\gena\Desktop\09.10_Community%20Health%20Rotation_stud%20app.doc
[2009.07.13 22:54:13 | 00,394,002 | ---- | C] () -- C:\Users\gena\Desktop\fight.php
[2009.07.10 13:15:39 | 00,001,713 | ---- | C] () -- C:\Users\gena\Desktop\HijackThis.lnk
[2009.07.10 13:15:37 | 00,000,000 | ---D | C] -- C:\Program Files\HijackThis
[2009.07.10 13:14:16 | 00,000,000 | ---D | C] -- C:\Users\gena\AppData\Roaming\Sammsoft
[2009.07.10 13:14:10 | 00,000,000 | ---D | C] -- C:\Program Files\Advanced Registry Optimizer
[2009.07.10 08:23:05 | 00,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2009.07.10 08:23:05 | 00,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll
[2009.07.10 08:23:05 | 00,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2009.07.10 08:23:05 | 00,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll
[2009.07.10 08:23:05 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ztvcabinet.dll
[2009.07.10 08:23:02 | 00,000,000 | ---D | C] -- C:\Users\gena\Documents\Simply Super Software
[2009.07.10 08:23:02 | 00,000,000 | ---D | C] -- C:\Users\gena\AppData\Roaming\Simply Super Software
[2009.07.10 08:23:02 | 00,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2009.07.10 08:23:02 | 00,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2009.07.09 23:38:55 | 00,000,000 | ---D | C] -- C:\ProgramData\SITEguard
[2009.07.09 23:35:11 | 00,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
[2009.07.09 23:35:10 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2009.07.09 23:35:09 | 00,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2009.07.09 23:30:25 | 00,071,956 | ---- | C] () -- C:\Users\gena\Documents\cc_20090709_233021.reg
[2009.07.09 23:24:21 | 00,001,681 | ---- | C] () -- C:\Users\gena\Desktop\CCleaner.lnk
[2009.07.09 23:21:06 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009.07.09 13:22:19 | 00,208,896 | ---- | C] () -- C:\Users\gena\Desktop\Preceptor Responsbilities.doc
[2009.07.09 13:02:28 | 00,514,048 | ---- | C] () -- C:\Users\gena\Desktop\09.10_Community Health Rotation Policies_Mar_ 2009.doc
[2009.07.09 13:00:31 | 00,496,128 | ---- | C] () -- C:\Users\gena\Desktop\09.10_Community Health Rotation-REV 2009.doc
[2009.07.01 13:21:34 | 00,094,208 | ---- | C] () -- C:\Users\gena\Desktop\09.10_OUT OF MAINE Community Health Preceptors_Mar2009.xls
[2009.07.01 08:43:36 | 00,001,807 | ---- | C] () -- C:\Users\gena\Desktop\Usmleworld Step1 QBank V2.lnk
[2009.06.30 23:55:01 | 00,013,814 | ---- | C] () -- C:\Users\gena\Desktop\b226.torrent
[2009.06.30 23:54:33 | 00,000,000 | ---D | C] -- C:\Users\gena\AppData\Roaming\BitTorrent
[2009.06.30 23:34:29 | 00,000,000 | ---D | C] -- C:\Users\gena\AppData\Local\DNA
[2009.06.30 23:34:24 | 00,000,000 | ---D | C] -- C:\Users\gena\AppData\Roaming\DNA
[2009.06.30 23:34:24 | 00,000,000 | ---D | C] -- C:\Program Files\DNA
[2009.06.30 23:34:20 | 00,000,000 | ---D | C] -- C:\Program Files\BitTorrent
[2009.06.30 23:33:55 | 01,739,664 | ---- | C] () -- C:\Users\gena\Desktop\BitTorrent-6.1.2.exe
[2009.06.30 23:33:06 | 02,260,608 | ---- | C] (Interactive Brands) -- C:\Users\gena\Desktop\QUAD_Registry_Cleaner_Installer.exe
[2009.03.12 21:02:28 | 00,000,000 | ---- | C] () -- C:\Windows\setup32.INI
[2008.10.28 17:34:18 | 00,000,020 | ---- | C] () -- C:\Windows\mafosav.INI
[2008.09.29 19:08:14 | 00,118,272 | ---- | C] () -- C:\Windows\System32\FSI_UNZDLL.DLL
[2008.09.13 21:35:31 | 00,000,280 | ---- | C] () -- C:\Windows\System32\epoPGPsdk.dll.sig
[2008.08.21 18:44:47 | 01,073,152 | ---- | C] () -- C:\Windows\System32\libmysql_c.dll
[2008.08.18 22:08:04 | 01,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll
[2008.07.11 13:36:40 | 00,000,021 | ---- | C] () -- C:\Windows\atid.ini
[2008.02.28 15:30:08 | 00,008,784 | ---- | C] () -- C:\Windows\System32\ractrlkeyhook.dll
[2007.08.29 11:47:56 | 00,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2007.08.29 11:47:56 | 00,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2007.08.29 11:47:56 | 00,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2007.08.29 11:47:55 | 00,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2007.06.12 14:39:21 | 00,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007.06.12 14:19:56 | 00,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007.06.12 14:19:56 | 00,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007.06.12 14:19:56 | 00,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007.06.12 14:19:56 | 00,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007.06.12 14:19:56 | 00,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007.06.12 14:19:56 | 00,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007.05.22 15:51:50 | 00,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1280.dll
[2007.05.22 15:26:48 | 00,910,720 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007.05.22 14:39:00 | 00,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007.03.06 19:54:04 | 00,995,328 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2006.12.05 16:05:06 | 00,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006.11.02 08:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 06:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006.11.02 06:23:31 | 00,000,144 | ---- | C] () -- C:\Windows\win.ini
[2006.11.02 03:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.03.09 13:58:00 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005.07.23 00:30:20 | 00,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

========== Files - Modified Within 30 Days ==========

[2009.07.29 13:22:53 | 00,000,176 | ---- | M] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2009.07.29 13:20:44 | 00,001,594 | ---- | M] () -- C:\Users\gena\Desktop\Clean Registry for Free!.lnk
[2009.07.29 13:20:35 | 00,000,376 | ---- | M] () -- C:\Windows\tasks\RegCure Startup.job
[2009.07.29 13:19:05 | 00,000,446 | ---- | M] () -- C:\Windows\tasks\XoftSpySE 2.job
[2009.07.29 13:18:43 | 00,000,436 | ---- | M] () -- C:\Windows\tasks\RegCure Program Check.job
[2009.07.29 13:18:11 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009.07.29 13:18:02 | 00,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009.07.29 13:18:01 | 00,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009.07.29 13:17:39 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009.07.29 13:17:34 | 21,374,15680 | -HS- | M] () -- C:\hiberfil.sys
[2009.07.29 10:57:43 | 00,000,000 | ---- | M] () -- C:\Users\gena\Desktop\settings.dat
[2009.07.29 10:57:08 | 00,471,040 | ---- | M] ( ) -- C:\Users\gena\Desktop\RootRepeal.exe
[2009.07.29 09:27:28 | 24,741,3153 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009.07.29 09:06:32 | 00,000,370 | ---- | M] () -- C:\Windows\tasks\RegCure.job
[2009.07.29 08:59:28 | 00,286,208 | ---- | M] () -- C:\Users\gena\Desktop\ezrxj9xz.exe
[2009.07.28 23:46:44 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\gena\Desktop\OTL.exe
[2009.07.28 22:18:30 | 00,000,523 | ---- | M] () -- C:\Users\Public\Desktop\RegCure.lnk
[2009.07.26 18:08:58 | 00,000,956 | ---- | M] () -- C:\Users\gena\Desktop\CrossFire.lnk
[2009.07.25 10:05:10 | 00,000,360 | ---- | M] () -- C:\Windows\tasks\XoftSpySE.job
[2009.07.17 22:51:48 | 00,000,815 | ---- | M] () -- C:\Users\gena\Desktop\XoftSpySE.lnk
[2009.07.17 22:06:46 | 00,124,560 | ---- | M] () -- C:\Users\gena\Documents\STOPzilla Black List Contents.htm
[2009.07.15 10:05:45 | 00,000,946 | ---- | M] () -- C:\Users\Public\Desktop\DivX Player.lnk
[2009.07.15 10:05:17 | 00,000,982 | ---- | M] () -- C:\Users\Public\Desktop\DivX Converter.lnk
[2009.07.15 10:04:26 | 00,001,404 | ---- | M] () -- C:\Users\gena\Desktop\DivX Movies.lnk
[2009.07.15 03:14:43 | 00,360,488 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 22:14:45 | 00,001,735 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009.07.14 22:14:04 | 08,114,720 | ---- | M] (Mozilla) -- C:\Users\gena\Desktop\Firefox Setup 3.5.exe
[2009.07.14 08:53:00 | 00,498,688 | ---- | M] () -- C:\Users\gena\Desktop\09.10_PreceptorRequestforAssignment_Outside_March%202009.doc
[2009.07.14 08:50:36 | 00,501,760 | ---- | M] () -- C:\Users\gena\Desktop\09.10_Community%20Health%20Rotation_stud%20app.doc
[2009.07.13 22:54:16 | 00,394,002 | ---- | M] () -- C:\Users\gena\Desktop\fight.php
[2009.07.10 13:15:39 | 00,001,713 | ---- | M] () -- C:\Users\gena\Desktop\HijackThis.lnk
[2009.07.09 23:30:42 | 00,071,956 | ---- | M] () -- C:\Users\gena\Documents\cc_20090709_233021.reg
[2009.07.09 23:24:21 | 00,001,681 | ---- | M] () -- C:\Users\gena\Desktop\CCleaner.lnk
[2009.07.09 13:22:21 | 00,208,896 | ---- | M] () -- C:\Users\gena\Desktop\Preceptor Responsbilities.doc
[2009.07.09 13:02:31 | 00,514,048 | ---- | M] () -- C:\Users\gena\Desktop\09.10_Community Health Rotation Policies_Mar_ 2009.doc
[2009.07.09 13:00:37 | 00,496,128 | ---- | M] () -- C:\Users\gena\Desktop\09.10_Community Health Rotation-REV 2009.doc
[2009.07.07 11:10:56 | 24,539,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe
[2009.07.01 13:21:38 | 00,094,208 | ---- | M] () -- C:\Users\gena\Desktop\09.10_OUT OF MAINE Community Health Preceptors_Mar2009.xls
[2009.07.01 08:43:36 | 00,001,807 | ---- | M] () -- C:\Users\gena\Desktop\Usmleworld Step1 QBank V2.lnk
[2009.06.30 23:54:58 | 00,013,814 | ---- | M] () -- C:\Users\gena\Desktop\b226.torrent
[2009.06.30 23:33:58 | 01,739,664 | ---- | M] () -- C:\Users\gena\Desktop\BitTorrent-6.1.2.exe
[2009.06.30 23:33:08 | 02,260,608 | ---- | M] (Interactive Brands) -- C:\Users\gena\Desktop\QUAD_Registry_Cleaner_Installer.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 478 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:CB0AACC9
< End of report >

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:07 PM

Posted 29 July 2009 - 01:30 PM

Hi,

you should be able to remove stopzilla through add/remove, if you are having any problems, please let me know. :thumbup2:

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:07 PM

Posted 03 August 2009 - 09:19 AM

Heya LaNoob

you still with us? Did you get rid of stopzilla?

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:07 PM

Posted 07 August 2009 - 11:00 AM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
_temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users