Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Google Testing Removal of WWW Subdomain from Search Results

Featured Deal: Get 95% off The Ultimate MCSE Certification Training Bundle

Photo

Possible Exploit Neosploit Infection.

Started by BAPM , Sep 02 2009 07:01 AM

  • This topic is locked This topic is locked
20 replies to this topic

#1 BAPM

BAPM

  • Members
  • 27 posts
  • OFFLINE
    •  
  • Location:TX
  • Local time:05:48 PM

Posted 02 September 2009 - 07:01 AM

Hello, I posted the following topic in the "Am I Infected?" forum:
"Exploit Neosploit, 'Threat Detected', Threat appears when searching Google."
http://www.bleepingcomputer.com/forums/t/245189/exploit-neosploit-threat-detected/

I was unable to complete Step 6 and run DDS as in your Prep Guide since my OS is Windows Vista 64-bit. I have been directed to this forum and told to post my OTL log here:

OTL.Txt

OTL logfile created on: 9/1/2009 10:42:48 AM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Users\User\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.84 Gb Total Physical Memory | 1.59 Gb Available Physical Memory | 41.42% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288.50 Gb Total Space | 156.54 Gb Free Space | 54.26% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: USER-PC
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/08/17 10:58:55 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/08/17 11:07:17 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe
PRC - [2008/06/27 20:46:06 | 00,036,864 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
PRC - [2008/07/10 19:58:40 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2007/02/12 18:43:44 | 00,065,536 | ---- | M] (O2Micro International) -- C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe
PRC - [2008/07/18 22:39:30 | 00,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2006/08/23 18:39:48 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2009/08/17 11:07:01 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/08/17 11:04:21 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/03/05 16:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2007/12/13 21:52:00 | 00,143,360 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
PRC - [2008/07/10 20:35:30 | 00,188,416 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe
PRC - [2009/04/02 16:11:02 | 00,342,312 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
PRC - [2009/08/17 11:07:23 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iPod\bin\iPodService.exe
PRC - [2009/07/21 16:53:43 | 00,638,216 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
PRC - [2009/07/21 16:53:43 | 00,638,216 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
PRC - [2009/07/21 16:53:43 | 00,638,216 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
PRC - [2009/02/02 21:07:18 | 00,240,544 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWow64\Macromed\Flash\FlashUtil10b.exe
PRC - [2009/07/21 16:53:43 | 00,638,216 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
PRC - [2009/07/21 16:53:43 | 00,638,216 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
PRC - [2009/09/01 10:41:56 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/08/17 10:58:55 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV:64bit: - [2009/08/17 11:07:17 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV:64bit: - [2009/08/17 11:07:01 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
SRV:64bit: - [2009/08/17 11:04:21 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
SRV:64bit: - [2008/04/30 23:20:42 | 01,371,136 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng [Auto | Running])
SRV:64bit: - [2008/04/30 22:42:20 | 00,826,368 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc [Auto | Running])
SRV:64bit: - [2008/04/24 21:57:40 | 00,084,992 | ---- | M] (Toshiba) -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv [On_Demand | Running])
SRV:64bit: - [2007/11/21 19:53:16 | 00,135,168 | ---- | M] () -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv [Auto | Running])
SRV:64bit: - [2008/02/06 16:50:18 | 00,434,016 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv [Auto | Running])
SRV:64bit: - [2007/12/03 20:04:48 | 00,175,104 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service [Auto | Running])
SRV:64bit: - [2008/01/20 21:47:32 | 00,383,544 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])
SRV:64bit: - [2008/01/20 21:52:15 | 01,216,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Running])
SRV:64bit: - [2007/10/18 02:37:22 | 00,412,672 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService [Auto | Running])
SRV - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/07/27 13:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/27 13:01:49 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64 [On_Demand | Stopped])
SRV - [2008/06/27 20:46:06 | 00,036,864 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service [Auto | Running])
SRV - [2008/07/10 19:58:40 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service [Auto | Running])
SRV - [2008/01/20 21:51:36 | 00,344,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])
SRV - [2008/01/20 21:51:36 | 00,153,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
SRV - [2006/11/02 10:03:48 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2008/06/19 20:17:12 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [Auto | Running])
SRV - [2008/05/28 18:20:16 | 00,164,600 | ---- | M] (WildTangent, Inc.) -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService [On_Demand | Stopped])
SRV - [2005/11/14 03:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/06/19 20:16:53 | 00,859,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2006/11/02 04:46:05 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\keyiso.dll -- (KeyIso [On_Demand | Running])
SRV - [2006/10/27 00:47:54 | 00,065,824 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
SRV - [2006/11/02 08:34:14 | 00,000,000 | ---D | M] -- C:\Windows\SysWow64\Msdtc -- (MSDTC [Unknown | Stopped])
SRV - [2008/01/20 21:48:28 | 00,592,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\netlogon.dll -- (Netlogon [On_Demand | Stopped])
SRV - [2007/02/12 18:43:44 | 00,065,536 | ---- | M] (O2Micro International) -- C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe -- (o2flash [Auto | Running])
SRV - [2006/10/26 22:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 17:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2008/08/04 16:46:22 | 00,046,392 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo [Auto | Running])
SRV - [2008/07/18 22:39:30 | 00,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv [Auto | Running])
SRV - [2008/04/11 13:58:10 | 00,158,568 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service [Auto | Running])
SRV - [2006/08/23 18:39:48 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper [Auto | Running])
SRV - [2006/11/02 01:35:15 | 00,060,994 | ---- | M] () -- C:\Windows\SysWow64\Wbem\vds.mof -- (vds [On_Demand | Stopped])
SRV - [2006/11/02 01:35:15 | 00,055,846 | ---- | M] () -- C:\Windows\SysWow64\Wbem\vss.mof -- (VSS [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV:64bit: - [2009/08/17 11:05:43 | 00,022,096 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
DRV:64bit: - [2009/08/17 11:05:31 | 00,065,616 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\aswMonFlt.sys -- (aswMonFlt [Auto | Running])
DRV:64bit: - [2009/08/17 11:04:32 | 00,027,216 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr [System | Running])
DRV:64bit: - [2009/08/17 11:06:05 | 00,089,680 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP [System | Running])
DRV:64bit: - [2009/08/17 11:04:43 | 00,058,448 | ---- | M] () -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi [System | Running])
DRV:64bit: - [2008/03/25 19:47:06 | 00,294,400 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\CAXHWAZL.sys -- (CAXHWAZL [On_Demand | Running])
DRV:64bit: - [2008/01/20 21:46:51 | 00,017,792 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\CmBatt.sys -- (CmBatt [On_Demand | Running])
DRV:64bit: - [2008/03/04 13:32:46 | 00,222,720 | ---- | M] () -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService [On_Demand | Running])
DRV:64bit: - [2009/03/19 16:34:18 | 00,029,544 | ---- | M] () -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV:64bit: - [2006/11/02 00:28:10 | 00,273,920 | ---- | M] () -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService [On_Demand | Stopped])
DRV:64bit: - [2008/03/25 19:51:16 | 01,487,872 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys -- (HSF_DPV [On_Demand | Running])
DRV:64bit: - [2008/07/20 20:44:54 | 00,402,456 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor [Boot | Running])
DRV:64bit: - [2008/06/12 21:51:36 | 07,911,840 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx [On_Demand | Running])
DRV:64bit: - [2006/11/09 16:33:44 | 00,248,320 | ---- | M] () -- C:\Windows\SysNative\drivers\kr10i64.sys -- (KR10I64 [Disabled | Stopped])
DRV:64bit: - [2006/11/09 16:34:42 | 00,237,568 | ---- | M] () -- C:\Windows\SysNative\drivers\kr10n64.sys -- (KR10N64 [Disabled | Stopped])
DRV:64bit: - [2006/06/19 01:27:24 | 00,017,024 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV:64bit: - [2008/04/28 09:38:12 | 04,730,368 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64 [On_Demand | Running])
DRV:64bit: - [2008/04/15 12:14:40 | 00,062,040 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\o2mdx64.sys -- (O2MDRDR [On_Demand | Running])
DRV:64bit: - [2008/04/08 12:46:44 | 00,051,928 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\o2sdx64.sys -- (O2SDRDR [On_Demand | Running])
DRV:64bit: - [2007/04/09 18:15:44 | 00,009,728 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\QIOMem.sys -- (QIOMem [On_Demand | Running])
DRV:64bit: - [2008/01/20 21:46:55 | 00,111,104 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus [Disabled | Stopped])
DRV:64bit: - [2007/11/29 20:58:58 | 00,320,048 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV:64bit: - [2007/12/11 17:03:36 | 00,027,272 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\tdcmdpst.sys -- (tdcmdpst [On_Demand | Running])
DRV:64bit: - [2006/10/23 18:33:08 | 00,018,944 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\tosrfec.sys -- (tosrfec [Disabled | Stopped])
DRV:64bit: - [2008/07/18 20:52:16 | 00,504,912 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\tos_sps64.sys -- (tos_sps64 [Boot | Running])
DRV:64bit: - [2007/11/09 17:00:30 | 00,026,968 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\TVALZ_O.SYS -- (TVALZ [Boot | Running])
DRV:64bit: - [2008/01/20 21:47:27 | 00,168,704 | ---- | M] () -- C:\Windows\SysNative\Drivers\usbvideo.sys -- (usbvideo [On_Demand | Running])
DRV:64bit: - [2008/06/26 19:24:18 | 00,020,520 | ---- | M] () -- C:\Windows\SysNative\Drivers\UVCFTR_S.SYS -- (UVCFTR [On_Demand | Running])
DRV:64bit: - [2008/03/25 19:45:44 | 00,740,864 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf [On_Demand | Running])
DRV:64bit: - [2008/01/20 21:47:28 | 00,046,080 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb [On_Demand | Stopped])
DRV:64bit: - [2007/10/18 02:37:10 | 00,010,240 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio [Auto | Running])
DRV:64bit: - [2008/07/25 12:57:00 | 00,404,992 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64 [On_Demand | Running])
DRV - [2006/06/19 01:26:50 | 00,094,208 | ---- | M] (Conexant) -- C:\Windows\SysWow64\mdmxsdk.dll -- (mdmxsdk [Auto | Running])
DRV - [2006/09/18 16:35:23 | 00,001,088 | ---- | M] () -- C:\Windows\SysWow64\Wbem\mpsdrv.mof -- (mpsdrv [On_Demand | Running])
DRV - [2009/07/28 10:53:16 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Stopped])
DRV - [2009/07/28 10:53:16 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Stopped])
DRV - [2009/07/28 10:53:14 | 00,072,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [System | Stopped])
DRV - [2006/09/18 16:36:40 | 00,003,066 | ---- | M] () -- C:\Windows\SysWow64\Wbem\tcpip.mof -- (Tcpip [Boot | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?br...B&bmod=TSHB
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?br...B&bmod=TSHB
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?br...B&bmod=TSHB


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3271773104-3920608979-1219791600-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?br...B&bmod=TSHB
IE - HKU\S-1-5-21-3271773104-3920608979-1219791600-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-3271773104-3920608979-1219791600-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-3271773104-3920608979-1219791600-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.rabbitinasuit.com/
IE - HKU\S-1-5-21-3271773104-3920608979-1219791600-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3271773104-3920608979-1219791600-1000\S-1-5-21-3271773104-3920608979-1219791600-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.rabbitinasuit.com/"
FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.0.2
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.1
FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/23 22:06:51 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Components: C:\Program Files (x86)\M-Firefox\components [2009/07/27 18:57:33 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Plugins: C:\Program Files (x86)\M-Firefox\plugins [2009/07/27 18:57:29 | 00,000,000 | ---D | M]

[2009/07/27 18:57:49 | 00,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2009/07/27 18:57:49 | 00,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/01 19:42:48 | 00,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\zuq7e3r3.default\extensions
[2009/07/29 17:24:13 | 00,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\zuq7e3r3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/07/31 18:40:50 | 00,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\zuq7e3r3.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2006/10/26 23:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL
[2003/07/14 22:56:52 | 00,013,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL
[2008/10/14 21:33:30 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll
[2009/05/12 22:16:36 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll
[2009/05/12 22:16:36 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll
[2009/05/12 22:16:36 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll
[2009/05/12 22:16:36 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll
[2009/05/12 22:16:36 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll
[2009/05/12 22:16:36 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll
[2009/05/12 22:16:36 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll
[2009/07/27 02:16:57 | 00,001,489 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg_igeared.xml

O1 HOSTS File: (761 bytes) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-3271773104-3920608979-1219791600-1000\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe ()
O4:64bit: - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [PCMAgent] C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-21-3271773104-3920608979-1219791600-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\S-1-5-21-3271773104-3920608979-1219791600-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3271773104-3920608979-1219791600-1000\..Trusted Domains: 56 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.93.41.127 24.93.41.128
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files (x86)\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter: - text/xml - Reg Error: Key error. File not found
O18 - Protocol\Filter: - text/xml - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll ()
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2ea9184f-92d0-11de-9393-00238baba6cb}\Shell\AutoRun\command - "" = E:\Seagate\Installer\InstallSeagateManager.exe -- File not found
O33 - MountPoints2\{2ea9184f-92d0-11de-9393-00238baba6cb}\Shell\Install\command - "" = E:\Seagate\Installer\InstallSeagateManager.exe -- File not found
O33 - MountPoints2\{a67e6eff-7d68-11de-b883-00238baba6cb}\Shell - "" = AutoRun
O33 - MountPoints2\{a67e6eff-7d68-11de-b883-00238baba6cb}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{bd91df58-3e57-11de-a7b4-0022fa4e2b18}\Shell - "" = AutoRun
O33 - MountPoints2\{bd91df58-3e57-11de-a7b4-0022fa4e2b18}\Shell\AutoRun\command - "" = E:\MI.exe -- File not found
O33 - MountPoints2\{d92b9437-3cd2-11de-82b1-0022fa4e2b18}\Shell - "" = AutoRun
O33 - MountPoints2\{d92b9437-3cd2-11de-82b1-0022fa4e2b18}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{d92b9514-3cd2-11de-82b1-00238baba6cb}\Shell - "" = AutoRun
O33 - MountPoints2\{d92b9514-3cd2-11de-82b1-00238baba6cb}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\SysWow64\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/09/01 10:41:51 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2009/08/31 02:51:03 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tzres.dll
[2009/08/31 02:51:03 | 00,002,048 | ---- | C] () -- C:\Windows\SysNative\tzres.dll
[2009/08/30 16:26:28 | 00,359,932 | ---- | C] () -- C:\Users\User\Desktop\dds.scr
[2009/08/27 22:03:10 | 00,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Leadertech
[2009/08/27 01:08:30 | 00,058,448 | ---- | C] () -- C:\Windows\SysNative\drivers\aswTdi.sys
[2009/08/27 01:08:30 | 00,027,216 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRdr.sys
[2009/08/27 01:08:30 | 00,001,816 | ---- | C] () -- C:\Users\Public\Desktop\avast! Antivirus.lnk
[2009/08/27 01:08:29 | 00,097,480 | ---- | C] () -- C:\Windows\SysNative\AvastSS.scr
[2009/08/27 01:08:29 | 00,089,680 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSP.sys
[2009/08/27 01:08:29 | 00,065,616 | ---- | C] () -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2009/08/27 01:08:29 | 00,022,096 | ---- | C] () -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2009/08/27 01:08:05 | 01,279,456 | ---- | C] (ALWIL Software) -- C:\Windows\SysWow64\aswBoot.exe
[2009/08/27 01:08:05 | 00,380,928 | ---- | C] () -- C:\Windows\SysWow64\actskin4.ocx
[2009/08/23 21:44:12 | 01,692,160 | ---- | C] () -- C:\Windows\SysNative\lsasrv.dll
[2009/08/23 21:44:12 | 00,656,384 | ---- | C] () -- C:\Windows\SysNative\kerberos.dll
[2009/08/23 21:44:12 | 00,268,800 | ---- | C] () -- C:\Windows\SysNative\msv1_0.dll
[2009/08/23 21:44:11 | 00,499,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\kerberos.dll
[2009/08/23 21:44:11 | 00,213,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msv1_0.dll
[2009/08/23 21:44:11 | 00,205,312 | ---- | C] () -- C:\Windows\SysNative\wdigest.dll
[2009/08/23 21:44:11 | 00,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wdigest.dll
[2009/08/23 21:44:10 | 00,515,656 | ---- | C] () -- C:\Windows\SysNative\drivers\ksecdd.sys
[2009/08/23 21:44:10 | 00,338,944 | ---- | C] () -- C:\Windows\SysNative\schannel.dll
[2009/08/23 21:44:10 | 00,270,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\schannel.dll
[2009/08/23 21:44:10 | 00,094,720 | ---- | C] () -- C:\Windows\SysNative\secur32.dll
[2009/08/23 21:44:10 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secur32.dll
[2009/08/23 21:44:10 | 00,011,264 | ---- | C] () -- C:\Windows\SysNative\lsass.exe
[2009/08/11 16:28:50 | 02,423,296 | ---- | C] () -- C:\Windows\SysNative\mstscax.dll
[2009/08/11 16:28:49 | 02,066,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2009/08/11 16:28:26 | 00,202,752 | ---- | C] () -- C:\Windows\SysNative\wkssvc.dll
[2009/08/11 16:28:25 | 00,088,576 | ---- | C] () -- C:\Windows\SysNative\atl.dll
[2009/08/11 16:28:24 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\atl.dll
[2009/08/11 16:28:12 | 13,426,176 | ---- | C] () -- C:\Windows\SysNative\wmp.dll
[2009/08/11 16:28:02 | 10,624,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2009/08/11 16:28:01 | 00,368,128 | ---- | C] () -- C:\Windows\SysNative\wmpdxm.dll
[2009/08/11 16:28:01 | 00,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpdxm.dll
[2009/08/11 16:27:57 | 00,009,216 | ---- | C] () -- C:\Windows\SysNative\spwmp.dll
[2009/08/11 16:27:56 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spwmp.dll
[2009/08/11 16:27:55 | 00,005,120 | ---- | C] () -- C:\Windows\SysNative\msdxm.ocx
[2009/08/11 16:27:55 | 00,005,120 | ---- | C] () -- C:\Windows\SysNative\dxmasf.dll
[2009/08/11 16:27:55 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdxm.ocx
[2009/08/11 16:27:55 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxmasf.dll
[2009/08/11 16:27:53 | 08,147,968 | ---- | C] () -- C:\Windows\SysNative\wmploc.DLL
[2009/08/11 16:27:53 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2009/08/11 16:27:52 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdxm.tlb
[2009/08/11 16:27:52 | 00,043,520 | ---- | C] () -- C:\Windows\SysNative\msdxm.tlb
[2009/08/11 16:27:52 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\amcompat.tlb
[2009/08/11 16:27:52 | 00,018,432 | ---- | C] () -- C:\Windows\SysNative\amcompat.tlb
[2009/08/11 16:26:02 | 00,093,184 | ---- | C] () -- C:\Windows\SysNative\mciavi32.dll
[2009/08/11 16:26:02 | 00,076,800 | ---- | C] () -- C:\Windows\SysNative\avicap32.dll
[2009/08/11 16:26:01 | 00,108,544 | ---- | C] () -- C:\Windows\SysNative\avifil32.dll
[2009/08/11 16:26:01 | 00,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll
[2009/08/07 00:26:58 | 00,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Apple
[2009/08/07 00:26:40 | 00,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Apple Computer
[2009/08/04 18:34:13 | 00,000,000 | ---D | C] -- C:\ProgramData\Trymedia
[2009/08/04 18:34:08 | 00,000,977 | ---- | C] () -- C:\Users\User\Desktop\SCRABBLE Blast.lnk
[2009/08/04 18:34:06 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Funkitron
[2009/08/04 18:26:51 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\AOL Games
[2009/06/11 23:26:38 | 00,001,916 | ---- | C] () -- C:\Windows\IFiltSet.Ini
[2009/06/11 23:21:04 | 00,000,033 | ---- | C] () -- C:\Windows\iltwain.ini
[2009/05/12 00:00:02 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/05/01 08:35:08 | 00,000,014 | RHS- | C] () -- C:\Windows\SysWow64\drivers\fbd.sys
[2009/03/03 07:37:18 | 00,128,113 | ---- | C] () -- C:\Windows\SysWow64\csellang.ini
[2009/03/03 07:37:18 | 00,045,056 | ---- | C] () -- C:\Windows\SysWow64\csellang.dll
[2009/03/03 07:37:18 | 00,007,671 | ---- | C] () -- C:\Windows\SysWow64\cseltbl.ini
[2008/08/20 21:36:09 | 00,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/08/20 21:29:20 | 00,204,800 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll
[2008/08/20 21:29:20 | 00,200,704 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll
[2008/08/20 21:29:20 | 00,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll
[2008/08/20 21:29:20 | 00,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll
[2008/08/20 21:29:20 | 00,188,416 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll
[2008/08/20 21:29:20 | 00,020,480 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll
[2008/01/20 21:50:05 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 21:49:49 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2007/12/21 18:46:32 | 00,118,784 | ---- | C] () -- C:\Windows\SysWow64\TosBtAcc.dll
[2006/11/02 07:34:27 | 00,000,219 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 07:34:27 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2005/07/22 23:30:18 | 00,065,536 | ---- | C] () -- C:\Windows\SysWow64\TosCommAPI.dll

========== Files - Modified Within 30 Days ==========

[1 C:\Windows\*.tmp files]
[2009/09/01 10:41:56 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2009/09/01 09:14:47 | 00,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/09/01 09:14:47 | 00,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/08/31 23:22:36 | 00,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2009/08/31 23:22:36 | 00,595,684 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2009/08/31 23:22:36 | 00,101,350 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2009/08/31 23:14:54 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/08/31 23:14:41 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/08/31 23:14:24 | 41,239,10144 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/31 02:46:51 | 03,088,942 | -H-- | M] () -- C:\Users\User\AppData\Local\IconCache.db
[2009/08/30 16:26:33 | 00,359,932 | ---- | M] () -- C:\Users\User\Desktop\dds.scr
[2009/08/27 01:08:30 | 00,001,816 | ---- | M] () -- C:\Users\Public\Desktop\avast! Antivirus.lnk
[2009/08/27 01:08:29 | 00,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2009/08/17 11:10:20 | 01,279,456 | ---- | M] (ALWIL Software) -- C:\Windows\SysWow64\aswBoot.exe
[2009/08/17 11:06:05 | 00,089,680 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSP.sys
[2009/08/17 11:05:43 | 00,022,096 | ---- | M] () -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2009/08/17 11:05:31 | 00,065,616 | ---- | M] () -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2009/08/17 11:04:43 | 00,058,448 | ---- | M] () -- C:\Windows\SysNative\drivers\aswTdi.sys
[2009/08/17 11:04:32 | 00,027,216 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRdr.sys
[2009/08/17 11:02:50 | 00,097,480 | ---- | M] () -- C:\Windows\SysNative\AvastSS.scr
[2009/08/09 13:11:57 | 00,035,840 | ---- | M] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/04 18:34:08 | 00,000,977 | ---- | M] () -- C:\Users\User\Desktop\SCRABBLE Blast.lnk
[2009/08/04 18:30:32 | 00,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE
< End of report >







Extras.Txt

OTL Extras logfile created on: 9/1/2009 10:42:48 AM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Users\User\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.84 Gb Total Physical Memory | 1.59 Gb Available Physical Memory | 41.42% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288.50 Gb Total Space | 156.54 Gb Free Space | 54.26% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: USER-PC
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe ()
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE ()
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE ()
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe ()
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe ()
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE ()
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe ()
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe ()
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe ()
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3271773104-3920608979-1219791600-1000\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\M-Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{29FA781C-402B-4B76-87A5-FAC92C2EC01A}" = lport=138 | protocol=17 | dir=in | app=system |
"{3CD43AAC-D9A0-4261-A660-547F1E98572D}" = rport=139 | protocol=6 | dir=out | app=system |
"{42D20B09-1FAD-48C3-9C9D-0EA39B17D01C}" = rport=138 | protocol=17 | dir=out | app=system |
"{42D393C5-3A74-457A-800A-8827E398191C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4E818EC0-B9C1-448D-B7FF-451CC8837F7A}" = lport=445 | protocol=6 | dir=in | app=system |
"{6BE65519-8070-4168-816C-256688EDA7B7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8434DA7A-A1CE-484C-B2DD-261087F257DA}" = lport=139 | protocol=6 | dir=in | app=system |
"{96EBB1AC-A370-4272-B346-CFD19FFD80BC}" = lport=137 | protocol=17 | dir=in | app=system |
"{C460A156-60E3-4EDF-B0FE-D9339EF4AFD0}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{FC2C7840-13A2-4C73-AA82-C657B1D7EF60}" = rport=137 | protocol=17 | dir=out | app=system |
"{FE3A9E72-3403-4F11-9807-317EC3EF5860}" = rport=445 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05F9B417-F584-49DA-BEE3-45FB670A9008}" = dir=in | app=c:\program files (x86)\cyberlink\powercinema for toshiba\kernel\dms\clmsservice.exe |
"{12569A1B-4D9A-419D-B104-3606D687B015}" = dir=in | app=c:\program files (x86)\cyberlink\powercinema for toshiba\powercinema.exe |
"{204458D3-F466-4D97-8781-2AA16D694665}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{208FF48F-F376-47BF-8EDC-9497AE7A1A94}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{27687AB6-588F-4DB2-A7A4-6736220BFD6D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{333955A6-F3C5-4C75-A7F4-FE4FD3B52567}" = dir=in | app=c:\program files (x86)\cyberlink\powercinema for toshiba\kernel\dmp\clbrowserengine.exe |
"{4900A754-B6A2-49F0-88C9-F3898E0683EB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{5DB7D228-BE51-4342-98F6-123622764F42}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{5EA99FC2-F691-4DB6-AC2A-29491D3666D4}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{94A741A8-48F8-4155-93E8-1DAADB8A1086}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{9D4CC65D-3987-4459-990B-D6F25C2FD8AB}" = dir=in | app=c:\program files (x86)\cyberlink\powercinema for toshiba\pcmservice.exe |
"{A9F14AA8-5A83-4A7C-9601-5707E9FEF5A4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C4638C7F-1D32-47D3-ACD7-7C8C03799774}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{DF40278A-0DB2-44FD-AE11-DB95EC5BB7C6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{EA89ACD0-218D-4390-8BA7-B027581A6093}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F75747D6-AB87-4674-8152-4FBCA67396B9}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"TCP Query User{4F23BBC0-0FDE-482F-B700-96D7A05D218D}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{CA2D8CD4-FE55-4F9C-B460-FBCD7007BF91}C:\program files (x86)\shareaza\shareaza.exe" = protocol=6 | dir=in | app=c:\program files (x86)\shareaza\shareaza.exe |
"TCP Query User{D4B405B9-AB74-4DA4-94E5-C31B4AE14DDB}C:\program files (x86)\shareaza\shareaza.exe" = protocol=6 | dir=in | app=c:\program files (x86)\shareaza\shareaza.exe |
"UDP Query User{2FA67C9A-443B-43E7-9718-A6460A18CF91}C:\program files (x86)\shareaza\shareaza.exe" = protocol=17 | dir=in | app=c:\program files (x86)\shareaza\shareaza.exe |
"UDP Query User{3892A1EE-4A54-456D-A4BF-BD06F9ABDBA3}C:\program files (x86)\shareaza\shareaza.exe" = protocol=17 | dir=in | app=c:\program files (x86)\shareaza\shareaza.exe |
"UDP Query User{E50F2378-F2DA-40D5-8A90-0296B73D5F88}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Intel® PROSet/Wireless WiFi Software
"{5254156F-AA77-499A-B7C1-D5581D44E788}" = Marvell Miniport Driver
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{AE303591-1BFC-48B3-881B-655298C4EDE0}" = iTunes
"{AE64AAFB-8C9A-482A-B2A9-3A420A65D5D5}" = O2Micro Flash Memory Card Reader Driver (x64)
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{BA1035C7-14DE-4857-8285-4ACFC74172EC}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{DF0853CA-A1D0-4169-8472-F2822C8FA1EB}" = TOSHIBA Supervisor Password
"{E8B39B08-7FAB-48CC-89E9-37C5589E130C}" = TOSHIBA Hardware Setup
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5051&SUBSYS_1179" = HDAUDIO Soft Data Fax Modem with SmartCP
"HDMI" = Intel® Graphics Media Accelerator Driver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = Toshiba Assist
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema for TOSHIBA
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java™ 6 Update 6
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{4C3F3228-13BE-41D0-A782-3DDE7CB2479A}" = CD/DVD Drive Acoustic Silencer
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{99D518AB-77F2-405B-B52A-18FC22394CF8}" = NetZero Internet Access Installer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{E1E56B8A-1AAF-422A-91DB-625059FB9863}" = TOSHIBA Desktop Links
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F204E2B3-225D-419D-A5DE-3F97E8ADDD1B}" = Geek Squad 24 Hour Computer Support
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.3
"Audacity_is1" = Audacity 1.2.6
"avast!" = avast! Antivirus
"ENTERPRISER" = Microsoft Office Enterprise 2007
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema for TOSHIBA
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{DF0853CA-A1D0-4169-8472-F2822C8FA1EB}" = TOSHIBA Supervisor Password
"InstallShield_{E8B39B08-7FAB-48CC-89E9-37C5589E130C}" = TOSHIBA Hardware Setup
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.1)" = Mozilla Firefox (3.5.1)
"PROHYBRIDR" = 2007 Microsoft Office system
"SCRABBLE Blast_is1" = SCRABBLE Blast
"Shareaza_is1" = Shareaza 2.4.0.0
"Trillian" = Trillian
"WildTangent toshiba Master Uninstall" = WildTangent Games
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinGimp-2.0_is1" = GIMP 2.6.6
"WinRAR archiver" = WinRAR archiver

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 7/22/2009 7:35:37 PM | Computer Name = User-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\User\AppData\Local\PowerCinema\CLML\CLDB_SUB_INFO.db failed, 00000005.


Error - 7/22/2009 7:35:39 PM | Computer Name = User-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
failed, 00000005.

Error - 7/22/2009 8:19:09 PM | Computer Name = User-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zgbgfjb1.default\places.sqlite
failed, 00000005.

Error - 7/22/2009 8:32:20 PM | Computer Name = User-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\User\AppData\Local\PowerCinema\CLML\CLDB_SUB_INFO.db failed, 00000005.


Error - 7/22/2009 8:32:26 PM | Computer Name = User-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
failed, 00000005.

Error - 7/22/2009 9:03:37 PM | Computer Name = User-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\User\AppData\Local\PowerCinema\CLML\CLDB_SUB_INFO.db failed, 00000005.


Error - 7/22/2009 9:03:44 PM | Computer Name = User-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\User\AppData\Local\IconCache.db failed, 00000005.

Error - 7/22/2009 9:24:46 PM | Computer Name = User-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\User\AppData\Local\PowerCinema\CLML\CLDB_SUB_INFO.db failed, 00000005.


Error - 7/23/2009 11:02:15 PM | Computer Name = User-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zgbgfjb1.default\places.sqlite
failed, 00000005.

Error - 7/27/2009 2:17:08 AM | Computer Name = User-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zgbgfjb1.default\downloads.sqlite
failed, 00000005.

[ Application Events ]
Error - 7/22/2009 8:20:24 PM | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/22/2009 8:27:54 PM | Computer Name = User-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 7/22/2009 8:35:33 PM | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/22/2009 8:49:49 PM | Computer Name = User-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 7/22/2009 8:49:49 PM | Computer Name = User-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 7/22/2009 8:55:36 PM | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/22/2009 9:18:53 PM | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/22/2009 9:35:01 PM | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/22/2009 9:35:58 PM | Computer Name = User-PC | Source = ESENT | ID = 455
Description = Catalog Database (1340) Catalog Database: Error -1811 occurred while
opening logfile C:\Windows\system32\CatRoot2\edb0012A.log.

Error - 7/22/2009 9:35:58 PM | Computer Name = User-PC | Source = Microsoft-Windows-CAPI2 | ID = 131329
Description =

[ System Events ]
Error - 7/23/2009 11:15:37 PM | Computer Name = User-PC | Source = HTTP | ID = 15016
Description =

Error - 7/24/2009 1:29:16 PM | Computer Name = User-PC | Source = HTTP | ID = 15016
Description =

Error - 7/24/2009 5:35:41 PM | Computer Name = User-PC | Source = HTTP | ID = 15016
Description =

Error - 7/24/2009 9:51:45 PM | Computer Name = User-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 7/24/2009 11:30:40 PM | Computer Name = User-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.102 for the Network Card with network
address 0022FA4E2B18 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 7/25/2009 11:37:32 PM | Computer Name = User-PC | Source = HTTP | ID = 15016
Description =

Error - 7/26/2009 11:33:28 PM | Computer Name = User-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 7/27/2009 4:44:04 AM | Computer Name = User-PC | Source = HTTP | ID = 15016
Description =

Error - 7/27/2009 11:07:28 AM | Computer Name = User-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.102 for the Network Card with network
address 0022FA4E2B18 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 7/27/2009 5:15:33 PM | Computer Name = User-PC | Source = HTTP | ID = 15016
Description =


< End of report >

BC AdBot (Login to Remove)

 

#2 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:11:48 PM

Posted 17 September 2009 - 02:56 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,993 posts
  • ONLINE
    •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:06:48 PM

Posted 24 September 2009 - 11:16 PM

Topic reopened.

@ BAPM,

Please post back with current logs, a current OTL log in your case as you cannot run DDS, and an updated description of your computer issues as requested in the previous post.

Orange Blossom :(
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#4 BAPM

BAPM
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
    •  
  • Location:TX
  • Local time:05:48 PM

Posted 25 September 2009 - 12:43 AM

PROBLEM:
My problem is that I keep getting a "Threat Detected" pop-up from my antivirus software every time I search "Rachel Car" through Google using Firefox. I'm concerned if something is attempting to allow this "Exploit Neosploit" thing to access my computer. Since it keeps happening without me actually returning to rachelcar.com, it concerns me that something may be on my machine.

I am using Windows Vista Home Premium 64-bit on a Toshiba Satellite M305-S4910.
This happens only with Firefox and not with IE.



STEPS SO FAR:
I have uninstalled and reinstalled Firefox twice.
This has occurred with both avast and AVG anti-virus software.
I was using avast, uninstalled avast and installed AVG.

I came here and in my exchange with a mod, the following:

No course of action is given by the antivirus software to deal with the threat except to close the pop-up (AVG) or abort the connection (avast).
Ran ATF and SAS. (Mod told me it looked clean)
Ran GooredFix. (Mod said it looked like false positive)
Told to search for any files named "rachelcar"/"rachelcar.com". None found.
Told to post HJT log. At step 6, dds gives error of unsupported OS. Cannot continue.
Told to post OTL report. Before generating report, my AVG trial runs out and I reinstall avast.
Mod's reply: "Hello the nfection here will need to be fixed by the HJT team as there are some new variants of rootkits in the wild right now that will require custom scripts to remove the infection, the process must be completed by HJT team members or above."
I posted here.

Also, a user posted this in another thread concerning rachelcar.com: http://linkscanner.explabs.com/linkscanner...//rachelcar.com



CURRENTLY:
I searched "rachel car" again before posting to see if this problem still existed and it does.
Posted Image



UPDATED OTL log follows. [Extras.txt did not open with it this time.]

OTL logfile created on: 9/25/2009 12:27:15 AM - Run 2
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Users\User\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.84 Gb Total Physical Memory | 2.04 Gb Available Physical Memory | 53.05% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288.50 Gb Total Space | 145.81 Gb Free Space | 50.54% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: USER-PC
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/08/17 10:58:55 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/08/17 11:07:17 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe
PRC - [2008/06/27 20:46:06 | 00,036,864 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
PRC - [2008/07/10 19:58:40 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2007/02/12 18:43:44 | 00,065,536 | ---- | M] (O2Micro International) -- C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe
PRC - [2008/07/18 22:39:30 | 00,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2006/08/23 18:39:48 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2009/08/17 11:07:01 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/08/17 11:04:21 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/03/05 16:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2007/12/13 21:52:00 | 00,143,360 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
PRC - [2008/07/10 20:35:30 | 00,188,416 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe
PRC - [2009/04/02 16:11:02 | 00,342,312 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
PRC - [2009/08/17 11:07:23 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iPod\bin\iPodService.exe
PRC - [2009/09/01 10:41:56 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/08/17 10:58:55 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV:64bit: - [2009/08/17 11:07:17 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV:64bit: - [2009/08/17 11:07:01 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
SRV:64bit: - [2009/08/17 11:04:21 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
SRV:64bit: - [2008/04/30 23:20:42 | 01,371,136 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng [Auto | Running])
SRV:64bit: - [2008/04/30 22:42:20 | 00,826,368 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc [Auto | Running])
SRV:64bit: - [2008/04/24 21:57:40 | 00,084,992 | ---- | M] (Toshiba) -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv [On_Demand | Running])
SRV:64bit: - [2007/11/21 19:53:16 | 00,135,168 | ---- | M] () -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv [Auto | Running])
SRV:64bit: - [2008/02/06 16:50:18 | 00,434,016 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv [Auto | Running])
SRV:64bit: - [2007/12/03 20:04:48 | 00,175,104 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service [Auto | Running])
SRV:64bit: - [2008/01/20 21:47:32 | 00,383,544 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])
SRV:64bit: - [2008/01/20 21:52:15 | 01,216,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Running])
SRV:64bit: - [2007/10/18 02:37:22 | 00,412,672 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService [Auto | Running])
SRV - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/07/27 13:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/27 13:01:49 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64 [On_Demand | Stopped])
SRV - [2008/06/27 20:46:06 | 00,036,864 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service [Auto | Running])
SRV - [2008/07/10 19:58:40 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service [Auto | Running])
SRV - [2008/01/20 21:51:36 | 00,344,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])
SRV - [2008/01/20 21:51:36 | 00,153,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
SRV - [2006/11/02 10:03:48 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2008/06/19 20:17:12 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [Auto | Running])
SRV - [2008/05/28 18:20:16 | 00,164,600 | ---- | M] (WildTangent, Inc.) -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService [On_Demand | Stopped])
SRV - [2005/11/14 03:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/06/19 20:16:53 | 00,859,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2006/11/02 04:46:05 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\keyiso.dll -- (KeyIso [On_Demand | Running])
SRV - [2006/10/27 00:47:54 | 00,065,824 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
SRV - [2006/11/02 08:34:14 | 00,000,000 | ---D | M] -- C:\Windows\SysWow64\Msdtc -- (MSDTC [Unknown | Stopped])
SRV - [2008/01/20 21:48:28 | 00,592,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\netlogon.dll -- (Netlogon [On_Demand | Stopped])
SRV - [2007/02/12 18:43:44 | 00,065,536 | ---- | M] (O2Micro International) -- C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe -- (o2flash [Auto | Running])
SRV - [2006/10/26 22:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 17:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2008/08/04 16:46:22 | 00,046,392 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo [Auto | Running])
SRV - [2008/07/18 22:39:30 | 00,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv [Auto | Running])
SRV - [2008/04/11 13:58:10 | 00,158,568 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service [Auto | Running])
SRV - [2006/08/23 18:39:48 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper [Auto | Running])
SRV - [2006/11/02 01:35:15 | 00,060,994 | ---- | M] () -- C:\Windows\SysWow64\Wbem\vds.mof -- (vds [On_Demand | Stopped])
SRV - [2006/11/02 01:35:15 | 00,055,846 | ---- | M] () -- C:\Windows\SysWow64\Wbem\vss.mof -- (VSS [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV:64bit: - [2009/08/17 11:05:43 | 00,022,096 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
DRV:64bit: - [2009/08/17 11:05:31 | 00,065,616 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\aswMonFlt.sys -- (aswMonFlt [Auto | Running])
DRV:64bit: - [2009/08/17 11:04:32 | 00,027,216 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr [System | Running])
DRV:64bit: - [2009/08/17 11:06:05 | 00,089,680 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP [System | Running])
DRV:64bit: - [2009/08/17 11:04:43 | 00,058,448 | ---- | M] () -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi [System | Running])
DRV:64bit: - [2008/03/25 19:47:06 | 00,294,400 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\CAXHWAZL.sys -- (CAXHWAZL [On_Demand | Running])
DRV:64bit: - [2008/01/20 21:46:51 | 00,017,792 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\CmBatt.sys -- (CmBatt [On_Demand | Running])
DRV:64bit: - [2008/03/04 13:32:46 | 00,222,720 | ---- | M] () -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService [On_Demand | Running])
DRV:64bit: - [2009/03/19 16:34:18 | 00,029,544 | ---- | M] () -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV:64bit: - [2006/11/02 00:28:10 | 00,273,920 | ---- | M] () -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService [On_Demand | Stopped])
DRV:64bit: - [2008/03/25 19:51:16 | 01,487,872 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys -- (HSF_DPV [On_Demand | Running])
DRV:64bit: - [2008/07/20 20:44:54 | 00,402,456 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor [Boot | Running])
DRV:64bit: - [2008/06/12 21:51:36 | 07,911,840 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx [On_Demand | Running])
DRV:64bit: - [2006/11/09 16:33:44 | 00,248,320 | ---- | M] () -- C:\Windows\SysNative\drivers\kr10i64.sys -- (KR10I64 [Disabled | Stopped])
DRV:64bit: - [2006/11/09 16:34:42 | 00,237,568 | ---- | M] () -- C:\Windows\SysNative\drivers\kr10n64.sys -- (KR10N64 [Disabled | Stopped])
DRV:64bit: - [2006/06/19 01:27:24 | 00,017,024 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV:64bit: - [2008/04/28 09:38:12 | 04,730,368 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64 [On_Demand | Running])
DRV:64bit: - [2008/04/15 12:14:40 | 00,062,040 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\o2mdx64.sys -- (O2MDRDR [On_Demand | Running])
DRV:64bit: - [2008/04/08 12:46:44 | 00,051,928 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\o2sdx64.sys -- (O2SDRDR [On_Demand | Running])
DRV:64bit: - [2007/04/09 18:15:44 | 00,009,728 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\QIOMem.sys -- (QIOMem [On_Demand | Running])
DRV:64bit: - [2008/01/20 21:46:55 | 00,111,104 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus [Disabled | Stopped])
DRV:64bit: - [2007/11/29 20:58:58 | 00,320,048 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV:64bit: - [2007/12/11 17:03:36 | 00,027,272 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\tdcmdpst.sys -- (tdcmdpst [On_Demand | Running])
DRV:64bit: - [2006/10/23 18:33:08 | 00,018,944 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\tosrfec.sys -- (tosrfec [Disabled | Stopped])
DRV:64bit: - [2008/07/18 20:52:16 | 00,504,912 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\tos_sps64.sys -- (tos_sps64 [Boot | Running])
DRV:64bit: - [2007/11/09 17:00:30 | 00,026,968 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\TVALZ_O.SYS -- (TVALZ [Boot | Running])
DRV:64bit: - [2008/01/20 21:47:27 | 00,168,704 | ---- | M] () -- C:\Windows\SysNative\Drivers\usbvideo.sys -- (usbvideo [On_Demand | Running])
DRV:64bit: - [2008/06/26 19:24:18 | 00,020,520 | ---- | M] () -- C:\Windows\SysNative\Drivers\UVCFTR_S.SYS -- (UVCFTR [On_Demand | Running])
DRV:64bit: - [2008/03/25 19:45:44 | 00,740,864 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf [On_Demand | Running])
DRV:64bit: - [2008/01/20 21:47:28 | 00,046,080 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb [On_Demand | Stopped])
DRV:64bit: - [2007/10/18 02:37:10 | 00,010,240 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio [Auto | Running])
DRV:64bit: - [2008/07/25 12:57:00 | 00,404,992 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64 [On_Demand | Running])
DRV - [2006/06/19 01:26:50 | 00,094,208 | ---- | M] (Conexant) -- C:\Windows\SysWow64\mdmxsdk.dll -- (mdmxsdk [Auto | Running])
DRV - [2006/09/18 16:35:23 | 00,001,088 | ---- | M] () -- C:\Windows\SysWow64\Wbem\mpsdrv.mof -- (mpsdrv [On_Demand | Running])
DRV - [2009/07/28 10:53:16 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Stopped])
DRV - [2009/07/28 10:53:16 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Stopped])
DRV - [2009/07/28 10:53:14 | 00,072,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [System | Stopped])
DRV - [2006/09/18 16:36:40 | 00,003,066 | ---- | M] () -- C:\Windows\SysWow64\Wbem\tcpip.mof -- (Tcpip [Boot | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?br...B&bmod=TSHB
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?br...B&bmod=TSHB
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?br...B&bmod=TSHB


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3271773104-3920608979-1219791600-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?br...B&bmod=TSHB
IE - HKU\S-1-5-21-3271773104-3920608979-1219791600-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-3271773104-3920608979-1219791600-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-3271773104-3920608979-1219791600-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.rabbitinasuit.com/
IE - HKU\S-1-5-21-3271773104-3920608979-1219791600-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3271773104-3920608979-1219791600-1000\S-1-5-21-3271773104-3920608979-1219791600-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.rabbitinasuit.com/"
FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.0.2
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.1
FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/23 22:06:51 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Components: C:\Program Files (x86)\M-Firefox\components [2009/07/27 18:57:33 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Plugins: C:\Program Files (x86)\M-Firefox\plugins [2009/07/27 18:57:29 | 00,000,000 | ---D | M]

[2009/07/27 18:57:49 | 00,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2009/07/27 18:57:49 | 00,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/09/24 07:53:00 | 00,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\zuq7e3r3.default\extensions
[2009/07/29 17:24:13 | 00,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\zuq7e3r3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/07/31 18:40:50 | 00,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\zuq7e3r3.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2006/10/26 23:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL
[2003/07/14 22:56:52 | 00,013,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL
[2008/10/14 21:33:30 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll
[2009/05/12 22:16:36 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll
[2009/05/12 22:16:36 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll
[2009/05/12 22:16:36 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll
[2009/05/12 22:16:36 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll
[2009/05/12 22:16:36 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll
[2009/05/12 22:16:36 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll
[2009/05/12 22:16:36 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll
[2009/07/27 02:16:57 | 00,001,489 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg_igeared.xml

O1 HOSTS File: (761 bytes) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-3271773104-3920608979-1219791600-1000\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe ()
O4:64bit: - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [PCMAgent] C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-21-3271773104-3920608979-1219791600-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\S-1-5-21-3271773104-3920608979-1219791600-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3271773104-3920608979-1219791600-1000\..Trusted Domains: 56 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.93.41.127 24.93.41.128
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files (x86)\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter: - text/xml - Reg Error: Key error. File not found
O18 - Protocol\Filter: - text/xml - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll ()
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2ea9184f-92d0-11de-9393-00238baba6cb}\Shell\AutoRun\command - "" = E:\Seagate\Installer\InstallSeagateManager.exe -- File not found
O33 - MountPoints2\{2ea9184f-92d0-11de-9393-00238baba6cb}\Shell\Install\command - "" = E:\Seagate\Installer\InstallSeagateManager.exe -- File not found
O33 - MountPoints2\{a67e6eff-7d68-11de-b883-00238baba6cb}\Shell - "" = AutoRun
O33 - MountPoints2\{a67e6eff-7d68-11de-b883-00238baba6cb}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{bd91df58-3e57-11de-a7b4-0022fa4e2b18}\Shell - "" = AutoRun
O33 - MountPoints2\{bd91df58-3e57-11de-a7b4-0022fa4e2b18}\Shell\AutoRun\command - "" = E:\MI.exe -- File not found
O33 - MountPoints2\{d92b9437-3cd2-11de-82b1-0022fa4e2b18}\Shell - "" = AutoRun
O33 - MountPoints2\{d92b9437-3cd2-11de-82b1-0022fa4e2b18}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{d92b9514-3cd2-11de-82b1-00238baba6cb}\Shell - "" = AutoRun
O33 - MountPoints2\{d92b9514-3cd2-11de-82b1-00238baba6cb}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\SysWow64\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/09/24 22:33:04 | 00,059,302 | ---- | C] () -- C:\Users\User\Desktop\satellite_M305-S4910.pdf
[2009/09/24 17:11:31 | 00,000,000 | ---D | C] -- C:\Users\User\Desktop\100MEDIA
[2009/09/19 23:27:45 | 00,000,000 | ---D | C] -- C:\Users\User\Desktop\100MEDIA-1
[2009/09/09 07:11:15 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2009/09/09 07:10:20 | 00,000,000 | ---D | C] -- C:\8ea9aa55e02eee64afbe2936a334b4
[2009/09/04 22:46:54 | 00,000,000 | R--D | C] -- C:\Users\User\Desktop\From USB - DYAN
[2009/09/04 02:51:45 | 00,006,161 | ---- | C] () -- C:\Users\User\Documents\Current Default.Theme
[2009/09/02 06:44:25 | 04,691,032 | ---- | C] () -- C:\Windows\SysNative\ntoskrnl.exe
[2009/09/01 10:41:51 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2009/08/31 02:51:03 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tzres.dll
[2009/08/31 02:51:03 | 00,002,048 | ---- | C] () -- C:\Windows\SysNative\tzres.dll
[2009/08/30 16:26:28 | 00,359,932 | ---- | C] () -- C:\Users\User\Desktop\dds.scr
[2009/08/27 22:03:10 | 00,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Leadertech
[2009/08/27 01:08:30 | 00,058,448 | ---- | C] () -- C:\Windows\SysNative\drivers\aswTdi.sys
[2009/08/27 01:08:30 | 00,027,216 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRdr.sys
[2009/08/27 01:08:30 | 00,001,816 | ---- | C] () -- C:\Users\Public\Desktop\avast! Antivirus.lnk
[2009/08/27 01:08:29 | 00,097,480 | ---- | C] () -- C:\Windows\SysNative\AvastSS.scr
[2009/08/27 01:08:29 | 00,089,680 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSP.sys
[2009/08/27 01:08:29 | 00,065,616 | ---- | C] () -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2009/08/27 01:08:29 | 00,022,096 | ---- | C] () -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2009/08/27 01:08:05 | 01,279,456 | ---- | C] (ALWIL Software) -- C:\Windows\SysWow64\aswBoot.exe
[2009/08/27 01:08:05 | 00,380,928 | ---- | C] () -- C:\Windows\SysWow64\actskin4.ocx
[2009/06/11 23:26:38 | 00,001,916 | ---- | C] () -- C:\Windows\IFiltSet.Ini
[2009/06/11 23:21:04 | 00,000,033 | ---- | C] () -- C:\Windows\iltwain.ini
[2009/05/12 00:00:02 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/05/01 08:35:08 | 00,000,014 | RHS- | C] () -- C:\Windows\SysWow64\drivers\fbd.sys
[2009/03/03 07:37:18 | 00,128,113 | ---- | C] () -- C:\Windows\SysWow64\csellang.ini
[2009/03/03 07:37:18 | 00,045,056 | ---- | C] () -- C:\Windows\SysWow64\csellang.dll
[2009/03/03 07:37:18 | 00,007,671 | ---- | C] () -- C:\Windows\SysWow64\cseltbl.ini
[2008/08/20 21:36:09 | 00,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/08/20 21:29:20 | 00,204,800 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll
[2008/08/20 21:29:20 | 00,200,704 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll
[2008/08/20 21:29:20 | 00,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll
[2008/08/20 21:29:20 | 00,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll
[2008/08/20 21:29:20 | 00,188,416 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll
[2008/08/20 21:29:20 | 00,020,480 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll
[2008/01/20 21:50:05 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 21:49:49 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2007/12/21 18:46:32 | 00,118,784 | ---- | C] () -- C:\Windows\SysWow64\TosBtAcc.dll
[2006/11/02 07:34:27 | 00,000,219 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 07:34:27 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2005/07/22 23:30:18 | 00,065,536 | ---- | C] () -- C:\Windows\SysWow64\TosCommAPI.dll

========== Files - Modified Within 30 Days ==========

[1 C:\Windows\*.tmp files]
[2009/09/24 23:07:58 | 00,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/09/24 23:07:58 | 00,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/09/24 22:33:05 | 00,059,302 | ---- | M] () -- C:\Users\User\Desktop\satellite_M305-S4910.pdf
[2009/09/24 17:14:03 | 00,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2009/09/24 17:14:03 | 00,595,684 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2009/09/24 17:14:03 | 00,101,350 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2009/09/24 17:11:22 | 00,064,000 | ---- | M] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/24 17:07:53 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/09/20 14:57:46 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/09/20 14:57:37 | 41,239,10144 | -HS- | M] () -- C:\hiberfil.sys
[2009/09/20 14:56:14 | 03,315,988 | -H-- | M] () -- C:\Users\User\AppData\Local\IconCache.db
[2009/09/04 02:51:46 | 00,006,161 | ---- | M] () -- C:\Users\User\Documents\Current Default.Theme
[2009/09/01 10:41:56 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2009/08/30 16:26:33 | 00,359,932 | ---- | M] () -- C:\Users\User\Desktop\dds.scr
[2009/08/27 01:08:30 | 00,001,816 | ---- | M] () -- C:\Users\Public\Desktop\avast! Antivirus.lnk
[2009/08/27 01:08:29 | 00,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt

========== Alternate Data Streams ==========

@Alternate Data Stream - 16 bytes -> C:\Users\User\Documents\Shareaza Downloads:Shareaza.GUID
< End of report >

Edited by BAPM, 25 September 2009 - 12:46 AM.

#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:48 PM

Posted 30 September 2009 - 07:29 AM

Hi BAPM,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :(
Posted Image
m0le is a proud member of UNITE

#6 BAPM

BAPM
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
    •  
  • Location:TX
  • Local time:05:48 PM

Posted 01 October 2009 - 04:14 AM

Hello, m0le. I'm still here. :(

#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:48 PM

Posted 01 October 2009 - 03:45 PM

Hi BAPM,

Interesting problem.

Let's search for rootkits first of all.

We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.

    First Location
    Second Location
    Third Location

  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.
Thanks :(
Posted Image
m0le is a proud member of UNITE

#8 BAPM

BAPM
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
    •  
  • Location:TX
  • Local time:05:48 PM

Posted 01 October 2009 - 10:52 PM

I got the following:

Error - RootRepeal does not support 64-bit OSs!

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:48 PM

Posted 02 October 2009 - 06:32 AM

It was the only option and i wasn't sure if it had been updated.

We have very few tools to work with here but I would like to get a more detailed scan, OTL is showing nothing untoward.

Please download OTS by OldTimer and save it to your desktop:
  • Double click on OTS.exe to run it.
  • Under Drivers section, select Non-Microsoft.
  • Click on the Run Scan button at the top left hand corner.
OTS will start running. Once done, Notepad will open. Please post the contents of this Notepad file in your next reply.
Posted Image
m0le is a proud member of UNITE

#10 BAPM

BAPM
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
    •  
  • Location:TX
  • Local time:05:48 PM

Posted 04 October 2009 - 05:39 AM

I didn't see "Non-Microsoft" under drivers. There was just "none", "safe list", and "all". I chose "all".

Here are the results:

OTS logfile created on: 10/4/2009 5:34:09 AM - Run 3
OTS by OldTimer - Version 3.0.20.1	 Folder = C:\Users\User\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.84 Gb Total Physical Memory | 2.16 Gb Available Physical Memory | 56.14% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288.50 Gb Total Space | 144.75 Gb Free Space | 50.17% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: USER-PC
Current User Name: User
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 90 Days
 
[Processes - Safe List]
applemobiledeviceservice.exe -> C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.)
ashdisp.exe -> C:\Program Files\Alwil Software\Avast4\ashDisp.exe -> [2009/08/17 11:07:23 | 00,081,000 | ---- | M] (ALWIL Software)
ashdisp.exe -> C:\Program Files\Alwil Software\Avast4\ashDisp.exe -> [2009/08/17 11:07:23 | 00,081,000 | ---- | M] (ALWIL Software)
ashmaisv.exe -> C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -> [2009/08/17 11:07:01 | 00,254,040 | ---- | M] (ALWIL Software)
ashserv.exe -> C:\Program Files\Alwil Software\Avast4\ashServ.exe -> [2009/08/17 11:07:17 | 00,138,680 | ---- | M] (ALWIL Software)
ashserv.exe -> C:\Program Files\Alwil Software\Avast4\ashServ.exe -> [2009/08/17 11:07:17 | 00,138,680 | ---- | M] (ALWIL Software)
ashserv.exe -> C:\Program Files\Alwil Software\Avast4\ashServ.exe -> [2009/08/17 11:07:17 | 00,138,680 | ---- | M] (ALWIL Software)
ashserv.exe -> C:\Program Files\Alwil Software\Avast4\ashServ.exe -> [2009/08/17 11:07:17 | 00,138,680 | ---- | M] (ALWIL Software)
ashwebsv.exe -> C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -> [2009/08/17 11:04:21 | 00,352,920 | ---- | M] (ALWIL Software)
ashwebsv.exe -> C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -> [2009/08/17 11:04:21 | 00,352,920 | ---- | M] (ALWIL Software)
ashwebsv.exe -> C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -> [2009/08/17 11:04:21 | 00,352,920 | ---- | M] (ALWIL Software)
ashwebsv.exe -> C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -> [2009/08/17 11:04:21 | 00,352,920 | ---- | M] (ALWIL Software)
ashwebsv.exe -> C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -> [2009/08/17 11:04:21 | 00,352,920 | ---- | M] (ALWIL Software)
ashwebsv.exe -> C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -> [2009/08/17 11:04:21 | 00,352,920 | ---- | M] (ALWIL Software)
ashwebsv.exe -> C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -> [2009/08/17 11:04:21 | 00,352,920 | ---- | M] (ALWIL Software)
ashwebsv.exe -> C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -> [2009/08/17 11:04:21 | 00,352,920 | ---- | M] (ALWIL Software)
ashwebsv.exe -> C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -> [2009/08/17 11:04:21 | 00,352,920 | ---- | M] (ALWIL Software)
ashwebsv.exe -> C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -> [2009/08/17 11:04:21 | 00,352,920 | ---- | M] (ALWIL Software)
aswupdsv.exe -> C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -> [2009/08/17 10:58:55 | 00,018,752 | ---- | M] (ALWIL Software)
cfprocsrvc.exe -> C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -> [2008/06/27 20:46:06 | 00,036,864 | ---- | M] (TOSHIBA CORPORATION)
cfsvcs.exe -> C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -> [2008/07/10 19:58:40 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION)
cfsvcs.exe -> C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -> [2008/07/10 19:58:40 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION)
clmlsvc.exe -> C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe -> [2008/07/10 20:35:30 | 00,188,416 | ---- | M] (CyberLink)
ipodservice.exe -> C:\Program Files (x86)\iPod\bin\iPodService.exe -> [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.)
ipodservice.exe -> C:\Program Files (x86)\iPod\bin\iPodService.exe -> [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.)
ipodservice.exe -> C:\Program Files (x86)\iPod\bin\iPodService.exe -> [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.)
ipodservice.exe -> C:\Program Files (x86)\iPod\bin\iPodService.exe -> [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.)
ipodservice.exe -> C:\Program Files (x86)\iPod\bin\iPodService.exe -> [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.)
ipodservice.exe -> C:\Program Files (x86)\iPod\bin\iPodService.exe -> [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.)
ituneshelper.exe -> C:\Program Files (x86)\iTunes\iTunesHelper.exe -> [2009/04/02 16:11:02 | 00,342,312 | ---- | M] (Apple Inc.)
mdnsresponder.exe -> C:\Program Files (x86)\Bonjour\mDNSResponder.exe -> [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.)
o2flash.exe -> C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe -> [2007/02/12 18:43:44 | 00,065,536 | ---- | M] (O2Micro International)
o2flash.exe -> C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe -> [2007/02/12 18:43:44 | 00,065,536 | ---- | M] (O2Micro International)
o2flash.exe -> C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe -> [2007/02/12 18:43:44 | 00,065,536 | ---- | M] (O2Micro International)
o2flash.exe -> C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe -> [2007/02/12 18:43:44 | 00,065,536 | ---- | M] (O2Micro International)
o2flash.exe -> C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe -> [2007/02/12 18:43:44 | 00,065,536 | ---- | M] (O2Micro International)
ots.exe -> C:\Users\User\Desktop\OTS.exe -> [2009/10/04 05:27:19 | 00,519,680 | ---- | M] (OldTimer Tools)
ots.exe -> C:\Users\User\Desktop\OTS.exe -> [2009/10/04 05:27:19 | 00,519,680 | ---- | M] (OldTimer Tools)
ots.exe -> C:\Users\User\Desktop\OTS.exe -> [2009/10/04 05:27:19 | 00,519,680 | ---- | M] (OldTimer Tools)
pcmagent.exe -> C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe -> [2007/12/13 21:52:00 | 00,143,360 | ---- | M] (CyberLink Corp.)
teatimer.exe -> C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe -> [2009/03/05 16:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.)
teatimer.exe -> C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe -> [2009/03/05 16:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.)
tnavisrv.exe -> C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -> [2008/07/18 22:39:30 | 00,083,312 | ---- | M] (TOSHIBA Corporation)
tnavisrv.exe -> C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -> [2008/07/18 22:39:30 | 00,083,312 | ---- | M] (TOSHIBA Corporation)
tnavisrv.exe -> C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -> [2008/07/18 22:39:30 | 00,083,312 | ---- | M] (TOSHIBA Corporation)
tnavisrv.exe -> C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -> [2008/07/18 22:39:30 | 00,083,312 | ---- | M] (TOSHIBA Corporation)
tnavisrv.exe -> C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -> [2008/07/18 22:39:30 | 00,083,312 | ---- | M] (TOSHIBA Corporation)
ulcdrsvr.exe -> C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -> [2006/08/23 18:39:48 | 00,049,152 | ---- | M] (Ulead Systems, Inc.)
ulcdrsvr.exe -> C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -> [2006/08/23 18:39:48 | 00,049,152 | ---- | M] (Ulead Systems, Inc.)
ulcdrsvr.exe -> C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -> [2006/08/23 18:39:48 | 00,049,152 | ---- | M] (Ulead Systems, Inc.)
ulcdrsvr.exe -> C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -> [2006/08/23 18:39:48 | 00,049,152 | ---- | M] (Ulead Systems, Inc.)
ulcdrsvr.exe -> C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -> [2006/08/23 18:39:48 | 00,049,152 | ---- | M] (Ulead Systems, Inc.)
 
[Win32 Services - Safe List]
64bit-(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -> [2009/08/17 10:58:55 | 00,018,752 | ---- | M] (ALWIL Software)
64bit-(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> C:\Program Files\Alwil Software\Avast4\ashServ.exe -> [2009/08/17 11:07:17 | 00,138,680 | ---- | M] (ALWIL Software)
64bit-(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] -> C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -> [2009/08/17 11:07:01 | 00,254,040 | ---- | M] (ALWIL Software)
64bit-(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running] -> C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -> [2009/08/17 11:04:21 | 00,352,920 | ---- | M] (ALWIL Software)
64bit-(EvtEng) Intel® PROSet/Wireless Event Log [Win32_Own | Auto | Running] -> C:\Program Files\Intel\WiFi\bin\EvtEng.exe -> [2008/04/30 23:20:42 | 01,371,136 | ---- | M] (Intel(R) Corporation)
64bit-(RegSrvc) Intel® PROSet/Wireless Registry Service [Win32_Own | Auto | Running] -> C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -> [2008/04/30 22:42:20 | 00,826,368 | ---- | M] (Intel(R) Corporation)
64bit-(SmartFaceVWatchSrv) SmartFaceVWatchSrv [Win32_Own | On_Demand | Running] -> C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -> [2008/04/24 21:57:40 | 00,084,992 | ---- | M] (Toshiba)
64bit-(TODDSrv) TOSHIBA Optical Disc Drive Service [Win32_Own | Auto | Running] -> C:\Windows\SysNative\TODDSrv.exe -> [2007/11/21 19:53:16 | 00,135,168 | ---- | M] ()
64bit-(TosCoSrv) TOSHIBA Power Saver [Win32_Own | Auto | Running] -> C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -> [2008/02/06 16:50:18 | 00,434,016 | ---- | M] (TOSHIBA Corporation)
64bit-(TOSHIBA SMART Log Service) TOSHIBA SMART Log Service [Win32_Own | Auto | Running] -> C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -> [2007/12/03 20:04:48 | 00,175,104 | ---- | M] (TOSHIBA Corporation)
64bit-(WinDefend) Windows Defender [Win32_Shared | Auto | Running] -> C:\Program Files\Windows Defender\mpsvc.dll -> [2008/01/20 21:47:32 | 00,383,544 | ---- | M] (Microsoft Corporation)
64bit-(WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Running] -> C:\Program Files\Windows Media Player\wmpnetwk.exe -> [2008/01/20 21:52:15 | 01,216,000 | ---- | M] (Microsoft Corporation)
64bit-(XAudioService) XAudioService [Win32_Own | Auto | Running] -> C:\Windows\SysNative\DRIVERS\xaudio64.exe -> [2007/10/18 02:37:22 | 00,412,672 | ---- | M] ()
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.)
(Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> C:\Program Files (x86)\Bonjour\mDNSResponder.exe -> [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.)
(clr_optimization_v2.0.50727_32) Microsoft .NET Framework NGEN v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2008/07/27 13:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation)
(clr_optimization_v2.0.50727_64) Microsoft .NET Framework NGEN v2.0.50727_X64 [Win32_Own | On_Demand | Stopped] -> C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -> [2008/07/27 13:01:49 | 00,093,184 | ---- | M] (Microsoft Corporation)
(ConfigFree Gadget Service) ConfigFree Gadget Service [Win32_Own | Auto | Running] -> C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -> [2008/06/27 20:46:06 | 00,036,864 | ---- | M] (TOSHIBA CORPORATION)
(ConfigFree Service) ConfigFree Service [Win32_Own | Auto | Running] -> C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -> [2008/07/10 19:58:40 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION)
(ehRecvr) Windows Media Center Receiver Service [Win32_Own | On_Demand | Stopped] -> C:\Windows\ehome\ehRecvr.exe -> [2008/01/20 21:51:36 | 00,344,064 | ---- | M] (Microsoft Corporation)
(ehSched) Windows Media Center Scheduler Service [Win32_Own | On_Demand | Stopped] -> C:\Windows\ehome\ehsched.exe -> [2008/01/20 21:51:36 | 00,153,600 | ---- | M] (Microsoft Corporation)
(ehstart) Windows Media Center Service Launcher [Win32_Shared | Auto | Stopped] -> C:\Windows\ehome\ehstart.dll -> [2006/11/02 10:03:48 | 00,015,360 | ---- | M] (Microsoft Corporation)
(FontCache3.0.0.0) Windows Presentation Foundation Font Cache 3.0.0.0 [Win32_Own | Auto | Running] -> C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe -> [2008/06/19 20:17:12 | 00,046,104 | ---- | M] (Microsoft Corporation)
(GameConsoleService) GameConsoleService [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -> [2008/05/28 18:20:16 | 00,164,600 | ---- | M] (WildTangent, Inc.)
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -> [2005/11/14 03:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation)
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -> [2008/06/19 20:16:53 | 00,859,648 | ---- | M] (Microsoft Corporation)
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> C:\Program Files (x86)\iPod\bin\iPodService.exe -> [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.)
(KeyIso) CNG Key Isolation [Win32_Shared | On_Demand | Running] -> C:\Windows\SysWow64\keyiso.dll -> [2006/11/02 04:46:05 | 00,018,944 | ---- | M] (Microsoft Corporation)
(Microsoft Office Groove Audit Service) Microsoft Office Groove Audit Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -> [2006/10/27 00:47:54 | 00,065,824 | ---- | M] (Microsoft Corporation)
(MSDTC) Distributed Transaction Coordinator [Win32_Own | Unknown | Stopped] -> C:\Windows\SysWow64\Msdtc -> [2006/11/02 08:34:14 | 00,000,000 | ---D | M]
(Netlogon) Netlogon [Win32_Shared | On_Demand | Stopped] -> C:\Windows\SysWow64\netlogon.dll -> [2008/01/20 21:48:28 | 00,592,384 | ---- | M] (Microsoft Corporation)
(o2flash) O2Micro Flash Memory Card Service [Win32_Own | Auto | Running] -> C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe -> [2007/02/12 18:43:44 | 00,065,536 | ---- | M] (O2Micro International)
(odserv) Microsoft Office Diagnostics Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -> [2006/10/26 22:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation)
(ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE -> [2006/10/26 17:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation)
(TMachInfo) TMachInfo [Win32_Own | Auto | Running] -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -> [2008/08/04 16:46:22 | 00,046,392 | ---- | M] (TOSHIBA Corporation)
(TNaviSrv) TOSHIBA Navi Support Service [Win32_Own | Auto | Running] -> C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -> [2008/07/18 22:39:30 | 00,083,312 | ---- | M] (TOSHIBA Corporation)
(TOSHIBA Bluetooth Service) TOSHIBA Bluetooth Service [Win32_Own | Auto | Running] -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -> [2008/04/11 13:58:10 | 00,158,568 | ---- | M] (TOSHIBA CORPORATION)
(UleadBurningHelper) Ulead Burning Helper [Win32_Own | Auto | Running] -> C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -> [2006/08/23 18:39:48 | 00,049,152 | ---- | M] (Ulead Systems, Inc.)
(vds) Virtual Disk [Win32_Own | On_Demand | Stopped] -> C:\Windows\SysWow64\Wbem\vds.mof -> [2006/11/02 01:35:15 | 00,060,994 | ---- | M] ()
(VSS) Volume Shadow Copy [Win32_Own | On_Demand | Stopped] -> C:\Windows\SysWow64\Wbem\vss.mof -> [2006/11/02 01:35:15 | 00,055,846 | ---- | M] ()
 
[Driver Services - All]
64bit-(ACPI) Microsoft ACPI Driver [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\acpi.sys -> [2008/01/20 21:46:50 | 00,326,712 | ---- | M] ()
64bit-(adp94xx) adp94xx [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\adp94xx.sys -> [2008/01/20 21:46:53 | 00,486,456 | ---- | M] ()
64bit-(adpahci) adpahci [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\adpahci.sys -> [2008/01/20 21:46:54 | 00,342,584 | ---- | M] ()
64bit-(adpu160m) adpu160m [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\adpu160m.sys -> [2008/01/20 21:46:54 | 00,126,520 | ---- | M] ()
64bit-(adpu320) adpu320 [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\adpu320.sys -> [2008/01/20 21:47:27 | 00,185,912 | ---- | M] ()
64bit-(AFD) Ancilliary Function Driver for Winsock [Kernel | System | Running] -> C:\Windows\SysNative\drivers\afd.sys -> [2008/01/20 21:48:18 | 00,408,064 | ---- | M] ()
64bit-(agp440) Intel AGP Bus Filter [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\agp440.sys -> [2008/01/20 21:46:51 | 00,064,568 | ---- | M] ()
64bit-(aic78xx) aic78xx [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\djsvs.sys -> [2006/11/02 06:50:06 | 00,088,168 | ---- | M] ()
64bit-(aliide) aliide [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\aliide.sys -> [2008/01/20 21:46:50 | 00,015,976 | ---- | M] ()
64bit-(amdide) amdide [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\amdide.sys -> [2008/01/20 21:46:50 | 00,015,976 | ---- | M] ()
64bit-(AmdK8) AMD K8 Processor Driver [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\amdk8.sys -> [2008/01/20 21:46:51 | 00,050,688 | ---- | M] ()
64bit-(arc) arc [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\arc.sys -> [2008/01/20 21:46:52 | 00,090,680 | ---- | M] ()
64bit-(arcsas) arcsas [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\arcsas.sys -> [2008/01/20 21:47:00 | 00,091,192 | ---- | M] ()
64bit-(aswFsBlk) aswFsBlk [File_System | Auto | Running] -> C:\Windows\SysNative\DRIVERS\aswFsBlk.sys -> [2009/08/17 11:05:43 | 00,022,096 | ---- | M] ()
64bit-(aswMonFlt) aswMonFlt [File_System | Auto | Running] -> C:\Windows\SysNative\DRIVERS\aswMonFlt.sys -> [2009/08/17 11:05:31 | 00,065,616 | ---- | M] ()
64bit-(aswRdr) aswRdr [Kernel | System | Running] -> C:\Windows\SysNative\drivers\aswRdr.sys -> [2009/08/17 11:04:32 | 00,027,216 | ---- | M] ()
64bit-(aswSP) avast! Self Protection [Kernel | System | Running] -> C:\Windows\SysNative\drivers\aswSP.sys -> [2009/08/17 11:06:05 | 00,089,680 | ---- | M] ()
64bit-(aswTdi) avast! Network Shield Support [Kernel | System | Running] -> C:\Windows\SysNative\drivers\aswTdi.sys -> [2009/08/17 11:04:43 | 00,058,448 | ---- | M] ()
64bit-(AsyncMac) RAS Asynchronous Media Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\asyncmac.sys -> [2008/01/20 21:51:01 | 00,022,016 | ---- | M] ()
64bit-(atapi) IDE Channel [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\atapi.sys -> [2008/03/12 01:53:06 | 00,022,584 | ---- | M] ()
64bit-(blbdrive) blbdrive [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\blbdrive.sys -> [2008/01/20 21:47:04 | 00,055,296 | ---- | M] ()
64bit-(bowser) bowser [File_System | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\bowser.sys -> [2008/01/20 21:50:45 | 00,090,624 | ---- | M] ()
64bit-(BrFiltLo) Brother USB Mass-Storage Lower Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\brfiltlo.sys -> [2006/09/18 16:30:15 | 00,018,432 | ---- | M] ()
64bit-(BrFiltUp) Brother USB Mass-Storage Upper Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\brfiltup.sys -> [2006/09/18 16:30:15 | 00,008,704 | ---- | M] ()
64bit-(Brserid) Brother MFC Serial Port Interface Driver (WDM) [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\brserid.sys -> [2006/11/02 03:43:25 | 00,086,528 | ---- | M] ()
64bit-(BrSerWdm) Brother WDM Serial driver [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\brserwdm.sys -> [2006/09/18 16:30:18 | 00,047,104 | ---- | M] ()
64bit-(BrUsbMdm) Brother MFC USB Fax Only Modem [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\brusbmdm.sys -> [2006/09/18 16:30:18 | 00,014,976 | ---- | M] ()
64bit-(BrUsbSer) Brother MFC USB Serial WDM Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\brusbser.sys -> [2006/09/19 06:42:33 | 00,014,720 | ---- | M] ()
64bit-(BTHMODEM) Bluetooth Serial Communications Driver [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\bthmodem.sys -> [2006/11/02 04:44:02 | 00,050,688 | ---- | M] ()
64bit-(CAXHWAZL) CAXHWAZL [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\CAXHWAZL.sys -> [2008/03/25 19:47:06 | 00,294,400 | ---- | M] ()
64bit-(cdfs) CD/DVD File System Reader [File_System | Disabled | Running] -> C:\Windows\SysNative\DRIVERS\cdfs.sys -> [2008/01/20 21:50:39 | 00,090,624 | ---- | M] ()
64bit-(cdrom) CD-ROM Driver [Kernel | System | Running] -> C:\Windows\SysNative\DRIVERS\cdrom.sys -> [2008/01/20 21:46:54 | 00,079,872 | ---- | M] ()
64bit-(circlass) Consumer IR Devices [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\circlass.sys -> [2008/01/20 21:47:03 | 00,041,984 | ---- | M] ()
64bit-(CLFS) Common Log (CLFS) [Kernel | Unknown | Running] -> C:\Windows\SysNative\CLFS.sys -> [2008/01/20 21:50:46 | 00,363,064 | ---- | M] ()
64bit-(CmBatt) Microsoft ACPI Control Method Battery Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\CmBatt.sys -> [2008/01/20 21:46:51 | 00,017,792 | ---- | M] ()
64bit-(cmdide) cmdide [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\cmdide.sys -> [2008/01/20 21:46:50 | 00,018,024 | ---- | M] ()
64bit-(CnxtHdAudService) Conexant UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\CHDRT64.sys -> [2008/03/04 13:32:46 | 00,222,720 | ---- | M] ()
64bit-(Compbatt) Microsoft Composite Battery Driver [Kernel | Boot | Running] -> C:\Windows\SysNative\DRIVERS\compbatt.sys -> [2008/01/20 21:46:50 | 00,023,608 | ---- | M] ()
64bit-(crcdisk) Crcdisk Filter Driver [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\crcdisk.sys -> [2008/01/20 21:46:52 | 00,027,704 | ---- | M] ()
64bit-(DfsC) DFS Namespace Client Driver [File_System | System | Running] -> C:\Windows\SysNative\Drivers\dfsc.sys -> [2008/01/20 21:49:58 | 00,097,792 | ---- | M] ()
64bit-(disk) Disk Driver [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\disk.sys -> [2008/01/20 21:46:53 | 00,068,664 | ---- | M] ()
64bit-(drmkaud) Microsoft Kernel DRM Audio Descrambler [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\drmkaud.sys -> [2008/01/20 21:46:51 | 00,006,144 | ---- | M] ()
64bit-(DXGKrnl) LDDM Graphics Subsystem [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\dxgkrnl.sys -> [2008/08/01 20:20:01 | 00,883,200 | ---- | M] ()
64bit-(E1G60) Intel(R) PRO/1000 NDIS 6 Adapter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\E1G6032E.sys -> [2008/01/20 21:46:56 | 00,146,176 | ---- | M] ()
64bit-(Ecache) ReadyBoost Caching Driver [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\ecache.sys -> [2008/01/20 21:47:43 | 00,157,240 | ---- | M] ()
64bit-(elxstor) elxstor [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\elxstor.sys -> [2008/01/20 21:46:59 | 00,397,368 | ---- | M] ()
64bit-(ErrDev) Microsoft Hardware Error Device Driver [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\errdev.sys -> [2008/01/20 21:46:50 | 00,008,704 | ---- | M] ()
64bit-(exfat) exFAT File System Driver [File_System | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\exfat.sys -> [2008/01/20 21:51:20 | 00,187,392 | ---- | M] ()
64bit-(fastfat) FAT12/16/32 File System Driver [File_System | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\fastfat.sys -> [2008/01/20 21:48:14 | 00,198,656 | ---- | M] ()
64bit-(fdc) Floppy Disk Controller Driver [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\DRIVERS\fdc.sys -> [2008/01/20 21:47:25 | 00,029,696 | ---- | M] ()
64bit-(FileInfo) File Information FS MiniFilter [File_System | Boot | Running] -> C:\Windows\SysNative\drivers\fileinfo.sys -> [2008/01/20 21:50:59 | 00,070,200 | ---- | M] ()
64bit-(Filetrace) Filetrace [File_System | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\filetrace.sys -> [2008/01/20 21:48:28 | 00,033,280 | ---- | M] ()
64bit-(flpydisk) Floppy Disk Driver [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\DRIVERS\flpydisk.sys -> [2008/01/20 21:46:55 | 00,024,576 | ---- | M] ()
64bit-(FltMgr) FltMgr [File_System | Boot | Running] -> C:\Windows\SysNative\drivers\fltmgr.sys -> [2008/01/20 21:50:53 | 00,275,512 | ---- | M] ()
64bit-(gagp30kx) Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\gagp30kx.sys -> [2008/01/20 21:46:59 | 00,068,152 | ---- | M] ()
64bit-(GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -> [2009/03/19 16:34:18 | 00,029,544 | ---- | M] ()
64bit-(HdAudAddService) Microsoft 1.1 UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\HdAudio.sys -> [2006/11/02 00:28:10 | 00,273,920 | ---- | M] ()
64bit-(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\HDAudBus.sys -> [2008/01/20 21:46:51 | 00,050,688 | ---- | M] ()
64bit-(HidBth) Microsoft Bluetooth HID Miniport [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\hidbth.sys -> [2006/11/02 04:44:01 | 00,034,304 | ---- | M] ()
64bit-(HidIr) Microsoft Infrared HID Driver [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\hidir.sys -> [2006/11/02 04:43:36 | 00,025,600 | ---- | M] ()
64bit-(HidUsb) Microsoft HID Class Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\hidusb.sys -> [2008/01/20 21:46:55 | 00,015,872 | ---- | M] ()
64bit-(HpCISSs) HpCISSs [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\hpcisss.sys -> [2008/01/20 21:46:59 | 00,047,672 | ---- | M] ()
64bit-(HSF_DPV) HSF_DPV [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\CAX_DPV.sys -> [2008/03/25 19:51:16 | 01,487,872 | ---- | M] ()
64bit-(HTTP) HTTP [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\HTTP.sys -> [2008/01/20 21:50:36 | 00,596,480 | ---- | M] ()
64bit-(i2omp) i2omp [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\i2omp.sys -> [2008/01/20 21:47:28 | 00,035,896 | ---- | M] ()
64bit-(i8042prt) i8042 Keyboard and PS/2 Mouse Port Driver [Kernel | System | Running] -> C:\Windows\SysNative\DRIVERS\i8042prt.sys -> [2008/01/20 21:47:27 | 00,064,000 | ---- | M] ()
64bit-(iaStor) Intel AHCI Controller [Kernel | Boot | Running] -> C:\Windows\SysNative\DRIVERS\iaStor.sys -> [2008/07/20 20:44:54 | 00,402,456 | ---- | M] ()
64bit-(iaStorV) Intel RAID Controller Vista [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\iastorv.sys -> [2008/01/20 21:46:59 | 00,290,872 | ---- | M] ()
64bit-(igfx) igfx [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\igdkmd64.sys -> [2008/06/12 21:51:36 | 07,911,840 | ---- | M] ()
64bit-(iirsp) iirsp [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\iirsp.sys -> [2006/11/02 07:02:39 | 00,044,648 | ---- | M] ()
64bit-(intelide) intelide [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\intelide.sys -> [2008/01/20 21:46:50 | 00,019,512 | ---- | M] ()
64bit-(intelppm) Intel Processor Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\intelppm.sys -> [2008/01/20 21:46:51 | 00,048,128 | ---- | M] ()
64bit-(IpFilterDriver) IP Traffic Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\ipfltdrv.sys -> [2008/01/20 21:49:34 | 00,067,072 | ---- | M] ()
64bit-(IPMIDRV) IPMIDRV [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\ipmidrv.sys -> [2008/01/20 21:47:28 | 00,076,288 | ---- | M] ()
64bit-(IPNAT) IP Network Address Translator [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\ipnat.sys -> [2008/01/20 21:48:45 | 00,115,712 | ---- | M] ()
64bit-(IRENUM) IR Bus Enumerator [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\irenum.sys -> [2008/01/20 21:50:45 | 00,017,408 | ---- | M] ()
64bit-(isapnp) PnP ISA/EISA Bus Driver [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\isapnp.sys -> [2008/01/20 21:46:51 | 00,023,608 | ---- | M] ()
64bit-(iScsiPrt) iScsiPort Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\msiscsi.sys -> [2008/01/20 21:46:59 | 00,215,096 | ---- | M] ()
64bit-(iteatapi) ITEATAPI_Service_Install [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\iteatapi.sys -> [2006/11/02 07:02:09 | 00,037,480 | ---- | M] ()
64bit-(iteraid) ITERAID_Service_Install [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\iteraid.sys -> [2006/11/02 07:02:09 | 00,037,480 | ---- | M] ()
64bit-(kbdclass) Keyboard Class Driver [Kernel | System | Running] -> C:\Windows\SysNative\DRIVERS\kbdclass.sys -> [2008/01/20 21:47:27 | 00,042,040 | ---- | M] ()
64bit-(kbdhid) Keyboard HID Driver [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\DRIVERS\kbdhid.sys -> [2008/01/20 21:47:27 | 00,020,480 | ---- | M] ()
64bit-(KR10I64) KR10I64 [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\kr10i64.sys -> [2006/11/09 16:33:44 | 00,248,320 | ---- | M] ()
64bit-(KR10N64) KR10N64 [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\kr10n64.sys -> [2006/11/09 16:34:42 | 00,237,568 | ---- | M] ()
64bit-(KSecDD) KSecDD [Kernel | Boot | Running] -> C:\Windows\SysNative\Drivers\ksecdd.sys -> [2009/06/15 20:31:37 | 00,515,656 | ---- | M] ()
64bit-(ksthunk) Kernel Streaming Thunks [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\ksthunk.sys -> [2008/01/20 21:49:00 | 00,020,864 | ---- | M] ()
64bit-(lltdio) Link-Layer Topology Discovery Mapper I/O Driver [Kernel | Auto | Running] -> C:\Windows\SysNative\DRIVERS\lltdio.sys -> [2008/01/20 21:49:15 | 00,059,392 | ---- | M] ()
64bit-(LSI_FC) LSI_FC [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\lsi_fc.sys -> [2008/01/20 21:46:51 | 00,113,720 | ---- | M] ()
64bit-(LSI_SAS) LSI_SAS [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\lsi_sas.sys -> [2008/01/20 21:46:56 | 00,105,016 | ---- | M] ()
64bit-(LSI_SCSI) LSI_SCSI [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\lsi_scsi.sys -> [2008/01/20 21:47:01 | 00,113,720 | ---- | M] ()
64bit-(luafv) UAC File Virtualization [File_System | Auto | Running] -> C:\Windows\SysNative\drivers\luafv.sys -> [2008/01/20 21:49:16 | 00,109,568 | ---- | M] ()
64bit-(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -> [2006/06/19 01:27:24 | 00,017,024 | ---- | M] ()
64bit-(megasas) megasas [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\megasas.sys -> [2008/01/20 21:46:59 | 00,035,896 | ---- | M] ()
64bit-(MegaSR) MegaSR [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\megasr.sys -> [2008/01/20 21:46:56 | 00,438,328 | ---- | M] ()
64bit-(Modem) Modem [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\modem.sys -> [2008/01/20 21:50:04 | 00,040,448 | ---- | M] ()
64bit-(monitor) Microsoft Monitor Class Function Driver Service [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\monitor.sys -> [2008/01/20 21:47:00 | 00,049,152 | ---- | M] ()
64bit-(mouclass) Mouse Class Driver [Kernel | System | Running] -> C:\Windows\SysNative\DRIVERS\mouclass.sys -> [2008/01/20 21:46:59 | 00,039,992 | ---- | M] ()
64bit-(mouhid) Mouse HID Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\mouhid.sys -> [2008/01/20 21:46:59 | 00,019,968 | ---- | M] ()
64bit-(MountMgr) Mount Point Manager [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\mountmgr.sys -> [2008/01/20 21:50:25 | 00,070,200 | ---- | M] ()
64bit-(mpio) Microsoft Multi-Path Bus Driver [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\mpio.sys -> [2008/01/20 21:47:26 | 00,128,056 | ---- | M] ()
64bit-(mpsdrv) Windows Firewall Authorization Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\mpsdrv.sys -> [2008/01/20 21:49:42 | 00,081,408 | ---- | M] ()
64bit-(Mraid35x) Mraid35x [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\mraid35x.sys -> [2006/11/02 07:02:24 | 00,039,016 | ---- | M] ()
64bit-(MRxDAV) WebDav Client Redirector Driver [File_System | On_Demand | Running] -> C:\Windows\SysNative\drivers\mrxdav.sys -> [2008/01/20 21:47:44 | 00,134,144 | ---- | M] ()
64bit-(mrxsmb) SMB MiniRedirector Wrapper and Engine [File_System | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\mrxsmb.sys -> [2008/01/20 21:48:08 | 00,134,656 | ---- | M] ()
64bit-(mrxsmb10) SMB 1.x MiniRedirector [File_System | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\mrxsmb10.sys -> [2008/08/26 20:26:08 | 00,272,896 | ---- | M] ()
64bit-(mrxsmb20) SMB 2.0 MiniRedirector [File_System | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\mrxsmb20.sys -> [2008/01/20 21:48:57 | 00,105,472 | ---- | M] ()
64bit-(msahci) msahci [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\msahci.sys -> [2008/03/12 01:53:24 | 00,031,288 | ---- | M] ()
64bit-(msdsm) Microsoft Multi-Path Device Specific Module [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\msdsm.sys -> [2008/01/20 21:47:04 | 00,113,720 | ---- | M] ()
64bit-(Msfs) Msfs [File_System | System | Running] -> C:\Windows\SysNative\drivers\msfs.sys -> [2008/01/20 21:50:39 | 00,026,112 | ---- | M] ()
64bit-(msisadrv) ISA/EISA Class Driver [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\msisadrv.sys -> [2008/03/24 22:54:26 | 00,017,976 | ---- | M] ()
64bit-(MSKSSRV) Microsoft Streaming Service Proxy [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\MSKSSRV.sys -> [2008/01/20 21:49:52 | 00,011,008 | ---- | M] ()
64bit-(MSPCLOCK) Microsoft Streaming Clock Proxy [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\MSPCLOCK.sys -> [2006/11/02 04:37:30 | 00,007,040 | ---- | M] ()
64bit-(MSPQM) Microsoft Streaming Quality Manager Proxy [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\MSPQM.sys -> [2006/11/02 04:37:30 | 00,006,656 | ---- | M] ()
64bit-(MsRPC) MsRPC [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\msrpc.sys -> [2008/01/20 21:48:48 | 00,312,376 | ---- | M] ()
64bit-(mssmbios) Microsoft System Management BIOS Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\mssmbios.sys -> [2008/03/24 22:55:27 | 00,034,872 | ---- | M] ()
64bit-(MSTEE) Microsoft Streaming Tee/Sink-to-Sink Converter [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\MSTEE.sys -> [2008/01/20 21:49:52 | 00,007,936 | ---- | M] ()
64bit-(Mup) Mup [File_System | Boot | Running] -> C:\Windows\SysNative\Drivers\mup.sys -> [2008/01/20 21:48:15 | 00,061,496 | ---- | M] ()
64bit-(NativeWifiP) NativeWiFi Filter [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\nwifi.sys -> [2008/05/19 21:33:46 | 00,187,392 | ---- | M] ()
64bit-(NDIS) NDIS System Driver [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\ndis.sys -> [2008/01/20 21:50:38 | 00,739,384 | ---- | M] ()
64bit-(NdisTapi) Remote Access NDIS TAPI Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\ndistapi.sys -> [2008/01/20 21:48:45 | 00,024,064 | ---- | M] ()
64bit-(Ndisuio) NDIS Usermode I/O Protocol [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\ndisuio.sys -> [2008/01/20 21:49:58 | 00,022,016 | ---- | M] ()
64bit-(NdisWan) Remote Access NDIS WAN Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\ndiswan.sys -> [2008/01/20 21:48:14 | 00,169,472 | ---- | M] ()
64bit-(NDProxy) NDIS Proxy [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\ndproxy.sys -> [2008/01/20 21:48:45 | 00,059,904 | ---- | M] ()
64bit-(NetBIOS) NetBIOS Interface [File_System | System | Running] -> C:\Windows\SysNative\DRIVERS\netbios.sys -> [2008/01/20 21:48:27 | 00,044,544 | ---- | M] ()
64bit-(netbt) netbt [Kernel | System | Running] -> C:\Windows\SysNative\DRIVERS\netbt.sys -> [2008/01/20 21:50:11 | 00,250,368 | ---- | M] ()
64bit-(NETw5v64) Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit  [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\NETw5v64.sys -> [2008/04/28 09:38:12 | 04,730,368 | ---- | M] ()
64bit-(nfrd960) nfrd960 [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\nfrd960.sys -> [2006/11/02 07:03:03 | 00,051,816 | ---- | M] ()
64bit-(Npfs) Npfs [File_System | System | Running] -> C:\Windows\SysNative\drivers\npfs.sys -> [2008/01/20 21:50:38 | 00,043,520 | ---- | M] ()
64bit-(nsiproxy) NSI proxy service [Kernel | System | Running] -> C:\Windows\SysNative\drivers\nsiproxy.sys -> [2008/01/20 21:49:42 | 00,024,064 | ---- | M] ()
64bit-(Ntfs) Ntfs [File_System | On_Demand | Running] -> C:\Windows\SysNative\drivers\ntfs.sys -> [2008/01/20 21:50:39 | 01,540,152 | ---- | M] ()
64bit-(Null) Null [Kernel | System | Running] -> C:\Windows\SysNative\drivers\null.sys -> [2006/11/02 04:37:16 | 00,006,144 | ---- | M] ()
64bit-(nvraid) NVIDIA nForce RAID Driver	[Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\nvraid.sys -> [2008/01/20 21:46:54 | 00,128,056 | ---- | M] ()
64bit-(nvstor) nvstor [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\nvstor.sys -> [2008/01/20 21:46:54 | 00,054,328 | ---- | M] ()
64bit-(nv_agp) NVIDIA nForce AGP Bus Filter [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\nv_agp.sys -> [2008/01/20 21:46:51 | 00,126,520 | ---- | M] ()
64bit-(O2MDRDR) O2MDRDR [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\o2mdx64.sys -> [2008/04/15 12:14:40 | 00,062,040 | ---- | M] ()
64bit-(O2SDRDR) O2SDRDR [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\o2sdx64.sys -> [2008/04/08 12:46:44 | 00,051,928 | ---- | M] ()
64bit-(ohci1394) OHCI Compliant IEEE 1394 Host Controller [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\ohci1394.sys -> [2008/01/20 21:46:54 | 00,072,192 | ---- | M] ()
64bit-(Parport) Parallel port driver [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\parport.sys -> [2006/11/02 04:37:57 | 00,096,768 | ---- | M] ()
64bit-(partmgr) Partition Manager [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\partmgr.sys -> [2008/01/20 21:49:31 | 00,074,808 | ---- | M] ()
64bit-(pci) PCI Bus Driver [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\pci.sys -> [2008/03/24 22:57:24 | 00,179,768 | ---- | M] ()
64bit-(pciide) pciide [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\DRIVERS\pciide.sys -> [2008/01/20 21:46:50 | 00,013,416 | ---- | M] ()
64bit-(pcmcia) pcmcia [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\pcmcia.sys -> [2006/11/02 06:51:30 | 00,203,368 | ---- | M] ()
64bit-(PEAUTH) PEAUTH [Kernel | Auto | Running] -> C:\Windows\SysNative\drivers\peauth.sys -> [2006/10/23 21:08:37 | 00,712,704 | ---- | M] ()
64bit-(PptpMiniport) WAN Miniport (PPTP) [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\raspptp.sys -> [2008/01/20 21:49:59 | 00,098,816 | ---- | M] ()
64bit-(Processor) Processor Driver [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\processr.sys -> [2008/01/20 21:46:51 | 00,047,104 | ---- | M] ()
64bit-(PSched) QoS Packet Scheduler [Kernel | System | Running] -> C:\Windows\SysNative\DRIVERS\pacer.sys -> [2008/04/04 20:55:47 | 00,094,208 | ---- | M] ()
64bit-(QIOMem) Generic IO & Memory Access [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\QIOMem.sys -> [2007/04/09 18:15:44 | 00,009,728 | ---- | M] ()
64bit-(ql2300) QLogic Fibre Channel Miniport Driver [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\ql2300.sys -> [2008/01/20 21:46:52 | 01,221,176 | ---- | M] ()
64bit-(ql40xx) QLogic iSCSI Miniport Driver [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\ql40xx.sys -> [2006/11/02 06:50:27 | 00,124,008 | ---- | M] ()
64bit-(QWAVEdrv) QWAVE driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\qwavedrv.sys -> [2008/01/20 21:47:30 | 00,046,592 | ---- | M] ()
64bit-(RasAcd) Remote Access Auto Connection Driver [Kernel | System | Running] -> C:\Windows\SysNative\DRIVERS\rasacd.sys -> [2008/01/20 21:48:24 | 00,014,848 | ---- | M] ()
64bit-(Rasl2tp) WAN Miniport (L2TP) [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\rasl2tp.sys -> [2008/01/20 21:49:59 | 00,124,928 | ---- | M] ()
64bit-(RasPppoe) Remote Access PPPOE Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\raspppoe.sys -> [2008/01/20 21:49:08 | 00,050,176 | ---- | M] ()
64bit-(RasSstp) WAN Miniport (SSTP) [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\rassstp.sys -> [2008/01/20 21:51:19 | 00,078,336 | ---- | M] ()
64bit-(rdbss) Redirected Buffering Sub Sysytem [File_System | System | Running] -> C:\Windows\SysNative\DRIVERS\rdbss.sys -> [2008/01/20 21:48:21 | 00,288,256 | ---- | M] ()
64bit-(RDPCDD) RDPCDD [Kernel | System | Running] -> C:\Windows\SysNative\DRIVERS\RDPCDD.sys -> [2008/01/20 21:51:07 | 00,007,168 | ---- | M] ()
64bit-(rdpdr) Terminal Server Device Redirector Driver [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\rdpdr.sys -> [2008/01/20 21:46:51 | 00,314,368 | ---- | M] ()
64bit-(RDPENCDD) RDP Encoder Mirror Driver [Kernel | System | Running] -> C:\Windows\SysNative\drivers\rdpencdd.sys -> [2008/01/20 21:49:48 | 00,007,168 | ---- | M] ()
64bit-(RDPWD) RDP Winstation Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\rdpwd.sys -> [2008/01/20 21:49:47 | 00,210,432 | ---- | M] ()
64bit-(rspndr) Link-Layer Topology Discovery Responder [Kernel | Auto | Running] -> C:\Windows\SysNative\DRIVERS\rspndr.sys -> [2008/01/20 21:49:15 | 00,075,776 | ---- | M] ()
64bit-(sbp2port) SBP-2 Transport/Protocol Bus Driver [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\sbp2port.sys -> [2006/11/02 06:50:06 | 00,090,216 | ---- | M] ()
64bit-(sdbus) sdbus [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\DRIVERS\sdbus.sys -> [2008/01/20 21:46:55 | 00,111,104 | ---- | M] ()
64bit-(secdrv) Security Driver [Kernel | Auto | Running] -> C:\Windows\SysNative\drivers\secdrv.sys -> [2006/09/29 18:51:44 | 00,023,040 | ---- | M] ()
64bit-(Serenum) Serenum Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\serenum.sys -> [2006/11/02 04:37:58 | 00,023,040 | ---- | M] ()
64bit-(Serial) Serial Port Driver [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\serial.sys -> [2006/11/02 04:38:02 | 00,094,208 | ---- | M] ()
64bit-(sermouse) Serial Mouse Driver [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\sermouse.sys -> [2008/01/20 21:46:59 | 00,026,624 | ---- | M] ()
64bit-(sffdisk) SFF Storage Class Driver [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\sffdisk.sys -> [2008/01/20 21:47:00 | 00,014,848 | ---- | M] ()
64bit-(sffp_mmc) SFF Storage Protocol Driver for MMC [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\sffp_mmc.sys -> [2008/01/20 21:47:00 | 00,014,336 | ---- | M] ()
64bit-(sffp_sd) SFF Storage Protocol Driver for SDBus [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\sffp_sd.sys -> [2008/01/20 21:47:00 | 00,013,824 | ---- | M] ()
64bit-(sfloppy) High-Capacity Floppy Disk Drive [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\sfloppy.sys -> [2006/11/02 04:38:24 | 00,016,384 | ---- | M] ()
64bit-(SiSRaid2) SiSRaid2 [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\sisraid2.sys -> [2008/01/20 21:46:56 | 00,045,624 | ---- | M] ()
64bit-(SiSRaid4) SiSRaid4 [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\sisraid4.sys -> [2008/01/20 21:47:26 | 00,078,392 | ---- | M] ()
64bit-(Smb) Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session) [Kernel | System | Running] -> C:\Windows\SysNative\DRIVERS\smb.sys -> [2008/01/20 21:50:11 | 00,088,064 | ---- | M] ()
64bit-(spldr) Security Processor Loader Driver [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\spldr.sys -> [2008/01/20 21:48:07 | 00,021,048 | ---- | M] ()
64bit-(srv) srv [File_System | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\srv.sys -> [2008/12/15 22:42:02 | 00,451,584 | ---- | M] ()
64bit-(srv2) srv2 [File_System | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\srv2.sys -> [2008/01/20 21:50:10 | 00,174,080 | ---- | M] ()
64bit-(srvnet) srvnet [File_System | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\srvnet.sys -> [2008/01/20 21:50:29 | 00,141,312 | ---- | M] ()
64bit-(swenum) Software Bus Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\swenum.sys -> [2008/03/24 22:56:17 | 00,015,544 | ---- | M] ()
64bit-(Symc8xx) Symc8xx [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\symc8xx.sys -> [2006/11/02 07:02:52 | 00,049,256 | ---- | M] ()
64bit-(Sym_hi) Sym_hi [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\sym_hi.sys -> [2006/11/02 07:02:37 | 00,044,648 | ---- | M] ()
64bit-(Sym_u3) Sym_u3 [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\sym_u3.sys -> [2006/11/02 07:02:47 | 00,048,232 | ---- | M] ()
64bit-(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\SynTP.sys -> [2007/11/29 20:58:58 | 00,320,048 | ---- | M] ()
64bit-(Tcpip) TCP/IP Protocol Driver [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\tcpip.sys -> [2008/04/26 03:55:25 | 01,421,368 | ---- | M] ()
64bit-(Tcpip6) Microsoft IPv6 Protocol Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\tcpip.sys -> [2008/04/26 03:55:25 | 01,421,368 | ---- | M] ()
64bit-(tcpipreg) TCP/IP Registry Compatibility [Kernel | Auto | Running] -> C:\Windows\SysNative\drivers\tcpipreg.sys -> [2008/01/20 21:50:24 | 00,038,400 | ---- | M] ()
64bit-(tdcmdpst) TOSHIBA Writing Engine Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\tdcmdpst.sys -> [2007/12/11 17:03:36 | 00,027,272 | ---- | M] ()
64bit-(TDPIPE) TDPIPE [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\tdpipe.sys -> [2008/01/20 21:51:14 | 00,016,384 | ---- | M] ()
64bit-(TDTCP) TDTCP [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\tdtcp.sys -> [2008/01/20 21:51:14 | 00,029,696 | ---- | M] ()
64bit-(tdx) NetIO Legacy TDI Support Driver [Kernel | System | Running] -> C:\Windows\SysNative\DRIVERS\tdx.sys -> [2008/01/20 21:49:53 | 00,094,208 | ---- | M] ()
64bit-(TermDD) Terminal Device Driver [Kernel | System | Running] -> C:\Windows\SysNative\DRIVERS\termdd.sys -> [2008/03/24 22:56:48 | 00,063,544 | ---- | M] ()
64bit-(tosrfec) Bluetooth ACPI [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\DRIVERS\tosrfec.sys -> [2006/10/23 18:33:08 | 00,018,944 | ---- | M] ()
64bit-(tos_sps64) TOSHIBA tos_sps64 Service [Kernel | Boot | Running] -> C:\Windows\SysNative\DRIVERS\tos_sps64.sys -> [2008/07/18 20:52:16 | 00,504,912 | ---- | M] ()
64bit-(tssecsrv) Terminal Services Security Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\tssecsrv.sys -> [2008/01/20 21:50:10 | 00,029,184 | ---- | M] ()
64bit-(tunmp) Microsoft Tun Miniport Adapter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\tunmp.sys -> [2008/01/20 21:48:45 | 00,018,432 | ---- | M] ()
64bit-(tunnel) Microsoft IPv6 Tunnel Miniport Adapter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\tunnel.sys -> [2008/01/20 21:48:45 | 00,028,160 | ---- | M] ()
64bit-(TVALZ) TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver [Kernel | Boot | Running] -> C:\Windows\SysNative\DRIVERS\TVALZ_O.SYS -> [2007/11/09 17:00:30 | 00,026,968 | ---- | M] ()
64bit-(uagp35) Microsoft AGPv3.5 Filter [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\uagp35.sys -> [2008/01/20 21:46:59 | 00,067,128 | ---- | M] ()
64bit-(udfs) udfs [File_System | Disabled | Stopped] -> C:\Windows\SysNative\DRIVERS\udfs.sys -> [2008/03/02 07:32:16 | 00,299,008 | ---- | M] ()
64bit-(uliagpkx) Uli AGP Bus Filter [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\uliagpkx.sys -> [2008/01/20 21:46:51 | 00,068,152 | ---- | M] ()
64bit-(uliahci) uliahci [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\uliahci.sys -> [2008/01/20 21:46:56 | 00,284,728 | ---- | M] ()
64bit-(UlSata) UlSata [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\ulsata.sys -> [2006/11/02 06:50:54 | 00,148,072 | ---- | M] ()
64bit-(ulsata2) ulsata2 [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\ulsata2.sys -> [2008/01/20 21:46:52 | 00,174,696 | ---- | M] ()
64bit-(umbus) UMBus Enumerator Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\umbus.sys -> [2008/01/20 21:46:54 | 00,041,984 | ---- | M] ()
64bit-(usbccgp) Microsoft USB Generic Parent Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\usbccgp.sys -> [2008/01/20 21:47:01 | 00,095,744 | ---- | M] ()
64bit-(usbcir) eHome Infrared Receiver (USBCIR) [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\usbcir.sys -> [2006/11/02 04:43:46 | 00,079,360 | ---- | M] ()
64bit-(usbehci) Microsoft USB 2.0 Enhanced Host Controller Miniport Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\usbehci.sys -> [2008/01/20 21:47:25 | 00,049,152 | ---- | M] ()
64bit-(usbhub) USB2 Enabled Hub [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\usbhub.sys -> [2008/01/20 21:47:01 | 00,270,336 | ---- | M] ()
64bit-(usbohci) Microsoft USB Open Host Controller Miniport Driver [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\usbohci.sys -> [2006/11/02 04:43:40 | 00,024,064 | ---- | M] ()
64bit-(usbprint) Microsoft USB PRINTER Class [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\usbprint.sys -> [2006/11/02 05:27:53 | 00,024,064 | ---- | M] ()
64bit-(USBSTOR) USB Mass Storage Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\USBSTOR.SYS -> [2008/01/20 21:47:25 | 00,066,048 | ---- | M] ()
64bit-(usbuhci) Microsoft USB Universal Host Controller Miniport Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\usbuhci.sys -> [2008/01/20 21:47:25 | 00,029,184 | ---- | M] ()
64bit-(usbvideo) Chicony USB 2.0 Camera [Kernel | On_Demand | Running] -> C:\Windows\SysNative\Drivers\usbvideo.sys -> [2008/01/20 21:47:27 | 00,168,704 | ---- | M] ()
64bit-(UVCFTR) UVCFTR [Kernel | On_Demand | Running] -> C:\Windows\SysNative\Drivers\UVCFTR_S.SYS -> [2008/06/26 19:24:18 | 00,020,520 | ---- | M] ()
64bit-(vga) vga [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\vgapnp.sys -> [2008/01/20 21:47:00 | 00,029,184 | ---- | M] ()
64bit-(VgaSave) VgaSave [Kernel | System | Running] -> C:\Windows\SysNative\drivers\vga.sys -> [2008/01/20 21:49:51 | 00,028,672 | ---- | M] ()
64bit-(viaide) viaide [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\viaide.sys -> [2008/01/20 21:46:50 | 00,018,024 | ---- | M] ()
64bit-(volmgr) Volume Manager Driver [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\volmgr.sys -> [2008/03/24 22:56:59 | 00,068,664 | ---- | M] ()
64bit-(volmgrx) Dynamic Volume Manager [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\volmgrx.sys -> [2008/01/20 21:48:55 | 00,409,656 | ---- | M] ()
64bit-(volsnap) Storage volumes [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\volsnap.sys -> [2008/01/20 21:47:03 | 00,271,416 | ---- | M] ()
64bit-(vsmraid) vsmraid [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\vsmraid.sys -> [2008/01/20 21:47:25 | 00,149,048 | ---- | M] ()
64bit-(WacomPen) Wacom Serial Pen HID Driver [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\wacompen.sys -> [2006/11/02 04:40:24 | 00,026,624 | ---- | M] ()
64bit-(Wanarp) Remote Access IP ARP Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\wanarp.sys -> [2008/01/20 21:48:44 | 00,086,016 | ---- | M] ()
64bit-(Wanarpv6) Remote Access IPv6 ARP Driver [Kernel | System | Running] -> C:\Windows\SysNative\DRIVERS\wanarp.sys -> [2008/01/20 21:48:44 | 00,086,016 | ---- | M] ()
64bit-(Wd) Microsoft Watchdog Timer Driver [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\wd.sys -> [2008/01/20 21:47:27 | 00,024,120 | ---- | M] ()
64bit-(Wdf01000) Kernel Mode Driver Frameworks service [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\Wdf01000.sys -> [2008/01/20 21:50:39 | 00,881,720 | ---- | M] ()
64bit-(winachsf) winachsf [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -> [2008/03/25 19:45:44 | 00,740,864 | ---- | M] ()
64bit-(WmiAcpi) Microsoft Windows Management Interface for ACPI [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\wmiacpi.sys -> [2008/01/20 21:46:50 | 00,014,336 | ---- | M] ()
64bit-(WpdUsb) WpdUsb [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\wpdusb.sys -> [2008/01/20 21:47:28 | 00,046,080 | ---- | M] ()
64bit-(ws2ifsl) Winsock IFS driver [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\ws2ifsl.sys -> [2008/01/20 21:49:42 | 00,020,992 | ---- | M] ()
64bit-(WUDFRd) WUDFRd [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\WUDFRd.sys -> [2008/01/20 21:50:09 | 00,108,544 | ---- | M] ()
64bit-(XAudio) XAudio [Kernel | Auto | Running] -> C:\Windows\SysNative\DRIVERS\xaudio64.sys -> [2007/10/18 02:37:10 | 00,010,240 | ---- | M] ()
64bit-(yukonx64) NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\yk60x64.sys -> [2008/07/25 12:57:00 | 00,404,992 | ---- | M] ()
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> C:\Windows\SysWow64\mdmxsdk.dll -> [2006/06/19 01:26:50 | 00,094,208 | ---- | M] (Conexant)
(mpsdrv) Windows Firewall Authorization Driver [Kernel | On_Demand | Running] -> C:\Windows\SysWow64\Wbem\mpsdrv.mof -> [2006/09/18 16:35:23 | 00,001,088 | ---- | M] ()
(SASDIFSV) SASDIFSV [Kernel | System | Stopped] -> C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS -> [2009/07/28 10:53:16 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(SASENUM) SASENUM [Kernel | On_Demand | Stopped] -> C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS -> [2009/07/28 10:53:16 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
(SASKUTIL) SASKUTIL [Kernel | System | Stopped] -> C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys -> [2009/07/28 10:53:14 | 00,072,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(Tcpip) TCP/IP Protocol Driver [Kernel | Boot | Running] -> C:\Windows\SysWow64\Wbem\tcpip.mof -> [2006/09/18 16:36:40 | 00,003,066 | ---- | M] ()
 
[Registry - Safe List]
< 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" ->  [binary data] -> 
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\System32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" ->  [binary data] -> 
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\SysWOW64\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB -> 
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-3271773104-3920608979-1219791600-1000\] > -> -> 
HKEY_USERS\S-1-5-21-3271773104-3920608979-1219791600-1000\: Main\\"Default_Page_URL" -> http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB -> 
HKEY_USERS\S-1-5-21-3271773104-3920608979-1219791600-1000\: Main\\"Local Page" -> C:\Windows\system32\blank.htm -> 
HKEY_USERS\S-1-5-21-3271773104-3920608979-1219791600-1000\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_USERS\S-1-5-21-3271773104-3920608979-1219791600-1000\: Main\\"Start Page" -> http://www.rabbitinasuit.com/ -> 
HKEY_USERS\S-1-5-21-3271773104-3920608979-1219791600-1000\: Main\\"StartPageCache" -> 1 -> 
HKEY_USERS\S-1-5-21-3271773104-3920608979-1219791600-1000\: "ProxyEnable" -> 0 -> 
< FireFox Settings [Prefs.js] > -> C:\Users\User\AppData\Roaming\Mozilla\FireFox\Profiles\zuq7e3r3.default\prefs.js -> 
browser.startup.homepage -> "http://www.rabbitinasuit.com/" ->
extensions.enabledItems -> {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.0.2 ->
extensions.enabledItems -> {20a82645-c095-46ed-80e3-08825760534b}:1.1 ->
extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.1 ->
keyword.URL -> "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=" ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  -> 
HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b} -> C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\] -> [2009/07/23 22:06:51 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions ->  -> 
HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Components -> C:\PROGRAM FILES (X86)\M-FIREFOX\COMPONENTS [C:\PROGRAM FILES (X86)\M-FIREFOX\COMPONENTS] -> [2009/07/27 18:57:33 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Plugins -> C:\PROGRAM FILES (X86)\M-FIREFOX\PLUGINS [C:\PROGRAM FILES (X86)\M-FIREFOX\PLUGINS] -> [2009/07/27 18:57:29 | 00,000,000 | ---D | M]
< FireFox Extensions [User Folders] > -> 
 -> C:\Users\User\AppData\Roaming\mozilla\Extensions -> [2009/07/27 18:57:43 | 00,000,000 | ---D | M]
 -> C:\Users\User\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} -> [2009/07/27 18:57:43 | 00,000,000 | ---D | M]
 -> C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\zuq7e3r3.default\extensions -> [2009/08/26 12:49:41 | 00,102,081 | ---- | M] ()
 -> C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\zuq7e3r3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} -> [2009/08/26 12:49:41 | 00,102,081 | ---- | M] ()
 -> C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\zuq7e3r3.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} -> [2009/08/26 12:49:41 | 00,102,081 | ---- | M] ()
< FireFox Extensions [Program Folders] > -> 
 -> C:\PROGRAM FILES (X86)\M-FIREFOX\extensions -> [2009/07/15 15:30:52 | 10,764,792 | ---- | M] (Mozilla Foundation)
 -> C:\PROGRAM FILES (X86)\M-FIREFOX\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} -> [2009/07/15 15:30:52 | 10,764,792 | ---- | M] (Mozilla Foundation)
< FireFox Components [Program Folders] > -> 
C:\PROGRAM FILES (X86)\M-FIREFOX\components\ -> C:\PROGRAM FILES (X86)\M-FIREFOX\components -> [2009/07/27 18:57:33 | 00,000,000 | ---D | M]
browserdirprovider.dll -> C:\PROGRAM FILES (X86)\M-FIREFOX\components\browserdirprovider.dll -> [2009/07/15 15:30:53 | 00,023,544 | ---- | M] (Mozilla Foundation)
brwsrcmp.dll -> C:\PROGRAM FILES (X86)\M-FIREFOX\components\brwsrcmp.dll -> [2009/07/15 15:30:54 | 00,137,208 | ---- | M] (Mozilla Foundation)
< FireFox Plugins [Program Folders] > -> 
C:\PROGRAM FILES (X86)\M-FIREFOX\plugins\ -> C:\PROGRAM FILES (X86)\M-FIREFOX\plugins -> [2009/07/27 18:57:29 | 00,000,000 | ---D | M]
npnul32.dll -> C:\PROGRAM FILES (X86)\M-FIREFOX\plugins\npnul32.dll -> [2009/07/15 15:30:55 | 00,065,016 | ---- | M] (mozilla.org)
< FireFox SearchPlugins [Program Folders] > -> 
C:\PROGRAM FILES (X86)\M-FIREFOX\searchplugins\ -> C:\PROGRAM FILES (X86)\M-FIREFOX\searchplugins -> [2009/08/26 12:50:09 | 00,000,000 | ---D | M]
amazondotcom.xml -> C:\PROGRAM FILES (X86)\M-FIREFOX\searchplugins\amazondotcom.xml -> [2009/07/15 13:10:00 | 00,001,394 | ---- | M] ()
answers.xml -> C:\PROGRAM FILES (X86)\M-FIREFOX\searchplugins\answers.xml -> [2009/07/15 13:10:00 | 00,002,193 | ---- | M] ()
avg_igeared.xml -> C:\PROGRAM FILES (X86)\M-FIREFOX\searchplugins\avg_igeared.xml -> [2009/06/27 04:37:10 | 00,001,519 | ---- | M] ()
creativecommons.xml -> C:\PROGRAM FILES (X86)\M-FIREFOX\searchplugins\creativecommons.xml -> [2009/07/15 13:10:00 | 00,001,534 | ---- | M] ()
eBay.xml -> C:\PROGRAM FILES (X86)\M-FIREFOX\searchplugins\eBay.xml -> [2009/07/15 13:10:00 | 00,002,344 | ---- | M] ()
google.xml -> C:\PROGRAM FILES (X86)\M-FIREFOX\searchplugins\google.xml -> [2009/07/15 13:10:00 | 00,002,371 | ---- | M] ()
wikipedia.xml -> C:\PROGRAM FILES (X86)\M-FIREFOX\searchplugins\wikipedia.xml -> [2009/07/15 13:10:00 | 00,001,178 | ---- | M] ()
< HOSTS File > (761 bytes and 20 lines) -> C:\Windows\SysNative\Drivers\etc\hosts -> 
Reset Hosts
127.0.0.1	   localhost
::1			 localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/10/22 23:08:42 | 00,062,080 | ---- | M] (Adobe Systems Incorporated)
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2009/01/26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [Groove GFS Browser Helper] -> [2006/10/27 00:48:42 | 02,210,608 | ---- | M] (Microsoft Corporation)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll [SSVHelper Class] -> [2008/03/25 06:28:01 | 00,509,328 | ---- | M] (Sun Microsystems, Inc.)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-3271773104-3920608979-1219791600-1000\] > -> HKEY_USERS\S-1-5-21-3271773104-3920608979-1219791600-1000\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< 64bit-Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"HotKeysCmds" -> C:\Windows\SysNative\hkcmd.exe [C:\Windows\system32\hkcmd.exe] -> [2008/06/25 19:44:30 | 00,209,432 | ---- | M] ()
"IgfxTray" -> C:\Windows\SysNative\igfxtray.exe [C:\Windows\system32\igfxtray.exe] -> [2008/06/25 19:44:46 | 00,151,064 | ---- | M] ()
"Persistence" -> C:\Windows\SysNative\igfxpers.exe [C:\Windows\system32\igfxpers.exe] -> [2008/06/25 19:44:40 | 00,181,784 | ---- | M] ()
"SynTPEnh" -> C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] -> [2007/11/29 20:58:56 | 01,216,808 | ---- | M] (Synaptics, Inc.)
"TPwrMain" -> C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [%ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE] -> [2008/02/06 16:50:34 | 00,431,968 | ---- | M] (TOSHIBA Corporation)
"Windows Defender" -> C:\Program Files\Windows Defender\MSASCui.exe [%ProgramFiles%\Windows Defender\MSASCui.exe -hide] -> [2008/01/20 21:47:32 | 01,584,184 | ---- | M] (Microsoft Corporation)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Adobe Reader Speed Launcher" -> C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe ["C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> [2008/10/15 01:04:34 | 00,039,792 | ---- | M] (Adobe Systems Incorporated)
"avast!" -> C:\Program Files\Alwil Software\Avast4\ashDisp.exe [C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe] -> [2009/08/17 11:07:23 | 00,081,000 | ---- | M] (ALWIL Software)
"Camera Assistant Software" -> C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe ["C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start] -> [2008/07/31 18:26:26 | 00,417,792 | ---- | M] (Chicony)
"CLMLServer" -> C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe ["C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe"] -> [2008/07/10 20:35:30 | 00,188,416 | ---- | M] (CyberLink)
"GrooveMonitor" -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe ["C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"] -> [2006/10/27 00:47:42 | 00,031,016 | ---- | M] (Microsoft Corporation)
"iTunesHelper" -> C:\Program Files (x86)\iTunes\iTunesHelper.exe ["C:\Program Files (x86)\iTunes\iTunesHelper.exe"] -> [2009/04/02 16:11:02 | 00,342,312 | ---- | M] (Apple Inc.)
"PCMAgent" -> C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe ["C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe"] -> [2007/12/13 21:52:00 | 00,143,360 | ---- | M] (CyberLink Corp.)
"QuickTime Task" -> C:\Program Files (x86)\QuickTime\QTTask.exe ["C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime] -> [2009/01/05 16:18:48 | 00,413,696 | ---- | M] (Apple Inc.)
< Run [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Sidebar" -> C:\Program Files (x86)\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem] -> [2008/01/20 21:47:33 | 01,233,920 | ---- | M] (Microsoft Corporation)
"WindowsWelcomeCenter" -> C:\Windows\SysWow64\oobefldr.dll [rundll32.exe oobefldr.dll,ShowWelcomeCenter] -> [2008/01/20 21:47:52 | 02,153,472 | ---- | M] (Microsoft Corporation)
< Run [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Sidebar" -> C:\Program Files (x86)\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem] -> [2008/01/20 21:47:33 | 01,233,920 | ---- | M] (Microsoft Corporation)
"WindowsWelcomeCenter" -> C:\Windows\SysWow64\oobefldr.dll [rundll32.exe oobefldr.dll,ShowWelcomeCenter] -> [2008/01/20 21:47:52 | 02,153,472 | ---- | M] (Microsoft Corporation)
< Run [HKEY_USERS\S-1-5-21-3271773104-3920608979-1219791600-1000\] > -> HKEY_USERS\S-1-5-21-3271773104-3920608979-1219791600-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"SpybotSD TeaTimer" -> C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe] -> [2009/03/05 16:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.)
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoActiveDesktop" ->  [1] -> File not found
\\"ForceActiveDesktopOn" ->  [0] -> File not found
\\"NoActiveDesktopChanges" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"ConsentPromptBehaviorAdmin" ->  [2] -> File not found
\\"ConsentPromptBehaviorUser" ->  [1] -> File not found
\\"EnableInstallerDetection" ->  [1] -> File not found
\\"EnableLUA" ->  [1] -> File not found
\\"EnableSecureUIAPaths" ->  [1] -> File not found
\\"EnableVirtualization" ->  [1] -> File not found
\\"PromptOnSecureDesktop" ->  [1] -> File not found
\\"ValidateAdminCodeSignatures" ->  [0] -> File not found
\\"dontdisplaylastusername" ->  [0] -> File not found
\\"legalnoticecaption" ->  [] -> File not found
\\"legalnoticetext" ->  [] -> File not found
\\"scforceoption" ->  [0] -> File not found
\\"shutdownwithoutlogon" ->  [1] -> File not found
\\"undockwithoutlogon" ->  [1] -> File not found
\\"FilterAdministratorToken" ->  [0] -> File not found
\\"EnableUIADesktopToggle" ->  [0] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
\UIPI\Clipboard\ExceptionFormats\\"CF_TEXT" ->  [1] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_BITMAP" ->  [2] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_OEMTEXT" ->  [7] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_DIB" ->  [8] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_PALETTE" ->  [9] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_UNICODETEXT" ->  [13] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_DIBV5" ->  [17] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-3271773104-3920608979-1219791600-1000] > -> HKEY_USERS\S-1-5-21-3271773104-3920608979-1219791600-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-21-3271773104-3920608979-1219791600-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDesktopCleanupWizard" ->  [1] -> File not found
< 64bit-Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-3271773104-3920608979-1219791600-1000\] > -> HKEY_USERS\S-1-5-21-3271773104-3920608979-1219791600-1000\Software\Microsoft\Internet Explorer\MenuExt\ -> 
E&xport to Microsoft Excel -> C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE [res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000] -> [2006/10/27 18:07:36 | 17,891,112 | ---- | M] (Microsoft Corporation)
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-3271773104-3920608979-1219791600-1000\] > -> HKEY_USERS\S-1-5-21-3271773104-3920608979-1219791600-1000\Software\Microsoft\Internet Explorer\MenuExt\ -> 
E&xport to Microsoft Excel -> C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE [res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000] -> [2006/10/27 18:07:36 | 17,891,112 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} [HKLM] -> C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll [Menu: Sun Java Console] -> [2008/03/25 06:28:01 | 00,509,328 | ---- | M] (Sun Microsystems, Inc.)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll [Button: Send to OneNote] -> [2006/10/26 20:32:42 | 00,604,000 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll [Menu: S&end to OneNote] -> [2006/10/26 20:32:42 | 00,604,000 | ---- | M] (Microsoft Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> C:\Program Files (x86)\Microsoft Office\OFFICE11\REFIEBAR.DLL [Button: Research] -> [2003/07/14 22:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search && Destroy Configuration] -> [2009/01/26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
< 64bit-Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< 64bit-Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< 64bit-Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-3271773104-3920608979-1219791600-1000\] > -> HKEY_USERS\S-1-5-21-3271773104-3920608979-1219791600-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-21-3271773104-3920608979-1219791600-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5671 domain(s) found. -> 
56 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-3271773104-3920608979-1219791600-1000\] > -> HKEY_USERS\S-1-5-21-3271773104-3920608979-1219791600-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-21-3271773104-3920608979-1219791600-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [Reg Error: Key error.] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 24.93.41.127 24.93.41.128 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{71E95C00-FC1A-4446-9506-3CD43F200427}\\DhcpNameServer -> 24.93.41.127 24.93.41.128   (Intel(R) Wireless WiFi Link 5100) -> 
{9A79EC54-D530-4A5E-A189-5CD7663460A5}\\DhcpNameServer -> 192.168.1.1   (Marvell Yukon 88E8040T PCI-E Fast Ethernet Controller) -> 
< 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
64bit-*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
explorer.exe -> C:\Windows\explorer.exe -> [2008/10/29 01:49:22 | 03,080,704 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
explorer.exe -> C:\Windows\SysWow64\explorer.exe -> [2008/10/29 01:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< 64bit-Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
igfxcui -> C:\Windows\SysNative\igfxdev.dll -> [2008/06/12 21:11:32 | 00,218,112 | ---- | M] ()
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
!SASWinLogon -> C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll -> [2008/12/22 12:05:34 | 00,356,352 | ---- | M] (SUPERAntiSpyware.com)
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" [HKLM] -> C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL [] -> [2008/05/13 10:13:36 | 00,077,824 | ---- | M] (SuperAdBlocker.com)
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [Groove GFS Stub Execution Hook] -> [2006/10/27 00:48:42 | 02,210,608 | ---- | M] (Microsoft Corporation)
< Vista Public Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications -> 
< Vista Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications -> 
< Vista Active Firewall Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> 
{29FA781C-402B-4B76-87A5-FAC92C2EC01A} -> lport=138 | profile=public | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28527 | app=system | 
{3CD43AAC-D9A0-4261-A660-547F1E98572D} -> rport=139 | profile=public | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-28507 | app=system | 
{42D20B09-1FAD-48C3-9C9D-0EA39B17D01C} -> rport=138 | profile=public | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28531 | app=system | 
{42D393C5-3A74-457A-800A-8827E398191C} -> lport=rpc-epmap | profile=public | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28539 | svc=rpcss | 
{4E818EC0-B9C1-448D-B7FF-451CC8837F7A} -> lport=445 | profile=public | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28511 | app=system | 
{6BE65519-8070-4168-816C-256688EDA7B7} -> lport=rpc | profile=public | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28535 | app=%systemroot%\system32\spoolsv.exe | svc=spooler | 
{8434DA7A-A1CE-484C-B2DD-261087F257DA} -> lport=139 | profile=public | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28503 | app=system | 
{96EBB1AC-A370-4272-B346-CFD19FFD80BC} -> lport=137 | profile=public | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28519 | app=system | 
{C460A156-60E3-4EDF-B0FE-D9339EF4AFD0} -> lport=6004 | profile=public | protocol=17 | dir=in | action=allow | name=microsoft office outlook | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
{FC2C7840-13A2-4C73-AA82-C657B1D7EF60} -> rport=137 | profile=public | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28523 | app=system | 
{FE3A9E72-3403-4F11-9807-317EC3EF5860} -> rport=445 | profile=public | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-28515 | app=system | 
< Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> 
{05F9B417-F584-49DA-BEE3-45FB670A9008} -> dir=in | action=allow | name=cyberlink media server | app=c:\program files (x86)\cyberlink\powercinema for toshiba\kernel\dms\clmsservice.exe | 
{12569A1B-4D9A-419D-B104-3606D687B015} -> dir=in | action=allow | name=cyberlink powercinema | app=c:\program files (x86)\cyberlink\powercinema for toshiba\powercinema.exe | 
{204458D3-F466-4D97-8781-2AA16D694665} -> profile=public | protocol=6 | dir=in | action=allow | name=microsoft office groove | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
{208FF48F-F376-47BF-8EDC-9497AE7A1A94} -> profile=private | protocol=17 | dir=in | action=allow | name=itunes | app=c:\program files (x86)\itunes\itunes.exe | 
{27687AB6-588F-4DB2-A7A4-6736220BFD6D} -> profile=private | protocol=6 | dir=in | action=allow | name=bonjour | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
{333955A6-F3C5-4C75-A7F4-FE4FD3B52567} -> dir=in | action=allow | name=cyberlink media server browser engine | app=c:\program files (x86)\cyberlink\powercinema for toshiba\kernel\dmp\clbrowserengine.exe | 
{4900A754-B6A2-49F0-88C9-F3898E0683EB} -> profile=public | protocol=17 | dir=in | action=allow | name=microsoft office onenote | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
{5DB7D228-BE51-4342-98F6-123622764F42} -> profile=public | protocol=58 | dir=in | action=allow | name=@firewallapi.dll,-28545 | 
{5EA99FC2-F691-4DB6-AC2A-29491D3666D4} -> profile=public | protocol=17 | dir=in | action=allow | name=microsoft office groove | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
{94A741A8-48F8-4155-93E8-1DAADB8A1086} -> profile=public | protocol=6 | dir=in | action=allow | name=microsoft office onenote | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
{9D4CC65D-3987-4459-990B-D6F25C2FD8AB} -> dir=in | action=allow | name=cyberlink powercinema resident program | app=c:\program files (x86)\cyberlink\powercinema for toshiba\pcmservice.exe | 
{A9F14AA8-5A83-4A7C-9601-5707E9FEF5A4} -> profile=public | protocol=1 | dir=out | action=allow | name=@firewallapi.dll,-28544 | 
{C4638C7F-1D32-47D3-ACD7-7C8C03799774} -> profile=private | protocol=17 | dir=in | action=allow | name=bonjour | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
{DF40278A-0DB2-44FD-AE11-DB95EC5BB7C6} -> profile=public | protocol=58 | dir=out | action=allow | name=@firewallapi.dll,-28546 | 
{EA89ACD0-218D-4390-8BA7-B027581A6093} -> profile=public | protocol=1 | dir=in | action=allow | name=@firewallapi.dll,-28543 | 
{F75747D6-AB87-4674-8152-4FBCA67396B9} -> profile=private | protocol=6 | dir=in | action=allow | name=itunes | app=c:\program files (x86)\itunes\itunes.exe | 
TCP Query User{4F23BBC0-0FDE-482F-B700-96D7A05D218D}C:\program files (x86)\internet explorer\iexplore.exe -> profile=public | protocol=6 | dir=in | action=block | name=internet explorer | app=c:\program files (x86)\internet explorer\iexplore.exe | 
TCP Query User{CA2D8CD4-FE55-4F9C-B460-FBCD7007BF91}C:\program files (x86)\shareaza\shareaza.exe -> profile=private | protocol=6 | dir=in | action=allow | name=shareaza ultimate file sharing | app=c:\program files (x86)\shareaza\shareaza.exe | 
TCP Query User{D4B405B9-AB74-4DA4-94E5-C31B4AE14DDB}C:\program files (x86)\shareaza\shareaza.exe -> profile=public | protocol=6 | dir=in | action=allow | name=shareaza ultimate file sharing | app=c:\program files (x86)\shareaza\shareaza.exe | 
UDP Query User{2FA67C9A-443B-43E7-9718-A6460A18CF91}C:\program files (x86)\shareaza\shareaza.exe -> profile=private | protocol=17 | dir=in | action=allow | name=shareaza ultimate file sharing | app=c:\program files (x86)\shareaza\shareaza.exe | 
UDP Query User{3892A1EE-4A54-456D-A4BF-BD06F9ABDBA3}C:\program files (x86)\shareaza\shareaza.exe -> profile=public | protocol=17 | dir=in | action=allow | name=shareaza ultimate file sharing | app=c:\program files (x86)\shareaza\shareaza.exe | 
UDP Query User{E50F2378-F2DA-40D5-8A90-0296B73D5F88}C:\program files (x86)\internet explorer\iexplore.exe -> profile=public | protocol=17 | dir=in | action=block | name=internet explorer | app=c:\program files (x86)\internet explorer\iexplore.exe | 
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
"AlternateShell" -> cmd.exe -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" -> C:\Windows\SysNative\DRIVERS\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2008/01/20 21:46:54 | 00,079,872 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
\E
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\shell
\E\shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\shell\AutoRun\command
\E\shell\AutoRun\command\\"" -> E:\LaunchU3.exe [E:\LaunchU3.exe -a] -> File not found
\F
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\shell
\F\shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\shell\AutoRun\command
\F\shell\AutoRun\command\\"" -> F:\LaunchU3.exe [F:\LaunchU3.exe -a] -> File not found
\{2ea9184f-92d0-11de-9393-00238baba6cb}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2ea9184f-92d0-11de-9393-00238baba6cb}\shell\AutoRun\command
\{2ea9184f-92d0-11de-9393-00238baba6cb}\shell\AutoRun\command\\"" -> E:\Seagate\Installer\InstallSeagateManager.exe [E:\Seagate\Installer\InstallSeagateManager.exe] -> File not found
\{2ea9184f-92d0-11de-9393-00238baba6cb}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2ea9184f-92d0-11de-9393-00238baba6cb}\shell\Install\command
\{2ea9184f-92d0-11de-9393-00238baba6cb}\shell\Install\command\\"" -> E:\Seagate\Installer\InstallSeagateManager.exe [E:\Seagate\Installer\InstallSeagateManager.exe] -> File not found
\{a67e6eff-7d68-11de-b883-00238baba6cb}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a67e6eff-7d68-11de-b883-00238baba6cb}\shell
\{a67e6eff-7d68-11de-b883-00238baba6cb}\shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a67e6eff-7d68-11de-b883-00238baba6cb}\shell\AutoRun\command
\{a67e6eff-7d68-11de-b883-00238baba6cb}\shell\AutoRun\command\\"" -> F:\LaunchU3.exe [F:\LaunchU3.exe -a] -> File not found
\{bd91df58-3e57-11de-a7b4-0022fa4e2b18}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bd91df58-3e57-11de-a7b4-0022fa4e2b18}\shell
\{bd91df58-3e57-11de-a7b4-0022fa4e2b18}\shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bd91df58-3e57-11de-a7b4-0022fa4e2b18}\shell\AutoRun\command
\{bd91df58-3e57-11de-a7b4-0022fa4e2b18}\shell\AutoRun\command\\"" -> E:\MI.exe [E:\MI.exe] -> File not found
\{d92b9437-3cd2-11de-82b1-0022fa4e2b18}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d92b9437-3cd2-11de-82b1-0022fa4e2b18}\shell
\{d92b9437-3cd2-11de-82b1-0022fa4e2b18}\shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d92b9437-3cd2-11de-82b1-0022fa4e2b18}\shell\AutoRun\command
\{d92b9437-3cd2-11de-82b1-0022fa4e2b18}\shell\AutoRun\command\\"" -> E:\LaunchU3.exe [E:\LaunchU3.exe -a] -> File not found
\{d92b9514-3cd2-11de-82b1-00238baba6cb}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d92b9514-3cd2-11de-82b1-00238baba6cb}\shell
\{d92b9514-3cd2-11de-82b1-00238baba6cb}\shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d92b9514-3cd2-11de-82b1-00238baba6cb}\shell\AutoRun\command
\{d92b9514-3cd2-11de-82b1-00238baba6cb}\shell\AutoRun\command\\"" -> G:\LaunchU3.exe [G:\LaunchU3.exe -a] -> File not found
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
64bit-comfile [open] -> "%1" %* -> File not found
64bit-exefile [open] -> "%1" %* -> File not found
comfile [open] -> "%1" %* -> File not found
exefile [open] -> "%1" %* -> File not found
 
 
[Files/Folders - Created Within 90 Days]
ProgramData -> C:\ProgramData -> [2009/08/26 12:50:07 | 00,000,000 | -H-D | M]
avg8 -> C:\ProgramData\avg8 -> [2009/08/26 12:50:07 | 00,000,000 | ---D | M]
CyberLink -> C:\ProgramData\CyberLink -> [2009/07/24 02:11:53 | 00,000,000 | ---D | M]
Downloaded Installations -> C:\ProgramData\Downloaded Installations -> [2009/07/27 02:13:55 | 00,000,000 | ---D | M]
Malwarebytes -> C:\ProgramData\Malwarebytes -> [2009/07/27 04:02:18 | 00,000,000 | ---D | M]
Microsoft -> C:\ProgramData\Microsoft -> [2009/07/27 03:35:43 | 00,000,000 | --SD | M]
NOS -> C:\ProgramData\NOS -> [2009/07/29 12:42:52 | 00,000,000 | ---D | M]
Spybot - Search & Destroy -> C:\ProgramData\Spybot - Search & Destroy -> [2009/07/27 16:17:25 | 00,000,000 | ---D | M]
SUPERAntiSpyware.com -> C:\ProgramData\SUPERAntiSpyware.com -> [2009/07/29 12:31:21 | 00,000,000 | ---D | M]
Symantec -> C:\ProgramData\Symantec -> [2009/07/11 06:26:09 | 00,000,000 | ---D | M]
Trymedia -> C:\ProgramData\Trymedia -> [2009/08/04 18:34:13 | 00,000,000 | ---D | M]
Roaming -> C:\Users\User\AppData\Roaming -> [2009/08/27 22:03:10 | 00,000,000 | ---D | M]
AVG8 -> C:\Users\User\AppData\Roaming\AVG8 -> [2009/07/27 01:36:39 | 00,000,000 | ---D | M]
gtk-2.0 -> C:\Users\User\AppData\Roaming\gtk-2.0 -> [2009/09/18 13:40:03 | 00,000,000 | ---D | M]
Leadertech -> C:\Users\User\AppData\Roaming\Leadertech -> [2009/08/27 22:03:10 | 00,000,000 | ---D | M]
Malwarebytes -> C:\Users\User\AppData\Roaming\Malwarebytes -> [2009/07/27 04:02:25 | 00,000,000 | ---D | M]
Microsoft -> C:\Users\User\AppData\Roaming\Microsoft -> [2009/08/26 12:50:09 | 00,000,000 | --SD | M]
Mozilla -> C:\Users\User\AppData\Roaming\Mozilla -> [2009/07/27 18:57:49 | 00,000,000 | ---D | M]
SUPERAntiSpyware.com -> C:\Users\User\AppData\Roaming\SUPERAntiSpyware.com -> [2009/07/29 12:30:58 | 00,000,000 | ---D | M]
U3 -> C:\Users\User\AppData\Roaming\U3 -> [2009/10/02 06:20:35 | 00,000,000 | ---D | M]
Local -> C:\Users\User\AppData\Local -> [2009/08/26 12:43:06 | 00,000,000 | ---D | M]
Adobe -> C:\Users\User\AppData\Local\Adobe -> [2009/08/04 19:46:14 | 00,000,000 | ---D | M]
Apple -> C:\Users\User\AppData\Local\Apple -> [2009/08/07 00:26:58 | 00,000,000 | ---D | M]
Apple Computer -> C:\Users\User\AppData\Local\Apple Computer -> [2009/08/07 00:26:40 | 00,000,000 | ---D | M]
ElevatedDiagnostics -> C:\Users\User\AppData\Local\ElevatedDiagnostics -> [2009/07/23 22:21:51 | 00,000,000 | ---D | M]
Google -> C:\Users\User\AppData\Local\Google -> [2009/07/27 16:25:25 | 00,000,000 | ---D | M]
Microsoft -> C:\Users\User\AppData\Local\Microsoft -> [2009/07/28 02:28:34 | 00,000,000 | ---D | M]
Microsoft Games -> C:\Users\User\AppData\Local\Microsoft Games -> [2009/08/03 01:22:20 | 00,000,000 | ---D | M]
Temp -> C:\Users\User\AppData\Local\Temp -> [2009/10/04 05:31:42 | 00,000,000 | ---D | M]
Common Files -> C:\Program Files (x86)\Common Files -> [2009/07/29 12:28:24 | 00,000,000 | ---D | M]
Symantec Shared -> C:\Program Files (x86)\Common Files\Symantec Shared -> [2009/07/11 06:26:09 | 00,000,000 | ---D | M]
Wise Installation Wizard -> C:\Program Files (x86)\Common Files\Wise Installation Wizard -> [2009/07/29 12:28:24 | 00,000,000 | ---D | M]
Program Files (x86) -> C:\Program Files (x86) -> [2009/09/09 07:11:15 | 00,000,000 | R--D | M]
AOL Games -> C:\Program Files (x86)\AOL Games -> [2009/08/04 18:26:51 | 00,000,000 | ---D | M]
AVG -> C:\Program Files (x86)\AVG -> [2009/07/27 02:12:34 | 00,000,000 | ---D | M]
Common Files -> C:\Program Files (x86)\Common Files -> [2009/07/29 12:28:24 | 00,000,000 | ---D | M]
Funkitron -> C:\Program Files (x86)\Funkitron -> [2009/08/04 18:34:06 | 00,000,000 | ---D | M]
Internet Explorer -> C:\Program Files (x86)\Internet Explorer -> [2009/08/31 23:13:23 | 00,000,000 | ---D | M]
MALWAREBYTES ANTI-MALWARE -> C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE -> [2009/07/27 04:02:23 | 00,000,000 | ---D | M]
Malwarebytes' Anti-Malware -> C:\Program Files (x86)\Malwarebytes' Anti-Malware -> [2009/07/27 11:38:26 | 00,000,000 | ---D | M]
M-Firefox -> C:\Program Files (x86)\M-Firefox -> [2009/09/09 07:10:35 | 00,000,000 | ---D | M]
Microsoft Silverlight -> C:\Program Files (x86)\Microsoft Silverlight -> [2009/09/09 07:11:15 | 00,000,000 | ---D | M]
Mozilla Firefox -> C:\Program Files (x86)\Mozilla Firefox -> [2009/07/27 18:57:01 | 00,000,000 | ---D | M]
NOS -> C:\Program Files (x86)\NOS -> [2009/07/29 12:42:49 | 00,000,000 | ---D | M]
Spybot - Search & Destroy -> C:\Program Files (x86)\Spybot - Search & Destroy -> [2009/07/27 11:37:46 | 00,000,000 | ---D | M]
SUPERAntiSpyware -> C:\Program Files (x86)\SUPERAntiSpyware -> [2009/07/29 12:30:59 | 00,000,000 | ---D | M]
Trillian -> C:\Program Files (x86)\Trillian -> [2009/08/01 00:22:54 | 00,000,000 | ---D | M]
Windows Mail -> C:\Program Files (x86)\Windows Mail -> [2009/08/31 23:13:20 | 00,000,000 | ---D | M]
Windows Media Player -> C:\Program Files (x86)\Windows Media Player -> [2009/08/31 23:13:18 | 00,000,000 | ---D | M]
Common Files -> C:\Program Files\Common Files -> [2009/07/11 06:22:41 | 00,000,000 | ---D | M]
Program Files -> C:\Program Files -> [2009/07/23 22:11:49 | 00,000,000 | R--D | M]
Alwil Software -> C:\Program Files\Alwil Software -> [2009/07/11 07:20:29 | 00,000,000 | ---D | M]
Common Files -> C:\Program Files\Common Files -> [2009/07/11 06:22:41 | 00,000,000 | ---D | M]
Internet Explorer -> C:\Program Files\Internet Explorer -> [2009/08/31 23:13:23 | 00,000,000 | ---D | M]
Microsoft ATS -> C:\Program Files\Microsoft ATS -> [2009/07/23 22:17:16 | 00,000,000 | ---D | M]
Windows Mail -> C:\Program Files\Windows Mail -> [2009/08/31 23:13:20 | 00,000,000 | ---D | M]
Windows Media Player -> C:\Program Files\Windows Media Player -> [2009/08/31 23:13:18 | 00,000,000 | ---D | M]
OTS.exe -> C:\Users\User\Desktop\OTS.exe -> [2009/10/04 05:27:12 | 00,519,680 | ---- | C] (OldTimer Tools)
wudriver.dll -> C:\Windows\SysWow64\wudriver.dll -> [2009/10/02 20:33:58 | 00,087,552 | ---- | C] (Microsoft Corporation)
wuapi.dll -> C:\Windows\SysWow64\wuapi.dll -> [2009/10/02 20:33:57 | 00,575,704 | ---- | C] (Microsoft Corporation)
wups.dll -> C:\Windows\SysWow64\wups.dll -> [2009/10/02 20:33:57 | 00,035,552 | ---- | C] (Microsoft Corporation)
wuwebv.dll -> C:\Windows\SysWow64\wuwebv.dll -> [2009/10/02 20:33:47 | 00,171,608 | ---- | C] (Microsoft Corporation)
wuapp.exe -> C:\Windows\SysWow64\wuapp.exe -> [2009/10/02 20:33:47 | 00,033,792 | ---- | C] (Microsoft Corporation)
RootRepeal.exe -> C:\Users\User\Desktop\RootRepeal.exe -> [2009/10/01 22:47:39 | 00,472,064 | ---- | C] ( )
100MEDIA -> C:\Users\User\Desktop\100MEDIA -> [2009/09/24 17:11:31 | 00,000,000 | ---D | C]
100MEDIA-1 -> C:\Users\User\Desktop\100MEDIA-1 -> [2009/09/19 23:27:45 | 00,000,000 | ---D | C]
8ea9aa55e02eee64afbe2936a334b4 -> C:\8ea9aa55e02eee64afbe2936a334b4 -> [2009/09/09 07:10:20 | 00,000,000 | ---D | C]
From USB - DYAN -> C:\Users\User\Desktop\From USB - DYAN -> [2009/09/04 22:46:54 | 00,000,000 | R--D | C]
OTL.exe -> C:\Users\User\Desktop\OTL.exe -> [2009/09/01 10:41:51 | 00,514,048 | ---- | C] (OldTimer Tools)
tzres.dll -> C:\Windows\SysWow64\tzres.dll -> [2009/08/31 02:51:03 | 00,002,048 | ---- | C] (Microsoft Corporation)
aswBoot.exe -> C:\Windows\SysWow64\aswBoot.exe -> [2009/08/27 01:08:05 | 01,279,456 | ---- | C] (ALWIL Software)
kerberos.dll -> C:\Windows\SysWow64\kerberos.dll -> [2009/08/23 21:44:11 | 00,499,712 | ---- | C] (Microsoft Corporation)
msv1_0.dll -> C:\Windows\SysWow64\msv1_0.dll -> [2009/08/23 21:44:11 | 00,213,504 | ---- | C] (Microsoft Corporation)
wdigest.dll -> C:\Windows\SysWow64\wdigest.dll -> [2009/08/23 21:44:11 | 00,175,104 | ---- | C] (Microsoft Corporation)
schannel.dll -> C:\Windows\SysWow64\schannel.dll -> [2009/08/23 21:44:10 | 00,270,848 | ---- | C] (Microsoft Corporation)
secur32.dll -> C:\Windows\SysWow64\secur32.dll -> [2009/08/23 21:44:10 | 00,076,800 | ---- | C] (Microsoft Corporation)
mstscax.dll -> C:\Windows\SysWow64\mstscax.dll -> [2009/08/11 16:28:49 | 02,066,432 | ---- | C] (Microsoft Corporation)
atl.dll -> C:\Windows\SysWow64\atl.dll -> [2009/08/11 16:28:24 | 00,071,680 | ---- | C] (Microsoft Corporation)
wmp.dll -> C:\Windows\SysWow64\wmp.dll -> [2009/08/11 16:28:02 | 10,624,000 | ---- | C] (Microsoft Corporation)
wmpdxm.dll -> C:\Windows\SysWow64\wmpdxm.dll -> [2009/08/11 16:28:01 | 00,313,344 | ---- | C] (Microsoft Corporation)
spwmp.dll -> C:\Windows\SysWow64\spwmp.dll -> [2009/08/11 16:27:56 | 00,007,680 | ---- | C] (Microsoft Corporation)
msdxm.ocx -> C:\Windows\SysWow64\msdxm.ocx -> [2009/08/11 16:27:55 | 00,004,096 | ---- | C] (Microsoft Corporation)
dxmasf.dll -> C:\Windows\SysWow64\dxmasf.dll -> [2009/08/11 16:27:55 | 00,004,096 | ---- | C] (Microsoft Corporation)
wmploc.DLL -> C:\Windows\SysWow64\wmploc.DLL -> [2009/08/11 16:27:53 | 08,147,456 | ---- | C] (Microsoft Corporation)
msdxm.tlb -> C:\Windows\SysWow64\msdxm.tlb -> [2009/08/11 16:27:52 | 00,043,520 | ---- | C] (Microsoft Corporation)
amcompat.tlb -> C:\Windows\SysWow64\amcompat.tlb -> [2009/08/11 16:27:52 | 00,018,432 | ---- | C] (Microsoft Corporation)
avifil32.dll -> C:\Windows\SysWow64\avifil32.dll -> [2009/08/11 16:26:01 | 00,091,136 | ---- | C] (Microsoft Corporation)
Trymedia -> C:\ProgramData\Trymedia -> [2009/08/04 18:34:13 | 00,000,000 | ---D | C]
Anti Virus Help -> C:\Users\User\Anti Virus Help -> [2009/07/30 22:11:36 | 00,000,000 | ---D | C]
DoctorWeb -> C:\Users\User\DoctorWeb -> [2009/07/30 15:39:29 | 00,000,000 | ---D | C]
drweb-cureit.exe -> C:\Users\User\Desktop\drweb-cureit.exe -> [2009/07/30 15:26:31 | 15,180,040 | ---- | C] (Doctor Web, Ltd.)
GooredFix.exe -> C:\Users\User\Desktop\GooredFix.exe -> [2009/07/29 21:30:36 | 00,046,157 | ---- | C] (jpshortstuff)
SUPERAntiSpyware.com -> C:\ProgramData\SUPERAntiSpyware.com -> [2009/07/29 12:31:21 | 00,000,000 | ---D | C]
mshtml.dll -> C:\Windows\SysWow64\mshtml.dll -> [2009/07/29 00:03:25 | 05,937,152 | ---- | C] (Microsoft Corporation)
ieframe.dll -> C:\Windows\SysWow64\ieframe.dll -> [2009/07/29 00:03:22 | 11,067,392 | ---- | C] (Microsoft Corporation)
iertutil.dll -> C:\Windows\SysWow64\iertutil.dll -> [2009/07/29 00:03:20 | 01,985,536 | ---- | C] (Microsoft Corporation)
urlmon.dll -> C:\Windows\SysWow64\urlmon.dll -> [2009/07/29 00:03:20 | 01,208,832 | ---- | C] (Microsoft Corporation)
wininet.dll -> C:\Windows\SysWow64\wininet.dll -> [2009/07/29 00:03:19 | 00,915,456 | ---- | C] (Microsoft Corporation)
msfeeds.dll -> C:\Windows\SysWow64\msfeeds.dll -> [2009/07/29 00:03:19 | 00,594,432 | ---- | C] (Microsoft Corporation)
occache.dll -> C:\Windows\SysWow64\occache.dll -> [2009/07/29 00:03:19 | 00,206,848 | ---- | C] (Microsoft Corporation)
inetcpl.cpl -> C:\Windows\SysWow64\inetcpl.cpl -> [2009/07/29 00:03:18 | 01,469,440 | ---- | C] (Microsoft Corporation)
iedkcs32.dll -> C:\Windows\SysWow64\iedkcs32.dll -> [2009/07/29 00:03:18 | 00,386,048 | ---- | C] (Microsoft Corporation)
iepeers.dll -> C:\Windows\SysWow64\iepeers.dll -> [2009/07/29 00:03:18 | 00,184,320 | ---- | C] (Microsoft Corporation)
ieui.dll -> C:\Windows\SysWow64\ieui.dll -> [2009/07/29 00:03:18 | 00,164,352 | ---- | C] (Microsoft Corporation)
mshtml.tlb -> C:\Windows\SysWow64\mshtml.tlb -> [2009/07/29 00:03:17 | 01,638,912 | ---- | C] (Microsoft Corporation)
ie4uinit.exe -> C:\Windows\SysWow64\ie4uinit.exe -> [2009/07/29 00:03:17 | 00,173,056 | ---- | C] (Microsoft Corporation)
ieUnatt.exe -> C:\Windows\SysWow64\ieUnatt.exe -> [2009/07/29 00:03:17 | 00,133,632 | ---- | C] (Microsoft Corporation)
iesysprep.dll -> C:\Windows\SysWow64\iesysprep.dll -> [2009/07/29 00:03:17 | 00,109,056 | ---- | C] (Microsoft Corporation)
iesetup.dll -> C:\Windows\SysWow64\iesetup.dll -> [2009/07/29 00:03:17 | 00,071,680 | ---- | C] (Microsoft Corporation)
iernonce.dll -> C:\Windows\SysWow64\iernonce.dll -> [2009/07/29 00:03:17 | 00,055,808 | ---- | C] (Microsoft Corporation)
msfeedsbs.dll -> C:\Windows\SysWow64\msfeedsbs.dll -> [2009/07/29 00:03:17 | 00,055,296 | ---- | C] (Microsoft Corporation)
jsproxy.dll -> C:\Windows\SysWow64\jsproxy.dll -> [2009/07/29 00:03:17 | 00,025,600 | ---- | C] (Microsoft Corporation)
msfeedssync.exe -> C:\Windows\SysWow64\msfeedssync.exe -> [2009/07/29 00:03:17 | 00,013,312 | ---- | C] (Microsoft Corporation)
NOS -> C:\ProgramData\NOS -> [2009/07/27 18:26:00 | 00,000,000 | ---D | C]
PDFs -> C:\Users\User\Desktop\PDFs -> [2009/07/27 17:54:17 | 00,000,000 | R--D | C]
$AVG8.VAULT$ -> C:\$AVG8.VAULT$ -> [2009/07/27 17:05:52 | 00,000,000 | -H-D | C]
Spybot - Search & Destroy -> C:\ProgramData\Spybot - Search & Destroy -> [2009/07/27 10:52:51 | 00,000,000 | ---D | C]
mbamswissarmy.sys -> C:\Windows\SysWow64\drivers\mbamswissarmy.sys -> [2009/07/27 04:02:20 | 00,038,160 | ---- | C] (Malwarebytes Corporation)
Malwarebytes -> C:\ProgramData\Malwarebytes -> [2009/07/27 04:02:18 | 00,000,000 | ---D | C]
avg -> C:\Windows\SysWow64\drivers\avg -> [2009/07/27 03:34:06 | 00,000,000 | ---D | C]
Downloaded Installations -> C:\ProgramData\Downloaded Installations -> [2009/07/27 02:13:55 | 00,000,000 | ---D | C]
avg8 -> C:\ProgramData\avg8 -> [2009/07/27 02:12:30 | 00,000,000 | ---D | C]
WindowsPowerShell -> C:\Windows\SysWow64\WindowsPowerShell -> [2009/07/23 22:20:26 | 00,000,000 | ---D | C]
WindowsPowerShell -> C:\Windows\SysNative\WindowsPowerShell -> [2009/07/23 22:20:23 | 00,000,000 | ---D | C]
temp.conexant -> C:\temp.conexant -> [2009/07/22 18:33:08 | 00,000,000 | ---D | C]
TW -> C:\Users\User\TW -> [2009/07/21 11:07:53 | 00,000,000 | ---D | C]
t2embed.dll -> C:\Windows\SysWow64\t2embed.dll -> [2009/07/15 18:16:59 | 00,156,672 | ---- | C] (Microsoft Corporation)
fontsub.dll -> C:\Windows\SysWow64\fontsub.dll -> [2009/07/15 18:16:58 | 00,072,704 | ---- | C] (Microsoft Corporation)
dciman32.dll -> C:\Windows\SysWow64\dciman32.dll -> [2009/07/15 18:16:58 | 00,010,240 | ---- | C] (Microsoft Corporation)
Pocket Jam -> C:\Users\User\Desktop\Pocket Jam -> [2009/07/11 15:27:54 | 00,000,000 | R--D | C]
JOB -> C:\Users\User\Desktop\JOB -> [2009/07/09 04:21:58 | 00,000,000 | R--D | C]
 
[Files/Folders - Modified Within 90 Days]
1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> 
ntuser.dat -> C:\Users\User\ntuser.dat -> [2009/10/04 05:33:41 | 05,242,880 | -HS- | M] ()
OTS.exe -> C:\Users\User\Desktop\OTS.exe -> [2009/10/04 05:27:19 | 00,519,680 | ---- | M] (OldTimer Tools)
7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [2009/10/04 04:37:22 | 00,003,616 | -H-- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [2009/10/04 04:37:22 | 00,003,616 | -H-- | M] ()
PerfStringBackup.INI -> C:\Windows\SysNative\PerfStringBackup.INI -> [2009/10/04 02:06:10 | 00,690,960 | ---- | M] ()
perfh009.dat -> C:\Windows\SysNative\perfh009.dat -> [2009/10/04 02:06:10 | 00,595,684 | ---- | M] ()
perfc009.dat -> C:\Windows\SysNative\perfc009.dat -> [2009/10/04 02:06:10 | 00,101,350 | ---- | M] ()
bootstat.dat -> C:\Windows\bootstat.dat -> [2009/10/04 00:37:21 | 00,067,584 | --S- | M] ()
SA.DAT -> C:\Windows\tasks\SA.DAT -> [2009/10/03 19:30:31 | 00,000,006 | -H-- | M] ()
hiberfil.sys -> C:\hiberfil.sys -> [2009/10/03 19:30:08 | 41,239,10144 | -HS- | M] ()
ntuser.dat{a6f74964-7726-11de-bc88-0022fa4e2b18}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\User\ntuser.dat{a6f74964-7726-11de-bc88-0022fa4e2b18}.TMContainer00000000000000000001.regtrans-ms -> [2009/10/03 19:29:13 | 00,524,288 | -HS- | M] ()
ntuser.dat{a6f74964-7726-11de-bc88-0022fa4e2b18}.TM.blf -> C:\Users\User\ntuser.dat{a6f74964-7726-11de-bc88-0022fa4e2b18}.TM.blf -> [2009/10/03 19:29:13 | 00,065,536 | -HS- | M] ()
IconCache.db -> C:\Users\User\AppData\Local\IconCache.db -> [2009/10/03 19:29:10 | 01,082,924 | -H-- | M] ()
RootRepeal.exe -> C:\Users\User\Desktop\RootRepeal.exe -> [2009/10/01 22:47:45 | 00,472,064 | ---- | M] ( )
MpSigStub.exe -> C:\Windows\SysNative\MpSigStub.exe -> [2009/10/01 10:29:14 | 00,238,960 | ---- | M] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009/09/26 21:34:05 | 00,064,000 | ---- | M] ()
.recently-used.xbel -> C:\Users\User\.recently-used.xbel -> [2009/09/18 13:40:03 | 00,002,102 | ---- | M] ()
Current Default.Theme -> C:\Users\User\Documents\Current Default.Theme -> [2009/09/04 02:51:46 | 00,006,161 | ---- | M] ()
OTL.exe -> C:\Users\User\Desktop\OTL.exe -> [2009/09/01 10:41:56 | 00,514,048 | ---- | M] (OldTimer Tools)
dds.scr -> C:\Users\User\Desktop\dds.scr -> [2009/08/30 16:26:33 | 00,359,932 | ---- | M] ()
avast! Antivirus.lnk -> C:\Users\Public\Desktop\avast! Antivirus.lnk -> [2009/08/27 01:08:30 | 00,001,816 | ---- | M] ()
config.nt -> C:\Windows\SysWow64\config.nt -> [2009/08/27 01:08:29 | 00,000,000 | ---- | M] ()
aswBoot.exe -> C:\Windows\SysWow64\aswBoot.exe -> [2009/08/17 11:10:20 | 01,279,456 | ---- | M] (ALWIL Software)
aswSP.sys -> C:\Windows\SysNative\drivers\aswSP.sys -> [2009/08/17 11:06:05 | 00,089,680 | ---- | M] ()
aswFsBlk.sys -> C:\Windows\SysNative\drivers\aswFsBlk.sys -> [2009/08/17 11:05:43 | 00,022,096 | ---- | M] ()
aswMonFlt.sys -> C:\Windows\SysNative\drivers\aswMonFlt.sys -> [2009/08/17 11:05:31 | 00,065,616 | ---- | M] ()
aswTdi.sys -> C:\Windows\SysNative\drivers\aswTdi.sys -> [2009/08/17 11:04:43 | 00,058,448 | ---- | M] ()
aswRdr.sys -> C:\Windows\SysNative\drivers\aswRdr.sys -> [2009/08/17 11:04:32 | 00,027,216 | ---- | M] ()
AvastSS.scr -> C:\Windows\SysNative\AvastSS.scr -> [2009/08/17 11:02:50 | 00,097,480 | ---- | M] ()
sphere-complete_2009-08-09.sql.gz -> C:\Users\User\sphere-complete_2009-08-09.sql.gz -> [2009/08/09 22:33:16 | 00,000,000 | ---- | M] ()
wups.dll -> C:\Windows\SysNative\wups.dll -> [2009/08/06 21:24:27 | 00,038,112 | ---- | M] ()
wups2.dll -> C:\Windows\SysNative\wups2.dll -> [2009/08/06 21:24:20 | 00,043,744 | ---- | M] ()
wuaueng.dll -> C:\Windows\SysNative\wuaueng.dll -> [2009/08/06 21:24:17 | 02,424,024 | ---- | M] ()
wuauclt.exe -> C:\Windows\SysNative\wuauclt.exe -> [2009/08/06 21:24:17 | 00,057,560 | ---- | M] ()
wups.dll -> C:\Windows\SysWow64\wups.dll -> [2009/08/06 21:24:09 | 00,035,552 | ---- | M] (Microsoft Corporation)
wuapi.dll -> C:\Windows\SysNative\wuapi.dll -> [2009/08/06 21:23:52 | 00,700,640 | ---- | M] ()
wuapi.dll -> C:\Windows\SysWow64\wuapi.dll -> [2009/08/06 21:23:52 | 00,575,704 | ---- | M] (Microsoft Corporation)
wucltux.dll -> C:\Windows\SysNative\wucltux.dll -> [2009/08/06 20:59:43 | 02,621,440 | ---- | M] ()
wudriver.dll -> C:\Windows\SysNative\wudriver.dll -> [2009/08/06 20:59:07 | 00,098,816 | ---- | M] ()
wudriver.dll -> C:\Windows\SysWow64\wudriver.dll -> [2009/08/06 20:44:40 | 00,087,552 | ---- | M] (Microsoft Corporation)
wuwebv.dll -> C:\Windows\SysNative\wuwebv.dll -> [2009/08/06 19:23:06 | 00,185,416 | ---- | M] ()
wuwebv.dll -> C:\Windows\SysWow64\wuwebv.dll -> [2009/08/06 19:23:06 | 00,171,608 | ---- | M] (Microsoft Corporation)
wuapp.exe -> C:\Windows\SysNative\wuapp.exe -> [2009/08/06 18:59:12 | 00,036,864 | ---- | M] ()
wuapp.exe -> C:\Windows\SysWow64\wuapp.exe -> [2009/08/06 18:44:46 | 00,033,792 | ---- | M] (Microsoft Corporation)
SCRABBLE Blast.lnk -> C:\Users\User\Desktop\SCRABBLE Blast.lnk -> [2009/08/04 18:34:08 | 00,000,977 | ---- | M] ()
_MSRSTRT.EXE -> C:\Windows\_MSRSTRT.EXE -> [2009/08/04 18:30:32 | 00,002,560 | ---- | M] ()
Trillian.lnk -> C:\Users\User\Desktop\Trillian.lnk -> [2009/07/31 21:29:18 | 00,001,809 | ---- | M] ()
drweb-cureit.exe -> C:\Users\User\Desktop\drweb-cureit.exe -> [2009/07/30 15:26:57 | 15,180,040 | ---- | M] (Doctor Web, Ltd.)
GooredFix.exe -> C:\Users\User\Desktop\GooredFix.exe -> [2009/07/29 21:30:37 | 00,046,157 | ---- | M] (jpshortstuff)
mrt.exe -> C:\Windows\SysNative\mrt.exe -> [2009/07/29 20:20:46 | 26,162,632 | ---- | M] ()
d3d9caps64.dat -> C:\Users\User\AppData\Local\d3d9caps64.dat -> [2009/07/29 13:11:28 | 00,000,732 | ---- | M] ()
SUPERAntiSpyware Free Edition.lnk -> C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk -> [2009/07/29 12:31:01 | 00,000,955 | ---- | M] ()
Mozilla Firefox.lnk -> C:\Users\Public\Desktop\Mozilla Firefox.lnk -> [2009/07/27 18:57:34 | 00,001,735 | ---- | M] ()
avg-scan072709.csv -> C:\Users\User\Documents\avg-scan072709.csv -> [2009/07/27 17:41:12 | 00,001,314 | ---- | M] ()
iltwain.ini -> C:\Windows\iltwain.ini -> [2009/07/27 16:20:38 | 00,000,033 | ---- | M] ()
Spybot - Search & Destroy.lnk -> C:\Users\User\Desktop\Spybot - Search & Destroy.lnk -> [2009/07/27 10:53:05 | 00,001,108 | ---- | M] ()
Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009/07/27 04:02:23 | 00,000,859 | ---- | M] ()
ocsetup_install_MicrosoftWindowsPowerShell.etl -> C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl -> [2009/07/23 22:17:38 | 01,638,400 | ---- | M] ()
ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf -> C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf -> [2009/07/23 22:17:37 | 00,196,608 | ---- | M] ()
ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx -> C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx -> [2009/07/23 22:17:37 | 00,065,536 | ---- | M] ()
FNTCACHE.DAT -> C:\Windows\SysNative\FNTCACHE.DAT -> [2009/07/23 22:15:20 | 00,397,632 | ---- | M] ()
ntuser.dat{a6f74964-7726-11de-bc88-0022fa4e2b18}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\User\ntuser.dat{a6f74964-7726-11de-bc88-0022fa4e2b18}.TMContainer00000000000000000002.regtrans-ms -> [2009/07/23 22:13:38 | 00,524,288 | -HS- | M] ()
ntuser.dat{6d737040-7723-11de-9cb5-00238baba6cb}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\User\ntuser.dat{6d737040-7723-11de-9cb5-00238baba6cb}.TMContainer00000000000000000002.regtrans-ms -> [2009/07/22 20:24:53 | 00,524,288 | -HS- | M] ()
ntuser.dat{6d737040-7723-11de-9cb5-00238baba6cb}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\User\ntuser.dat{6d737040-7723-11de-9cb5-00238baba6cb}.TMContainer00000000000000000001.regtrans-ms -> [2009/07/22 20:24:53 | 00,524,288 | -HS- | M] ()
ntuser.dat{6d737040-7723-11de-9cb5-00238baba6cb}.TM.blf -> C:\Users\User\ntuser.dat{6d737040-7723-11de-9cb5-00238baba6cb}.TM.blf -> [2009/07/22 20:24:53 | 00,065,536 | -HS- | M] ()
ntuser.dat{8754febc-771e-11de-a4f8-00238baba6cb}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\User\ntuser.dat{8754febc-771e-11de-a4f8-00238baba6cb}.TMContainer00000000000000000001.regtrans-ms -> [2009/07/22 20:03:45 | 00,524,288 | -HS- | M] ()
ntuser.dat{8754febc-771e-11de-a4f8-00238baba6cb}.TM.blf -> C:\Users\User\ntuser.dat{8754febc-771e-11de-a4f8-00238baba6cb}.TM.blf -> [2009/07/22 20:03:45 | 00,065,536 | -HS- | M] ()
ntuser.dat{8754febc-771e-11de-a4f8-00238baba6cb}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\User\ntuser.dat{8754febc-771e-11de-a4f8-00238baba6cb}.TMContainer00000000000000000002.regtrans-ms -> [2009/07/22 19:54:01 | 00,524,288 | -HS- | M] ()
NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\User\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms -> [2009/07/22 19:32:27 | 00,524,288 | -HS- | M] ()
NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf -> C:\Users\User\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf -> [2009/07/22 19:32:27 | 00,065,536 | -HS- | M] ()
wininet.dll -> C:\Windows\SysNative\wininet.dll -> [2009/07/21 17:11:15 | 01,146,880 | ---- | M] ()
urlmon.dll -> C:\Windows\SysNative\urlmon.dll -> [2009/07/21 17:11:04 | 01,484,288 | ---- | M] ()
occache.dll -> C:\Windows\SysNative\occache.dll -> [2009/07/21 17:09:54 | 00,243,712 | ---- | M] ()
mshtml.dll -> C:\Windows\SysNative\mshtml.dll -> [2009/07/21 17:07:37 | 09,233,408 | ---- | M] ()
msfeeds.dll -> C:\Windows\SysNative\msfeeds.dll -> [2009/07/21 17:07:34 | 00,700,928 | ---- | M] ()
msfeedsbs.dll -> C:\Windows\SysNative\msfeedsbs.dll -> [2009/07/21 17:07:34 | 00,071,680 | ---- | M] ()
jsproxy.dll -> C:\Windows\SysNative\jsproxy.dll -> [2009/07/21 17:06:56 | 00,031,744 | ---- | M] ()
inetcpl.cpl -> C:\Windows\SysNative\inetcpl.cpl -> [2009/07/21 17:06:48 | 01,538,560 | ---- | M] ()
iertutil.dll -> C:\Windows\SysNative\iertutil.dll -> [2009/07/21 17:06:31 | 02,334,208 | ---- | M] ()
ieui.dll -> C:\Windows\SysNative\ieui.dll -> [2009/07/21 17:06:31 | 00,219,136 | ---- | M] ()
iesysprep.dll -> C:\Windows\SysNative\iesysprep.dll -> [2009/07/21 17:06:31 | 00,132,096 | ---- | M] ()
iesetup.dll -> C:\Windows\SysNative\iesetup.dll -> [2009/07/21 17:06:31 | 00,077,312 | ---- | M] ()
ieframe.dll -> C:\Windows\SysNative\ieframe.dll -> [2009/07/21 17:06:30 | 12,458,496 | ---- | M] ()
iepeers.dll -> C:\Windows\SysNative\iepeers.dll -> [2009/07/21 17:06:30 | 00,252,416 | ---- | M] ()
iernonce.dll -> C:\Windows\SysNative\iernonce.dll -> [2009/07/21 17:06:30 | 00,072,192 | ---- | M] ()
iedkcs32.dll -> C:\Windows\SysNative\iedkcs32.dll -> [2009/07/21 17:06:27 | 00,458,240 | ---- | M] ()
wininet.dll -> C:\Windows\SysWow64\wininet.dll -> [2009/07/21 16:52:28 | 00,915,456 | ---- | M] (Microsoft Corporation)
urlmon.dll -> C:\Windows\SysWow64\urlmon.dll -> [2009/07/21 16:52:13 | 01,208,832 | ---- | M] (Microsoft Corporation)
occache.dll -> C:\Windows\SysWow64\occache.dll -> [2009/07/21 16:50:46 | 00,206,848 | ---- | M] (Microsoft Corporation)
mshtml.dll -> C:\Windows\SysWow64\mshtml.dll -> [2009/07/21 16:48:31 | 05,937,152 | ---- | M] (Microsoft Corporation)
msfeeds.dll -> C:\Windows\SysWow64\msfeeds.dll -> [2009/07/21 16:48:27 | 00,594,432 | ---- | M] (Microsoft Corporation)
msfeedsbs.dll -> C:\Windows\SysWow64\msfeedsbs.dll -> [2009/07/21 16:48:27 | 00,055,296 | ---- | M] (Microsoft Corporation)
jsproxy.dll -> C:\Windows\SysWow64\jsproxy.dll -> [2009/07/21 16:47:47 | 00,025,600 | ---- | M] (Microsoft Corporation)
inetcpl.cpl -> C:\Windows\SysWow64\inetcpl.cpl -> [2009/07/21 16:47:41 | 01,469,440 | ---- | M] (Microsoft Corporation)
ieui.dll -> C:\Windows\SysWow64\ieui.dll -> [2009/07/21 16:47:28 | 00,164,352 | ---- | M] (Microsoft Corporation)
iesysprep.dll -> C:\Windows\SysWow64\iesysprep.dll -> [2009/07/21 16:47:28 | 00,109,056 | ---- | M] (Microsoft Corporation)
iertutil.dll -> C:\Windows\SysWow64\iertutil.dll -> [2009/07/21 16:47:27 | 01,985,536 | ---- | M] (Microsoft Corporation)
iesetup.dll -> C:\Windows\SysWow64\iesetup.dll -> [2009/07/21 16:47:27 | 00,071,680 | ---- | M] (Microsoft Corporation)
ieframe.dll -> C:\Windows\SysWow64\ieframe.dll -> [2009/07/21 16:47:26 | 11,067,392 | ---- | M] (Microsoft Corporation)
iepeers.dll -> C:\Windows\SysWow64\iepeers.dll -> [2009/07/21 16:47:26 | 00,184,320 | ---- | M] (Microsoft Corporation)
iernonce.dll -> C:\Windows\SysWow64\iernonce.dll -> [2009/07/21 16:47:26 | 00,055,808 | ---- | M] (Microsoft Corporation)
iedkcs32.dll -> C:\Windows\SysWow64\iedkcs32.dll -> [2009/07/21 16:47:21 | 00,386,048 | ---- | M] (Microsoft Corporation)
ieUnatt.exe -> C:\Windows\SysNative\ieUnatt.exe -> [2009/07/21 15:34:53 | 00,162,816 | ---- | M] ()
ie4uinit.exe -> C:\Windows\SysNative\ie4uinit.exe -> [2009/07/21 15:34:41 | 00,070,656 | ---- | M] ()
msfeedssync.exe -> C:\Windows\SysNative\msfeedssync.exe -> [2009/07/21 15:34:12 | 00,012,288 | ---- | M] ()
mshtml.tlb -> C:\Windows\SysNative\mshtml.tlb -> [2009/07/21 15:34:00 | 01,638,912 | ---- | M] ()
ieUnatt.exe -> C:\Windows\SysWow64\ieUnatt.exe -> [2009/07/21 15:13:58 | 00,133,632 | ---- | M] (Microsoft Corporation)
ie4uinit.exe -> C:\Windows\SysWow64\ie4uinit.exe -> [2009/07/21 15:13:51 | 00,173,056 | ---- | M] (Microsoft Corporation)
msfeedssync.exe -> C:\Windows\SysWow64\msfeedssync.exe -> [2009/07/21 15:13:15 | 00,013,312 | ---- | M] (Microsoft Corporation)
mshtml.tlb -> C:\Windows\SysWow64\mshtml.tlb -> [2009/07/21 15:12:49 | 01,638,912 | ---- | M] (Microsoft Corporation)
ieuinit.inf -> C:\Windows\SysNative\ieuinit.inf -> [2009/07/21 14:09:32 | 00,057,667 | ---- | M] ()
ieuinit.inf -> C:\Windows\SysWow64\ieuinit.inf -> [2009/07/21 13:31:43 | 00,057,667 | ---- | M] ()
ntoskrnl.exe -> C:\Windows\SysNative\ntoskrnl.exe -> [2009/07/21 10:52:38 | 04,691,032 | ---- | M] ()
atl.dll -> C:\Windows\SysNative\atl.dll -> [2009/07/17 10:00:43 | 00,088,576 | ---- | M] ()
atl.dll -> C:\Windows\SysWow64\atl.dll -> [2009/07/17 09:35:11 | 00,071,680 | ---- | M] (Microsoft Corporation)
wmp.dll -> C:\Windows\SysNative\wmp.dll -> [2009/07/14 08:21:42 | 13,426,176 | ---- | M] ()
wmpdxm.dll -> C:\Windows\SysNative\wmpdxm.dll -> [2009/07/14 08:21:42 | 00,368,128 | ---- | M] ()
msdxm.ocx -> C:\Windows\SysNative\msdxm.ocx -> [2009/07/14 08:20:51 | 00,005,120 | ---- | M] ()
dxmasf.dll -> C:\Windows\SysNative\dxmasf.dll -> [2009/07/14 08:20:51 | 00,005,120 | ---- | M] ()
spwmp.dll -> C:\Windows\SysNative\spwmp.dll -> [2009/07/14 08:20:06 | 00,009,216 | ---- | M] ()
wmpdxm.dll -> C:\Windows\SysWow64\wmpdxm.dll -> [2009/07/14 08:00:17 | 00,313,344 | ---- | M] (Microsoft Corporation)
wmp.dll -> C:\Windows\SysWow64\wmp.dll -> [2009/07/14 08:00:16 | 10,624,000 | ---- | M] (Microsoft Corporation)
msdxm.ocx -> C:\Windows\SysWow64\msdxm.ocx -> [2009/07/14 07:59:28 | 00,004,096 | ---- | M] (Microsoft Corporation)
dxmasf.dll -> C:\Windows\SysWow64\dxmasf.dll -> [2009/07/14 07:59:28 | 00,004,096 | ---- | M] (Microsoft Corporation)
spwmp.dll -> C:\Windows\SysWow64\spwmp.dll -> [2009/07/14 07:58:44 | 00,007,680 | ---- | M] (Microsoft Corporation)
wmploc.DLL -> C:\Windows\SysNative\wmploc.DLL -> [2009/07/14 06:31:58 | 08,147,968 | ---- | M] ()
wmploc.DLL -> C:\Windows\SysWow64\wmploc.DLL -> [2009/07/14 05:59:56 | 08,147,456 | ---- | M] (Microsoft Corporation)
msdxm.tlb -> C:\Windows\SysNative\msdxm.tlb -> [2009/07/14 03:33:07 | 00,043,520 | ---- | M] ()
amcompat.tlb -> C:\Windows\SysNative\amcompat.tlb -> [2009/07/14 03:33:07 | 00,018,432 | ---- | M] ()
msdxm.tlb -> C:\Windows\SysWow64\msdxm.tlb -> [2009/07/14 03:30:48 | 00,043,520 | ---- | M] (Microsoft Corporation)
amcompat.tlb -> C:\Windows\SysWow64\amcompat.tlb -> [2009/07/14 03:30:48 | 00,018,432 | ---- | M] (Microsoft Corporation)
mbamswissarmy.sys -> C:\Windows\SysWow64\drivers\mbamswissarmy.sys -> [2009/07/13 13:36:34 | 00,038,160 | ---- | M] (Malwarebytes Corporation)
mbam.sys -> C:\Windows\SysNative\drivers\mbam.sys -> [2009/07/13 13:36:14 | 00,022,040 | ---- | M] ()
 
[Files - No Company Name]
MpSigStub.exe -> C:\Windows\SysNative\MpSigStub.exe -> [2009/10/04 02:14:35 | 00,238,960 | ---- | C] ()
wups2.dll -> C:\Windows\SysNative\wups2.dll -> [2009/10/02 20:34:21 | 00,043,744 | ---- | C] ()
wucltux.dll -> C:\Windows\SysNative\wucltux.dll -> [2009/10/02 20:34:20 | 02,621,440 | ---- | C] ()
wuaueng.dll -> C:\Windows\SysNative\wuaueng.dll -> [2009/10/02 20:34:20 | 02,424,024 | ---- | C] ()
wuauclt.exe -> C:\Windows\SysNative\wuauclt.exe -> [2009/10/02 20:34:20 | 00,057,560 | ---- | C] ()
wuapi.dll -> C:\Windows\SysNative\wuapi.dll -> [2009/10/02 20:33:58 | 00,700,640 | ---- | C] ()
wudriver.dll -> C:\Windows\SysNative\wudriver.dll -> [2009/10/02 20:33:58 | 00,098,816 | ---- | C] ()
wups.dll -> C:\Windows\SysNative\wups.dll -> [2009/10/02 20:33:58 | 00,038,112 | ---- | C] ()
wuwebv.dll -> C:\Windows\SysNative\wuwebv.dll -> [2009/10/02 20:33:47 | 00,185,416 | ---- | C] ()
wuapp.exe -> C:\Windows\SysNative\wuapp.exe -> [2009/10/02 20:33:47 | 00,036,864 | ---- | C] ()
.recently-used.xbel -> C:\Users\User\.recently-used.xbel -> [2009/09/18 13:40:03 | 00,002,102 | ---- | C] ()
Current Default.Theme -> C:\Users\User\Documents\Current Default.Theme -> [2009/09/04 02:51:45 | 00,006,161 | ---- | C] ()
ntoskrnl.exe -> C:\Windows\SysNative\ntoskrnl.exe -> [2009/09/02 06:44:25 | 04,691,032 | ---- | C] ()
tzres.dll -> C:\Windows\SysNative\tzres.dll -> [2009/08/31 02:51:03 | 00,002,048 | ---- | C] ()
dds.scr -> C:\Users\User\Desktop\dds.scr -> [2009/08/30 16:26:28 | 00,359,932 | ---- | C] ()
aswTdi.sys -> C:\Windows\SysNative\drivers\aswTdi.sys -> [2009/08/27 01:08:30 | 00,058,448 | ---- | C] ()
aswRdr.sys -> C:\Windows\SysNative\drivers\aswRdr.sys -> [2009/08/27 01:08:30 | 00,027,216 | ---- | C] ()
avast! Antivirus.lnk -> C:\Users\Public\Desktop\avast! Antivirus.lnk -> [2009/08/27 01:08:30 | 00,001,816 | ---- | C] ()
AvastSS.scr -> C:\Windows\SysNative\AvastSS.scr -> [2009/08/27 01:08:29 | 00,097,480 | ---- | C] ()
aswSP.sys -> C:\Windows\SysNative\drivers\aswSP.sys -> [2009/08/27 01:08:29 | 00,089,680 | ---- | C] ()
aswMonFlt.sys -> C:\Windows\SysNative\drivers\aswMonFlt.sys -> [2009/08/27 01:08:29 | 00,065,616 | ---- | C] ()
aswFsBlk.sys -> C:\Windows\SysNative\drivers\aswFsBlk.sys -> [2009/08/27 01:08:29 | 00,022,096 | ---- | C] ()
actskin4.ocx -> C:\Windows\SysWow64\actskin4.ocx -> [2009/08/27 01:08:05 | 00,380,928 | ---- | C] ()
lsasrv.dll -> C:\Windows\SysNative\lsasrv.dll -> [2009/08/23 21:44:12 | 01,692,160 | ---- | C] ()
kerberos.dll -> C:\Windows\SysNative\kerberos.dll -> [2009/08/23 21:44:12 | 00,656,384 | ---- | C] ()
msv1_0.dll -> C:\Windows\SysNative\msv1_0.dll -> [2009/08/23 21:44:12 | 00,268,800 | ---- | C] ()
wdigest.dll -> C:\Windows\SysNative\wdigest.dll -> [2009/08/23 21:44:11 | 00,205,312 | ---- | C] ()
ksecdd.sys -> C:\Windows\SysNative\drivers\ksecdd.sys -> [2009/08/23 21:44:10 | 00,515,656 | ---- | C] ()
schannel.dll -> C:\Windows\SysNative\schannel.dll -> [2009/08/23 21:44:10 | 00,338,944 | ---- | C] ()
secur32.dll -> C:\Windows\SysNative\secur32.dll -> [2009/08/23 21:44:10 | 00,094,720 | ---- | C] ()
lsass.exe -> C:\Windows\SysNative\lsass.exe -> [2009/08/23 21:44:10 | 00,011,264 | ---- | C] ()
mstscax.dll -> C:\Windows\SysNative\mstscax.dll -> [2009/08/11 16:28:50 | 02,423,296 | ---- | C] ()
wkssvc.dll -> C:\Windows\SysNative\wkssvc.dll -> [2009/08/11 16:28:26 | 00,202,752 | ---- | C] ()
atl.dll -> C:\Windows\SysNative\atl.dll -> [2009/08/11 16:28:25 | 00,088,576 | ---- | C] ()
wmp.dll -> C:\Windows\SysNative\wmp.dll -> [2009/08/11 16:28:12 | 13,426,176 | ---- | C] ()
wmpdxm.dll -> C:\Windows\SysNative\wmpdxm.dll -> [2009/08/11 16:28:01 | 00,368,128 | ---- | C] ()
spwmp.dll -> C:\Windows\SysNative\spwmp.dll -> [2009/08/11 16:27:57 | 00,009,216 | ---- | C] ()
msdxm.ocx -> C:\Windows\SysNative\msdxm.ocx -> [2009/08/11 16:27:55 | 00,005,120 | ---- | C] ()
dxmasf.dll -> C:\Windows\SysNative\dxmasf.dll -> [2009/08/11 16:27:55 | 00,005,120 | ---- | C] ()
wmploc.DLL -> C:\Windows\SysNative\wmploc.DLL -> [2009/08/11 16:27:53 | 08,147,968 | ---- | C] ()
msdxm.tlb -> C:\Windows\SysNative\msdxm.tlb -> [2009/08/11 16:27:52 | 00,043,520 | ---- | C] ()
amcompat.tlb -> C:\Windows\SysNative\amcompat.tlb -> [2009/08/11 16:27:52 | 00,018,432 | ---- | C] ()
mciavi32.dll -> C:\Windows\SysNative\mciavi32.dll -> [2009/08/11 16:26:02 | 00,093,184 | ---- | C] ()
avicap32.dll -> C:\Windows\SysNative\avicap32.dll -> [2009/08/11 16:26:02 | 00,076,800 | ---- | C] ()
avifil32.dll -> C:\Windows\SysNative\avifil32.dll -> [2009/08/11 16:26:01 | 00,108,544 | ---- | C] ()
sphere-complete_2009-08-09.sql.gz -> C:\Users\User\sphere-complete_2009-08-09.sql.gz -> [2009/08/09 22:33:15 | 00,000,000 | ---- | C] ()
SCRABBLE Blast.lnk -> C:\Users\User\Desktop\SCRABBLE Blast.lnk -> [2009/08/04 18:34:08 | 00,000,977 | ---- | C] ()
Trillian.lnk -> C:\Users\User\Desktop\Trillian.lnk -> [2009/07/31 21:23:08 | 00,001,809 | ---- | C] ()
IconCache.db -> C:\Users\User\AppData\Local\IconCache.db -> [2009/07/30 19:24:35 | 01,082,924 | -H-- | C] ()
hiberfil.sys -> C:\hiberfil.sys -> [2009/07/30 18:43:00 | 41,239,10144 | -HS- | C] ()
d3d9caps64.dat -> C:\Users\User\AppData\Local\d3d9caps64.dat -> [2009/07/29 13:11:28 | 00,000,732 | ---- | C] ()
SUPERAntiSpyware Free Edition.lnk -> C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk -> [2009/07/29 12:31:01 | 00,000,955 | ---- | C] ()
mshtml.dll -> C:\Windows\SysNative\mshtml.dll -> [2009/07/29 00:03:24 | 09,233,408 | ---- | C] ()
ieframe.dll -> C:\Windows\SysNative\ieframe.dll -> [2009/07/29 00:03:21 | 12,458,496 | ---- | C] ()
iertutil.dll -> C:\Windows\SysNative\iertutil.dll -> [2009/07/29 00:03:20 | 02,334,208 | ---- | C] ()
urlmon.dll -> C:\Windows\SysNative\urlmon.dll -> [2009/07/29 00:03:19 | 01,484,288 | ---- | C] ()
wininet.dll -> C:\Windows\SysNative\wininet.dll -> [2009/07/29 00:03:19 | 01,146,880 | ---- | C] ()
iedkcs32.dll -> C:\Windows\SysNative\iedkcs32.dll -> [2009/07/29 00:03:19 | 00,458,240 | ---- | C] ()
occache.dll -> C:\Windows\SysNative\occache.dll -> [2009/07/29 00:03:19 | 00,243,712 | ---- | C] ()
inetcpl.cpl -> C:\Windows\SysNative\inetcpl.cpl -> [2009/07/29 00:03:18 | 01,538,560 | ---- | C] ()
msfeeds.dll -> C:\Windows\SysNative\msfeeds.dll -> [2009/07/29 00:03:18 | 00,700,928 | ---- | C] ()
ieUnatt.exe -> C:\Windows\SysNative\ieUnatt.exe -> [2009/07/29 00:03:18 | 00,162,816 | ---- | C] ()
mshtml.tlb -> C:\Windows\SysNative\mshtml.tlb -> [2009/07/29 00:03:17 | 01,638,912 | ---- | C] ()
iepeers.dll -> C:\Windows\SysNative\iepeers.dll -> [2009/07/29 00:03:17 | 00,252,416 | ---- | C] ()
ieui.dll -> C:\Windows\SysNative\ieui.dll -> [2009/07/29 00:03:17 | 00,219,136 | ---- | C] ()
iesysprep.dll -> C:\Windows\SysNative\iesysprep.dll -> [2009/07/29 00:03:17 | 00,132,096 | ---- | C] ()
iesetup.dll -> C:\Windows\SysNative\iesetup.dll -> [2009/07/29 00:03:17 | 00,077,312 | ---- | C] ()
iernonce.dll -> C:\Windows\SysNative\iernonce.dll -> [2009/07/29 00:03:17 | 00,072,192 | ---- | C] ()
msfeedsbs.dll -> C:\Windows\SysNative\msfeedsbs.dll -> [2009/07/29 00:03:17 | 00,071,680 | ---- | C] ()
ie4uinit.exe -> C:\Windows\SysNative\ie4uinit.exe -> [2009/07/29 00:03:17 | 00,070,656 | ---- | C] ()
jsproxy.dll -> C:\Windows\SysNative\jsproxy.dll -> [2009/07/29 00:03:17 | 00,031,744 | ---- | C] ()
msfeedssync.exe -> C:\Windows\SysNative\msfeedssync.exe -> [2009/07/29 00:03:17 | 00,012,288 | ---- | C] ()
ieuinit.inf -> C:\Windows\SysWow64\ieuinit.inf -> [2009/07/29 00:03:16 | 00,057,667 | ---- | C] ()
ieuinit.inf -> C:\Windows\SysNative\ieuinit.inf -> [2009/07/29 00:03:16 | 00,057,667 | ---- | C] ()
Mozilla Firefox.lnk -> C:\Users\Public\Desktop\Mozilla Firefox.lnk -> [2009/07/27 18:57:34 | 00,001,735 | ---- | C] ()
avg-scan072709.csv -> C:\Users\User\Documents\avg-scan072709.csv -> [2009/07/27 17:41:12 | 00,001,314 | ---- | C] ()
_MSRSTRT.EXE -> C:\Windows\_MSRSTRT.EXE -> [2009/07/27 16:20:45 | 00,002,560 | ---- | C] ()
Spybot - Search & Destroy.lnk -> C:\Users\User\Desktop\Spybot - Search & Destroy.lnk -> [2009/07/27 10:53:05 | 00,001,108 | ---- | C] ()
Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009/07/27 04:02:23 | 00,000,859 | ---- | C] ()
mbam.sys -> C:\Windows\SysNative\drivers\mbam.sys -> [2009/07/27 04:02:18 | 00,022,040 | ---- | C] ()
ocsetup_install_MicrosoftWindowsPowerShell.etl -> C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl -> [2009/07/23 22:17:20 | 01,638,400 | ---- | C] ()
ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf -> C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf -> [2009/07/23 22:17:20 | 00,196,608 | ---- | C] ()
ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx -> C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx -> [2009/07/23 22:17:20 | 00,065,536 | ---- | C] ()
ntuser.dat{a6f74964-7726-11de-bc88-0022fa4e2b18}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\User\ntuser.dat{a6f74964-7726-11de-bc88-0022fa4e2b18}.TMContainer00000000000000000002.regtrans-ms -> [2009/07/22 20:35:05 | 00,524,288 | -HS- | C] ()
ntuser.dat{a6f74964-7726-11de-bc88-0022fa4e2b18}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\User\ntuser.dat{a6f74964-7726-11de-bc88-0022fa4e2b18}.TMContainer00000000000000000001.regtrans-ms -> [2009/07/22 20:35:05 | 00,524,288 | -HS- | C] ()
ntuser.dat{a6f74964-7726-11de-bc88-0022fa4e2b18}.TM.blf -> C:\Users\User\ntuser.dat{a6f74964-7726-11de-bc88-0022fa4e2b18}.TM.blf -> [2009/07/22 20:35:05 | 00,065,536 | -HS- | C] ()
ntuser.dat{6d737040-7723-11de-9cb5-00238baba6cb}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\User\ntuser.dat{6d737040-7723-11de-9cb5-00238baba6cb}.TMContainer00000000000000000002.regtrans-ms -> [2009/07/22 20:19:42 | 00,524,288 | -HS- | C] ()
ntuser.dat{6d737040-7723-11de-9cb5-00238baba6cb}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\User\ntuser.dat{6d737040-7723-11de-9cb5-00238baba6cb}.TMContainer00000000000000000001.regtrans-ms -> [2009/07/22 20:19:42 | 00,524,288 | -HS- | C] ()
ntuser.dat{6d737040-7723-11de-9cb5-00238baba6cb}.TM.blf -> C:\Users\User\ntuser.dat{6d737040-7723-11de-9cb5-00238baba6cb}.TM.blf -> [2009/07/22 20:19:42 | 00,065,536 | -HS- | C] ()
ntuser.dat{8754febc-771e-11de-a4f8-00238baba6cb}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\User\ntuser.dat{8754febc-771e-11de-a4f8-00238baba6cb}.TMContainer00000000000000000002.regtrans-ms -> [2009/07/22 19:35:36 | 00,524,288 | -HS- | C] ()
ntuser.dat{8754febc-771e-11de-a4f8-00238baba6cb}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\User\ntuser.dat{8754febc-771e-11de-a4f8-00238baba6cb}.TMContainer00000000000000000001.regtrans-ms -> [2009/07/22 19:35:36 | 00,524,288 | -HS- | C] ()
ntuser.dat{8754febc-771e-11de-a4f8-00238baba6cb}.TM.blf -> C:\Users\User\ntuser.dat{8754febc-771e-11de-a4f8-00238baba6cb}.TM.blf -> [2009/07/22 19:35:35 | 00,065,536 | -HS- | C] ()
atmfd.dll -> C:\Windows\SysNative\atmfd.dll -> [2009/07/15 18:16:59 | 00,366,080 | ---- | C] ()
t2embed.dll -> C:\Windows\SysNative\t2embed.dll -> [2009/07/15 18:16:59 | 00,189,440 | ---- | C] ()
fontsub.dll -> C:\Windows\SysNative\fontsub.dll -> [2009/07/15 18:16:59 | 00,096,256 | ---- | C] ()
atmlib.dll -> C:\Windows\SysNative\atmlib.dll -> [2009/07/15 18:16:58 | 00,048,128 | ---- | C] ()
config.nt -> C:\Windows\SysWow64\config.nt -> [2009/07/11 07:20:49 | 00,000,000 | ---- | C] ()
IFiltSet.Ini -> C:\Windows\IFiltSet.Ini -> [2009/06/11 23:26:38 | 00,001,916 | ---- | C] ()
iltwain.ini -> C:\Windows\iltwain.ini -> [2009/06/11 23:21:04 | 00,000,033 | ---- | C] ()
d3d9caps.dat -> C:\Users\User\AppData\Local\d3d9caps.dat -> [2009/05/26 20:36:25 | 00,000,680 | ---- | C] ()
ODBC.INI -> C:\Windows\ODBC.INI -> [2009/05/12 00:00:02 | 00,000,376 | ---- | C] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009/05/11 13:23:39 | 00,064,000 | ---- | C] ()
GDIPFONTCACHEV1.DAT -> C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT -> [2009/05/01 08:35:41 | 00,112,424 | ---- | C] ()
fbd.sys -> C:\Windows\SysWow64\drivers\fbd.sys -> [2009/05/01 08:35:08 | 00,000,014 | RHS- | C] ()
csellang.ini -> C:\Windows\SysWow64\csellang.ini -> [2009/03/03 07:37:18 | 00,128,113 | ---- | C] ()
csellang.dll -> C:\Windows\SysWow64\csellang.dll -> [2009/03/03 07:37:18 | 00,045,056 | ---- | C] ()
cseltbl.ini -> C:\Windows\SysWow64\cseltbl.ini -> [2009/03/03 07:37:18 | 00,007,671 | ---- | C] ()
NDSTray.INI -> C:\Windows\NDSTray.INI -> [2008/08/20 21:36:09 | 00,000,000 | ---- | C] ()
IVIresizeW7.dll -> C:\Windows\SysWow64\IVIresizeW7.dll -> [2008/08/20 21:29:20 | 00,204,800 | ---- | C] ()
IVIresizeA6.dll -> C:\Windows\SysWow64\IVIresizeA6.dll -> [2008/08/20 21:29:20 | 00,200,704 | ---- | C] ()
IVIresizeP6.dll -> C:\Windows\SysWow64\IVIresizeP6.dll -> [2008/08/20 21:29:20 | 00,192,512 | ---- | C] ()
IVIresizeM6.dll -> C:\Windows\SysWow64\IVIresizeM6.dll -> [2008/08/20 21:29:20 | 00,192,512 | ---- | C] ()
IVIresizePX.dll -> C:\Windows\SysWow64\IVIresizePX.dll -> [2008/08/20 21:29:20 | 00,188,416 | ---- | C] ()
IVIresize.dll -> C:\Windows\SysWow64\IVIresize.dll -> [2008/08/20 21:29:20 | 00,020,480 | ---- | C] ()
tcpmon.ini -> C:\Windows\SysWow64\tcpmon.ini -> [2008/01/20 21:50:05 | 00,060,124 | ---- | C] ()
msjetoledb40.dll -> C:\Windows\SysWow64\msjetoledb40.dll -> [2008/01/20 21:49:49 | 00,368,640 | ---- | C] ()
TosBtAcc.dll -> C:\Windows\SysWow64\TosBtAcc.dll -> [2007/12/21 18:46:32 | 00,118,784 | ---- | C] ()
desktop.ini -> C:\Program Files\desktop.ini -> [2006/11/02 10:25:49 | 00,000,174 | -HS- | C] ()
desktop.ini -> C:\Program Files (x86)\desktop.ini -> [2006/11/02 10:25:49 | 00,000,174 | -HS- | C] ()
win.ini -> C:\Windows\win.ini -> [2006/11/02 07:34:27 | 00,000,219 | ---- | C] ()
system.ini -> C:\Windows\system.ini -> [2006/11/02 07:34:27 | 00,000,219 | ---- | C] ()
TosCommAPI.dll -> C:\Windows\SysWow64\TosCommAPI.dll -> [2005/07/22 23:30:18 | 00,065,536 | ---- | C] ()
 
[Alternate Data Streams]
@Alternate Data Stream - 16 bytes -> C:\Users\User\Documents\Shareaza Downloads:Shareaza.GUID
< End of report >

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:48 PM

Posted 04 October 2009 - 07:17 AM

Thanks BAPM.

From what I'm researching about Neosploit the log won't show me anything much.

The problem seems to be with the website.

Neosploit hijacks the code in the website and attempts to hijack your PC. What AVG has done is stopped the attack and told you about it.

It may be better to contact the webmaster and explain that Neosploit has been active in the site and ask them to deal with it, they should be able to remove it once they are aware of its presence.

Neosploit was a massive problem when it was first developed and released and hit some major sites but, as you are now aware, antiviruses are wise to these attacks now and block them.

The vulnerabilities are in your older versions of programs which Neosploit seeks out. If you visited the site on another updated PC you wouldn't see the warning.

Your best bet to stop the warnings is to update your program software. The quickest way to do this would be to visit Secunia, download their program and let it seek out your out-of-date software/applications. You may be surprised.

As Firefox is being targeted you should visit the Mozilla site and update their security patches. The link you gave does the same for Microsoft (if you followed it or you have auto update then this patch would have already been downloaded on your PC and this is why IE is okay)

I will give you some time to check out these options.
Posted Image
m0le is a proud member of UNITE

#12 BAPM

BAPM
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
    •  
  • Location:TX
  • Local time:05:48 PM

Posted 07 October 2009 - 12:27 AM

All right, thank you. I'm in the process of updating everything on this computer to see if it will help. The one question I have though is that if it's a problem with the website, how is it that I get the warning (or attempted attack, I suppose) going through Google without so much as running my mouse cursor over rachelcar.com? I have only visited the infected site once. I tried searching "rachel car" through MSN/bing and Yahoo! and didn't get a warning. When I try searching through Google though, the second after the results display I get the anti-virus pop-up about Neosploit. Also, since this has occurred, I have uninstalled and reinstalled Firefox at least three times, so it seems no matter how up-to-date I attempt to get it, it doesn't affect anything. Could this be somehow connected to Google or a Google add-on?

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:48 PM

Posted 07 October 2009 - 12:52 PM

The one question I have though is that if it's a problem with the website, how is it that I get the warning (or attempted attack, I suppose) going through Google without so much as running my mouse cursor over rachelcar.com? I have only visited the infected site once. I tried searching "rachel car" through MSN/bing and Yahoo! and didn't get a warning. When I try searching through Google though, the second after the results display I get the anti-virus pop-up about Neosploit. ...Could this be somehow connected to Google or a Google add-on?


From what I understand the Neosploit code is worked into encrypted Java and the fact that certain applications are affected proves that there are vulnerabilities only in certain areas.

It could be that Google is susceptible and the keywords "rachel car" being searched for automatically connect to the malicious code.

What I do know is that your antivirus is blocking the infection so although you are being attacked you are not being infected.

I would definitely uninstall or disable Google add-ons and try and recreate the search and see if you can pinpoint the problem that way.
Posted Image
m0le is a proud member of UNITE

#14 BAPM

BAPM
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
    •  
  • Location:TX
  • Local time:05:48 PM

Posted 12 October 2009 - 02:36 AM

I'm unsure how exactly to disable things. I thought I had some conventional add-on by Google on this computer somewhere like the Google toolbar but it doesn't seem that I do. (The only browser specific action I've taken concerning Google is choosing Google as a search provider in the top right corner box in both IE and Firefox.) I can't find anything from Google to click on and disable or uninstall. I did an advanced search on my machine and got some internet shortcuts (through Google that I had added myself) as well as the following, but I'm not sure what to do with it. Is it okay to delete this stuff or is it unrelated to my issue?

Attached Files


#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:48 PM

Posted 12 October 2009 - 03:26 PM

Some of the screenshot entries are to do with Google but...

There's a good instructional on disabling add-ons at this link
Posted Image
m0le is a proud member of UNITE
Back to Virus, Trojan, Spyware, and Malware Removal Help


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·