Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with trojans(msa.exe,e.exe*32)


  • This topic is locked This topic is locked
9 replies to this topic

#1 kredit

kredit

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 15 December 2009 - 04:34 PM

Hi friends!(edit report!!!!!!!!-malwarebytes has seemed to fixed the problem without me checking it! but could you review my content anyways to doublecheck?. TY)

Im hoping you can help me out with my trojans . They have completely crippled IE 8(keeps trying to load the homepage tab) but firefox works fine. Im on a toshiba qosmio x5000 with W7 64 bit ,avast antiV. I uninstalled mcafee a few days before infection. Ive included a dds but rootrepeal wont run on 64 bit. Maybe I missed a part of your prep guide. I did read it thru. I will add a malwarebytes log for good measure. Thanks so much for your time!kredit

DDS


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 01/12/2009 18:45:46
System Uptime: 15/12/2009 16:40:48 (5 hours ago)

Motherboard: TOSHIBA | | QOSMIO X500
Processor: Intel® Core™ i7 CPU Q 720 @ 1.60GHz | CPU 1 | 926/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 233 GiB total, 142.94 GiB free.
D: is FIXED (NTFS) - 466 GiB total, 434.588 GiB free.
E: is FIXED (NTFS) - 233 GiB total, 216.068 GiB free.
F: is CDROM ()
G: is CDROM (CDFS)
I: is CDROM ()
J: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP35: 09/12/2009 04:13:34 - Configured TRORMCLauncher
RP36: 09/12/2009 17:10:00 - Windows Update
RP37: 09/12/2009 17:38:05 -
RP38: 09/12/2009 18:32:19 - Restore Operation
RP39: 10/12/2009 02:54:04 - Windows Update
RP40: 12/12/2009 01:31:34 - Installed Pro Evolution Soccer 2010.
RP41: 13/12/2009 02:55:04 - Installed Borderlands
RP42: 13/12/2009 03:08:16 - Installed DirectX
RP43: 13/12/2009 16:21:48 - Windows Update
RP44: 13/12/2009 16:52:43 - Installed Windows Media Player Firefox Plugin
RP45: 14/12/2009 17:14:25 - Windows Update
RP46: 15/12/2009 01:18:37 - Removed Microsoft IntelliPoint 7.0

==== Installed Programs ======================

Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.2
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
avast! Antivirus
BitTorrent
Borderlands
CCleaner
Compatibility Pack for the 2007 Office system
CPU Thermometer 1.0
DiRT
FlatOut Ultimate Carnage
HDMI Control Manager
Java™ 6 Update 17
Junk Mail filter update
KeyTweak - Keyboard Remapper (remove only)
Microsoft Choice Guard
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Suite Activation Assistant
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Mobile Connect
Mobile Partner
Mozilla Firefox (3.6b4)
MP3 Converter Simple
MSVCRT
NVIDIA PhysX
O2Micro Flash Memory Card Windows Driver
PowerISO
Pro Evolution Soccer 2010
RealPlayer
Realtek WLAN Driver
SILENT HILL 4
Skype™ Launcher
SopCast 3.2.4
Stream Torrent 1.0
System Requirements Lab
Toshiba Assist
TOSHIBA Bulletin Board
TOSHIBA ConfigFree
TOSHIBA DVD PLAYER
TOSHIBA eco Utility
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
Toshiba Manuals
Toshiba Online Product Information
Toshiba Photo Service - powered by myphotobook
TOSHIBA Recovery Media Creator Reminder
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Supervisor Password
Toshiba TEMPRO
TOSHIBA USB Sleep and Charge Utility
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
TRORMCLauncher
TVUPlayer 2.4.9.1
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin
Xmarks for IE

==== Event Viewer Messages From Past Week ========

15/12/2009 16:41:03, Error: ps7ah4nc [1] - Protection Synchronization Driver detected an internal error, contact the customer support service.
14/12/2009 00:49:42, Error: Service Control Manager [7030] - The avast! Web Scanner service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
14/12/2009 00:49:42, Error: Service Control Manager [7030] - The avast! Mail Scanner service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
14/12/2009 00:49:42, Error: Service Control Manager [7030] - The avast! iAVS4 Control Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
14/12/2009 00:49:42, Error: Service Control Manager [7030] - The avast! Antivirus service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
13/12/2009 03:05:27, Error: Service Control Manager [7031] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/12/2009 15:59:40, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the McAfee Real-time Scanner service, but this action failed with the following error: An instance of the service is already running.
11/12/2009 04:30:28, Error: Service Control Manager [7000] - The McAfee Inc. mferkdk service failed to start due to the following error: The specified procedure could not be found.
09/12/2009 18:36:36, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..
09/12/2009 18:30:58, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004

==== End Of File ===========================



DDS (Ver_09-12-01.01) - NTFSX64
Run by kredit at 21:57:28.35 on 15/12/2009
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.353.1033.18.6132.4077 [GMT 1:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Fingerprint Sensor\ATService.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\DRIVERS\o2flash.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\TOSHIBA\TECO\TEco.exe
C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
C:\Program Files\TOSHIBA\TFPU\TFPUPWDBank.exe
C:\Program Files\TOSHIBA\TFPU\TFPUTaskMonitor.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Windows\system32\ThpSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files (x86)\Huawei technologies\Mobile Connect\Mobile Connect.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files (x86)\BitTorrent\bittorrent.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Users\kredit\Desktop\Core Temp.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 4\firefox.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\explorer.exe
C:\Program Files (x86)\Real\RealPlayer\realplay.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Users\kredit\AppData\Local\Temp\e.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\kredit\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://by116w.bay116.mail.live.com/mail/InboxLight.aspx?FolderID=00000000-0000-0000-0000-000000000001&n=1714029321
uInternet Settings,ProxyOverride = local
mWinlogon: Userinit=userinit.exe
BHO: TFPUPWDBankBHO Class: {030ac7b6-e7ec-40f1-8fb2-c0fd344de0b9} - c:\program files\toshiba\tfpu\x86\TFPUPWDBankBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [TOSHIBA Online Product Information] c:\program files (x86)\toshiba\toshiba online product information\topi.exe
uRun: [vegas] rundll32.exe c:\windows\system32\sshnas.dll,DllWork
uRun: [ZagrebLand] c:\users\kredit\appdata\local\temp\e.exe
mRun: [ToshibaServiceStation] "c:\program files (x86)\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60
mRun: [SunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast!] "c:\program files\alwil software\avast4\ashDisp.exe"
mRun: [TWebCamera] "c:\program files (x86)\toshiba\toshiba web camera application\TWebCamera.exe" autorun
mRun: [TUSBSleepChargeSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
dRun: [TOSHIBA Online Product Information] c:\program files (x86)\toshiba\toshiba online product information\topi.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files (x86)\toshiba\bluetooth toshiba stack\TosBtMng.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} - hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} - hxxp://www.vexcast.com/download/vexcast.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15110/CTPID.cab
TCP: {70152E69-6050-4161-9B6D-EE0A2B7D21AB} = 212.169.123.67 212.45.188.254
TB-X64: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
mRun-x64: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun-x64: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun-x64: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun-x64: [ThpSrv] c:\windows\system32\thpsrv /logon
mRun-x64: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe
mRun-x64: [HDMICtrlMan] %ProgramFiles%\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
mRun-x64: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
mRun-x64: [TFPUPWDBankService] c:\program files\toshiba\tfpu\TFPUPWDBank.exe /start
mRun-x64: [TFPUService] c:\program files\toshiba\tfpu\TFPUTaskMonitor.exe /start
mRun-x64: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
mRun-x64: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
mRun-x64: [TosVolRegulator] c:\windows\TosVolRegulator_x64.exe
mRun-x64: [cAudioFilterAgent] c:\program files\conexant\caudiofilteragent\cAudioFilterAgent64.exe
mRun-x64: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun-x64: [SmartAudio] c:\program files\conexant\saii\SAIICpl.exe /t
mRun-x64: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun-x64: [Toshiba TEMPRO] c:\program files (x86)\toshiba tempro\TemproTray.exe
IE-X64: {638F11AA-DF27-433b-BA2E-7281CE561D71} - c:\program files (x86)\xmarks\ie extension\xmarkssync.exe

================= FIREFOX ===================

FF - ProfilePath - c:\users\kredit\appdata\roaming\mozilla\firefox\profiles\4gg0z6fo.default\
FF - prefs.js: browser.startup.homepage - hxxp://by116w.bay116.mail.live.com/mail/InboxLight.aspx?FolderID=00000000-0000-0000-0000-000000000001&n=1714029321
FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\kredit\appdata\roaming\mozilla\firefox\profiles\4gg0z6fo.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox 3.6 beta 4\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.01.01);user_pref(general.useragent.extra.zencast, c:\program files (x86)\mozilla firefox 3.6 beta 4\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox 3.6 beta 4\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox 3.6 beta 4\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox 3.6 beta 4\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox 3.6 beta 4\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox 3.6 beta 4\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox 3.6 beta 4\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox 3.6 beta 4\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox 3.6 beta 4\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox 3.6 beta 4\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox 3.6 beta 4\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox 3.6 beta 4\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox 3.6 beta 4\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox 3.6 beta 4\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox 3.6 beta 4\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox 3.6 beta 4\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox 3.6 beta 4\greprefs\all.js - pref("html5.enable", false);
c:\program files (x86)\mozilla firefox 3.6 beta 4\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox 3.6 beta 4\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox 3.6 beta 4\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox 3.6 beta 4\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox 3.6 beta 4\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox 3.6 beta 4\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox 3.6 beta 4\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox 3.6 beta 4\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox 3.6 beta 4\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox 3.6 beta 4\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox 3.6 beta 4\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox 3.6 beta 4\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox 3.6 beta 4\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox 3.6 beta 4\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox 3.6 beta 4\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 pe3ah4nc;DiRT Environment Driver (pe3ah4nc);c:\windows\system32\drivers\pe3ah4nc.sys [2007-8-17 72296]
R0 ps7ah4nc;DiRT Synchronization Driver (ps7ah4nc);c:\windows\system32\drivers\ps7ah4nc.sys [2007-8-17 102000]
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2009-6-29 34880]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2009-6-29 14784]
R0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\drivers\tos_sps64.sys [2009-12-1 482384]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-12-14 89680]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-9-23 308296]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 59904]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-12-14 22096]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-12-14 65616]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\ATService.exe [2009-8-4 2688248]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-12-14 138680]
R2 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-12-14 254040]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\toshiba\configfree\CFIWmxSvcs64.exe [2009-8-10 248688]
R2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\toshiba\configfree\CFProcSRVC.exe [2009-7-14 42368]
R2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]
R2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\toshiba tempro\TemproSvc.exe [2009-8-26 116104]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\toshiba\teco\TecoService.exe [2009-8-27 251760]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [2009-6-19 14472]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2009-8-4 734720]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-12-14 352920]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x64.sys [2009-9-4 62464]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2009-8-21 84512]
R3 O2MDGRDR;O2MDGRDR;c:\windows\system32\drivers\o2mdgx64.sys [2009-8-5 73632]
R3 O2SDGRDR;O2SDGRDR;c:\windows\system32\drivers\o2sdgx64.sys [2009-8-18 49568]
R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2009-12-1 35008]
R3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [2009-6-15 12800]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\drivers\rtl8192se.sys [2009-12-1 942080]
R3 TMachInfo;TMachInfo;c:\program files (x86)\toshiba\toshiba service station\TMachInfo.exe [2009-12-1 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-9-17 137560]
R3 TPCHSrv;TPCH Service;c:\program files\toshiba\tphm\TPCHSrv.exe [2009-8-4 826224]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 17920]
S2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);c:\windows\system32\pr2ah4nc.exe svc --> c:\windows\system32\pr2ah4nc.exe svc [?]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-9-23 102472]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-9-23 40904]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-9-23 49480]

=============== Created Last 30 ================

2009-12-15 19:47:15 274432 ----a-w- c:\windows\syswow64\sshnas.dll
2009-12-15 01:09:32 0 d-----w- c:\windows\PCHEALTH
2009-12-14 20:00:00 0 d-----w- c:\program files (x86)\KeyTweak
2009-12-14 04:01:00 0 d-----w- c:\program files (x86)\AutoShutdown
2009-12-13 23:49:41 65616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-12-13 23:49:41 0 ----a-w- c:\windows\syswow64\config.nt
2009-12-13 23:49:16 1280480 ----a-w- c:\windows\syswow64\aswBoot.exe
2009-12-13 23:49:16 1060864 ----a-w- c:\windows\syswow64\MFC71.dll
2009-12-13 23:49:15 0 d-----w- c:\program files\Alwil Software
2009-12-13 17:02:15 0 d-----w- c:\users\kredit\appdata\roaming\BitTorrent
2009-12-13 17:02:12 0 d-----w- c:\program files (x86)\BitTorrent
2009-12-13 15:22:02 226688 ------w- c:\windows\system32\MpSigStub.exe
2009-12-13 02:10:06 520544 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-12-13 02:10:06 453456 ----a-w- c:\windows\syswow64\d3dx10_41.dll
2009-12-13 02:10:06 2430312 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2009-12-13 02:10:06 1846632 ----a-w- c:\windows\syswow64\D3DCompiler_41.dll
2009-12-13 02:10:03 5425496 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-12-13 02:10:01 73544 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-12-13 02:10:01 69448 ----a-w- c:\windows\syswow64\XAPOFX1_3.dll
2009-12-13 02:10:01 521560 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-12-13 02:10:01 517448 ----a-w- c:\windows\syswow64\XAudio2_4.dll
2009-12-13 02:08:10 0 d-----w- c:\windows\D56B0E274A3E46C9B5C1D93D580C099C.TMP
2009-12-13 01:55:22 0 d-----w- c:\program files (x86)\2K Games
2009-12-13 01:54:52 0 d-----w- C:\BDS
2009-12-12 00:31:58 0 d-----w- c:\programdata\KONAMI
2009-12-11 19:33:56 0 d-----w- c:\users\kredit\appdata\roaming\ZenCODE
2009-12-11 19:33:51 1066176 ----a-w- c:\windows\system32\mscomctl.ocx
2009-12-09 18:11:49 185920 ----a-w- c:\windows\syswow64\rmoc3260.dll
2009-12-09 18:11:43 6656 ----a-w- c:\windows\syswow64\pndx5016.dll
2009-12-09 18:11:43 5632 ----a-w- c:\windows\syswow64\pndx5032.dll
2009-12-09 18:11:41 0 d-----w- c:\program files (x86)\common files\xing shared
2009-12-09 18:11:15 499712 ----a-w- c:\windows\syswow64\msvcp71.dll
2009-12-09 18:11:09 0 d-----w- c:\programdata\Real
2009-12-09 18:11:09 0 d-----w- c:\program files (x86)\common files\Real
2009-12-09 17:51:11 5958656 ----a-w- c:\windows\syswow64\mshtml.dll
2009-12-09 17:51:10 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2009-12-09 17:36:48 65536 --sha-w- c:\users\kredit\ntuser.dat{529a004f-e4e7-11de-9d54-00269e7335ee}.TM.blf
2009-12-09 17:36:48 524288 --sha-w- c:\users\kredit\ntuser.dat{529a004f-e4e7-11de-9d54-00269e7335ee}.TMContainer00000000000000000002.regtrans-ms
2009-12-09 17:36:48 524288 --sha-w- c:\users\kredit\ntuser.dat{529a004f-e4e7-11de-9d54-00269e7335ee}.TMContainer00000000000000000001.regtrans-ms
2009-12-09 16:43:07 0 d-----w- c:\users\kredit\appdata\roaming\Steinberg
2009-12-09 16:39:25 0 d-----w- c:\program files (x86)\Steinberg
2009-12-09 16:38:18 0 d-----w- c:\program files (x86)\Syncrosoft
2009-12-09 03:05:44 0 d-----w- c:\program files (x86)\CCleaner
2009-12-08 03:52:24 0 d-----w- c:\program files\Dolby
2009-12-07 23:48:07 0 d-----w- c:\program files (x86)\SystemRequirementsLab
2009-12-07 21:10:57 0 ----a-w- c:\users\kredit\appdata\roaming\wklnhst.dat
2009-12-07 21:04:33 0 d-----w- c:\users\kredit\appdata\roaming\eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
2009-12-07 20:23:16 65536 --sha-w- c:\users\kredit\ntuser.dat{852ad565-e36b-11de-b083-00269e7335ee}.TM.blf
2009-12-07 20:23:16 524288 --sha-w- c:\users\kredit\ntuser.dat{852ad565-e36b-11de-b083-00269e7335ee}.TMContainer00000000000000000002.regtrans-ms
2009-12-07 20:23:16 524288 --sha-w- c:\users\kredit\ntuser.dat{852ad565-e36b-11de-b083-00269e7335ee}.TMContainer00000000000000000001.regtrans-ms
2009-12-07 20:01:41 0 d--h--w- c:\program files (x86)\Temp
2009-12-06 22:25:20 0 d-----w- c:\users\kredit\Tracing
2009-12-06 21:05:12 0 d-----w- c:\users\kredit\appdata\roaming\WinBatch
2009-12-06 15:55:16 0 d-----w- c:\programdata\TVU Networks
2009-12-06 15:53:21 0 d-----w- c:\users\kredit\appdata\roaming\TVU Networks
2009-12-06 15:53:13 0 d-----w- c:\program files (x86)\TVUPlayer
2009-12-06 14:47:43 0 d-----w- c:\windows\syswow64\nagasoft
2009-12-05 21:05:38 25 ----a-w- c:\windows\syswow64\sysogg.dll
2009-12-05 21:03:10 73785 ----a-w- c:\windows\syswow64\temp.001
2009-12-05 21:03:10 380928 ----a-w- c:\windows\syswow64\actskin4.ocx
2009-12-05 21:03:10 233472 ----a-w- c:\windows\syswow64\lame_enc.dll
2009-12-05 21:03:10 1703936 ----a-w- c:\windows\syswow64\NCTAudioFile.dll
2009-12-05 21:03:10 140288 ----a-w- c:\windows\syswow64\Comdlg32.ocx
2009-12-05 21:03:10 1388544 ----a-w- c:\windows\syswow64\temp.000
2009-12-05 21:03:10 0 d-----w- c:\program files (x86)\MP3 Converter Simple
2009-12-05 17:35:54 600 ----a-w- c:\users\kredit\PUTTY.RND
2009-12-04 23:44:18 7062 ----a-w- c:\windows\syswow64\audiopid.vxd
2009-12-04 18:05:54 0 d-----w- c:\program files (x86)\CPU Thermometer
2009-12-04 01:42:20 0 d-----w- c:\program files (x86)\Creative
2009-12-04 01:42:14 0 d--h--w- c:\program files (x86)\Creative Installation Information
2009-12-03 22:59:52 0 d-----w- c:\users\kredit\appdata\roaming\StreamTorrent
2009-12-03 22:59:52 0 d-----w- c:\program files (x86)\StreamTorrent 1.0
2009-12-03 20:49:29 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2009-12-03 17:27:10 0 d-----w- c:\program files\Microsoft IntelliPoint
2009-12-03 16:39:30 149280 ----a-w- c:\windows\syswow64\javaws.exe
2009-12-03 16:39:29 145184 ----a-w- c:\windows\syswow64\javaw.exe
2009-12-03 16:39:29 145184 ----a-w- c:\windows\syswow64\java.exe
2009-12-03 14:32:44 0 d-----w- c:\program files\Konami
2009-12-03 13:48:14 65536 --sha-w- c:\users\kredit\ntuser.dat{efb1a274-e010-11de-b881-00269e7335ee}.TM.blf
2009-12-03 13:48:14 524288 --sha-w- c:\users\kredit\ntuser.dat{efb1a274-e010-11de-b881-00269e7335ee}.TMContainer00000000000000000002.regtrans-ms
2009-12-03 13:48:14 524288 --sha-w- c:\users\kredit\ntuser.dat{efb1a274-e010-11de-b881-00269e7335ee}.TMContainer00000000000000000001.regtrans-ms
2009-12-03 13:37:55 65536 --sha-w- c:\users\kredit\ntuser.dat{099f17e4-e00c-11de-af6a-00269e7335ee}.TM.blf
2009-12-03 13:37:55 524288 --sha-w- c:\users\kredit\ntuser.dat{099f17e4-e00c-11de-af6a-00269e7335ee}.TMContainer00000000000000000002.regtrans-ms
2009-12-03 13:37:55 524288 --sha-w- c:\users\kredit\ntuser.dat{099f17e4-e00c-11de-af6a-00269e7335ee}.TMContainer00000000000000000001.regtrans-ms
2009-12-03 12:55:13 178800 ----a-w- c:\windows\syswow64\CmdLineExt_x64.dll
2009-12-03 12:13:06 0 d-----w- c:\program files (x86)\Pro Evolution Soccer 6
2009-12-03 11:15:00 0 d-----w- c:\program files (x86)\Empire Interactive
2009-12-03 02:25:12 0 d-----w- c:\program files (x86)\Xmarks
2009-12-03 02:14:00 0 d-----w- c:\program files (x86)\Mozilla Firefox 3.6 Beta 4
2009-12-02 21:39:15 2048 ----a-w- c:\windows\syswow64\tzres.dll
2009-12-02 21:39:15 2048 ----a-w- c:\windows\system32\tzres.dll
2009-12-02 21:39:01 311808 ----a-w- c:\windows\system32\msv1_0.dll
2009-12-02 21:39:01 257024 ----a-w- c:\windows\syswow64\msv1_0.dll
2009-12-02 19:55:30 0 d-----w- c:\program files (x86)\SopCast
2009-12-02 19:09:36 0 d-----w- c:\program files (x86)\Konami
2009-12-02 19:05:02 43520 ----a-w- c:\windows\syswow64\CmdLineExt03.dll
2009-12-02 19:03:41 0 d-----w- c:\program files (x86)\silent hill
2009-12-02 18:59:36 0 d-----w- c:\program files (x86)\Tradução
2009-12-02 18:59:36 0 d-----w- c:\program files (x86)\Russify
2009-12-02 18:58:34 0 d-----w- c:\program files (x86)\movie
2009-12-02 18:40:35 91568 ----a-w- c:\windows\system32\drivers\scdemu.sys
2009-12-02 18:40:35 0 d-----w- c:\program files (x86)\PowerISO
2009-12-02 17:26:47 102400 ----a-w- c:\windows\system\OpenAL32.dll
2009-12-02 16:58:48 46592 ----a-w- c:\windows\system32\msasn1.dll
2009-12-02 16:58:48 34816 ----a-w- c:\windows\syswow64\msasn1.dll
2009-12-02 16:55:02 29696 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2009-12-02 16:55:02 112512 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2009-12-02 16:32:09 0 d-----w- c:\program files (x86)\Huawei technologies
2009-12-02 16:14:08 0 d-----w- c:\program files (x86)\Codemasters
2009-12-02 16:08:55 0 d-----w- c:\program files (x86)\DAEMON Tools Toolbar
2009-12-02 16:08:06 834544 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-02 16:07:33 0 d-----w- c:\program files (x86)\DAEMON Tools Lite
2009-12-02 16:07:22 0 d-----w- c:\users\kredit\appdata\roaming\DAEMON Tools Lite
2009-12-02 15:33:00 0 d-----w- c:\program files\[PC GAME] Silent.Hill.4.The.Room + Crack { English }
2009-12-02 15:30:16 0 d-----w- c:\programdata\DAEMON Tools Lite
2009-12-02 15:29:21 0 d-----w- c:\program files\PowerISO
2009-12-02 15:28:53 0 d-----w- c:\program files\DAEMON Tools Lite
2009-12-01 20:19:59 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2009-12-01 19:38:07 0 d-----w- c:\program files\WinRAR
2009-12-01 19:32:50 0 d-----w- c:\windows\syswow64\Macromed
2009-12-01 19:26:26 0 d-----w- C:\Mozilla Firefox
2009-12-01 17:53:06 117120 ----a-w- c:\windows\system32\drivers\ewusbfake.sys
2009-12-01 17:53:06 1003008 ----a-w- c:\windows\system32\drivers\mod7700.sys
2009-12-01 17:52:46 0 d-----w- c:\program files (x86)\Mobile Partner
2009-12-01 17:51:33 0 d-----w- c:\users\kredit\appdata\roaming\TFPU
2009-12-01 17:46:09 0 d-----w- c:\programdata\ToshibaEurope
2009-12-01 17:38:06 0 d-----w- c:\windows\syswow64\TSFM
2009-12-01 17:37:24 140632 ----a-w- c:\windows\system32\TODDSrv.exe
2009-12-01 17:37:15 0 d-----w- c:\windows\OemDrv
2009-12-01 17:36:56 47928 ----a-w- c:\windows\TosVolRegulator_x64.exe
2009-12-01 17:33:03 0 ----a-w- c:\windows\NDSTray.INI
2009-12-01 17:31:11 482384 ----a-w- c:\windows\system32\drivers\tos_sps64.sys
2009-12-01 17:31:11 4178264 ----a-w- c:\windows\syswow64\D3DX9_41.dll
2009-12-01 17:30:56 35008 ----a-w- c:\windows\system32\drivers\PGEffect.sys
2009-12-01 17:29:59 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ATSwpWDF_01007.Wdf
2009-12-01 17:29:57 0 d-----w- c:\program files\Fingerprint Sensor
2009-12-01 17:29:31 0 d-----w- c:\program files\common files\TOSHIBA Shared
2009-12-01 17:29:31 0 d-----w- c:\program files (x86)\common files\TOSHIBA Shared
2009-12-01 17:28:33 0 d-----w- c:\windows\Downloaded Installations
2009-12-01 17:27:58 0 d-----w- c:\programdata\TOSHIBA
2009-12-01 17:26:54 0 d-----w- c:\windows\syswow64\Atheros_L1e
2009-12-01 17:24:54 942080 ----a-w- c:\windows\system32\drivers\rtl8192se.sys
2009-12-01 17:24:54 0 d-----w- c:\program files (x86)\Realtek WLAN Driver
2009-12-01 17:22:17 0 d-----w- c:\program files\CONEXANT
2009-12-01 17:19:23 32768 ----a-w- c:\windows\syswow64\TSshellexD.dll
2009-12-01 17:19:22 0 d-----w- c:\windows\syswow64\SDA
2009-12-01 17:19:22 0 d-----w- c:\program files (x86)\O2Micro
2009-12-01 17:16:37 24576 ----a-w- c:\windows\syswow64\TSCI.dll
2009-12-01 17:16:37 24576 ----a-w- c:\windows\syswow64\THCI.dll
2009-12-01 17:14:10 0 d-----w- c:\programdata\NVIDIA
2009-12-01 17:12:42 0 d-----w- c:\windows\syswow64\AGEIA
2009-12-01 17:12:26 541216 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-12-01 17:10:39 408600 ----a-w- c:\windows\system32\drivers\iaStor.sys
2009-12-01 17:09:09 53248 ----a-w- c:\windows\syswow64\CSVer.dll
2009-12-01 17:08:35 0 d-sh--w- C:\$RECYCLE.BIN

==================== Find3M ====================

2009-12-09 18:11:15 348160 ----a-w- c:\windows\syswow64\msvcr71.dll
2009-12-09 18:11:15 278528 ----a-w- c:\windows\syswow64\pncrt.dll
2009-12-01 17:25:50 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01007.Wdf
2009-11-04 15:54:06 49480 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-11-04 15:54:06 308296 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-11-04 15:54:06 102472 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-11-04 15:47:38 40904 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-10-11 03:17:27 411368 ----a-w- c:\windows\syswow64\deploytk.dll
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-04-16 17:03:48 288 ----a-w- c:\program files (x86)\Readme.txt
2004-07-24 07:18:26 4694016 ----a-w- c:\program files (x86)\SILENT HILL 4.exe
2004-07-23 17:49:08 87062 ----a-w- c:\program files\data1.hdr
2004-07-23 17:49:08 87062 ----a-w- c:\program files (x86)\data1.hdr
2004-07-23 17:49:08 676 ----a-w- c:\program files (x86)\layout.bin
2004-07-23 17:49:08 1822610017 ----a-w- c:\program files (x86)\data2.cab
2004-07-23 17:35:54 393016 ----a-w- c:\program files (x86)\data1.cab
2004-07-23 17:35:42 342212 ----a-w- c:\program files\setup.boot
2004-07-23 17:35:42 342212 ----a-w- c:\program files (x86)\setup.boot
2004-07-23 17:35:40 412 ----a-w- c:\program files\setup.ini
2004-07-23 17:35:40 412 ----a-w- c:\program files (x86)\setup.ini
2004-07-23 16:25:28 114719 ----a-w- c:\program files (x86)\readme.htm
2004-07-15 08:15:20 5494 ----a-w- c:\program files (x86)\sh4.ico
2002-12-05 08:16:00 418296 ----a-w- c:\program files (x86)\engine32.cab
2002-12-02 09:33:00 107512 ----a-w- c:\program files (x86)\setup.exe
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 21:58:09.16 ===============

Malwarebytes' Anti-Malware 1.42
Database version: 3368
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

15/12/2009 22:26:38
mbam-log-2009-12-15 (22-26-38).txt

Scan type: Quick Scan
Objects scanned: 89805
Time elapsed: 3 minute(s), 56 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 4
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 10

Memory Processes Infected:
C:\Users\kredit\AppData\Local\Temp\e.exe (Trojan.Dropper) -> Unloaded process successfully.

Memory Modules Infected:
C:\Windows\System32\sshnas.dll (Trojan.FakeAlert) -> Delete on reboot.

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\ZagrebLand (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Videocan (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\zagrebland (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vegas (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\kredit\AppData\Local\Temp\e.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files (x86)\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\kredit\AppData\Local\Temp\a.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\kredit\AppData\Local\Temp\b.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\kredit\AppData\Local\Temp\c.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\kredit\AppData\Local\Temp\d.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Windows\System32\sshnas.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\Users\kredit\AppData\Local\Temp\sshnas.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Edited by kredit, 15 December 2009 - 04:41 PM.


BC AdBot (Login to Remove)

 


#2 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:09:25 AM

Posted 26 December 2009 - 10:05 AM

Hi,

Sorry for delayed response. Forums have been really busy. If you still need help with this do the following, please.

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Copy-paste following contents into custom scan -area:
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    /md5stop
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#3 kredit

kredit
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 28 December 2009 - 12:09 AM

hi Blade!
Thanks for replying to my problem. Things are better but still a little buggy so I ran otl and here are the .txt files...Internet explorer runs but firefox only opens in safe mode now although im running the latest beta...thanks again.


OTL Extras logfile created on: 12/28/2009 5:58:26 AM - Run 1
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Users\kredit\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 74.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.54 Gb Total Space | 89.57 Gb Free Space | 38.52% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 434.35 Gb Free Space | 93.26% Space Free | Partition Type: NTFS
Drive E: | 232.83 Gb Total Space | 204.45 Gb Free Space | 87.81% Space Free | Partition Type: NTFS
Drive F: | 55.92 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 7.58 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 4.39 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: KREDIT-TOSH
Current User Name: kredit
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 4\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
chm.file [open] -- "%SystemRoot%\hh.exe" %1
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DisabledInterfaces" = {70152E69-6050-4161-9B6D-EE0A2B7D21AB},{5F12D888-0BDF-4F8A-8EA1-7DDCA9D10EF7},{DF7B03EE-4948-4AF1-BA4C-1201B7D5C051},{D54E5605-D936-4E8D-B466-3DEDD064BC9A}

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{1E9E8BA6-FD0B-465D-AFA2-ECE10BF095F9}" = TOSHIBA Bulletin Board
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{63DA1F6A-2E65-4367-99B9-9E39FADEC446}" = HDMI Control Manager
"{6B99AF03-2668-4572-BD3D-8C7A5D103065}" = AuthenTec Fingerprint Software
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{A23E5590-6799-437B-9723-2627BA800B6F}" = Dolby Control Center
"{A7760E07-4C23-4766-A99E-F715F298E99C}" = TFPU
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C2DDF845-7107-40E8-8D2A-8719F1799570}" = TOSHIBA ReelTime
"{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup
"{C74A84EC-7C5F-4C36-A4A6-381E516D643B}" = Microsoft IntelliPoint 7.0
"{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{ECDF0939-A653-44D0-8B8E-597B890F45EC}" = Logitech Gaming Software 5.02
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"{FFF6FD88-205B-43F3-94AC-FE61D8CB20CD}" = O2Micro Flash Memory Card Windows Driver
"CNXT_AUDIO" = Conexant HD Audio
"NVIDIA Drivers" = NVIDIA Drivers
"TFPU{A7760E07-4C23-4766-A99E-F715F298E99C}" = TOSHIBA Fingerprint Utility
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0823A2E3-69DD-A37A-7CD9-1CBEB037545C}" = Toshiba Photo Service - powered by myphotobook
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1A4052AB-BA77-44F7-8EE7-9F9131BFD7A6}" = OF Dragon Rising
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = Toshiba Assist
"{1F61E0B1-1AB8-F15E-07C4-46D100A1D3F7}" = Borderlands
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 17
"{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}" = Pro Evolution Soccer 2010
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3EAAC5FD-E209-4856-8C49-D4EA40F85032}" = Mobile Connect
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{57B89E30-0BBA-4F20-9F2C-8E8CDE1CEDB6}" = DiRT
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{63DA1F6A-2E65-4367-99B9-9E39FADEC446}" = HDMI Control Manager
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E4FF410-471F-49E3-9358-74FF0D5E9901}" = Toshiba TEMPRO
"{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast!" = avast! Antivirus
"BitTorrent" = BitTorrent
"CCleaner" = CCleaner
"eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = Toshiba Photo Service - powered by myphotobook
"FlatOut Ultimate Carnage" = FlatOut Ultimate Carnage
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{1E9E8BA6-FD0B-465D-AFA2-ECE10BF095F9}" = TOSHIBA Bulletin Board
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{63DA1F6A-2E65-4367-99B9-9E39FADEC446}" = HDMI Control Manager
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"InstallShield_{C2DDF845-7107-40E8-8D2A-8719F1799570}" = TOSHIBA ReelTime
"InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup
"InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"InstallShield_{FFF6FD88-205B-43F3-94AC-FE61D8CB20CD}" = O2Micro Flash Memory Card Windows Driver
"KeyTweak" = KeyTweak - Keyboard Remapper (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mobile Partner" = Mobile Partner
"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
"PowerISO" = PowerISO
"RealPlayer 12.0" = RealPlayer
"SopCast" = SopCast 3.2.4
"TVUPlayer" = TVUPlayer 2.4.9.1

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/16/2009 8:13:23 AM | Computer Name = kredit-TOSH | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_c46a533c8a667ee7\MFC80U.DLL".
Dependent
Assembly Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 12/16/2009 1:17:29 PM | Computer Name = kredit-TOSH | Source = Application Hang | ID = 1002
Description = The program realplay.exe version 12.0.0.343 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 161c Start
Time: 01ca7e694d23493d Termination Time: 21 Application Path: C:\Program Files (x86)\Real\RealPlayer\realplay.exe

Report
Id: bdd25dd8-ea66-11de-b720-00269e7335ee

Error - 12/16/2009 2:19:26 PM | Computer Name = kredit-TOSH | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_c46a533c8a667ee7\MFC80U.DLL".
Dependent
Assembly Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 12/16/2009 6:53:08 PM | Computer Name = kredit-TOSH | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_c46a533c8a667ee7\MFC80U.DLL".
Dependent
Assembly Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 12/16/2009 6:55:03 PM | Computer Name = kredit-TOSH | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_c46a533c8a667ee7\MFC80U.DLL".
Dependent
Assembly Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 12/16/2009 6:58:46 PM | Computer Name = kredit-TOSH | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_c46a533c8a667ee7\MFC80U.DLL".
Dependent
Assembly Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 12/16/2009 7:42:08 PM | Computer Name = kredit-TOSH | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_c46a533c8a667ee7\MFC80U.DLL".
Dependent
Assembly Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 12/16/2009 10:19:49 PM | Computer Name = kredit-TOSH | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_c46a533c8a667ee7\MFC80U.DLL".
Dependent
Assembly Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 12/16/2009 10:30:08 PM | Computer Name = kredit-TOSH | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_c46a533c8a667ee7\MFC80U.DLL".
Dependent
Assembly Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 12/16/2009 10:40:51 PM | Computer Name = kredit-TOSH | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_c46a533c8a667ee7\MFC80U.DLL".
Dependent
Assembly Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

[ Media Center Events ]
Error - 12/7/2009 4:28:03 PM | Computer Name = kredit-TOSH | Source = MCUpdate | ID = 0
Description = 21:28:03 - Error connecting to the internet. 21:28:03 - Unable
to contact server..

Error - 12/7/2009 6:25:26 PM | Computer Name = kredit-TOSH | Source = MCUpdate | ID = 0
Description = 23:25:26 - Error connecting to the internet. 23:25:26 - Unable
to contact server..

[ System Events ]
Error - 12/17/2009 6:42:52 PM | Computer Name = kredit-TOSH | Source = EventLog | ID = 6008
Description = The previous system shutdown at 23:39:32 on ?17/?12/?2009 was unexpected.

Error - 12/17/2009 6:42:36 PM | Computer Name = kredit-TOSH | Source = ps7ah4nc | ID = 262145
Description = Protection Synchronization Driver detected an internal error, contact
the customer support service.

Error - 12/17/2009 8:16:06 PM | Computer Name = kredit-TOSH | Source = ps7ah4nc | ID = 262145
Description = Protection Synchronization Driver detected an internal error, contact
the customer support service.

Error - 12/18/2009 9:26:10 AM | Computer Name = kredit-TOSH | Source = ps7ah4nc | ID = 262145
Description = Protection Synchronization Driver detected an internal error, contact
the customer support service.

Error - 12/18/2009 11:08:22 PM | Computer Name = kredit-TOSH | Source = ps7ah4nc | ID = 262145
Description = Protection Synchronization Driver detected an internal error, contact
the customer support service.

Error - 12/19/2009 11:24:32 PM | Computer Name = kredit-TOSH | Source = ps7ah4nc | ID = 262145
Description = Protection Synchronization Driver detected an internal error, contact
the customer support service.

Error - 12/19/2009 11:40:06 PM | Computer Name = kredit-TOSH | Source = ps7ah4nc | ID = 262145
Description = Protection Synchronization Driver detected an internal error, contact
the customer support service.

Error - 12/20/2009 1:09:06 PM | Computer Name = kredit-TOSH | Source = DCOM | ID = 10010
Description =

Error - 12/20/2009 1:11:56 PM | Computer Name = kredit-TOSH | Source = ps7ah4nc | ID = 262145
Description = Protection Synchronization Driver detected an internal error, contact
the customer support service.

Error - 12/21/2009 3:09:22 AM | Computer Name = kredit-TOSH | Source = ps7ah4nc | ID = 262145
Description = Protection Synchronization Driver detected an internal error, contact
the customer support service.


< End of report >



OTL logfile created on: 12/28/2009 5:58:26 AM - Run 1
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Users\kredit\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 74.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.54 Gb Total Space | 89.57 Gb Free Space | 38.52% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 434.35 Gb Free Space | 93.26% Space Free | Partition Type: NTFS
Drive E: | 232.83 Gb Total Space | 204.45 Gb Free Space | 87.81% Space Free | Partition Type: NTFS
Drive F: | 55.92 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 7.58 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 4.39 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: KREDIT-TOSH
Current User Name: kredit
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Windows\SysWow64\DRIVERS\o2flash.exe File not found
PRC - C:\Users\kredit\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files (x86)\BitTorrent\bittorrent.exe (BitTorrent, Inc.)
PRC - C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosAVRC.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtBty.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files (x86)\Huawei technologies\Mobile Connect\Mobile Connect.exe (Huawei Technologies Co., Ltd.)


========== Modules (SafeList) ==========

MOD - C:\Users\kredit\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV:64bit: - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV:64bit: - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV:64bit: - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV:64bit: - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (ATService) -- C:\Program Files\Fingerprint Sensor\ATService.exe (AuthenTec, Inc.)
SRV:64bit: - (TPCHSrv) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (WwanSvc) -- C:\Windows\SysNative\wwansvc.dll (Microsoft Corporation)
SRV:64bit: - (WbioSrvc) -- C:\Windows\SysNative\wbiosrvc.dll (Microsoft Corporation)
SRV:64bit: - (Power) -- C:\Windows\SysNative\umpo.dll (Microsoft Corporation)
SRV:64bit: - (Themes) -- C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
SRV:64bit: - (sppuinotify) -- C:\Windows\SysNative\sppuinotify.dll (Microsoft Corporation)
SRV:64bit: - (SensrSvc) -- C:\Windows\SysNative\sensrsvc.dll (Microsoft Corporation)
SRV:64bit: - (PNRPsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:64bit: - (p2pimsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:64bit: - (HomeGroupProvider) -- C:\Windows\SysNative\provsvc.dll (Microsoft Corporation)
SRV:64bit: - (RpcEptMapper) -- C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation)
SRV:64bit: - (PNRPAutoReg) -- C:\Windows\SysNative\pnrpauto.dll (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (HomeGroupListener) -- C:\Windows\SysNative\ListSvc.dll (Microsoft Corporation)
SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation)
SRV:64bit: - (Dhcp) -- C:\Windows\SysNative\dhcpcore.dll (Microsoft Corporation)
SRV:64bit: - (defragsvc) -- C:\Windows\SysNative\defragsvc.dll (Microsoft Corporation)
SRV:64bit: - (bthserv) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation)
SRV:64bit: - (BDESVC) -- C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
SRV:64bit: - (AxInstSV) -- C:\Windows\SysNative\AxInstSv.dll (Microsoft Corporation)
SRV:64bit: - (AppIDSvc) -- C:\Windows\SysNative\appidsvc.dll (Microsoft Corporation)
SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation)
SRV:64bit: - (vvdsvc) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (sppsvc) -- C:\Windows\SysNative\sppsvc.exe (Microsoft Corporation)
SRV:64bit: - (Fax) -- C:\Windows\SysNative\FXSSVC.exe (Microsoft Corporation)
SRV:64bit: - (Thpsrv) -- C:\Windows\SysNative\ThpSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (pr2ah4nc) -- C:\Windows\SysNative\pr2ah4nc.exe (CODEMASTERS)
SRV:64bit: - (O2FLASH) -- C:\Windows\SysNative\drivers\o2flash.exe (O2Micro International)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (vvdsvc) -- C:\Windows\SysWOW64\nagasoft\vjocx.dll (NanJing Nagasoft Co, LTD.)
SRV - (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO) -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH)
SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (cfWiMAXService) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION)
SRV - (ConfigFree Gadget Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe (TOSHIBA CORPORATION)
SRV - (VSS) -- C:\Windows\Vss [2009/07/14 04:20:14 | 00,000,000 | ---D | M]
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009/07/14 04:20:14 | 00,000,000 | ---D | M]
SRV - (HomeGroupProvider) -- C:\Windows\SysWOW64\provsvc.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\SysWOW64\dhcpcore.dll (Microsoft Corporation)
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ConfigFree Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (IDriverT) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (ALWIL Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (ALWIL Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (ALWIL Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (ALWIL Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys (ALWIL Software)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (SCDEmu) -- C:\Windows\SysNative\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfesmfk) -- C:\Windows\SysNative\drivers\mfesmfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdk) -- C:\Windows\SysNative\drivers\mferkdk.sys (McAfee, Inc.)
DRV:64bit: - (tosrfbd) -- C:\Windows\SysNative\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV:64bit: - (Tosrfusb) -- C:\Windows\SysNative\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV:64bit: - (rtl8192se) -- C:\Windows\SysNative\drivers\rtl8192se.sys (Realtek Semiconductor Corporation )
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (O2SDGRDR) -- C:\Windows\SysNative\drivers\o2sdgx64.sys (O2Micro )
DRV:64bit: - (O2MDGRDR) -- C:\Windows\SysNative\drivers\o2mdgx64.sys (O2Micro )
DRV:64bit: - (TosRfSnd) -- C:\Windows\SysNative\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV:64bit: - (ATSwpWDF) -- C:\Windows\SysNative\drivers\ATSwpWDF.sys (AuthenTec, Inc.)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV:64bit: - (Tosrfcom) -- C:\Windows\SysNative\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV:64bit: - (tos_sps64) -- C:\Windows\SysNative\drivers\tos_sps64.sys (TOSHIBA Corporation)
DRV:64bit: - (tosrfnds) -- C:\Windows\SysNative\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (KSecPkg) -- C:\Windows\SysNative\drivers\ksecpkg.sys (Microsoft Corporation)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (hwpolicy) -- C:\Windows\SysNative\drivers\hwpolicy.sys (Microsoft Corporation)
DRV:64bit: - (FsDepends) -- C:\Windows\SysNative\drivers\fsdepends.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (WIMMount) -- C:\Windows\SysNative\drivers\wimmount.sys (Microsoft Corporation)
DRV:64bit: - (vhdmp) -- C:\Windows\SysNative\drivers\vhdmp.sys (Microsoft Corporation)
DRV:64bit: - (vdrvroot) -- C:\Windows\SysNative\drivers\vdrvroot.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (rdyboost) -- C:\Windows\SysNative\drivers\rdyboost.sys (Microsoft Corporation)
DRV:64bit: - (pcw) -- C:\Windows\SysNative\drivers\pcw.sys (Microsoft Corporation)
DRV:64bit: - (CNG) -- C:\Windows\SysNative\drivers\cng.sys (Microsoft Corporation)
DRV:64bit: - (fvevol) -- C:\Windows\SysNative\drivers\fvevol.sys (Microsoft Corporation)
DRV:64bit: - (rdpbus) -- C:\Windows\SysNative\drivers\rdpbus.sys (Microsoft Corporation)
DRV:64bit: - (RDPREFMP) -- C:\Windows\SysNative\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV:64bit: - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\SysNative\drivers\agilevpn.sys (Microsoft Corporation)
DRV:64bit: - (WfpLwf) -- C:\Windows\SysNative\drivers\wfplwf.sys (Microsoft Corporation)
DRV:64bit: - (NdisCap) -- C:\Windows\SysNative\drivers\ndiscap.sys (Microsoft Corporation)
DRV:64bit: - (vwifimp) -- C:\Windows\SysNative\drivers\vwifimp.sys (Microsoft Corporation)
DRV:64bit: - (vwififlt) -- C:\Windows\SysNative\drivers\vwififlt.sys (Microsoft Corporation)
DRV:64bit: - (vwifibus) -- C:\Windows\SysNative\drivers\vwifibus.sys (Microsoft Corporation)
DRV:64bit: - (1394ohci) -- C:\Windows\SysNative\drivers\1394ohci.sys (Microsoft Corporation)
DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation)
DRV:64bit: - (usbvideo) USB Video Device (WDM) -- C:\Windows\SysNative\drivers\usbvideo.sys (Microsoft Corporation)
DRV:64bit: - (BthPan) Bluetooth Device (Personal Area Network) -- C:\Windows\SysNative\drivers\bthpan.sys (Microsoft Corporation)
DRV:64bit: - (BTHPORT) -- C:\Windows\SysNative\drivers\bthport.sys (Microsoft Corporation)
DRV:64bit: - (RFCOMM) Bluetooth Device (RFCOMM Protocol TDI) -- C:\Windows\SysNative\drivers\rfcomm.sys (Microsoft Corporation)
DRV:64bit: - (BthEnum) -- C:\Windows\SysNative\drivers\bthenum.sys (Microsoft Corporation)
DRV:64bit: - (BTHUSB) -- C:\Windows\SysNative\drivers\BTHUSB.SYS (Microsoft Corporation)
DRV:64bit: - (UmPass) -- C:\Windows\SysNative\drivers\umpass.sys (Microsoft Corporation)
DRV:64bit: - (WinUsb) -- C:\Windows\SysNative\drivers\winusb.sys (Microsoft Corporation)
DRV:64bit: - (mshidkmdf) -- C:\Windows\SysNative\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV:64bit: - (WudfPf) -- C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation)
DRV:64bit: - (MTConfig) -- C:\Windows\SysNative\drivers\MTConfig.sys (Microsoft Corporation)
DRV:64bit: - (CompositeBus) -- C:\Windows\SysNative\drivers\CompositeBus.sys (Microsoft Corporation)
DRV:64bit: - (Beep) -- C:\Windows\SysNative\drivers\beep.sys (Microsoft Corporation)
DRV:64bit: - (AppID) -- C:\Windows\SysNative\drivers\appid.sys (Microsoft Corporation)
DRV:64bit: - (scfilter) -- C:\Windows\SysNative\drivers\scfilter.sys (Microsoft Corporation)
DRV:64bit: - (discache) -- C:\Windows\SysNative\drivers\discache.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HidBatt) -- C:\Windows\SysNative\drivers\hidbatt.sys (Microsoft Corporation)
DRV:64bit: - (CmBatt) -- C:\Windows\SysNative\drivers\CmBatt.sys (Microsoft Corporation)
DRV:64bit: - (AcpiPmi) -- C:\Windows\SysNative\drivers\acpipmi.sys (Microsoft Corporation)
DRV:64bit: - (AmdPPM) -- C:\Windows\SysNative\drivers\amdppm.sys (Microsoft Corporation)
DRV:64bit: - (tosrfec) -- C:\Windows\SysNative\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV:64bit: - (Thpevm) -- C:\Windows\SysNative\drivers\Thpevm.sys (TOSHIBA Corporation)
DRV:64bit: - (Thpdrv) -- C:\Windows\SysNative\drivers\thpdrv.sys (TOSHIBA Corporation)
DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\drivers\TVALZFL.sys (TOSHIBA Corporation)
DRV:64bit: - (toshidpt) -- C:\Windows\SysNative\drivers\Toshidpt.sys (TOSHIBA Corporation.)
DRV:64bit: - (Tosrfhid) -- C:\Windows\SysNative\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV:64bit: - (tosrfbnp) -- C:\Windows\SysNative\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV:64bit: - (tosporte) -- C:\Windows\SysNative\drivers\tosporte.sys (TOSHIBA Corporation)
DRV:64bit: - (QIOMem) -- C:\Windows\SysNative\drivers\QIOMem.sys (TOSHIBA)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64k.sys (Microsoft Corporation)
DRV:64bit: - (WmXlCore) -- C:\Windows\SysNative\drivers\WmXlCore.sys (Logitech Inc.)
DRV:64bit: - (WmVirHid) -- C:\Windows\SysNative\drivers\WmVirHid.sys (Logitech Inc.)
DRV:64bit: - (WmFilter) -- C:\Windows\SysNative\drivers\WmFilter.sys (Logitech Inc.)
DRV:64bit: - (WmBEnum) -- C:\Windows\SysNative\drivers\WmBEnum.sys (Logitech Inc.)
DRV:64bit: - (pe3ah4nc) DiRT Environment Driver (pe3ah4nc) -- C:\Windows\SysNative\drivers\pe3ah4nc.sys (CODEMASTERS)
DRV:64bit: - (ps7ah4nc) DiRT Synchronization Driver (ps7ah4nc) -- C:\Windows\SysNative\drivers\ps7ah4nc.sys (CODEMASTERS)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\SysWOW64\winusb.dll (Microsoft Corporation)
DRV - (NetBIOS) -- C:\Windows\SysWOW64\netbios.dll (Microsoft Corporation)
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://by116w.bay116.mail.live.com/mail/In...mp;n=1714029321
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://by116w.bay116.mail.live.com/mail/InboxLight.aspx?FolderID=00000000-0000-0000-0000-000000000001&n=1714029321"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.2
FF - prefs.js..extensions.enabledItems: {C1CA7765-44E4-452e-9D00-A04F3D434281}:1.0
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1


FF - HKLM\software\mozilla\Firefox\Extensions\\{C1CA7765-44E4-452e-9D00-A04F3D434281}: C:\Program Files\TOSHIBA\TFPU\FirefoxAddin [2009/12/01 18:30:02 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 4\components [2009/12/22 00:32:18 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 4\plugins [2009/12/22 00:32:16 | 00,000,000 | ---D | M]

[2009/12/01 19:45:15 | 00,000,000 | ---D | M] -- C:\Users\kredit\AppData\Roaming\Mozilla\Extensions
[2009/12/22 00:42:48 | 00,000,000 | ---D | M] -- C:\Users\kredit\AppData\Roaming\Mozilla\Firefox\Profiles\4gg0z6fo.default\extensions
[2009/12/22 00:37:28 | 00,000,000 | ---D | M] (Adblock Plus) -- C:\Users\kredit\AppData\Roaming\Mozilla\Firefox\Profiles\4gg0z6fo.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/12/22 00:32:25 | 00,000,000 | ---D | M] -- C:\Users\kredit\AppData\Roaming\Mozilla\Firefox\Profiles\4gg0z6fo.default\extensions\firefox@tvunetworks.com
[2009/12/02 17:08:55 | 00,002,055 | ---- | M] () -- C:\Users\kredit\AppData\Roaming\Mozilla\Firefox\Profiles\4gg0z6fo.default\searchplugins\daemon-search.xml

O1 HOSTS File: (824 bytes) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (TFPUPWDBankBHO Class) - {030AC7B6-E7EC-40F1-8FB2-C0FD344DE0B9} - C:\Program Files\TOSHIBA\TFPU\x86\TFPUPWDBankBHO.dll (TODO: <Company name>)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [TFPUPWDBankService] C:\Program Files\TOSHIBA\TFPU\TFPUPWDBank.exe (TOSHIBA)
O4:64bit: - HKLM..\Run: [TFPUService] C:\Program Files\TOSHIBA\TFPU\TFPUTaskMonitor.exe (TOSHIBA)
O4:64bit: - HKLM..\Run: [ThpSrv] C:\Windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Windows\TosVolRegulator_x64.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.systemrequirementslab.co...eqlabdetect.cab (Reg Error: Key error.)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareup...101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shock...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} http://www.vexcast.com/download/vexcast.cab (VodClient Control Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareup...15110/CTPID.cab (Creative Software AutoUpdate Support Package)
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/10/15 20:03:27 | 00,000,040 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2007/07/14 15:28:32 | 00,106,496 | R--- | M] (Huawei Technologies Co., Ltd.) - G:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2007/05/12 17:12:16 | 00,000,046 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2009/09/04 15:37:47 | 01,064,960 | R--- | M] (Codemasters Software Co.) - J:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2009/09/17 14:10:53 | 00,000,067 | R--- | M] () - J:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{288dddf6-df5d-11de-aef3-00269e7335ee}\Shell - "" = AutoRun
O33 - MountPoints2\{288dddf6-df5d-11de-aef3-00269e7335ee}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2007/07/14 15:28:32 | 00,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{37362e2b-dea1-11de-9de5-00269e7335ee}\Shell - "" = AutoRun
O33 - MountPoints2\{37362e2b-dea1-11de-9de5-00269e7335ee}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2007/07/14 15:28:32 | 00,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{37362e33-dea1-11de-9de5-00269e7335ee}\Shell - "" = AutoRun
O33 - MountPoints2\{37362e33-dea1-11de-9de5-00269e7335ee}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2007/07/14 15:28:32 | 00,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{37362e48-dea1-11de-9de5-00269e7335ee}\Shell - "" = AutoRun
O33 - MountPoints2\{37362e48-dea1-11de-9de5-00269e7335ee}\Shell\AutoRun\command - "" = L:\EasySuite.exe -- File not found
O33 - MountPoints2\{49946f56-e548-11de-b321-00269e7335ee}\Shell - "" = AutoRun
O33 - MountPoints2\{49946f56-e548-11de-b321-00269e7335ee}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2007/07/14 15:28:32 | 00,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{972f37a8-de9c-11de-b597-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{972f37a8-de9c-11de-b597-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Demo32.exe -- [2007/07/13 22:08:54 | 00,509,464 | R--- | M] (InstallShield Software Corporation)
O33 - MountPoints2\{ad2d3e5a-ef6b-11de-bc19-00269e7335ee}\Shell - "" = AutoRun
O33 - MountPoints2\{ad2d3e5a-ef6b-11de-bc19-00269e7335ee}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2007/07/14 15:28:32 | 00,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{ad2d3e63-ef6b-11de-bc19-00269e7335ee}\Shell - "" = AutoRun
O33 - MountPoints2\{ad2d3e63-ef6b-11de-bc19-00269e7335ee}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2007/07/14 15:28:32 | 00,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{bb84cf33-f16a-11de-9af5-0050f27e38e5}\Shell - "" = AutoRun
O33 - MountPoints2\{bb84cf33-f16a-11de-9af5-0050f27e38e5}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2007/07/14 15:28:32 | 00,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{bb84cf35-f16a-11de-9af5-0050f27e38e5}\Shell - "" = AutoRun
O33 - MountPoints2\{bb84cf35-f16a-11de-9af5-0050f27e38e5}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2007/07/14 15:28:32 | 00,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{d8ff42b0-df5f-11de-bffc-00269e7335ee}\Shell - "" = AutoRun
O33 - MountPoints2\{d8ff42b0-df5f-11de-bffc-00269e7335ee}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2007/07/14 15:28:32 | 00,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{d8ff42ba-df5f-11de-bffc-00269e7335ee}\Shell - "" = AutoRun
O33 - MountPoints2\{d8ff42ba-df5f-11de-bffc-00269e7335ee}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2007/07/14 15:28:32 | 00,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{d8ff42d1-df5f-11de-bffc-00269e7335ee}\Shell - "" = AutoRun
O33 - MountPoints2\{d8ff42d1-df5f-11de-bffc-00269e7335ee}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2007/07/14 15:28:32 | 00,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{d8ff42d7-df5f-11de-bffc-00269e7335ee}\Shell - "" = AutoRun
O33 - MountPoints2\{d8ff42d7-df5f-11de-bffc-00269e7335ee}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2007/07/14 15:28:32 | 00,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{d8ff42de-df5f-11de-bffc-00269e7335ee}\Shell - "" = AutoRun
O33 - MountPoints2\{d8ff42de-df5f-11de-bffc-00269e7335ee}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2007/07/14 15:28:32 | 00,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{d8ff42e0-df5f-11de-bffc-00269e7335ee}\Shell - "" = AutoRun
O33 - MountPoints2\{d8ff42e0-df5f-11de-bffc-00269e7335ee}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2007/07/14 15:28:32 | 00,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{f7845ef4-e0e7-11de-8972-00269e7335ee}\Shell - "" = AutoRun
O33 - MountPoints2\{f7845ef4-e0e7-11de-8972-00269e7335ee}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2007/07/14 15:28:32 | 00,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{f7845ef7-e0e7-11de-8972-00269e7335ee}\Shell - "" = AutoRun
O33 - MountPoints2\{f7845ef7-e0e7-11de-8972-00269e7335ee}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2007/07/14 15:28:32 | 00,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2007/07/14 15:28:32 | 00,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2009/12/27 17:22:00 | 00,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll
[2009/12/27 17:22:00 | 00,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2009/12/27 17:22:00 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2009/12/27 17:22:00 | 00,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll
[2009/12/27 17:22:00 | 00,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll
[2009/12/27 17:22:00 | 00,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2009/12/27 17:21:58 | 01,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll
[2009/12/27 17:21:58 | 01,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2009/12/27 17:21:58 | 00,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll
[2009/12/27 17:21:58 | 00,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2009/12/27 17:21:56 | 04,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll
[2009/12/27 17:21:56 | 03,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2009/12/25 23:58:42 | 15,061,528 | ---- | C] (Konami Digital Entertainment Co., Ltd.) -- C:\Users\kredit\Desktop\PES2010Patch103.exe
[2009/12/23 06:40:15 | 48,956,922 | ---- | C] (BioWare) -- C:\Users\kredit\Desktop\MassEffect.exe
[2009/12/23 03:48:07 | 00,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2009/12/23 03:41:04 | 00,112,512 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbmdm.sys
[2009/12/23 03:41:04 | 00,029,696 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\SysNative\drivers\ewdcsc.sys
[2009/12/23 00:19:20 | 00,000,000 | ---D | C] -- C:\Users\kredit\Documents\BioWare
[2009/12/23 00:18:39 | 00,000,000 | ---D | C] -- C:\ProgramData\Media Center Programs
[2009/12/23 00:18:34 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BioWare
[2009/12/23 00:02:51 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Mass Effect
[2009/12/22 06:14:50 | 00,000,000 | ---D | C] -- C:\Users\kredit\Desktop\New folder
[2009/12/19 08:15:28 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\FuzLez
[2009/12/17 22:17:57 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint
[2009/12/17 03:16:19 | 01,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2009/12/17 03:16:19 | 00,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2009/12/17 03:16:02 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2009/12/17 03:16:01 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2009/12/17 01:10:21 | 00,737,280 | ---- | C] (Microsoft Corp.) -- C:\Windows\System\msidcrl40.dll
[2009/12/17 01:07:30 | 10,155,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System\xlive.dll
[2009/12/16 11:25:26 | 00,000,000 | ---D | C] -- C:\Users\kredit\AppData\Local\Logitech
[2009/12/16 11:17:52 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Logitech
[2009/12/16 11:17:40 | 00,000,000 | ---D | C] -- C:\Program Files\Logitech
[2009/12/15 22:00:30 | 00,000,000 | ---D | C] -- C:\Users\kredit\AppData\Roaming\Malwarebytes
[2009/12/15 22:00:25 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2009/12/15 22:00:23 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/12/15 22:00:22 | 00,022,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2009/12/15 22:00:22 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2009/12/15 02:09:32 | 00,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2009/12/14 21:00:00 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\KeyTweak
[2009/12/14 05:01:00 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\AutoShutdown
[2009/12/14 00:49:42 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\AvastSS.scr
[2009/12/14 00:49:42 | 00,089,680 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2009/12/14 00:49:42 | 00,053,840 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2009/12/14 00:49:42 | 00,027,216 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2009/12/14 00:49:42 | 00,022,096 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2009/12/14 00:49:41 | 00,065,616 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2009/12/14 00:49:16 | 01,280,480 | ---- | C] (ALWIL Software) -- C:\Windows\SysWow64\aswBoot.exe
[2009/12/14 00:49:16 | 01,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC71.dll
[2009/12/14 00:49:15 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/12/13 18:02:15 | 00,000,000 | ---D | C] -- C:\Users\kredit\AppData\Roaming\BitTorrent
[2009/12/13 18:02:12 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\BitTorrent
[2009/12/13 03:11:37 | 00,000,000 | ---D | C] -- C:\Users\kredit\Documents\My Games
[2009/12/13 03:10:06 | 02,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll
[2009/12/13 03:10:06 | 01,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_41.dll
[2009/12/13 03:10:06 | 00,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll
[2009/12/13 03:10:06 | 00,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_41.dll
[2009/12/13 03:10:03 | 05,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll
[2009/12/13 03:10:01 | 00,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll
[2009/12/13 03:10:01 | 00,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll
[2009/12/13 03:10:01 | 00,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll
[2009/12/13 03:10:01 | 00,069,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2009/12/13 03:09:58 | 00,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll
[2009/12/13 03:09:58 | 00,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll
[2009/12/13 03:09:57 | 00,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll
[2009/12/13 03:09:57 | 00,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll
[2009/12/13 03:09:46 | 05,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll
[2009/12/13 03:09:46 | 04,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2009/12/13 03:09:46 | 02,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll
[2009/12/13 03:09:46 | 02,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2009/12/13 03:09:46 | 00,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll
[2009/12/13 03:09:46 | 00,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2009/12/13 03:09:45 | 00,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll
[2009/12/13 03:09:45 | 00,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2009/12/13 03:09:45 | 00,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2009/12/13 03:09:45 | 00,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll
[2009/12/13 03:09:45 | 00,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll
[2009/12/13 03:09:45 | 00,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2009/12/13 03:09:45 | 00,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll
[2009/12/13 03:09:45 | 00,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2009/12/13 03:09:42 | 00,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll
[2009/12/13 03:09:42 | 00,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll
[2009/12/13 03:09:42 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll
[2009/12/13 03:09:42 | 00,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll
[2009/12/13 03:09:42 | 00,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll
[2009/12/13 03:09:42 | 00,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll
[2009/12/13 03:09:41 | 01,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll
[2009/12/13 03:09:41 | 01,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll
[2009/12/13 03:09:41 | 00,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll
[2009/12/13 03:09:41 | 00,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll
[2009/12/13 03:09:41 | 00,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll
[2009/12/13 03:09:41 | 00,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll
[2009/12/13 03:09:40 | 04,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll
[2009/12/13 03:09:40 | 03,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll
[2009/12/13 03:08:10 | 00,000,000 | ---D | C] -- C:\Windows\D56B0E274A3E46C9B5C1D93D580C099C.TMP
[2009/12/13 02:55:22 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\2K Games
[2009/12/13 02:54:52 | 00,000,000 | ---D | C] -- C:\BDS
[2009/12/12 01:31:58 | 00,000,000 | ---D | C] -- C:\ProgramData\KONAMI
[2009/12/11 20:33:56 | 00,000,000 | ---D | C] -- C:\Users\kredit\AppData\Roaming\ZenCODE
[2009/12/11 20:33:51 | 01,066,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscomctl.ocx
[2009/12/11 19:35:04 | 00,380,928 | ---- | C] (WE-NG) -- C:\Users\kredit\Desktop\AFSExplorer.exe
[2009/12/09 19:11:49 | 00,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2009/12/09 19:11:43 | 00,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2009/12/09 19:11:43 | 00,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2009/12/09 19:11:41 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2009/12/09 19:11:15 | 00,499,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp71.dll
[2009/12/09 19:11:12 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Real
[2009/12/09 19:11:09 | 00,000,000 | ---D | C] -- C:\ProgramData\Real
[2009/12/09 19:11:09 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Real
[2009/12/09 19:11:04 | 00,000,000 | ---D | C] -- C:\Users\kredit\AppData\Roaming\Real
[2009/12/09 18:51:10 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll
[2009/12/09 18:51:10 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[2009/12/09 17:43:07 | 00,000,000 | ---D | C] -- C:\Users\kredit\AppData\Roaming\Steinberg
[2009/12/09 17:39:25 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Steinberg
[2009/12/09 17:38:18 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Syncrosoft
[2009/12/09 04:05:44 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2009/12/08 04:52:24 | 00,000,000 | ---D | C] -- C:\Program Files\Dolby
[2009/12/07 22:04:33 | 00,000,000 | ---D | C] -- C:\Users\kredit\AppData\Roaming\eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
[2009/12/07 21:48:31 | 00,000,000 | ---D | C] -- C:\Users\kredit\AppData\Roaming\InstallShield
[2009/12/07 21:01:41 | 00,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2009/12/06 23:46:18 | 00,000,000 | ---D | C] -- C:\Users\kredit\Documents\My Received Files
[2009/12/06 23:25:20 | 00,000,000 | ---D | C] -- C:\Users\kredit\Tracing
[2009/12/06 22:05:12 | 00,000,000 | ---D | C] -- C:\Users\kredit\AppData\Roaming\WinBatch
[2009/12/06 21:54:02 | 00,000,000 | ---D | C] -- C:\Users\kredit\AppData\Local\Adobe
[2009/12/06 16:55:16 | 00,000,000 | ---D | C] -- C:\Users\kredit\AppData\Local\TVU Networks
[2009/12/06 16:55:16 | 00,000,000 | ---D | C] -- C:\ProgramData\TVU Networks
[2009/12/06 16:53:21 | 00,000,000 | ---D | C] -- C:\Users\kredit\AppData\Roaming\TVU Networks
[2009/12/06 16:53:13 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\TVUPlayer
[2009/12/06 15:47:43 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\nagasoft
[2009/12/05 22:03:10 | 01,703,936 | ---- | C] (NCT Company) -- C:\Windows\SysWow64\NCTAudioFile.dll
[2009/12/05 22:03:10 | 01,388,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.000
[2009/12/05 22:03:10 | 00,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Comdlg32.ocx
[2009/12/05 22:03:10 | 00,073,785 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.001
[2009/12/05 22:03:10 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\MP3 Converter Simple
[2009/12/05 03:21:37 | 00,000,000 | ---D | C] -- C:\Users\kredit\AppData\Local\Conexant
[2009/12/04 19:05:54 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\CPU Thermometer
[2009/12/04 04:51:34 | 00,000,000 | ---D | C] -- C:\Users\kredit\AppData\Roaming\Creative
[2009/12/04 02:42:20 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Creative
[2009/12/04 02:42:14 | 00,000,000 | -H-D | C] -- C:\Program Files (x86)\Creative Installation Information
[2009/12/03 23:59:52 | 00,000,000 | ---D | C] -- C:\Users\kredit\AppData\Roaming\StreamTorrent
[2009/12/03 17:42:26 | 00,000,000 | ---D | C] -- C:\Windows\Sun
[2009/12/03 17:39:30 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2009/12/03 17:39:29 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2009/12/03 17:39:29 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2009/12/03 15:32:44 | 00,000,000 | ---D | C] -- C:\Program Files\Konami
[2009/12/03 15:24:52 | 00,000,000 | ---D | C] -- C:\Users\kredit\Documents\New folder (2)
[2009/12/03 14:59:44 | 00,000,000 | ---D | C] -- C:\Users\kredit\Documents\save
[2009/12/03 13:55:13 | 00,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2009/12/03 13:23:03 | 00,000,000 | ---D | C] -- C:\Users\kredit\Documents\KONAMI
[2009/12/03 12:20:32 | 00,000,000 | ---D | C] -- C:\Users\kredit\AppData\Local\FlatOut Ultimate Carnage
[2009/12/03 12:18:35 | 00,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll
[2009/12/03 12:18:35 | 00,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll
[2009/12/03 12:18:34 | 01,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll
[2009/12/03 12:18:34 | 01,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll
[2009/12/03 12:18:34 | 00,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll
[2009/12/03 12:18:34 | 00,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll
[2009/12/03 12:18:34 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll
[2009/12/03 12:18:34 | 00,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll
[2009/12/03 12:18:34 | 00,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll
[2009/12/03 12:18:34 | 00,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll
[2009/12/03 12:18:33 | 04,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll
[2009/12/03 12:18:33 | 03,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll
[2009/12/03 12:18:33 | 00,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_10.dll
[2009/12/03 12:18:33 | 00,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll
[2009/12/03 12:18:32 | 05,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_36.dll
[2009/12/03 12:18:32 | 03,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll
[2009/12/03 12:18:32 | 02,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_36.dll
[2009/12/03 12:18:32 | 01,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll
[2009/12/03 12:18:32 | 00,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_36.dll
[2009/12/03 12:18:32 | 00,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll
[2009/12/03 12:18:32 | 00,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll
[2009/12/03 12:18:32 | 00,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll
[2009/12/03 12:18:31 | 05,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll
[2009/12/03 12:18:31 | 03,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll
[2009/12/03 12:18:31 | 01,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll
[2009/12/03 12:18:31 | 01,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll
[2009/12/03 12:18:31 | 00,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll
[2009/12/03 12:18:31 | 00,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll
[2009/12/03 12:18:30 | 00,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll
[2009/12/03 12:18:30 | 00,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll
[2009/12/03 12:18:30 | 00,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_2.dll
[2009/12/03 12:18:30 | 00,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll
[2009/12/03 12:15:00 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Empire Interactive
[2009/12/03 03:25:12 | 00,000,000 | ---D | C] -- C:\Users\kredit\AppData\Local\Xmarks
[2009/12/03 03:14:00 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 4
[2009/12/02 20:55:30 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\SopCast
[2009/12/02 20:09:36 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Konami
[2009/12/02 20:03:41 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\silent hill
[2009/12/02 19:59:36 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Tradução
[2009/12/02 19:59:36 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Russify
[2009/12/02 19:58:34 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\movie
[2009/12/02 19:40:35 | 00,091,568 | ---- | C] (PowerISO Computing, Inc.) -- C:\Windows\SysNative\drivers\scdemu.sys
[2009/12/02 19:40:35 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\PowerISO
[2009/12/02 18:26:47 | 00,102,400 | ---- | C] (Creative Labs) -- C:\Windows\System\OpenAL32.dll
[2009/12/02 18:08:17 | 00,000,000 | ---D | C] -- C:\Users\kredit\AppData\Local\ElevatedDiagnostics
[2009/12/02 17:59:45 | 14,629,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2009/12/02 17:59:44 | 11,406,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2009/12/02 17:59:42 | 02,613,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2009/12/02 17:59:42 | 01,975,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CertEnroll.dll
[2009/12/02 17:59:42 | 01,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CertEnroll.dll
[2009/12/02 17:59:42 | 00,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2009/12/02 17:59:42 | 00,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2009/12/02 17:59:42 | 00,071,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2009/12/02 17:59:41 | 12,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2009/12/02 17:59:41 | 02,868,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2009/12/02 17:59:41 | 00,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2009/12/02 17:59:41 | 00,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2009/12/02 17:59:41 | 00,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2009/12/02 17:59:40 | 12,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2009/12/02 17:58:48 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msasn1.dll
[2009/12/02 17:35:46 | 00,000,000 | ---D | C] -- C:\Users\kredit\AppData\Local\Codemasters
[2009/12/02 17:32:09 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Huawei technologies
[2009/12/02 17:26:23 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\Codemasters
[2009/12/02 17:14:08 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Codemasters
[2009/12/02 17:08:55 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Toolbar
[2009/12/02 17:07:33 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2009/12/02 17:07:22 | 00,000,000 | ---D | C] -- C:\Users\kredit\AppData\Roaming\DAEMON Tools Lite
[2009/12/02 16:30:16 | 00,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2009/12/02 16:29:21 | 00,000,000 | ---D | C] -- C:\Program Files\PowerISO
[2009/12/02 16:28:53 | 00,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2009/12/02 16:16:17 | 00,000,000 | ---D | C] -- C:\Users\kredit\AppData\Local\Microsoft Games
[2009/12/01 22:33:20 | 00,000,000 | ---D | C] -- C:\Users\kredit\AppData\Local\TOSHIBA_Corporation
[2009/12/01 20:58:10 | 00,000,000 | ---D | C] -- C:\Users\kredit\Documents\Bioshock
[2009/12/01 20:58:10 | 00,000,000 | ---D | C] -- C:\Users\kredit\AppData\Roaming\Bioshock
[2009/12/01 20:58:07 | 00,000,000 | RH-D | C] -- C:\Users\kredit\AppData\Roaming\SecuROM
[2009/12/01 20:52:30 | 01,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll
[2009/12/01 20:52:30 | 01,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll
[2009/12/01 20:52:30 | 00,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll
[2009/12/01 20:52:30 | 00,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll
[2009/12/01 20:52:29 | 04,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll
[2009/12/01 20:52:29 | 03,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2009/12/01 20:52:29 | 00,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll
[2009/12/01 20:52:29 | 00,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2009/12/01 20:52:28 | 01,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll
[2009/12/01 20:52:28 | 01,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll
[2009/12/01 20:52:28 | 00,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll
[2009/12/01 20:52:28 | 00,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll
[2009/12/01 20:52:28 | 00,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll
[2009/12/01 20:52:28 | 00,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll
[2009/12/01 20:52:27 | 04,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll
[2009/12/01 20:52:27 | 03,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
[2009/12/01 20:52:27 | 00,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll
[2009/12/01 20:52:27 | 00,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll
[2009/12/01 20:52:26 | 00,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll
[2009/12/01 20:52:26 | 00,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll
[2009/12/01 20:52:26 | 00,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll
[2009/12/01 20:52:26 | 00,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll
[2009/12/01 20:52:22 | 00,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll
[2009/12/01 20:52:22 | 00,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll
[2009/12/01 20:52:22 | 00,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll
[2009/12/01 20:52:22 | 00,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll
[2009/12/01 20:52:21 | 03,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll
[2009/12/01 20:52:21 | 02,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2009/12/01 20:52:20 | 00,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll
[2009/12/01 20:52:20 | 00,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll
[2009/12/01 20:52:20 | 00,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll
[2009/12/01 20:52:20 | 00,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
[2009/12/01 20:52:20 | 00,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll
[2009/12/01 20:52:20 | 00,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
[2009/12/01 20:52:19 | 00,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll
[2009/12/01 20:52:19 | 00,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
[2009/12/01 20:52:19 | 00,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll
[2009/12/01 20:52:19 | 00,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[2009/12/01 20:52:13 | 03,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll
[2009/12/01 20:52:13 | 02,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2009/12/01 20:52:10 | 00,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll
[2009/12/01 20:52:10 | 00,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2009/12/01 20:52:10 | 00,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll
[2009/12/01 20:52:10 | 00,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
[2009/12/01 20:52:09 | 03,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll
[2009/12/01 20:52:09 | 03,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll
[2009/12/01 20:52:09 | 02,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2009/12/01 20:52:09 | 02,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2009/12/01 20:52:08 | 03,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll
[2009/12/01 20:52:08 | 03,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll
[2009/12/01 20:52:08 | 02,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll
[2009/12/01 20:52:08 | 02,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2009/12/01 20:52:07 | 03,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll
[2009/12/01 20:52:07 | 02,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
[2009/12/01 20:52:06 | 03,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll
[2009/12/01 20:52:06 | 02,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
[2009/12/01 20:42:38 | 00,000,000 | ---D | C] -- C:\Users\kredit\AppData\Roaming\WinRAR
[2009/12/01 20:38:07 | 00,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2009/12/01 20:32:53 | 00,000,000 | ---D | C] -- C:\Users\kredit\AppData\Roaming\Adobe
[2009/12/01 20:32:50 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2009/12/01 20:26:26 | 00,000,000 | ---D | C] -- C:\Mozilla Firefox
[2009/12/01 19:45:11 | 00,000,000 | ---D | C] -- C:\Users\kredit\AppData\Roaming\Mozilla
[2009/12/01 19:12:13 | 00,000,000 | ---D | C] -- C:\Users\kredit\AppData\Local\Mozilla
[2009/12/01 19:05:42 | 00,000,000 | ---D | C] -- C:\Users\kredit\AppData\Roaming\Toshiba
[2009/12/01 19:04:48 | 00,000,000 | ---D | C] -- C:\Users\kredit\AppData\Roaming\Google
[2009/12/01 19:04:47 | 00,000,000 | ---D | C] -- C:\Users\kredit\AppData\Local\Google
[2009/12/01 18:55:11 | 00,000,000 | ---D | C] -- C:\Users\kredit\Documents\Bluetooth
[2009/12/01 18:53:06 | 01,003,008 | ---- | C] (DiBcom SA) -- C:\Windows\SysNative\drivers\mod7700.sys
[2009/12/01 18:53:06 | 00,117,120 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbfake.sys
[2009/12/01 18:52:46 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Mobile Partner
[2009/12/01 18:51:33 | 00,000,000 | ---D | C] -- C:\Users\kredit\AppData\Roaming\TFPU
[2009/12/01 18:50:14 | 00,000,000 | ---D | C] -- C:\Users\kredit\AppData\Local\Toshiba
[2009/12/01 18:49:09 | 00,000,000 | R--D | C] -- C:\Users\kredit\Searches
[2009/12/01 18:48:59 | 00,000,000 | ---D | C] -- C:\Users\kredit\AppData\Roaming\Identities
[2009/12/01 18:48:56 | 00,000,000 | R--D | C] -- C:\Users\kredit\Contacts
[2009/12/01 18:48:51 | 00,000,000 | ---D | C] -- C:\Users\kredit\AppData\Local\VirtualStore
[2009/12/01 18:46:09 | 00,000,000 | ---D | C] -- C:\ProgramData\ToshibaEurope
[2009/12/01 18:45:56 | 00,000,000 | --SD | C] -- C:\Users\kredit\AppData\Roaming\Microsoft
[2009/12/01 18:45:56 | 00,000,000 | R--D | C] -- C:\Users\kredit\Saved Games
[2009/12/01 18:45:56 | 00,000,000 | R--D | C] -- C:\Users\kredit\Music
[2009/12/01 18:45:56 | 00,000,000 | R--D | C] -- C:\Users\kredit\Links
[2009/12/01 18:45:56 | 00,000,000 | R--D | C] -- C:\Users\kredit\Favorites
[2009/12/01 18:45:56 | 00,000,000 | R--D | C] -- C:\Users\kredit\Downloads
[2009/12/01 18:45:56 | 00,000,000 | R--D | C] -- C:\Users\kredit\Documents
[2009/12/01 18:45:56 | 00,000,000 | R--D | C] -- C:\Users\kredit\Desktop
[2009/12/01 18:45:56 | 00,000,000 | -HSD | C] -- C:\Users\kredit\AppData\Local\Temporary Internet Files
[2009/12/01 18:45:56 | 00,000,000 | -HSD | C] -- C:\Users\kredit\Templates
[2009/12/01 18:45:56 | 00,000,000 | -HSD | C] -- C:\Users\kredit\Start Menu
[2009/12/01 18:45:56 | 00,000,000 | -HSD | C] -- C:\Users\kredit\SendTo
[2009/12/01 18:45:56 | 00,000,000 | -HSD | C] -- C:\Users\kredit\Recent
[2009/12/01 18:45:56 | 00,000,000 | -HSD | C] -- C:\Users\kredit\PrintHood
[2009/12/01 18:45:56 | 00,000,000 | -HSD | C] -- C:\Users\kredit\NetHood
[2009/12/01 18:45:56 | 00,000,000 | -HSD | C] -- C:\Users\kredit\Documents\My Videos
[2009/12/01 18:45:56 | 00,000,000 | -HSD | C] -- C:\Users\kredit\Documents\My Pictures
[2009/12/01 18:45:56 | 00,000,000 | -HSD | C] -- C:\Users\kredit\Documents\My Music
[2009/12/01 18:45:56 | 00,000,000 | -HSD | C] -- C:\Users\kredit\My Documents
[2009/12/01 18:45:56 | 00,000,000 | -HSD | C] -- C:\Users\kredit\Local Settings
[2009/12/01 18:45:56 | 00,000,000 | -HSD | C] -- C:\Users\kredit\AppData\Local\History
[2009/12/01 18:45:56 | 00,000,000 | -HSD | C] -- C:\Users\kredit\Cookies
[2009/12/01 18:45:56 | 00,000,000 | -HSD | C] -- C:\Users\kredit\Application Data
[2009/12/01 18:45:56 | 00,000,000 | -HSD | C] -- C:\Users\kredit\AppData\Local\Application Data
[2009/12/01 18:45:56 | 00,000,000 | -H-D | C] -- C:\Users\kredit\AppData
[2009/12/01 18:45:56 | 00,000,000 | ---D | C] -- C:\Users\kredit\Videos
[2009/12/01 18:45:56 | 00,000,000 | ---D | C] -- C:\Users\kredit\AppData\Local\Temp
[2009/12/01 18:45:56 | 00,000,000 | ---D | C] -- C:\Users\kredit\Pictures
[2009/12/01 18:45:56 | 00,000,000 | ---D | C] -- C:\Users\kredit\AppData\Local\Microsoft
[2009/12/01 18:45:56 | 00,000,000 | ---D | C] -- C:\Users\kredit\AppData\Roaming\Media Center Programs
[2009/12/01 18:45:56 | 00,000,000 | ---D | C] -- C:\Users\kredit\AppData\Roaming\Macromedia
[2009/12/01 18:38:06 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\TSFM
[2009/12/01 18:37:24 | 00,140,632 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\TODDSrv.exe
[2009/12/01 18:37:15 | 00,000,000 | ---D | C] -- C:\Windows\OemDrv
[2009/12/01 18:36:56 | 00,047,928 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\TosVolRegulator_x64.exe
[2009/12/01 18:31:11 | 04,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll
[2009/12/01 18:31:11 | 00,482,384 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\drivers\tos_sps64.sys
[2009/12/01 18:30:56 | 00,035,008 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\drivers\PGEffect.sys
[2009/12/01 18:29:57 | 00,000,000 | ---D | C] -- C:\Program Files\Fingerprint Sensor
[2009/12/01 18:29:31 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\TOSHIBA Shared
[2009/12/01 18:29:31 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\TOSHIBA Shared
[2009/12/01 18:28:33 | 00,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2009/12/01 18:27:58 | 00,000,000 | ---D | C] -- C:\ProgramData\TOSHIBA
[2009/12/01 18:26:54 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\Atheros_L1e
[2009/12/01 18:25:54 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\tr
[2009/12/01 18:25:54 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\sv
[2009/12/01 18:25:54 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\sk
[2009/12/01 18:25:54 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\ru
[2009/12/01 18:25:54 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\pt
[2009/12/01 18:25:54 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\pl
[2009/12/01 18:25:54 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\no
[2009/12/01 18:25:54 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\nl
[2009/12/01 18:25:54 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\it
[2009/12/01 18:25:54 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\hu
[2009/12/01 18:25:54 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\fr
[2009/12/01 18:25:54 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\fi
[2009/12/01 18:25:54 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\es
[2009/12/01 18:25:54 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\el
[2009/12/01 18:25:54 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\de
[2009/12/01 18:25:54 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\da
[2009/12/01 18:25:54 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\cs
[2009/12/01 18:24:54 | 00,942,080 | ---- | C] (Realtek Semiconductor Corporation ) -- C:\Windows\SysNative\drivers\rtl8192se.sys
[2009/12/01 18:24:54 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek WLAN Driver
[2009/12/01 18:22:17 | 00,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2009/12/01 18:19:22 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\SDA
[2009/12/01 18:19:22 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\O2Micro
[2009/12/01 18:17:19 | 00,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2009/12/01 18:16:37 | 00,024,576 | ---- | C] (Toshiba) -- C:\Windows\SysWow64\TSCI.dll
[2009/12/01 18:16:37 | 00,024,576 | ---- | C] (Toshiba) -- C:\Windows\SysWow64\THCI.dll
[2009/12/01 18:15:35 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2009/12/01 18:14:10 | 00,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2009/12/01 18:12:42 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2009/12/01 18:12:42 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\AGEIA
[2009/12/01 18:12:26 | 00,541,216 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NVUNINST.EXE
[2009/12/01 18:10:39 | 00,408,600 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\iaStor.sys
[2009/12/01 18:09:09 | 00,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2009/12/01 18:09:09 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2009/12/01 18:08:35 | 00,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2009/12/01 18:05:38 | 00,000,000 | -HSD | C] -- C:\System Volume Information
[2009/11/30 18:02:40 | 00,171,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xliveinstall.dll
[2009/11/30 18:02:38 | 00,072,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xliveinstallhost.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/12/28 06:01:32 | 02,883,584 | -HS- | M] () -- C:\Users\kredit\ntuser.dat
[2009/12/28 05:55:24 | 00,001,576 | ---- | M] () -- C:\Users\kredit\Desktop\Document.rtf
[2009/12/28 00:25:29 | 00,002,274 | ---- | M] () -- C:\Users\kredit\Desktop\i belong o you.rtf
[2009/12/27 18:08:14 | 00,001,537 | ---- | M] () -- C:\Users\kredit\Desktop\OFDR - Shortcut.lnk
[2009/12/27 16:59:53 | 00,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2009/12/27 16:59:53 | 00,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2009/12/27 16:58:57 | 00,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2009/12/27 16:58:57 | 00,619,642 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2009/12/27 16:58:57 | 00,107,792 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2009/12/27 16:52:34 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/12/27 16:52:30 | 00,343,920 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2009/12/27 16:52:23 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/12/27 16:52:06 | 52,777,3695 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/27 15:57:07 | 11,671,892 | -H-- | M] () -- C:\Users\kredit\AppData\Local\IconCache.db
[2009/12/25 17:45:29 | 00,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2009/12/25 07:42:44 | 00,000,956 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
[2009/12/23 23:31:22 | 00,000,762 | ---- | M] () -- C:\Program Files (x86)\CoreTemp.ini
[2009/12/23 03:40:59 | 00,002,196 | ---- | M] () -- C:\Users\Public\Desktop\Mobile Connect.lnk
[2009/12/22 16:36:13 | 00,001,189 | ---- | M] () -- C:\Program Files (x86)\Core Temp - Shortcut.lnk
[2009/12/22 00:32:19 | 00,002,009 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/12/19 20:40:10 | 00,001,337 | ---- | M] () -- C:\Users\kredit\Desktop\Pro Evolution Soccer 2010 - Shortcut.lnk
[2009/12/18 10:39:26 | 40,147,706 | ---- | M] () -- C:\Users\kredit\Desktop\v71004T_20091210_x64.exe
[2009/12/17 23:43:31 | 00,079,168 | ---- | M] () -- C:\Users\kredit\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/12/17 18:34:56 | 04,065,424 | ---- | M] () -- C:\Users\kredit\Desktop\02 Maps And Legends.mp3
[2009/12/17 18:01:14 | 00,000,025 | ---- | M] () -- C:\Windows\cdplayer.ini
[2009/12/16 15:43:34 | 10,155,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System\xlive.dll
[2009/12/16 04:25:55 | 00,007,648 | ---- | M] () -- C:\Users\kredit\AppData\Local\resmon.resmoncfg
[2009/12/15 22:08:59 | 00,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2009/12/15 22:00:28 | 00,000,976 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/14 19:55:28 | 15,061,528 | ---- | M] (Konami Digital Entertainment Co., Ltd.) -- C:\Users\kredit\Desktop\PES2010Patch103.exe
[2009/12/14 16:45:50 | 00,081,234 | ---- | M] () -- C:\Users\kredit\Documents\cc_20091214_164544.reg
[2009/12/13 19:08:50 | 00,001,128 | ---- | M] () -- C:\Users\kredit\Desktop\Borderlands-MCE (2).lnk
[2009/12/13 16:45:04 | 00,000,600 | ---- | M] () -- C:\Users\kredit\PUTTY.RND
[2009/12/11 19:35:15 | 00,380,928 | ---- | M] (WE-NG) -- C:\Users\kredit\Desktop\AFSExplorer.exe
[2009/12/10 02:54:01 | 00,524,288 | -HS- | M] () -- C:\Users\kredit\ntuser.dat{529a004f-e4e7-11de-9d54-00269e7335ee}.TMContainer00000000000000000002.regtrans-ms
[2009/12/10 02:54:01 | 00,524,288 | -HS- | M] () -- C:\Users\kredit\ntuser.dat{529a004f-e4e7-11de-9d54-00269e7335ee}.TMContainer00000000000000000001.regtrans-ms
[2009/12/10 02:54:01 | 00,065,536 | -HS- | M] () -- C:\Users\kredit\ntuser.dat{529a004f-e4e7-11de-9d54-00269e7335ee}.TM.blf
[2009/12/09 19:11:49 | 00,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2009/12/09 19:11:43 | 00,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2009/12/09 19:11:43 | 00,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2009/12/09 19:11:15 | 00,499,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp71.dll
[2009/12/09 19:11:15 | 00,348,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr71.dll
[2009/12/09 19:11:15 | 00,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll
[2009/12/09 04:05:47 | 00,001,892 | ---- | M] () -- C:\Users\kredit\Desktop\CCleaner.lnk
[2009/12/07 22:10:57 | 00,000,000 | ---- | M] () -- C:\Users\kredit\AppData\Roaming\wklnhst.dat
[2009/12/07 21:37:18 | 00,524,288 | -HS- | M] () -- C:\Users\kredit\ntuser.dat{852ad565-e36b-11de-b083-00269e7335ee}.TMContainer00000000000000000002.regtrans-ms
[2009/12/07 21:37:18 | 00,524,288 | -HS- | M] () -- C:\Users\kredit\ntuser.dat{852ad565-e36b-11de-b083-00269e7335ee}.TMContainer00000000000000000001.regtrans-ms
[2009/12/07 21:37:18 | 00,065,536 | -HS- | M] () -- C:\Users\kredit\ntuser.dat{852ad565-e36b-11de-b083-00269e7335ee}.TM.blf
[2009/12/07 18:06:40 | 00,000,025 | ---- | M] () -- C:\Windows\SysWow64\sysogg.dll
[2009/12/03 21:49:29 | 00,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2009/12/03 16:13:58 | 00,022,104 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2009/12/03 14:50:56 | 00,524,288 | -HS- | M] () -- C:\Users\kredit\ntuser.dat{efb1a274-e010-11de-b881-00269e7335ee}.TMContainer00000000000000000002.regtrans-ms
[2009/12/03 14:50:56 | 00,524,288 | -HS- | M] () -- C:\Users\kredit\ntuser.dat{efb1a274-e010-11de-b881-00269e7335ee}.TMContainer00000000000000000001.regtrans-ms
[2009/12/03 14:50:56 | 00,065,536 | -HS- | M] () -- C:\Users\kredit\ntuser.dat{efb1a274-e010-11de-b881-00269e7335ee}.TM.blf
[2009/12/03 14:44:55 | 00,524,288 | -HS- | M] () -- C:\Users\kredit\ntuser.dat{099f17e4-e00c-11de-af6a-00269e7335ee}.TMContainer00000000000000000002.regtrans-ms
[2009/12/03 14:44:55 | 00,524,288 | -HS- | M] () -- C:\Users\kredit\ntuser.dat{099f17e4-e00c-11de-af6a-00269e7335ee}.TMContainer00000000000000000001.regtrans-ms
[2009/12/03 14:44:55 | 00,065,536 | -HS- | M] () -- C:\Users\kredit\ntuser.dat{099f17e4-e00c-11de-af6a-00269e7335ee}.TM.blf
[2009/12/03 13:55:13 | 00,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2009/12/02 20:05:02 | 00,043,520 | ---- | M] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2009/12/02 17:08:06 | 00,834,544 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys
[2009/12/01 22:33:24 | 00,524,288 | -HS- | M] () -- C:\Users\kredit\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2009/12/01 22:33:24 | 00,524,288 | -HS- | M] () -- C:\Users\kredit\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2009/12/01 22:33:24 | 00,065,536 | -HS- | M] () -- C:\Users\kredit\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2009/12/01 21:19:59 | 00,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2009/12/01 18:45:56 | 00,000,020 | -HS- | M] () -- C:\Users\kredit\ntuser.ini
[2009/12/01 18:43:00 | 00,039,252 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2009/12/01 18:43:00 | 00,039,252 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2009/12/01 18:39:56 | 00,000,000 | RHS- | M] () -- C:\Windows\SysWow64\drivers\TOSHIBA_QOSMIO X500_10466-N5_PQX33E-00U00.MRK
[2009/12/01 18:33:03 | 00,000,000 | ---- | M] () -- C:\Windows\NDSTray.INI
[2009/12/01 18:29:59 | 00,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ATSwpWDF_01007.Wdf
[2009/12/01 18:25:50 | 00,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01007.Wdf
[2009/11/30 18:02:40 | 00,171,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\xliveinstall.dll
[2009/11/30 18:02:38 | 00,072,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\xliveinstallhost.exe
[2009/11/30 02:56:33 | 00,242,062 | ---- | M] () -- C:\Users\kredit\Desktop\1259544972456.jpg
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/28 05:55:24 | 00,001,576 | ---- | C] () -- C:\Users\kredit\Desktop\Document.rtf
[2009/12/27 18:08:14 | 00,001,537 | ---- | C] () -- C:\Users\kredit\Desktop\OFDR - Shortcut.lnk
[2009/12/23 03:40:59 | 00,002,196 | ---- | C] () -- C:\Users\Public\Desktop\Mobile Connect.lnk
[2009/12/22 18:01:52 | 00,000,956 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
[2009/12/22 16:36:13 | 00,001,189 | ---- | C] () -- C:\Program Files (x86)\Core Temp - Shortcut.lnk
[2009/12/22 16:36:08 | 00,000,762 | ---- | C] () -- C:\Program Files (x86)\CoreTemp.ini
[2009/12/22 00:32:19 | 00,002,009 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/12/19 20:40:10 | 00,001,337 | ---- | C] () -- C:\Users\kredit\Desktop\Pro Evolution Soccer 2010 - Shortcut.lnk
[2009/12/19 02:53:00 | 40,147,706 | ---- | C] () -- C:\Users\kredit\Desktop\v71004T_20091210_x64.exe
[2009/12/17 18:01:14 | 00,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/12/15 22:08:59 | 00,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/12/15 22:00:28 | 00,000,976 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/14 16:45:47 | 00,081,234 | ---- | C] () -- C:\Users\kredit\Documents\cc_20091214_164544.reg
[2009/12/14 00:49:41 | 00,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2009/12/13 19:08:50 | 00,001,128 | ---- | C] () -- C:\Users\kredit\Desktop\Borderlands-MCE (2).lnk
[2009/12/09 18:36:48 | 00,524,288 | -HS- | C] () -- C:\Users\kredit\ntuser.dat{529a004f-e4e7-11de-9d54-00269e7335ee}.TMContainer00000000000000000002.regtrans-ms
[2009/12/09 18:36:48 | 00,524,288 | -HS- | C] () -- C:\Users\kredit\ntuser.dat{529a004f-e4e7-11de-9d54-00269e7335ee}.TMContainer00000000000000000001.regtrans-ms
[2009/12/09 18:36:48 | 00,065,536 | -HS- | C] () -- C:\Users\kredit\ntuser.dat{529a004f-e4e7-11de-9d54-00269e7335ee}.TM.blf
[2009/12/09 04:05:47 | 00,001,892 | ---- | C] () -- C:\Users\kredit\Desktop\CCleaner.lnk
[2009/12/07 22:10:57 | 00,000,000 | ---- | C] () -- C:\Users\kredit\AppData\Roaming\wklnhst.dat
[2009/12/07 21:23:16 | 00,524,288 | -HS- | C] () -- C:\Users\kredit\ntuser.dat{852ad565-e36b-11de-b083-00269e7335ee}.TMContainer00000000000000000002.regtrans-ms
[2009/12/07 21:23:16 | 00,524,288 | -HS- | C] () -- C:\Users\kredit\ntuser.dat{852ad565-e36b-11de-b083-00269e7335ee}.TMContainer00000000000000000001.regtrans-ms
[2009/12/07 21:23:16 | 00,065,536 | -HS- | C] () -- C:\Users\kredit\ntuser.dat{852ad565-e36b-11de-b083-00269e7335ee}.TM.blf
[2009/12/06 05:01:59 | 00,472,592 | ---- | C] () -- C:\Program Files (x86)\Core Temp.exe
[2009/12/05 22:05:38 | 00,000,025 | ---- | C] () -- C:\Windows\SysWow64\sysogg.dll
[2009/12/05 22:03:10 | 00,380,928 | ---- | C] () -- C:\Windows\SysWow64\actskin4.ocx
[2009/12/05 22:03:10 | 00,233,472 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2009/12/05 21:57:34 | 04,065,424 | ---- | C] () -- C:\Users\kredit\Desktop\02 Maps And Legends.mp3
[2009/12/05 18:35:54 | 00,000,600 | ---- | C] () -- C:\Users\kredit\PUTTY.RND
[2009/12/05 00:44:18 | 00,007,062 | ---- | C] () -- C:\Windows\SysWow64\audiopid.vxd
[2009/12/03 21:49:29 | 00,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2009/12/03 14:48:14 | 00,524,288 | -HS- | C] () -- C:\Users\kredit\ntuser.dat{efb1a274-e010-11de-b881-00269e7335ee}.TMContainer00000000000000000002.regtrans-ms
[2009/12/03 14:48:14 | 00,524,288 | -HS- | C] () -- C:\Users\kredit\ntuser.dat{efb1a274-e010-11de-b881-00269e7335ee}.TMContainer00000000000000000001.regtrans-ms
[2009/12/03 14:48:14 | 00,065,536 | -HS- | C] () -- C:\Users\kredit\ntuser.dat{efb1a274-e010-11de-b881-00269e7335ee}.TM.blf
[2009/12/03 14:37:55 | 00,524,288 | -HS- | C] () -- C:\Users\kredit\ntuser.dat{099f17e4-e00c-11de-af6a-00269e7335ee}.TMContainer00000000000000000002.regtrans-ms
[2009/12/03 14:37:55 | 00,524,288 | -HS- | C] () -- C:\Users\kredit\ntuser.dat{099f17e4-e00c-11de-af6a-00269e7335ee}.TMContainer00000000000000000001.regtrans-ms
[2009/12/03 14:37:55 | 00,065,536 | -HS- | C] () -- C:\Users\kredit\ntuser.dat{099f17e4-e00c-11de-af6a-00269e7335ee}.TM.blf
[2009/12/03 14:09:00 | 00,007,648 | ---- | C] () -- C:\Users\kredit\AppData\Local\resmon.resmoncfg
[2009/12/02 20:05:02 | 00,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2009/12/02 17:08:06 | 00,834,544 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys
[2009/12/01 21:19:59 | 00,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2009/12/01 18:45:56 | 00,524,288 | -HS- | C] () -- C:\Users\kredit\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2009/12/01 18:45:56 | 00,524,288 | -HS- | C] () -- C:\Users\kredit\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2009/12/01 18:45:56 | 00,065,536 | -HS- | C] () -- C:\Users\kredit\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2009/12/01 18:45:56 | 00,000,020 | -HS- | C] () -- C:\Users\kredit\ntuser.ini
[2009/12/01 18:45:55 | 02,883,584 | -HS- | C] () -- C:\Users\kredit\ntuser.dat
[2009/12/01 18:39:56 | 00,000,000 | RHS- | C] () -- C:\Windows\SysWow64\drivers\TOSHIBA_QOSMIO X500_10466-N5_PQX33E-00U00.MRK
[2009/12/01 18:33:03 | 00,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2009/12/01 18:29:59 | 00,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ATSwpWDF_01007.Wdf
[2009/12/01 18:25:50 | 00,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01007.Wdf
[2009/12/01 18:19:23 | 00,032,768 | ---- | C] () -- C:\Windows\SysWow64\TSshellexD.dll
[2009/12/01 18:05:38 | 52,777,3695 | -HS- | C] () -- C:\hiberfil.sys
[2009/11/30 02:56:31 | 00,242,062 | ---- | C] () -- C:\Users\kredit\Desktop\1259544972456.jpg
[2009/11/06 10:58:04 | 00,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009/08/03 01:21:54 | 00,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009/08/03 01:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009/08/03 01:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009/08/03 01:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009/08/03 01:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009/08/03 01:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009/08/03 01:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009/08/03 01:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009/08/03 01:21:52 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009/08/03 01:21:52 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2009/07/14 00:42:10 | 00,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 00,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== Custom Scans ==========



< MD5 for: AGP440.SYS >
[2009/07/14 02:52:21 | 00,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/14 02:52:21 | 00,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/14 02:52:21 | 00,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/14 02:52:21 | 00,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/14 02:15:06 | 00,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 02:15:06 | 00,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 02:15:06 | 00,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 02:40:20 | 00,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: IASTOR.SYS >
[2009/06/04 19:54:36 | 00,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009/06/04 19:54:36 | 00,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysWow64\DriverStore\FileRepository\iaahci.inf_amd64_neutral_7fb62b08f6b7117a\iaStor.sys
[2009/06/04 19:43:16 | 00,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys

< MD5 for: IASTORV.SYS >
[2009/07/14 02:48:04 | 00,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 02:48:04 | 00,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/14 02:41:52 | 00,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/14 02:16:02 | 00,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 02:16:02 | 00,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 02:16:02 | 00,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/14 02:45:45 | 00,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 02:45:45 | 00,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/14 02:16:13 | 00,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 02:16:13 | 00,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 02:16:13 | 00,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 02:41:53 | 00,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
< End of report >

#4 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:09:25 AM

Posted 28 December 2009 - 12:53 AM

Hi kredit,

Have you tried to reinstall Firefox so that remove its profile first too?

Start MBAM, update definitions on update tab, run quick scan (letting found items be deleted). Post back the report.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#5 kredit

kredit
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 28 December 2009 - 01:40 AM

ok! but I have to go offline now but will check first thing tomorow. Thanks again!

#6 kredit

kredit
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 28 December 2009 - 11:11 AM

I tried the firefox stuff. Its happened before and will try reinstall.

heres the lateset mbam log. Is my baby virus free,doc? Looks good and will send you a cake!

Malwarebytes' Anti-Malware 1.42
Database version: 3444
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

28/12/2009 17:10:37
mbam-log-2009-12-28 (17-10-37).txt

Scan type: Quick Scan
Objects scanned: 90563
Time elapsed: 2 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#7 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:09:25 AM

Posted 28 December 2009 - 03:24 PM

That log looks good at least :(

See if Firefox reinstallation (profile included) fixes the issue and let me know.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#8 kredit

kredit
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 28 December 2009 - 08:59 PM

nope,firefox crashes still. Safe mode is ok but after reinstall and wiped profile no luck...any ideas? It might be windows 7 64 bit problem. I heard other people having trouble. Anyhow, not a big deal you probably have bigger viruses to hunt...thanks agin and good luck! kredit

#9 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:09:25 AM

Posted 29 December 2009 - 12:17 AM

Yep, betas have their own defects. Happy Upcoming New Year :(

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#10 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:09:25 AM

Posted 03 January 2010 - 05:22 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :(

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users