Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Wintools, Trojan


  • This topic is locked This topic is locked
9 replies to this topic

#1 kaypat

kaypat

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:44 AM

Posted 22 October 2010 - 08:56 AM

Hi...need help with my pc...hijack this log coming later below....keep getting "Generic processing error for Win32" when I run Windows XP. My Trend Micro Titanium has also spotted a few trojans..some removed...others just detected. The latest one moved to this spot.

C:\RECYCLER\S-1-5-21-12879109-3873184889-947785861-1005\Dc83.exe

Another just found here...

C:\System Volume Information\_restore{D4FC4288-AED1-478C-B27D-F4DBE4700DFF}\RP474\A0208982.exe

Hijack this log below...any help greatly appreciated. Thanks
:thumbup2:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:29:16 AM, on 10/22/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\Explorer.EXE
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\WINDOWS\system32\00THotkey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\system32\TPSODDCtl.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail.frontiernet.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Helper Object - {AFD4AD01-58C1-47DB-A404-FBE00A6C5486} - (no file)
O2 - BHO: TmBpIeBHO - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
O4 - HKLM\..\Run: [ehTray] "C:\WINDOWS\ehome\ehtray.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [AGRSMMSG] "C:\WINDOWS\AGRSMMSG.exe"
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [ThpSrv] "C:\WINDOWS\system32\ThpSrv.exe" /logon
O4 - HKLM\..\Run: [00THotkey] "C:\WINDOWS\system32\00THotkey.exe"
O4 - HKLM\..\Run: [000StTHK] "C:\WINDOWS\system32\000StTHK.exe"
O4 - HKLM\..\Run: [TPSMain] "C:\WINDOWS\system32\TPSMain.exe"
O4 - HKLM\..\Run: [TPSODDCtl] "C:\WINDOWS\system32\TPSODDCtl.exe"
O4 - HKLM\..\Run: [TFNF5] "C:\WINDOWS\system32\TFNF5.exe"
O4 - HKLM\..\Run: [TOSDCR] "C:\WINDOWS\system32\TOSDCR.EXE"
O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe"
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [TouchED] "C:\Program Files\TOSHIBA\TouchED\TouchED.Exe"
O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
O4 - HKLM\..\Run: [igfxtray] "C:\WINDOWS\system32\igfxtray.exe"
O4 - HKLM\..\Run: [igfxhkcmd] "C:\WINDOWS\system32\hkcmd.exe"
O4 - HKLM\..\Run: [igfxpers] "C:\WINDOWS\system32\igfxpers.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [MSKDetectorExe] "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" /uninstall
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
O4 - HKLM\..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe -set Silent "1" SplashURL ""
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [TOSCDSPD] "C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [{A44F2278-CAFA-C634-7862-4A08F7B90738}] "C:\Documents and Settings\Owner\Application Data\Odywu\pufog.exe"
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://cbs.webex.com/client/T26L/webex/ieatgpc.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll
O18 - Filter hijack: text/html - {78e12c6e-492b-4512-9542-2bda82f385cc} - C:\WINDOWS\msvideo.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 12510 bytes

BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,257 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:44 PM

Posted 31 October 2010 - 04:30 AM

Hello ,
And :welcome: to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Quick Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download Rootkit Unhooker and save it to your Desktop
  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop
Copy the entire contents of the report and paste it in a reply here.

Note - you may get this warning it is ok, just ignore: "Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 kaypat

kaypat
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:44 AM

Posted 02 November 2010 - 08:00 AM

Elise,

Followed instructions you listed. Still getting "generic host process for win32 services has encountered a problem and needs to close" error message.

Here are the following logs posted from the programs you asked me to run. Thanks!

Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,015.00 Mb Total Physical Memory | 413.00 Mb Available Physical Memory | 41.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 92.97 Gb Total Space | 44.39 Gb Free Space | 47.75% Space Free | Partition Type: NTFS

Computer Name: TOSHIBA-USER | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/02 08:44:34 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2010/10/27 17:22:44 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010/09/24 17:35:56 | 001,006,672 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
PRC - [2010/09/24 17:35:56 | 000,112,632 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
PRC - [2010/09/24 17:34:56 | 000,138,640 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
PRC - [2010/08/25 22:49:30 | 000,196,320 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
PRC - [2008/12/18 10:47:08 | 009,158,656 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/27 18:13:44 | 000,385,024 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
PRC - [2006/07/05 15:14:30 | 000,258,048 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\00THotkey.exe
PRC - [2006/05/25 21:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TODDSrv.exe
PRC - [2006/05/05 20:39:54 | 000,046,592 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\psqltray.exe
PRC - [2006/04/25 20:57:00 | 000,299,008 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Direct Disc Writer\DDWMon.exe
PRC - [2006/04/24 22:54:14 | 000,110,592 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSODDCtl.exe
PRC - [2006/04/24 22:54:12 | 000,315,392 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe
PRC - [2006/04/24 22:54:04 | 000,045,056 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2006/03/16 20:34:48 | 000,593,920 | ---- | M] (TOSHIBA Corp.) -- C:\WINDOWS\system32\TFNF5.exe
PRC - [2006/01/19 09:22:20 | 000,049,152 | ---- | M] (Pinnacle Systems) -- c:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
PRC - [2005/12/20 15:46:20 | 000,176,128 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\ThpSrv.exe
PRC - [2005/12/06 01:06:10 | 001,077,322 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\Touch and Launch\PadExe.exe
PRC - [2005/12/05 16:37:40 | 000,667,718 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2005/11/28 15:41:50 | 000,602,182 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2005/11/28 15:37:52 | 000,397,381 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2005/11/28 15:31:32 | 000,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2005/11/28 15:29:00 | 000,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2005/11/28 15:28:14 | 000,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2005/11/02 19:41:04 | 000,978,944 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2005/07/12 20:14:42 | 000,040,960 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
PRC - [2005/06/28 23:43:00 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TouchED\TouchED.exe
PRC - [2005/05/20 11:11:06 | 000,925,696 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2005/05/17 14:42:02 | 000,049,152 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Wireless Hotkey\TosHKCW.exe
PRC - [2005/01/17 19:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2004/12/30 03:32:20 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2004/08/28 03:37:00 | 000,155,648 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMASST.exe
PRC - [2004/08/28 03:33:00 | 000,110,592 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe


========== Modules (SafeList) ==========

MOD - [2010/11/02 08:44:34 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2010/08/25 22:49:30 | 000,196,320 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe -- (Amsp)
SRV - [2008/12/18 10:47:08 | 009,158,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe -- (MSSQL$PINNACLESYS)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2006/05/25 21:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\TODDSrv.exe -- (TODDSrv)
SRV - [2006/01/19 09:22:20 | 000,049,152 | ---- | M] (Pinnacle Systems) [Auto | Running] -- c:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe -- (PinnacleSys.MediaServer)
SRV - [2005/12/20 15:46:20 | 000,176,128 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\ThpSrv.exe -- (Thpsrv)
SRV - [2005/11/28 15:31:32 | 000,540,745 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2005/11/28 15:29:00 | 000,114,753 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2005/11/28 15:28:14 | 000,217,164 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2005/07/12 20:14:42 | 000,040,960 | ---- | M] () [Auto | Running] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2005/05/03 21:42:56 | 000,323,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE -- (SQLAgent$PINNACLESYS)
SRV - [2005/01/17 19:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2004/08/28 03:33:00 | 000,110,592 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)


========== Driver Services (SafeList) ==========

DRV - [2010/09/24 17:35:10 | 000,189,520 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2010/09/24 17:35:10 | 000,092,112 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2010/09/24 17:35:10 | 000,080,464 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2010/09/24 17:35:10 | 000,064,080 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/09/04 01:14:06 | 000,006,528 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Thpevm.SYS -- (Thpevm)
DRV - [2006/08/18 23:03:48 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2006/06/28 14:50:00 | 000,098,816 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tdudf.sys -- (tdudf)
DRV - [2006/05/30 19:42:52 | 000,045,696 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs)
DRV - [2006/05/05 21:00:02 | 000,013,568 | ---- | M] (UPEK Inc.) [File_System | Auto | Running] -- C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys -- (FdRedir)
DRV - [2006/05/05 20:59:52 | 000,033,024 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys -- (FileDisk2)
DRV - [2006/05/05 20:43:38 | 000,028,800 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tcusb.sys -- (TcUsb)
DRV - [2006/05/05 20:33:04 | 000,003,456 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\Protector Suite QL\smihlp.sys -- (smihlp)
DRV - [2006/04/01 20:46:28 | 000,471,264 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2006/03/21 20:18:58 | 000,179,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2006/03/02 21:49:00 | 000,015,360 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/02/28 16:36:20 | 000,176,128 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2005/12/26 17:33:26 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\TVALZ.SYS -- (TVALZ)
DRV - [2005/12/13 12:08:44 | 001,124,097 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/12/05 04:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2005/11/30 13:12:36 | 000,162,560 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/11/28 16:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/09/09 17:47:10 | 000,009,344 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2005/08/24 18:20:28 | 000,009,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (tbiosdrv)
DRV - [2005/06/02 19:28:38 | 000,171,008 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2005/06/02 06:33:00 | 000,102,384 | ---- | M] (Matsubleepa Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2005/02/23 17:40:26 | 000,011,264 | ---- | M] (VOB Computersysteme GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2K)
DRV - [2005/02/09 11:59:00 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI)
DRV - [2004/12/28 02:31:50 | 000,016,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\thpdrv.sys -- (Thpdrv)
DRV - [2004/05/08 23:38:06 | 000,101,833 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/09/19 04:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/09/11 02:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2003/01/29 17:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2003/01/10 16:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart

IE - HKU\S-1-5-21-12879109-3873184889-947785861-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-12879109-3873184889-947785861-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://webmail.frontiernet.net/
IE - HKU\S-1-5-21-12879109-3873184889-947785861-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension\ [2010/09/24 17:44:43 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/10/27 12:52:05 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
O3 - HKU\S-1-5-21-12879109-3873184889-947785861-1005\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [000StTHK] C:\WINDOWS\System32\000StTHK.exe ()
O4 - HKLM..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe ()
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe (TOSHIBA)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [TFNF5] C:\WINDOWS\System32\TFNF5.exe (TOSHIBA Corp.)
O4 - HKLM..\Run: [ThpSrv] C:\WINDOWS\System32\ThpSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TOSDCR] C:\WINDOWS\System32\TOSDCR.EXE (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosHKCW.exe] C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPSODDCtl] C:\WINDOWS\System32\TPSODDCtl.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)
O4 - HKU\S-1-5-21-12879109-3873184889-947785861-1005..\Run: [{A44F2278-CAFA-C634-7862-4A08F7B90738}] C:\Documents and Settings\Owner\Application Data\Odywu\pufog.exe File not found
O4 - HKU\S-1-5-21-12879109-3873184889-947785861-1005..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-12879109-3873184889-947785861-1005..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (TOSHIBA)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsubleepa Electric Industrial Co., Ltd.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-12879109-3873184889-947785861-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: &Translate English Word - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Translate Page into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/Dcode/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab (Windows Live Safety Center Base Module)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://cbs.webex.com/client/T26L/webex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-12879109-3873184889-947785861-1005 Winlogon: Shell - (EXPLORER.EXE) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\psfus: DllName - psqlpwd.dll - C:\WINDOWS\System32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Satellite.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Satellite.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/28 16:27:28 | 000,000,095 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/02 08:44:24 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/11/01 22:21:04 | 000,000,000 | R-SD | C] -- C:\Documents and Settings\Owner\My Documents\My Safe
[2010/11/01 15:34:09 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/10/25 15:31:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
[2010/10/25 15:31:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/10/25 15:31:21 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/10/25 15:30:27 | 009,578,056 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Owner\Desktop\SUPERAntiSpyware.exe
[2010/10/22 09:28:19 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Owner\Desktop\HijackThis.exe
[2010/10/21 13:00:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2010/10/21 12:54:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\System Cleaner
[2010/10/18 12:18:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Slimware Utilities Inc
[2010/10/18 12:18:35 | 000,000,000 | ---D | C] -- C:\Program Files\SlimComputer
[2010/10/18 12:18:08 | 000,000,000 | ---D | C] -- C:\Program Files\Downloaded Installers
[2010/10/07 07:05:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/02 08:44:34 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/11/02 08:40:59 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/02 08:28:27 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/11/02 08:13:58 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/11/02 08:13:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/02 08:13:53 | 1064,554,496 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/01 23:07:59 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/11/01 22:39:30 | 001,745,518 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\BIG EAST WSoc 11-1-10.pdf
[2010/11/01 16:41:09 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/11/01 15:34:18 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/11/01 15:21:12 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/31 14:31:27 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/10/31 14:31:27 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/10/31 14:31:27 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/10/31 14:31:27 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/10/31 10:35:22 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/10/29 21:28:45 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/10/29 21:23:13 | 000,037,888 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\knapp schedule 10-11.xls
[2010/10/29 13:03:23 | 000,138,526 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MWC FB Notes 10-28-10.pdf
[2010/10/29 10:59:34 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/10/27 17:27:15 | 000,469,504 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\2010-11 FBS Instant Replay Statistics Week 8.xls
[2010/10/27 17:25:02 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/10/27 13:07:24 | 000,000,443 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\uncle karl.rtf
[2010/10/27 09:16:22 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/10/27 09:16:22 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/10/27 09:16:22 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/10/26 11:34:30 | 000,033,764 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\knapp hoops 2011.rtf
[2010/10/25 18:13:49 | 001,519,505 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\BIG EAST WSoc 10-25-10.pdf
[2010/10/25 16:08:24 | 000,000,138 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2010/10/25 15:31:29 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/10/25 15:30:27 | 009,578,056 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Owner\Desktop\SUPERAntiSpyware.exe
[2010/10/25 13:25:53 | 000,000,010 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\install
[2010/10/25 13:25:01 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/10/25 13:25:01 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/10/25 13:25:01 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/10/25 13:25:01 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/10/25 13:25:01 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/10/25 13:25:01 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/10/25 13:25:01 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/10/25 13:25:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/10/25 10:31:14 | 000,002,736 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\masn ga. tech flight.rtf
[2010/10/23 15:48:44 | 000,007,847 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\d2 stuff for semis.rtf
[2010/10/23 15:46:23 | 000,004,612 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\air force info.rtf
[2010/10/23 14:42:31 | 000,038,487 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\masn possibles.rtf
[2010/10/23 11:10:27 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/10/22 12:56:23 | 000,005,101 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\WILMINGTON FLIGHT MASN.rtf
[2010/10/22 10:19:31 | 000,122,672 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\fbcsu2010.pdf
[2010/10/22 09:49:01 | 000,002,609 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\log2.CSV
[2010/10/22 09:28:26 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Owner\Desktop\HijackThis.exe
[2010/10/21 11:38:23 | 000,087,966 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\4-3 DEF_COLOR MASTER_1011.xlsx
[2010/10/21 11:38:18 | 000,079,648 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\3-4 DEF_COLOR MASTER.xlsx
[2010/10/21 11:36:54 | 000,111,104 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\'10 EAST CAROLINA @ UAB.doc
[2010/10/19 17:21:56 | 000,258,048 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\2010 Fall Remote Grid.xls
[2010/10/19 15:23:02 | 000,019,348 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\odim out for season.rtf
[2010/10/19 14:07:24 | 000,006,136 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\aurich.rtf
[2010/10/19 09:13:08 | 000,032,067 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\a-10 womens tv schedule.rtf
[2010/10/18 18:55:43 | 000,006,343 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ucf a10 vball.rtf
[2010/10/18 17:42:38 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\new mex dude.rtf
[2010/10/18 15:22:12 | 000,010,555 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Providence_10.17.pdf
[2010/10/18 12:18:38 | 000,001,856 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SlimComputer.lnk
[2010/10/17 16:40:29 | 000,002,838 | ---- | M] () -- C:\WINDOWS\machine.ver
[2010/10/12 16:10:24 | 000,001,242 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ecu flagrant hit.rtf
[2010/10/07 07:05:53 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/10/05 12:43:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/01 22:39:19 | 001,745,518 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\BIG EAST WSoc 11-1-10.pdf
[2010/10/29 13:03:19 | 000,138,526 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MWC FB Notes 10-28-10.pdf
[2010/10/27 17:27:12 | 000,469,504 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\2010-11 FBS Instant Replay Statistics Week 8.xls
[2010/10/27 13:07:24 | 000,000,443 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\uncle karl.rtf
[2010/10/25 18:13:40 | 001,519,505 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\BIG EAST WSoc 10-25-10.pdf
[2010/10/25 15:31:29 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/10/25 14:05:37 | 1064,554,496 | -HS- | C] () -- C:\hiberfil.sys
[2010/10/25 13:25:53 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\install
[2010/10/25 13:25:03 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/10/25 13:25:03 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/10/25 13:25:03 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/10/25 13:25:03 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/10/25 13:25:03 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/10/25 13:25:03 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/10/25 13:25:02 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/10/25 13:25:02 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/10/25 13:25:02 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/10/25 13:25:02 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/10/25 13:25:02 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/10/25 13:25:02 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/10/25 13:25:01 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/10/25 13:25:01 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/10/25 13:25:01 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/10/25 13:25:01 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/10/25 13:25:00 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/10/25 13:25:00 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/10/25 13:25:00 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/10/25 13:24:59 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/10/25 13:24:59 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/10/25 13:24:59 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/10/25 13:24:59 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/10/25 13:24:59 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/10/25 10:31:14 | 000,002,736 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\masn ga. tech flight.rtf
[2010/10/23 15:48:44 | 000,007,847 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\d2 stuff for semis.rtf
[2010/10/23 15:46:23 | 000,004,612 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\air force info.rtf
[2010/10/22 12:56:23 | 000,005,101 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\WILMINGTON FLIGHT MASN.rtf
[2010/10/22 10:19:30 | 000,122,672 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\fbcsu2010.pdf
[2010/10/22 09:49:01 | 000,002,609 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\log2.CSV
[2010/10/21 11:38:22 | 000,087,966 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\4-3 DEF_COLOR MASTER_1011.xlsx
[2010/10/21 11:38:17 | 000,079,648 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\3-4 DEF_COLOR MASTER.xlsx
[2010/10/21 11:36:53 | 000,111,104 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\'10 EAST CAROLINA @ UAB.doc
[2010/10/19 15:23:02 | 000,019,348 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\odim out for season.rtf
[2010/10/19 14:07:24 | 000,006,136 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\aurich.rtf
[2010/10/18 18:55:43 | 000,006,343 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ucf a10 vball.rtf
[2010/10/18 17:42:38 | 000,010,478 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\new mex dude.rtf
[2010/10/18 15:22:09 | 000,010,555 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Providence_10.17.pdf
[2010/10/18 12:18:38 | 000,001,856 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SlimComputer.lnk
[2010/10/14 13:16:55 | 000,033,764 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\knapp hoops 2011.rtf
[2010/10/12 16:10:24 | 000,001,242 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ecu flagrant hit.rtf
[2010/10/07 07:05:53 | 000,001,740 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/03/31 15:17:01 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2010/03/30 19:12:24 | 000,000,017 | ---- | C] () -- C:\WINDOWS\MovingPicture.ini
[2010/03/28 16:46:08 | 000,194,248 | ---- | C] () -- C:\WINDOWS\System32\LTRFD13n.DLL
[2010/03/28 16:27:28 | 000,001,208 | ---- | C] () -- C:\WINDOWS\VFO.INI
[2010/03/28 16:27:27 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\macd32.dll
[2010/03/28 16:27:27 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll
[2010/03/28 16:27:27 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\mamc32.dll
[2010/03/28 16:27:27 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\masd32.dll
[2010/03/28 16:27:27 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll
[2009/08/05 19:13:46 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2009/02/09 13:31:39 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/02 16:47:45 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2006/08/20 18:41:53 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/08/18 22:45:49 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/08/18 22:45:49 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/08/18 22:45:49 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/08/18 22:45:49 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/08/18 22:45:49 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/08/18 22:45:49 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/08/18 22:40:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2006/08/18 22:38:00 | 000,036,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys
[2006/08/18 22:38:00 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2006/08/18 22:05:13 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2006/08/18 22:05:13 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2006/08/18 22:05:13 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2006/08/18 22:05:13 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2006/08/18 20:44:41 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/18 20:28:48 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/08/18 19:53:12 | 000,000,330 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/08/18 13:24:34 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/09/02 17:44:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/08/24 18:20:28 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2005/08/05 17:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/07/29 14:38:24 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2005/07/23 00:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/07/20 20:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 17:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2006/08/18 22:16:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Protector Suite
[2006/08/18 22:34:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\toshiba
[2006/08/18 22:56:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2010/03/30 19:11:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2010/03/30 19:13:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
[2010/03/28 16:30:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2006/08/18 23:03:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/03/04 17:20:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2006/08/18 23:08:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2009/11/19 20:02:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2006/08/18 22:16:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Protector Suite
[2006/08/18 22:34:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\toshiba
[2010/10/21 17:01:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Bitrix Security
[2010/08/29 19:00:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/09/19 14:23:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Odywu
[2006/08/18 22:16:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Protector Suite
[2010/03/31 15:17:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2006/08/18 22:34:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\toshiba
[2009/03/17 14:48:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Viewpoint
[2010/08/27 10:23:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Waimpi
[2010/01/11 12:28:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\webex
[2010/10/25 13:25:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2010/11/02 08:28:27 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2010/10/31 14:31:27 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2010/10/31 14:31:27 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2010/10/31 10:35:22 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2010/10/31 14:31:27 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2010/10/31 14:31:27 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2010/10/27 09:16:22 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2010/10/27 09:16:22 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2010/10/27 09:16:22 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2010/10/29 21:28:45 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2010/10/25 13:25:01 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2010/11/01 15:34:18 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2010/10/27 17:25:02 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2010/11/01 23:07:59 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2010/11/01 16:41:09 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2010/11/02 08:13:58 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2010/10/25 13:25:01 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2010/10/25 13:25:01 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2010/10/25 13:25:01 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2010/10/25 13:25:01 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2010/10/25 13:25:01 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2010/10/25 13:25:01 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2010/10/29 10:59:34 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job

========== Purity Check ==========



< End of report >


OTL Extras logfile created on: 11/2/2010 8:45:09 AM - Run 1
OTL by OldTimer - Version 3.2.17.2 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,015.00 Mb Total Physical Memory | 413.00 Mb Available Physical Memory | 41.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 92.97 Gb Total Space | 44.39 Gb Free Space | 47.75% Space Free | Partition Type: NTFS

Computer Name: TOSHIBA-USER | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"ANTIVIRUSDISABLENOTIFY" = 0
"FIREWALLDISABLENOTIFY" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- (TOSHIBA Corporation)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon -- File not found
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed -- File not found
"C:\Program Files\Common Files\AOL\1155956573\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1155956573\EE\AOLServiceHost.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL -- (Gteko Ltd.)
"C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" = C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Engine -- (Yahoo!)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Pinnacle\Studio 10\programs\RM.exe" = C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:*:Enabled:Render Manager -- (Pinnacle Systems, Inc.)
"C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe" = C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:*:Enabled:Studio -- (Pinnacle Systems)
"C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe" = C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile -- ( )
"C:\Program Files\Pinnacle\Studio 10\programs\umi.exe" = C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:*:Enabled:umi -- (Pinnacle Systems, Inc.)
"C:\DOCUME~1\Owner\LOCALS~1\Temp\0.80655973522242.exe" = [String data over 1000 bytes]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{22877DAE-EA0A-47BB-9DB3-47D46CFF885F}" = SlimComputer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{24300A63-DD78-4AA5-A914-4D582C41D33A}" = TOSHIBA TouchPad On/Off Utility V2.05.01
"{2C38F661-26B7-445D-B87D-B53FE2D3BD42}" = TOSHIBA PC Diagnostic Tool
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3CB05291-F546-458E-A796-B5BCF5A3CDC4}" = Studio 10
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{400830CA-F056-4BBE-80A3-9DF9CA4FB889}" = TOSHIBA Direct Disc Writer
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = TIPCI
"{460CE8B9-6EC2-458A-90D4-691631ECE9D9}" = Pinnacle MediaServer
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}" = TOSHIBA SD Memory Card Format
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{529DDE6B-4F31-438B-B218-F36266ABD8C0}" = TOSHIBA Disc Creator
"{56190F69-01D3-46CA-9861-43377C5E9B87}" = TOSHIBA Utilities
"{5D96E2B1-D9AC-46E0-9073-425C5F63E338}" = Touch and Launch
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A012D9C-2E2E-405A-B87C-E909F5297C3F}" = Studio 10 Bonus DVD
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{737629F4-4111-4FD4-9071-29873B7C6426}" = Protector Suite 5.4
"{7862BAD8-A379-4128-8AA1-EFD5A9603C53}" = Wireless Hotkey
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8B12BA86-ADAC-4BA6-B441-FFC591087252}" = TOSHIBA Virtual Sound
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A77F3C2D-50CC-4A29-A1FB-1E018BE4DCA2}" = DiscAPI (Studio 10)
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium
"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro™ Titanium™
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{BBF5493A-05FB-4449-90DE-84A61EB78154}" = TOSHIBA SD Memory Boot Utility
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0FC3B56-E345-40CD-A5CB-7EB791CE3E74}" = TOSHIBA Password Utility
"{C45F4811-31D5-4786-801D-F79CD06EDD85}" = SD Secure Module
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Picture Package Music Transfer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (PINNACLESYS)
"{E7C97E98-4C2D-BEAF-5D2F-CC45A2F95D90}" = Acrobat.com
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EEECE229-49F6-4851-A73A-99B058221F8C}" = RAPID (Studio 10)
"{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}" = Pinnacle Instant DVD Recorder
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F21B28BF-8A4D-4F1A-A61B-69DD5B4A9BBA}" = Toshiba Media Center Game Console
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F6C405D2-C50D-4D10-B89E-73A233A14D74}" = Toshiba Registration
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AOL YGP Screensaver" = AOL You've Got Pictures Screensaver
"AolCoach2_en" = AOL Coach Version 2.0(Build:20041026.5 en)
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ESPNMotion" = ESPNMotion
"Google Desktop" = Google Desktop
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ie8" = Windows Internet Explorer 8
"InstallShield_{2C38F661-26B7-445D-B87D-B53FE2D3BD42}" = TOSHIBA PC Diagnostic Tool
"InstallShield_{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{56190F69-01D3-46CA-9861-43377C5E9B87}" = TOSHIBA Utilities
"InstallShield_{C0FC3B56-E345-40CD-A5CB-7EB791CE3E74}" = TOSHIBA Password Utility
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Picasa2" = Picasa 2
"Power Saver" = TOSHIBA Power Saver
"proDAD-Heroglyph-2.5" = proDAD Heroglyph 2.5
"ProInst" = Intel® PROSet/Wireless Software
"PROSet" = Intel® Network Connections Drivers
"RealPlayer 6.0" = RealPlayer Basic
"TDspBtn" = TOSHIBA Display Devices Change Utility
"TFNF5" = TOSHIBA Hotkey Utility for Display Devices
"TOSHIBA Game Console" = TOSHIBA Game Console
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WildTangent CDA" = WildTangent Web Driver
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WT004723" = Blasterball 2 Revolution
"WT004829" = Polar Golfer
"WT006527" = Polar Bowler
"WT009952" = Chuzzle Deluxe
"WT009953" = Mah Jong Quest
"WT009954" = SCRABBLE
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Music Engine" = Yahoo! Music Engine
"Yahoo! Software Update" = Yahoo! Software Update

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/1/2010 3:33:07 PM | Computer Name = TOSHIBA-USER | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00023845.

Error - 11/1/2010 10:30:50 PM | Computer Name = TOSHIBA-USER | Source = ESENT | ID = 490
Description = svchost (1276) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 11/1/2010 10:30:53 PM | Computer Name = TOSHIBA-USER | Source = ESENT | ID = 490
Description = svchost (1276) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 11/1/2010 10:47:17 PM | Computer Name = TOSHIBA-USER | Source = ESENT | ID = 490
Description = svchost (1276) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 11/1/2010 10:47:20 PM | Computer Name = TOSHIBA-USER | Source = ESENT | ID = 490
Description = svchost (1276) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 11/1/2010 10:52:47 PM | Computer Name = TOSHIBA-USER | Source = ESENT | ID = 490
Description = svchost (1276) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 11/1/2010 10:52:50 PM | Computer Name = TOSHIBA-USER | Source = ESENT | ID = 490
Description = svchost (1276) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 11/1/2010 11:07:26 PM | Computer Name = TOSHIBA-USER | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00023845.

Error - 11/2/2010 8:23:59 AM | Computer Name = TOSHIBA-USER | Source = ESENT | ID = 490
Description = svchost (1280) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 11/2/2010 8:24:04 AM | Computer Name = TOSHIBA-USER | Source = ESENT | ID = 490
Description = svchost (1280) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

[ System Events ]
Error - 11/1/2010 6:44:26 PM | Computer Name = TOSHIBA-USER | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 11/1/2010 6:44:56 PM | Computer Name = TOSHIBA-USER | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 11/1/2010 6:45:26 PM | Computer Name = TOSHIBA-USER | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 11/1/2010 8:28:43 PM | Computer Name = TOSHIBA-USER | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 11/1/2010 9:12:56 PM | Computer Name = TOSHIBA-USER | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 11/1/2010 10:19:41 PM | Computer Name = TOSHIBA-USER | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 11/1/2010 10:21:10 PM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7023
Description = The Network Security service terminated with the following error:
%%2

Error - 11/1/2010 10:21:10 PM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7023
Description = The Network Security service terminated with the following error:
%%2

Error - 11/2/2010 8:14:12 AM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7023
Description = The Network Security service terminated with the following error:
%%2

Error - 11/2/2010 8:14:12 AM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7023
Description = The Network Security service terminated with the following error:
%%2


< End of report >


RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
0xF76B7000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
!!!!!!!!!!!Hidden driver: 0x86EF2ABF ?_empty_? 1345 bytes
0xF7648000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0x806FF000 ACPI_HAL 134400 bytes
0xA5F15000 C:\WINDOWS\system32\drivers\ADIHdAud.sys 192512 bytes (Analog Devices, Inc., High Definition Audio Function Driver(Release Candidate 1))
0xA5ED1000 C:\WINDOWS\system32\drivers\AEAudio.sys 131072 bytes (Andrea Electronics Corporation, Andrea Audio Noise Cancellation Driver)
0xF79CF000 C:\WINDOWS\system32\DRIVERS\AegisP.sys 20480 bytes (Meetinghouse Data Communications, IEEE 802.1X Protocol Driver)
0x9E194000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xA5DBE000 C:\WINDOWS\system32\DRIVERS\AGRSM.sys 1126400 bytes (Agere Systems, SoftModem Device Driver)
0xF62AE000 C:\WINDOWS\system32\DRIVERS\Apfiltr.sys 102400 bytes (Alps Electric Co., Ltd., Alps Pointing-device Driver)
0x9EFB5000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xF7A8F000 C:\WINDOWS\system32\drivers\ASAPIW2k.sys 32768 bytes (VOB Computersysteme GmbH, ASAPI)
0xF7C4F000 C:\WINDOWS\System32\Drivers\ASCTRM.SYS 8192 bytes (Windows ® 2000 DDK provider, TR Manager)
0xF75BC000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xF7DE4000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7AB3000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xA2430000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7AAB000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF7807000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF7837000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF76F7000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF6FAF000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xF7AAF000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xA6C38000 C:\WINDOWS\system32\DRIVERS\csiidecoder_kern_i386.sys 36864 bytes (-, SRS Labs CSII Decoder Kernel DLL)
0xF76E7000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF75D4000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xF7B99000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xA6C68000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x9E02F000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xA14AE000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xA817A000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF7CDE000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF6303000 C:\WINDOWS\system32\DRIVERS\e100b325.sys 159744 bytes (Intel Corporation, Intel® PRO/100 Adapter NDIS 5.1 driver)
0xA3D4F000 C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys 16384 bytes (UPEK Inc., File Disk Redirector)
0xF77F7000 C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys 36864 bytes (UPEK Inc., Virtual disk encryption driver)
0x9EFA5000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF759C000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xA2432000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF75FA000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF7A9F000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x806FF000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF64AB000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0x9E55F000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0x9E302000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x9E389000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x9D66A000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF7817000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xBF07E000 C:\WINDOWS\System32\ialmdd5.DLL 983040 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)
0xBF043000 C:\WINDOWS\System32\ialmdev5.DLL 241664 bytes (Intel Corporation, Component GHAL Driver)
0xBF021000 C:\WINDOWS\System32\ialmdnt5.dll 139264 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xF64E7000 C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 1171456 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xBF012000 C:\WINDOWS\System32\ialmrnt5.dll 61440 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xF7827000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF6EC8000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0x9E1B6000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0x9E25D000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xF7697000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF7A97000 C:\WINDOWS\system32\drivers\iviaspi.sys 24576 bytes (InterVideo, Inc., InterVideo ASPI Shell)
0xF7A7F000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0x86E75000 C:\WINDOWS\system32\KDCOM.DLL 7040 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x9B573000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xF628B000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xF7573000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF617F000 C:\WINDOWS\system32\DRIVERS\MarvinBus.sys 188416 bytes (Pinnacle Systems GmbH, Pinnacle Marvin Discrete Bus Enumerator)
0x9E281000 C:\WINDOWS\System32\Drivers\meiudf.sys 102400 bytes (Matsubleepa Electric Industrial Co.,Ltd., DVD-RAM UDF File System Driver)
0xA242E000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xA7550000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF7A87000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0x9E385000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF76C7000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0x9DD9E000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x9E0C2000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x9E7FD000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF6685000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF7B73000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xF749F000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF74B9000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xF7B53000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xA5FF8000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF6274000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xF78D7000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0x9EFD5000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0x9E1DC000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xA5FF4000 C:\WINDOWS\system32\DRIVERS\netdevio.sys 12288 bytes (TOSHIBA Corporation., Network Device Usermode I/O protocol)
0xF7747000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0x9B88B000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x9E7F5000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF74E6000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2260992 bytes (Microsoft Corporation, NT Kernel & System)
0x9E2FA000 C:\WINDOWS\system32\DRIVERS\NuidFltr.sys 28672 bytes (Microsoft Corporation, Filter Driver for Microsoft Hardware HID Non-User Input Data)
0x9E8A6000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF76A7000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xF791F000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7637000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF7C5F000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xF7917000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x9E475000 C:\WINDOWS\system32\drivers\pclepci.sys 16384 bytes (Pinnacle Systems GmbH, PCLEPCI)
0xF7619000 pcmcia.sys 122880 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0xF6FBB000 C:\WINDOWS\system32\drivers\pfc.sys 12288 bytes (Padus, Inc., Padus® ASPI Shell)
0x804D7000 PnpManager 2260992 bytes
0xA5EF1000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF6263000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF7A37000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF7707000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xA0122000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7877000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF7887000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF6695000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF7A3F000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0x804D7000 RAW 2260992 bytes
0x9E132000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xA242C000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF6233000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF6ED8000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xA817E000 C:\WINDOWS\system32\DRIVERS\s24trans.sys 16384 bytes (Intel Corporation, Intel WLAN Packet Driver)
0x9E7ED000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0x9E15D000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0xF62C7000 C:\WINDOWS\system32\DRIVERS\sdbus.sys 81920 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0xF7C9D000 C:\Program Files\Protector Suite QL\smihlp.sys 4096 bytes (UPEK Inc., SMI helper driver)
0xF758A000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0x9D523000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xF7BFB000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xA66F9000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF7B77000 C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys 12288 bytes
0x9E204000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0x9E2F2000 C:\WINDOWS\System32\Drivers\tcusb.sys 32768 bytes (UPEK Inc., TouchChip USB Kernel Driver)
0xF6FBF000 C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys 16384 bytes (TOSHIBA Corporation., Toshiba ODD Writing Driver.)
0xF7A2F000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0x9E016000 C:\WINDOWS\system32\DRIVERS\tdudf.sys 102400 bytes (TOSHIBA Corporation, TOSHIBA Direct Disc Writer - File System Driver)
0xF6675000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF7717000 thpdrv.sys 36864 bytes (TOSHIBA Corporation, TOSHIBA HDD Protection Driver)
0xF7B9B000 Thpevm.SYS 8192 bytes (TOSHIBA Corporation, TOSHIBA HDD Protection - Shock Sensor Driver)
0xF62DB000 C:\WINDOWS\system32\drivers\tifm21.sys 163840 bytes (Texas Instruments, tifm21.sys)
0x9DCEB000 C:\WINDOWS\system32\DRIVERS\tmactmon.sys 118784 bytes (Trend Micro Inc., TrendMicro Activity Monitor Module)
0x9DD42000 C:\WINDOWS\system32\DRIVERS\tmcomm.sys 212992 bytes (Trend Micro Inc., TrendMicro Common Module)
0x9DD08000 C:\WINDOWS\system32\DRIVERS\tmevtmgr.sys 73728 bytes (Trend Micro Inc., TrendMicro Event Management Module)
0x9E17F000 C:\WINDOWS\system32\DRIVERS\tmtdi.sys 86016 bytes (Trend Micro Inc., Trend Micro TDI Driver (i386-fre))
0xA77B0000 C:\WINDOWS\system32\DRIVERS\tsxt_kern_i386.sys 32768 bytes (-, SRS Labs TruSurround XT kernel DLL)
0xF7927000 TVALZ.SYS 20480 bytes (TOSHIBA Corporation, TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver)
0xA6C48000 C:\WINDOWS\system32\DRIVERS\Tvs.sys 49152 bytes (TOSHIBA Corporation, TOSHIBA Audio Filter Driver)
0x9E270000 C:\WINDOWS\System32\Drivers\Udfs.SYS 69632 bytes (Microsoft Corporation, UDF File System Driver)
0xF61AD000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xF7BEB000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7A77000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x9F015000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF632A000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF7A6F000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x9E805000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF64D3000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xF76D7000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF634E000 C:\WINDOWS\system32\DRIVERS\w39n51.sys 1429504 bytes (Intel® Corporation, Intel® Wireless LAN Driver)
0x9EFC5000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x9E2E2000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0x9E047000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 503808 bytes (Microsoft Corporation, WDF Dynamic)
0x9E54F000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0x9DF39000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF7B97000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x804D7000 WMIxWDM 2260992 bytes
0xA7570000 C:\WINDOWS\system32\DRIVERS\wowhd_kern_i386.sys 28672 bytes (SRS Labs, Inc., WOW HD kernel mode DLL for Windows)

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,257 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:44 PM

Posted 02 November 2010 - 12:36 PM

Hello again,

COMBOFIX
---------------
Please download ComboFix from one of these locations:
Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 kaypat

kaypat
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:44 AM

Posted 03 November 2010 - 08:47 AM

I've downloaded Combo Fix...and double clicked on it. Every time I hit ok to run the program...it seems to load...I hear a beep....and then I don't know if it's doing anything. Can't tell if it's scanning or not and it seems like my computer freezes every time. I've done it about 6-8 times...same issue. Also don't know if it is searching for the Microsoft recovery console like needed. Thanks

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,257 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:44 PM

Posted 03 November 2010 - 09:01 AM

Hi, can you try to run it from safe mode?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 kaypat

kaypat
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:44 AM

Posted 03 November 2010 - 02:48 PM

Tried it from safe mode...same problem. Double click icon, little box loads, hear a beer, then warranty approval box comes up, hit yes and then it starts. I can move arrow, but can't click on anything, and my computer clock freezes. Not sure of what to do now?

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,257 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:44 PM

Posted 03 November 2010 - 02:56 PM

Please try this:

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,257 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:44 PM

Posted 06 November 2010 - 05:44 AM

Hi, are you still there?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,257 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:44 PM

Posted 14 November 2010 - 06:28 AM

Due to lack of feedback. this topic will now be closed.

If you are the original topic starter and you need this topic reopened, please send me a PM.

Everyone else, please start a new topic.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users