Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rundll32.exe using up 900k memory


  • This topic is locked This topic is locked
21 replies to this topic

#1 brianch

brianch

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:07:09 PM

Posted 20 March 2011 - 07:44 PM

2 versions of rundll32.exe start running on my computer when I open IE8. One of them uses over 900k memory, so I know this is not right. And they lock up my computer. I have Norton 360, Malwarebyte's Anti-Malware, SpyBot S&D, and ran Windows defender and Windows MRT. Not of them have corrected this issue.

What else can I do?

I normally use Firefox, but do use IE for certain sites that do not support firefox.

DDS, and ATTACH Logs: (too big to attach)

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Owner at 12:18:31.46 on 03/21/2011
Internet Explorer: 8.0.6001.19019 BrowserJavaVersion: 1.6.0_24
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2939.937 [GMT -5:00]
.
AV: Norton Security Suite *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Security Suite *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Tether\TBService.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Xobni\XobniService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
C:\Windows\System32\alg.exe
C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\real\realplayer\Update\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\iPod\bin\iPodService.exe
Q:\140062.enu\Office14\MSOSYNC.EXE
C:\Program Files\Digsby\lib\digsby-app.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\Google\Google Media Server\GoogleMediaServer.exe
C:\Program Files\Digsby\lib\aspell\bin\aspell.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\taskmgr.exe
C:\Users\Owner\Favorites\Downloads\dds.scr
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uStart Page = hxxp://www.facebook.com/?ref=hp
uDefault_Search_URL = hxxp://www.google.com/
uWindow Title =
uSearch Bar =
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant =
uURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyn1.dll
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyn1.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Gamers Unite! Snag Bar BHO: {26a7ca19-7d58-411d-b2da-f1b0324cbffc} - c:\program files\gamers unite! snag bar\Toolbar.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\4.3.0.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\4.3.0.5\IPSBHO.DLL
BHO: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyn1.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - No File
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\4.3.0.5\coIEPlg.dll
TB: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyn1.dll
TB: Gamers Unite! Snag Bar: {25515a79-c1c7-4b97-97f8-31a711694487} - c:\program files\gamers unite! snag bar\Toolbar.dll
TB: ZoneAlarm Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} -
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [OfficeSyncProcess] "c:\program files\common files\microsoft shared\virtualization handler\CVH.EXE" /quietlaunch "MSOSYNC 9014006204090000"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [PCMAgent] "c:\program files\cyberlink\powercinema for toshiba\PCMAgent.exe"
mRun: [CLMLServer] "c:\program files\cyberlink\powercinema for toshiba\kernel\clml\CLMLSvc.exe"
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\spywar~1.lnk - c:\program files\spywareblaster\spywareblaster.exe
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Send to Phone
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: asurion.com
Trusted Zone: chase.com
Trusted Zone: flirt4free.com
Trusted Zone: jpmorganchase.com\connect
Trusted Zone: reliant.com
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\mg5k2a1m.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/?ref=home
FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\coffplgn\components\coFFPlgn.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: c:\users\owner\appdata\roaming\mozilla\firefox\profiles\mg5k2a1m.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\winnt_x86-msvc\components\WeaveCrypto.dll
FF - component: c:\users\owner\appdata\roaming\mozilla\firefox\profiles\mg5k2a1m.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\users\owner\appdata\roaming\mozilla\firefox\profiles\mg5k2a1m.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - component: c:\users\owner\appdata\roaming\mozilla\firefox\profiles\mg5k2a1m.default\extensions\piclens@cooliris.com\components\cooliris.dll
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\owner\appdata\local\huludesktop\instances\0.9.14.1\nphdplg.dll
FF - plugin: c:\users\owner\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\users\owner\appdata\roaming\mozilla\firefox\profiles\mg5k2a1m.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: AutoPager: autopager@mozilla.org - %profile%\extensions\autopager@mozilla.org
FF - Ext: Tweetbeat Firsthand: everywhere@kosmix.com - %profile%\extensions\everywhere@kosmix.com
FF - Ext: Cooliris: piclens@cooliris.com - %profile%\extensions\piclens@cooliris.com
FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Firefox Sync: {340c2bbc-ce74-4362-90b5-7c26312808ef} - %profile%\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
FF - Ext: AniWeather: {4176DFF4-4698-11DE-BEEB-45DA55D89593} - %profile%\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}
FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF - Ext: Gamers Unite! Snag Bar: {afe43e80-0abc-4df2-81a0-3fe44b74abe8} - %profile%\extensions\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}
FF - Ext: Fasterfox: {c36177c0-224a-11da-8cd6-0800200c9a91} - %profile%\extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: New Tab King: {FC5BAC7D-D696-4ba6-B913-CF8F000C33DF} - %profile%\extensions\{FC5BAC7D-D696-4ba6-B913-CF8F000C33DF}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files\google\google gears\Firefox
FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\IPSFFPlgn
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\coFFPlgn
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\real\realplayer\browserrecordplugin\firefox\Ext
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0403000.005\symds.sys [2010-10-28 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0403000.005\symefa.sys [2010-10-28 173104]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20110309.001\BHDrvx86.sys [2011-3-10 800376]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0403000.005\cchpx86.sys [2010-10-28 501888]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20110317.002\IDSvix86.sys [2011-3-18 353912]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-1-9 214664]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0403000.005\ironx86.sys [2010-10-28 116784]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0403000.005\symtdiv.sys [2010-10-28 339504]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-7-10 40960]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2010-2-28 821664]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 Google MediaServer;Google MediaServer;c:\program files\google\google media server\GoogleMediaServer.exe [2009-7-7 622080]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\4.3.0.5\ccsvchst.exe [2010-10-28 126392]
R2 OpenLibSys;OpenLibSys;c:\program files\nxp\fm radio\OpenLibSys.sys [2009-6-17 14672]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-5-22 1153368]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2010-4-24 483688]
R2 Tether;Tether;c:\program files\tether\TBService.exe [2010-6-19 52664]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-6-23 102448]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-8-14 7168]
R3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2008-4-28 3658752]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2010-4-24 550760]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2010-4-24 195944]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2010-4-24 21864]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2010-4-24 19304]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2010-4-24 209768]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\toshiba\smartfacev\SmartFaceVWatchSrv.exe [2008-4-24 73728]
R3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2008-8-14 54136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9ee4779680a40;Google Update Service (gupdate1c9ee4779680a40);c:\program files\google\update\GoogleUpdate.exe [2009-6-16 133104]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-1-9 79816]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-1-9 35272]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2010-1-9 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2010-1-9 40552]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 qrkis;Tether Miniport;c:\windows\system32\drivers\qrkis.sys [2010-6-19 45608]
S3 SVRPEDRV;SVRPEDRV;c:\windows\system32\sysprep\PEDRV.SYS [2008-8-20 9216]
S3 TetherBridge;TetherBridge Virtual Miniport;c:\windows\system32\drivers\TBridgeDrv.sys [2010-5-11 14848]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-22 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]
.
=============== Created Last 30 ================
.
2011-03-19 20:36:19 -------- d-----w- c:\program files\uTorrent
2011-03-19 20:35:21 -------- d-----w- c:\users\owner\appdata\roaming\uTorrent
2011-03-18 15:15:36 5943120 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{01489927-0bf5-49e3-b075-dbe9b25cbf68}\mpengine.dll
2011-03-15 22:58:03 -------- d-----w- c:\program files\Tams11
2011-03-09 01:39:32 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 01:39:32 322560 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 01:39:32 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 01:39:32 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-09 01:39:28 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 01:39:27 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-03-07 01:29:13 -------- d-----w- c:\program files\ilivid
2011-03-06 17:56:03 -------- d-----w- c:\program files\Feedback Tool
2011-02-26 19:35:13 -------- d-----w- c:\program files\Quicken
.
==================== Find3M ====================
.
2011-02-03 03:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 23:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24:32 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-20 13:44:05 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-01-20 13:44:03 797184 ----a-w- c:\windows\system32\FntCache.dll
2011-01-08 08:47:50 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28:49 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:57:01 2039808 ----a-w- c:\windows\system32\win32k.sys
2010-12-28 15:55:03 413696 ----a-w- c:\windows\system32\odbc32.dll
2009-06-15 04:38:32 7349744 ----a-w- c:\program files\FLV PlayerATBSetup.exe
.
============= FINISH: 12:21:53.70 ===============





____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 01/18/2009 1:44:55 AM
System Uptime: 03/20/2011 6:38:52 PM (18 hours ago)
.
Motherboard: TOSHIBA | | Portable PC
Processor: Intel® Core™2 Duo CPU T6400 @ 2.00GHz | CPU | 1200/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 290 GiB total, 92.007 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP777: 03/21/2011 1:38:42 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
µTorrent
2007 Microsoft Office system
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.2
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AxCrypt (Remove Only)
BlackBerry Desktop Software 6.0.1
BlackBerry Device Software Updater
Bluetooth Stack for Windows by Toshiba
Bonjour
Camera Assistant Software for Toshiba
CASIO USB Driver V1.0.8003.1229
CD/DVD Drive Acoustic Silencer
CyberLink PowerCinema for TOSHIBA
D3DX10
Digsby
DVD MovieFactory for TOSHIBA
Feedback Tool
FM Tuner Utility
Free FLV Converter V 6.93.0
G-Force
Gamers Unite! Snag Bar
Google Earth
Google Gears
Google Media Server
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HuluDesktop
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
iTunes
IZArc 4.1.2
Java Auto Updater
Java™ 6 Update 24
Junk Mail filter update
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft ASP.NET MVC 2
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
Microsoft DirectX SDK (February 2010)
Microsoft Help Viewer 1.0
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Click-to-Run 2010
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Business 2010 - English
Microsoft Office Live Add-in 1.5
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Outlook Social Connector 32-bit
Microsoft Outlook Social Connector Provider for Facebook 32-bit
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
Microsoft Silverlight
Microsoft Silverlight 3 SDK
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 R2 Data-Tier Application Framework
Microsoft SQL Server 2008 R2 Data-Tier Application Project
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 R2 Transact-SQL Language Service
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Database Publishing Wizard 1.4
Microsoft SQL Server System CLR Types
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime v1.0 SP1 (x86)
Microsoft Sync Framework SDK v1.0 SP1
Microsoft Sync Framework Services v1.0 SP1 (x86)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x86)
Microsoft Team Foundation Server 2010 Object Model - ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
Microsoft Visual F# 2.0 Runtime
Microsoft XML Parser
Mozilla Firefox (3.6.15)
MSVCRT
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Netflix in Windows Media Center
Norton Security Suite
Octoshape add-in for Adobe Flash Player
OGA Notifier 2.0.0048.0
Picasa 3
Quantum of Solace™ 1.1 Patch
Quicken 2010
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
RealUpgrade 1.1
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02
Robo.to Maker
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Segoe UI
Service Pack 1 for SQL Server 2008 (KB968369)
Skype™ 4.2
Sprint media manager
Spybot - Search & Destroy
SpywareBlaster 4.4
Sql Server Customer Experience Improvement Program
Synaptics Pointing Device Driver
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Desktop Links
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA PowerCinema Helper
TOSHIBA Recovery Disc Creator
Toshiba Registration
TOSHIBA SD Memory Utilities
TOSHIBA Service Station
TOSHIBA Software Modem
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2508979)
Visual C++ 8.0 ATL (x86) WinSXS MSM
Visual C++ 8.0 CRT (x86) WinSXS MSM
VLC media player 1.0.1
Web Deployment Tool
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Encoder 9 Series
Xobni
Xobni Core
Yahoo! BrowserPlus 2.9.8
Yahoo! Messenger
Yahoo! Software Update
Zynga Toolbar
.
==== Event Viewer Messages From Past Week ========
.
03/21/2011 12:45:34 AM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.
03/20/2011 8:31:10 AM, Error: Microsoft-Windows-ResourcePublication [1002] - Element Provider\Microsoft.Base.Publication/Publication/Computer failed to publish. Ensure that both PKEY_PUBSVCS_METADATA and PKEY_PUBSVCS_TYPE are set properly on the function instance and there were no errors adding the function instance.
03/20/2011 8:30:55 AM, Error: EventLog [6008] - The previous system shutdown at 9:58:13 PM on 3/19/2011 was unexpected.
03/20/2011 6:39:53 PM, Error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.
03/20/2011 4:36:52 PM, Error: EventLog [6008] - The previous system shutdown at 4:32:41 PM on 3/20/2011 was unexpected.
03/20/2011 11:40:59 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
03/19/2011 9:49:43 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.164 for the Network Card with network address 0022FA3B66A2 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
03/19/2011 9:34:47 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
03/16/2011 8:23:52 PM, Error: EventLog [6008] - The previous system shutdown at 8:21:58 PM on 3/16/2011 was unexpected.
03/14/2011 9:12:36 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
.
==== End Of File ===========================



____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________

EDIT: Posts merged ~BP

Edited by Budapest, 21 March 2011 - 04:11 PM.


BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:08:09 PM

Posted 26 March 2011 - 09:46 AM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Rootkit UnHooker (RkU)
Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".



NEXT:



Running OTL

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


NEXT:


Please provide an update on how things are running in your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 brianch

brianch
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:07:09 PM

Posted 26 March 2011 - 10:11 AM

Hi ST,

Thanks for helping. Thing are running the same. I am still having the problem with the Rundll32.exe taking up my memory - sometime 4 seperate lines show up for this same program.

REPORT.TXT

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0x8E808000 C:\Windows\system32\DRIVERS\igdkmd32.sys 7225344 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)
0x82443000 C:\Windows\system32\ntkrnlpa.exe 3907584 bytes (Microsoft Corporation, NT Kernel & System)
0x82443000 PnpManager 3907584 bytes
0x82443000 RAW 3907584 bytes
0x82443000 WMIxWDM 3907584 bytes
0x8F005000 C:\Windows\system32\DRIVERS\NETw5v32.sys 3698688 bytes (Intel Corporation, Intel® Wireless WiFi Link Driver)
0x9F4B0000 Win32k 2109440 bytes
0x9F4B0000 C:\Windows\System32\win32k.sys 2109440 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x90200000 C:\Windows\system32\drivers\RTKVHDA.sys 2093056 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0x93E00000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110325.035\NAVEX15.SYS 1355776 bytes (Symantec Corporation, AV Engine)
0x9042F000 C:\Windows\system32\DRIVERS\AGRSM.sys 1163264 bytes (Agere Systems, SoftModem Device Driver)
0x8320E000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
0x83005000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x96808000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)
0x804E0000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0xBD2CC000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x8DE00000 C:\Windows\System32\Drivers\dump_iaStor.sys 892928 bytes
0x82A0E000 C:\Windows\system32\DRIVERS\iaStor.sys 892928 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0x9AE8A000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110309.001\BHDrvx86.sys 815104 bytes (Symantec Corporation, BASH Driver)
0xBC80C000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x8EEEC000 C:\Windows\System32\drivers\dxgkrnl.sys 655360 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8DF02000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0xC100D000 C:\Windows\system32\DRIVERS\Sftfslh.sys 573440 bytes (Microsoft Corporation, Microsoft Application Virtualization File System)
0x9AE0B000 C:\Windows\system32\drivers\N360\0403000.005\ccHPx86.sys 520192 bytes (Symantec Corporation, Common Client Hash Provider Driver)
0x8078B000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x80609000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x80416000 C:\Windows\system32\mcupdate_GenuineIntel.dll 458752 bytes (Microsoft Corporation, Intel Microcode Update Library)
0xBC913000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x9AB59000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 385024 bytes (Symantec Corporation, Symantec Eraser Control Driver)
0x9AAFE000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110325.001\IDSvix86.sys 372736 bytes (Symantec Corporation, IDS Core Driver)
0x96923000 C:\Windows\System32\Drivers\N360\0403000.005\SYMTDIV.SYS 364544 bytes (Symantec Corporation, Network Dispatch Driver)
0x9054B000 C:\Windows\System32\Drivers\N360\0403000.005\SRTSP.SYS 356352 bytes (Symantec Corporation, Symantec AutoProtect)
0x82B40000 C:\Windows\system32\drivers\N360\0403000.005\SYMDS.SYS 352256 bytes (Symantec Corporation, Symantec Data Store)
0x83197000 C:\Windows\system32\DRIVERS\rixdptsk.sys 335872 bytes (REDC, RICOH XD SM Driver)
0xBD27C000 C:\Windows\System32\DRIVERS\srv.sys 319488 bytes (Microsoft Corporation, Server driver)
0x9F700000 C:\Windows\System32\ATMFD.DLL 315392 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x80731000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x96990000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x80688000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x8335C000 C:\Windows\system32\DRIVERS\tos_sps32.sys 274432 bytes (TOSHIBA Corporation, tos_sps2)
0x8DF8F000 C:\Windows\system32\DRIVERS\Rtlh86.sys 270336 bytes (Realtek , Realtek 8136/8168/8169 NDIS6 32-bit Driver )
0x8049F000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x8E437000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x8EFA3000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x9AA85000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x8313B000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0x9AF51000 C:\Windows\system32\DRIVERS\udfs.sys 241664 bytes (Microsoft Corporation, UDF File System Driver)
0xBD203000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8331E000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xC1099000 C:\Windows\system32\DRIVERS\Sftplaylh.sys 221184 bytes (Microsoft Corporation, Microsoft Application Virtualization SystemGuard)
0x8E56F000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x82410000 ACPI_HAL 208896 bytes
0x82410000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x9AACB000 C:\Windows\system32\drivers\mfehidk.sys 208896 bytes (McAfee, Inc., Host Intrusion Detection Link Driver)
0xC1121000 C:\Windows\System32\Drivers\RDPWD.SYS 208896 bytes (Microsoft Corporation, RDP Terminal Stack Driver)
0x82B0E000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x9AA06000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x805C0000 C:\Windows\system32\DRIVERS\SynTP.sys 196608 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0x8E408000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x8E5B5000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x82BA6000 C:\Windows\system32\drivers\N360\0403000.005\SYMEFA.SYS 184320 bytes (Symantec Corporation, Symantec Extended File Attributes)
0x83110000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8E52E000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0xBC8CC000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0xBD3B4000 C:\Windows\System32\Drivers\fastfat.SYS 163840 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xBD254000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x833B6000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x806DF000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xC10E4000 C:\Windows\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0x9040A000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x93F4F000 C:\Windows\system32\Drivers\SYMEVENT.SYS 151552 bytes (Symantec Corporation, Symantec Event Library)
0x8E4BA000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x83176000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0xBC9CB000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x82BDC000 C:\Windows\System32\Drivers\usbvideo.sys 135168 bytes (Microsoft Corporation, USB Video Class Driver)
0x93FAB000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x905A2000 C:\Windows\system32\drivers\N360\0403000.005\Ironx86.SYS 126976 bytes (Symantec Corporation, Iron Driver)
0x9AFD6000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x82AF0000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x9ABB7000 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 118784 bytes (Symantec Corporation, Symantec Eraser Utility Driver)
0xBC980000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x968F2000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x9AFB2000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0xC1186000 C:\Windows\system32\DRIVERS\sdbus.sys 106496 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0xBC99D000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x8DFE6000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xBD23C000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x9ABD4000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8E498000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x905C1000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x9AA41000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x9690D000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0xBC9B6000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8E500000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0xC11A0000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110325.035\NAVENG.SYS 81920 bytes (Symantec Corporation, AV Engine)
0x8E4EC000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8F3D5000 C:\Windows\system32\DRIVERS\rimsptsk.sys 81920 bytes (REDC, RICOH MS Driver)
0x9697C000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x8F3E9000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0xBC900000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x9AA72000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x833DD000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8E5A4000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x80486000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x8F3C4000 C:\Windows\system32\DRIVERS\rimmptsk.sys 69632 bytes (REDC, RICOH SD Driver)
0x82B96000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0xC11D9000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0xBC8BC000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x8077B000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0xC1168000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x8E51C000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x8DEEF000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x9AFA3000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x833A7000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x80706000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x8E4DD000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8EFE1000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x80722000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0xC1178000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0x9F6F0000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x9AA64000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x93FE7000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x8067A000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x9AF8C000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8E48B000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x9AA57000 C:\Windows\system32\DRIVERS\SymIMv.sys 53248 bytes (Symantec Corporation, NDIS 6.0 Filter Driver for Windows Vista)
0x8E562000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0xC10CF000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0xC1115000 C:\Windows\System32\DRIVERS\tssecsrv.sys 49152 bytes (Microsoft Corporation, TS Security Filter Driver)
0x93F9F000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8EF8C000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0x8EFF0000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8DFD1000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x93FDC000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8E4AF000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8E5E2000 C:\Windows\system32\DRIVERS\point32k.sys 45056 bytes (Microsoft Corporation, Point32.sys)
0x8E478000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0xC110A000 C:\Windows\system32\drivers\tdtcp.sys 45056 bytes (Microsoft Corporation, TCP Transport Driver)
0x8EF98000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x80718000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
0x9AF99000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8E558000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0xBC8F6000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x9AAC1000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0xBD3AA000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8E5ED000 C:\Windows\system32\drivers\N360\0403000.005\SRTSPX.SYS 40960 bytes (Symantec Corporation, Symantec AutoProtect)
0x8DFDC000 C:\Windows\system32\DRIVERS\tdcmdpst.sys 40960 bytes (TOSHIBA Corporation., TOSHIBA ODD Writing Driver for x86.)
0x833EE000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x93F88000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0xC11D0000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xC11B4000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x82BD3000 C:\Windows\System32\Drivers\PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0x93FF5000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xC10DB000 C:\Windows\system32\DRIVERS\Sftredirlh.sys 36864 bytes (Microsoft Corporation, Microsoft Application Virtualization SystemGuard)
0x9AFCD000 C:\Windows\system32\DRIVERS\Sftvollh.sys 36864 bytes (Microsoft Corporation, Microsoft Application Virtualization Volume Manager)
0x9F6D0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8DEDE000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x806CE000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x9AA38000 C:\Windows\system32\drivers\ws2ifsl.sys 36864 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0x82AE8000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x80497000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8DEE7000 C:\Windows\system32\DRIVERS\FwLnk.sys 32768 bytes (TOSHIBA Corporation, TOSHIBA Firmware Linkage 32-bit Driver)
0xC11E9000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x806D7000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x93FCC000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x93FD4000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8E483000 C:\Windows\System32\Drivers\RootMdm.sys 32768 bytes (Microsoft Corporation, Legacy Non-Pnp Modem Device Driver)
0x8339F000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x905D8000 C:\Windows\System32\Drivers\UVCFTR_S.SYS 32768 bytes (Chicony Electronics Co., Ltd., UVCFTR_S.sys)
0x93F98000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x905F9000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x8040F000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x93F91000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x8E515000 C:\Windows\system32\DRIVERS\RimSerial.sys 28672 bytes (Research in Motion Ltd, RIM Virtual Serial Driver)
0x8E800000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x83357000 C:\Windows\system32\DRIVERS\TVALZ_O.SYS 20480 bytes (TOSHIBA Corporation, TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver)
0x8DEFE000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x80715000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xBD2CA000 C:\Program Files\NXP\FM Radio\OpenLibSys.sys 8192 bytes (OpenLibSys.org, OpenLibSys)
0x8E52C000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8F3FC000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================
0x04C50000 Hidden Image-->PCHealthInfo.dll [ EPROCESS 0xC1759B20 ] PID: 5348, 110592 bytes
0x04C70000 Hidden Image-->SwUpdates.dll [ EPROCESS 0xC1759B20 ] PID: 5348, 118784 bytes
0x04720000 Hidden Image-->Alerts.dll [ EPROCESS 0xC1759B20 ] PID: 5348, 94208 bytes


____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________

OTL.TXT

OTL logfile created on: 03/26/2011 9:58:26 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Owner\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 30.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 59.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289.53 Gb Total Space | 83.52 Gb Free Space | 28.85% Space Free | Partition Type: NTFS
Drive D: | 5.93 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: AL-ANABELATLIVE | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2011/03/26 09:56:28 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2011/03/24 14:40:30 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/03/12 14:32:11 | 000,122,040 | ---- | M] (dotSyntax, LLC) -- C:\Program Files\Digsby\lib\digsby-app.exe
PRC - [2010/11/29 15:58:34 | 001,294,712 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
PRC - [2010/11/29 15:58:30 | 000,054,136 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe
PRC - [2010/11/16 11:17:05 | 000,274,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2010/10/17 10:42:21 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
PRC - [2010/06/30 13:37:52 | 000,052,664 | ---- | M] () -- C:\Program Files\Tether\TBService.exe
PRC - [2010/04/24 01:10:54 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/04/24 01:10:44 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/03/16 04:52:02 | 000,055,016 | ---- | M] (Xobni Corporation) -- C:\Program Files\Xobni\XobniService.exe
PRC - [2010/02/28 02:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
PRC - [2010/02/25 19:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccsvchst.exe
PRC - [2009/07/07 10:43:36 | 000,622,080 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Media Server\GoogleMediaServer.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/10 17:54:28 | 000,200,704 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe
PRC - [2009/04/10 17:54:22 | 000,143,360 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/07/18 23:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/07/10 19:58:40 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2008/04/30 22:41:12 | 000,815,104 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008/04/30 22:10:10 | 000,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/04/24 21:35:46 | 000,073,728 | ---- | M] (Toshiba) -- C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
PRC - [2008/04/11 13:57:14 | 000,124,264 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2008/04/08 18:14:50 | 006,037,504 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/03/11 15:13:08 | 000,788,332 | ---- | M] () -- C:\Program Files\Digsby\lib\aspell\bin\aspell.exe
PRC - [2008/02/06 16:52:52 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
PRC - [2008/02/06 16:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2008/01/20 21:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/20 21:23:32 | 000,319,544 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Windows Defender\MpCmdRun.exe
PRC - [2007/12/03 20:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe
PRC - [2007/11/21 20:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2007/09/28 18:03:46 | 000,075,136 | ---- | M] ( TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
PRC - [2007/06/16 00:01:58 | 000,448,080 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SmoothView\SmoothView.exe
PRC - [2006/10/05 15:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/08/23 18:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (SafeList) ==========

MOD - [2011/03/26 09:56:28 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
MOD - [2010/11/16 11:18:39 | 000,040,448 | ---- | M] (RealNetworks, Inc.) -- C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
MOD - [2010/09/20 14:26:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\4.3.0.5\asoehook.dll
MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2010/05/25 21:53:18 | 000,653,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4974_none_50940634bcb759cb\msvcr90.dll
MOD - [2010/05/25 21:53:18 | 000,569,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4974_none_50940634bcb759cb\msvcp90.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/11/29 15:58:30 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/06/30 13:37:52 | 000,052,664 | ---- | M] () [Auto | Running] -- C:\Program Files\Tether\TBService.exe -- (Tether)
SRV - [2010/04/24 01:10:54 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/04/24 01:10:44 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/03/16 04:52:02 | 000,055,016 | ---- | M] (Xobni Corporation) [Auto | Running] -- C:\Program Files\Xobni\XobniService.exe -- (XobniService)
SRV - [2010/02/25 19:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe -- (N360)
SRV - [2009/07/07 10:43:36 | 000,622,080 | ---- | M] (Google Inc.) [Auto | Running] -- C:\Program Files\Google\Google Media Server\GoogleMediaServer.exe -- (Google MediaServer)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/07/18 23:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/07/10 19:58:40 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/04/30 22:41:12 | 000,815,104 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/04/30 22:10:10 | 000,466,944 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/04/24 21:35:46 | 000,073,728 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV - [2008/04/11 13:57:14 | 000,124,264 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2008/02/06 16:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/03 20:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/21 20:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2006/10/05 15:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 18:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - [2011/02/25 16:59:12 | 000,800,376 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110309.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/12/16 18:55:31 | 001,360,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110325.035\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/12/16 18:55:31 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110325.035\NAVENG.SYS -- (NAVENG)
DRV - [2010/11/08 19:50:30 | 000,353,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110325.001\IDSvix86.sys -- (IDSVix86)
DRV - [2010/05/27 09:55:54 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/27 09:55:54 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/11 09:54:26 | 000,014,848 | --S- | M] (TetherBridge) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TBridgeDrv.sys -- (TetherBridge)
DRV - [2010/05/09 17:22:39 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/05/05 23:01:59 | 000,339,504 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0403000.005\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2010/05/05 23:01:44 | 000,044,080 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2010/04/29 00:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0403000.005\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/24 01:10:54 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2010/04/24 01:10:52 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2010/04/24 01:10:50 | 000,195,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2010/04/24 01:10:44 | 000,550,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2010/04/21 22:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0403000.005\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/21 21:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\Drivers\N360\0403000.005\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/21 21:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0403000.005\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/03/04 13:50:14 | 000,261,152 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010/02/25 19:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0403000.005\ccHPx86.sys -- (ccHP)
DRV - [2009/12/15 14:41:30 | 000,268,912 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SRS_SSCFilter_i386.sys -- (SRS_SSCFilter) SRS Labs Audio Sandbox (WDM)
DRV - [2009/11/04 17:54:12 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/11/04 17:54:12 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/11/04 17:54:12 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/11/04 17:54:12 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/11/04 17:53:40 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/10/16 10:22:58 | 000,045,608 | ---- | M] (Tether) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\qrkis.sys -- (qrkis)
DRV - [2009/10/14 22:50:05 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\N360\0403000.005\SYMDS.SYS -- (SymDS)
DRV - [2009/03/30 03:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2008/07/18 21:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2008/07/15 22:59:06 | 000,017,960 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2008/04/28 09:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/02/15 20:01:18 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/01/18 11:22:00 | 000,009,216 | ---- | M] (Inventec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\sysprep\PEDRV.SYS -- (SVRPEDRV)
DRV - [2007/12/14 14:53:24 | 000,024,200 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2007/11/09 17:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/10/19 14:05:42 | 000,014,672 | ---- | M] (OpenLibSys.org) [Kernel | Auto | Running] -- C:\Program Files\NXP\FM Radio\OpenLibSys.sys -- (OpenLibSys)
DRV - [2007/08/21 03:13:03 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2007/07/30 13:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 12:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/07/03 16:59:10 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd) SAMSUNG Mobile Modem Diagnostic Serial Port (WDM)
DRV - [2007/07/03 16:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007/07/03 16:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007/07/03 16:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2006/11/28 18:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 16:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/09 01:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
DRV - [2006/11/09 01:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
DRV - [2006/10/23 18:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn1.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-737594619-1414829202-3786626943-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/
IE - HKU\S-1-5-21-737594619-1414829202-3786626943-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-737594619-1414829202-3786626943-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/?ref=hp
IE - HKU\S-1-5-21-737594619-1414829202-3786626943-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-737594619-1414829202-3786626943-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-737594619-1414829202-3786626943-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/
IE - HKU\S-1-5-21-737594619-1414829202-3786626943-1000\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-737594619-1414829202-3786626943-1000\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn1.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-737594619-1414829202-3786626943-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-737594619-1414829202-3786626943-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-737594619-1414829202-3786626943-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/?ref=home"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: autopager@mozilla.org:0.6.2.6
FF - prefs.js..extensions.enabledItems: everywhere@kosmix.com:0.6.1
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.2.44172
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.8.5
FF - prefs.js..extensions.enabledItems: {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.7
FF - prefs.js..extensions.enabledItems: {4176DFF4-4698-11DE-BEEB-45DA55D89593}:0.8.7
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {afe43e80-0abc-4df2-81a0-3fe44b74abe8}:1.300.367
FF - prefs.js..extensions.enabledItems: {c36177c0-224a-11da-8cd6-0800200c9a91}:3.9.4
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://search.freecause.com/search?fr=freecause&ourmark=3&type=62781&p="


FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/05 23:50:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2010/06/02 15:22:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\ [2010/05/09 17:23:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/11/16 11:18:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock 2.5\extensions\\Components: C:\Program Files\Flock\components
FF - HKLM\software\mozilla\Flock 2.5\extensions\\Plugins: C:\Program Files\Flock\plugins
FF - HKLM\software\mozilla\Flock 2.5.5\extensions\\Components: C:\Program Files\Flock\components
FF - HKLM\software\mozilla\Flock 2.5.5\extensions\\Plugins: C:\Program Files\Flock\plugins
FF - HKLM\software\mozilla\Flock 2.5.6\extensions\\Components: C:\Program Files\Flock\components
FF - HKLM\software\mozilla\Flock 2.5.6\extensions\\Plugins: C:\Program Files\Flock\plugins
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/24 19:09:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/25 13:20:14 | 000,000,000 | ---D | M]

[2010/10/02 19:18:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions
[2010/04/02 22:39:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009/06/13 14:37:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b}
[2009/06/13 16:04:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2010/11/02 13:15:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\5wa21joe.default\extensions
[2010/10/02 19:09:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\5wa21joe.default\extensions\{08500494-eb6d-4747-891b-4ef78a3bbe1c}
[2010/10/02 19:09:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\5wa21joe.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/10/02 19:09:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\5wa21joe.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/02 19:09:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\5wa21joe.default\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}
[2010/10/02 19:09:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\5wa21joe.default\extensions\{5C655500-E712-41e7-9349-CE462F844B19}
[2010/10/02 19:09:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\5wa21joe.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010/10/02 19:09:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\5wa21joe.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2010/11/02 17:19:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\5wa21joe.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2010/10/02 19:09:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\5wa21joe.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
[2010/10/02 19:09:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\5wa21joe.default\extensions\autopager@mozilla.org
[2010/10/02 19:09:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\5wa21joe.default\extensions\canitbecheaper@trafficbroker.co.uk
[2010/10/02 19:09:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\5wa21joe.default\extensions\everywhere@kosmix.com
[2010/10/02 19:09:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\5wa21joe.default\extensions\FasterFox_Lite@BigRedBrent
[2010/10/02 19:09:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\5wa21joe.default\extensions\piclens@cooliris.com
[2010/11/02 13:15:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\b79xe3ai.default\extensions
[2010/06/09 15:08:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\b79xe3ai.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/07/17 20:22:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\b79xe3ai.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2010/07/17 20:22:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\b79xe3ai.default\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}
[2010/06/09 15:08:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\b79xe3ai.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/11/02 17:19:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\b79xe3ai.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2010/06/09 15:08:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\b79xe3ai.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/06/09 15:08:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\b79xe3ai.default\extensions\{d47a9f51-8281-43fa-f450-f28ef8735e9a}
[2010/06/09 15:08:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\b79xe3ai.default\extensions\{DCBD1271-D228-4082-9FBC-36D9B7660B03}
[2010/06/09 15:08:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\b79xe3ai.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/06/09 15:08:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\b79xe3ai.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2010/06/09 15:09:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\b79xe3ai.default\extensions\amznuwl@amazon.com
[2010/06/09 15:09:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\b79xe3ai.default\extensions\toolbar@ask.com
[2011/03/25 18:16:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\mg5k2a1m.default\extensions
[2011/03/25 18:16:38 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\mg5k2a1m.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/10/03 09:53:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\mg5k2a1m.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/11 20:27:54 | 000,000,000 | ---D | M] (Firefox Sync) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\mg5k2a1m.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
[2011/01/23 10:28:36 | 000,000,000 | ---D | M] (AniWeather) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\mg5k2a1m.default\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}
[2011/03/22 15:56:33 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\mg5k2a1m.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2011/03/23 09:36:08 | 000,000,000 | ---D | M] (Gamers Unite! Snag Bar) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\mg5k2a1m.default\extensions\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}
[2011/03/02 14:23:07 | 000,000,000 | ---D | M] (Fasterfox) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\mg5k2a1m.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}
[2010/12/25 11:28:28 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\mg5k2a1m.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/03/25 18:16:42 | 000,000,000 | ---D | M] (New Tab King) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\mg5k2a1m.default\extensions\{FC5BAC7D-D696-4ba6-B913-CF8F000C33DF}
[2011/03/19 11:06:31 | 000,000,000 | ---D | M] ("AutoPager") -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\mg5k2a1m.default\extensions\autopager@mozilla.org
[2010/10/03 10:10:20 | 000,000,000 | ---D | M] (Tweetbeat Firsthand) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\mg5k2a1m.default\extensions\everywhere@kosmix.com
[2011/03/25 18:16:37 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\mg5k2a1m.default\extensions\piclens@cooliris.com
[2011/03/25 18:00:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/14 16:29:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/04 13:49:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/01/11 11:08:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/18 12:31:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010/03/05 23:50:09 | 000,000,000 | ---D | M] (Google Gears) -- C:\PROGRAM FILES\GOOGLE\GOOGLE GEARS\FIREFOX
[2010/05/09 17:23:36 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\COFFPLGN
[2010/06/02 15:22:37 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPLGN
[2010/11/16 11:18:42 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/03/09 18:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll

O1 HOSTS File: ([2011/03/20 13:10:12 | 000,430,415 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14841 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Gamers Unite! Snag Bar BHO) - {26A7CA19-7D58-411D-B2DA-F1B0324CBFFC} - C:\Program Files\Gamers Unite! Snag Bar\Toolbar.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn1.dll (Conduit Ltd.)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found.
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found.
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Gamers Unite! Snag Bar) - {25515A79-C1C7-4B97-97F8-31A711694487} - C:\Program Files\Gamers Unite! Snag Bar\Toolbar.dll ()
O3 - HKLM\..\Toolbar: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-737594619-1414829202-3786626943-1000\..\Toolbar\WebBrowser: (Gamers Unite! Snag Bar) - {25515A79-C1C7-4B97-97F8-31A711694487} - C:\Program Files\Gamers Unite! Snag Bar\Toolbar.dll ()
O3 - HKU\S-1-5-21-737594619-1414829202-3786626943-1000\..\Toolbar\WebBrowser: (Zynga Toolbar) - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - C:\Program Files\Zynga\tbZyn1.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-737594619-1414829202-3786626943-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [PCMAgent] C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-737594619-1414829202-3786626943-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpywareBlaster.lnk = C:\Program Files\SpywareBlaster\spywareblaster.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-737594619-1414829202-3786626943-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-737594619-1414829202-3786626943-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-737594619-1414829202-3786626943-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-737594619-1414829202-3786626943-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-737594619-1414829202-3786626943-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-737594619-1414829202-3786626943-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O15 - HKU\S-1-5-21-737594619-1414829202-3786626943-1000\..Trusted Domains: asurion.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-737594619-1414829202-3786626943-1000\..Trusted Domains: chase.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-737594619-1414829202-3786626943-1000\..Trusted Domains: flirt4free.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-737594619-1414829202-3786626943-1000\..Trusted Domains: jpmorganchase.com ([connect] https in Trusted sites)
O15 - HKU\S-1-5-21-737594619-1414829202-3786626943-1000\..Trusted Domains: reliant.com ([]https in Trusted sites)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} http://mobileapps.blackberry.com/devicesoftware/AxLoader.cab (RIM AxLoader)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: CabBuilder http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/26 09:56:24 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2011/03/23 11:09:10 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/03/23 09:52:13 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/03/23 09:52:13 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/03/23 09:52:04 | 002,452,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/03/23 09:51:59 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/03/23 09:51:59 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/03/23 09:51:59 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/03/23 09:51:58 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/03/23 09:51:58 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/03/23 09:51:58 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/03/23 09:51:58 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2011/03/22 16:37:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[2011/03/15 17:58:03 | 000,000,000 | ---D | C] -- C:\Program Files\Tams11
[2011/03/10 18:07:32 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\BlackBerry
[2011/03/09 15:03:00 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cooliris
[2011/03/08 20:39:32 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/03/08 20:39:32 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011/03/08 20:39:32 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011/03/08 20:39:32 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2011/03/06 20:29:13 | 000,000,000 | ---D | C] -- C:\Program Files\ilivid
[2011/03/06 12:56:03 | 000,000,000 | ---D | C] -- C:\Program Files\Feedback Tool
[2011/02/26 14:35:13 | 000,000,000 | ---D | C] -- C:\Program Files\Quicken
[2011/02/25 10:39:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/26 10:03:21 | 000,000,392 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D72D7F8A-05E2-4BA3-9113-39DDEED0DD4C}.job
[2011/03/26 09:56:28 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2011/03/26 09:54:20 | 000,133,632 | ---- | M] () -- C:\Users\Owner\Desktop\RKUnhookerLE.EXE
[2011/03/26 09:47:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/26 09:32:46 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-737594619-1414829202-3786626943-1000UA.job
[2011/03/26 09:32:44 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/26 09:32:44 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/26 09:32:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/25 13:20:15 | 000,001,858 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/03/25 11:13:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-737594619-1414829202-3786626943-1000Core.job
[2011/03/25 10:47:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/24 14:02:28 | 000,708,802 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/03/24 14:02:28 | 000,143,794 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/03/24 12:36:05 | 010,387,434 | ---- | M] () -- C:\Users\Owner\Desktop\Conan_Takes_on_Rebecca_Black_With_CONAN_032111_Preview_640x360x1000k.flv
[2011/03/23 11:09:16 | 000,002,099 | ---- | M] () -- C:\Users\Owner\Desktop\Google Chrome.lnk
[2011/03/23 11:09:16 | 000,002,061 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/03/22 16:37:38 | 000,001,719 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/03/22 16:37:38 | 000,001,695 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/03/22 16:01:20 | 000,150,528 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/21 15:15:15 | 002,389,573 | ---- | M] () -- C:\Users\Owner\Desktop\task manager pic.rtf
[2011/03/21 15:03:19 | 554,019,428 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/03/20 13:10:12 | 000,430,415 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/03/20 11:22:15 | 000,005,972 | ---- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2011/03/18 15:05:35 | 000,107,938 | ---- | M] () -- C:\Users\Owner\Desktop\AirCheck.pdf
[2011/03/15 17:58:25 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/03/15 17:58:25 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/03/06 13:12:17 | 000,000,914 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/02/27 09:36:12 | 000,001,706 | ---- | M] () -- C:\Users\Owner\Desktop\Quicken 2010.lnk
[2011/02/25 10:39:26 | 000,002,044 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/26 09:54:01 | 000,133,632 | ---- | C] () -- C:\Users\Owner\Desktop\RKUnhookerLE.EXE
[2011/03/25 13:20:14 | 000,001,858 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/03/24 12:35:56 | 010,387,434 | ---- | C] () -- C:\Users\Owner\Desktop\Conan_Takes_on_Rebecca_Black_With_CONAN_032111_Preview_640x360x1000k.flv
[2011/03/23 11:09:16 | 000,002,061 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/03/23 11:09:15 | 000,002,099 | ---- | C] () -- C:\Users\Owner\Desktop\Google Chrome.lnk
[2011/03/23 11:08:25 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-737594619-1414829202-3786626943-1000UA.job
[2011/03/23 11:08:25 | 000,000,856 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-737594619-1414829202-3786626943-1000Core.job
[2011/03/22 16:31:11 | 000,001,719 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/03/22 16:31:10 | 000,001,695 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/03/22 16:31:10 | 000,000,829 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[2011/03/21 13:01:35 | 002,389,573 | ---- | C] () -- C:\Users\Owner\Desktop\task manager pic.rtf
[2011/03/18 15:05:35 | 000,107,938 | ---- | C] () -- C:\Users\Owner\Desktop\AirCheck.pdf
[2011/03/15 17:58:25 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011/03/15 17:58:25 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011/03/12 17:10:29 | 000,000,392 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{D72D7F8A-05E2-4BA3-9113-39DDEED0DD4C}.job
[2011/03/06 13:12:16 | 000,000,914 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/02/27 09:36:12 | 000,001,706 | ---- | C] () -- C:\Users\Owner\Desktop\Quicken 2010.lnk
[2011/02/25 10:39:25 | 000,002,044 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/11/23 01:13:41 | 000,191,356 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/09/25 10:32:47 | 000,222,552 | ---- | C] () -- C:\Windows\RM.exe
[2010/09/21 17:01:25 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat
[2010/09/09 11:58:16 | 000,036,569 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Comma Separated Values (Windows).ADR
[2010/09/06 12:51:32 | 000,010,231 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Comma Separated Values (Windows).CAL
[2010/08/31 15:23:38 | 000,000,100 | ---- | C] () -- C:\Windows\Lexstat.ini
[2010/08/18 11:14:33 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010/08/06 14:36:42 | 000,000,089 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010/07/30 20:33:34 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/07/09 15:56:59 | 000,000,120 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2010/05/27 11:23:26 | 000,225,280 | ---- | C] () -- C:\Windows\System32\net_rim_plazmic_flint_dialog.dll
[2010/05/26 10:53:09 | 000,000,054 | ---- | C] () -- C:\Windows\Money.INI
[2010/05/10 15:46:54 | 000,268,912 | ---- | C] () -- C:\Windows\System32\drivers\SRS_SSCFilter_i386.sys
[2010/05/03 15:03:03 | 000,000,170 | ---- | C] () -- C:\Windows\wininit.ini
[2010/05/02 16:26:14 | 000,002,108 | ---- | C] () -- C:\Users\Owner\AppData\Local\rx_audio.Cache
[2010/05/02 16:25:49 | 000,000,072 | ---- | C] () -- C:\Users\Owner\AppData\Local\rx_image.Cache
[2010/04/26 23:19:47 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/04/24 21:54:39 | 000,870,128 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\mcs.rma
[2010/04/24 21:54:39 | 000,000,004 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\D771D5
[2010/03/30 00:18:49 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin
[2010/03/02 18:04:05 | 000,005,972 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2010/02/24 13:54:33 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/02/24 13:54:33 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2009/12/03 22:10:10 | 000,000,069 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2009/12/03 09:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/01 10:39:20 | 000,000,091 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2009/06/14 23:38:12 | 007,349,744 | ---- | C] () -- C:\Program Files\FLV PlayerATBSetup.exe
[2009/06/13 21:46:41 | 000,150,528 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/13 17:32:47 | 000,027,742 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\UserTile.png
[2009/06/13 14:37:53 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/06/06 03:17:39 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/06/06 03:17:39 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/06/06 03:17:13 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/06/05 19:29:41 | 000,000,013 | RHS- | C] () -- C:\Windows\System32\drivers\fbd.sys
[2009/06/05 19:29:39 | 000,000,004 | RHS- | C] () -- C:\Windows\System32\drivers\taishop.sys
[2009/05/25 11:42:06 | 000,009,728 | ---- | C] () -- C:\Windows\System32\MAPIUtils.dll
[2009/01/18 02:27:03 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2009/01/18 02:27:03 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2009/01/18 02:27:03 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2009/01/18 02:27:03 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2009/01/18 02:00:16 | 000,000,852 | ---- | C] () -- C:\Windows\System32\drivers\RTKHDRC1.dat
[2009/01/18 02:00:16 | 000,000,852 | ---- | C] () -- C:\Windows\System32\drivers\RTKHDRC0.dat
[2009/01/18 02:00:16 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2009/01/18 02:00:16 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2009/01/18 02:00:16 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
[2009/01/18 02:00:16 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2008/08/14 14:48:20 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/08/14 14:28:30 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008/08/14 14:28:30 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008/08/14 14:28:30 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008/08/14 14:28:30 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008/08/14 14:28:30 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008/08/14 14:28:30 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008/08/14 14:02:18 | 000,257,053 | ---- | C] () -- C:\Windows\WOLSET.exe
[2008/06/12 21:59:22 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2008/06/12 21:41:20 | 000,492,496 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2008/06/12 21:41:18 | 002,192,024 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2008/06/12 21:41:18 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008/04/24 21:43:50 | 000,057,344 | ---- | C] () -- C:\Windows\System32\SmartFaceVCapt.dll
[2008/04/24 21:42:44 | 000,479,232 | ---- | C] () -- C:\Windows\System32\SmartFaceVCP.dll
[2008/04/24 21:25:46 | 006,701,056 | ---- | C] () -- C:\Windows\System32\FaceHI.dll
[2008/04/24 21:25:46 | 000,995,328 | ---- | C] () -- C:\Windows\System32\FaceRec.dll
[2008/04/24 21:25:46 | 000,126,976 | ---- | C] () -- C:\Windows\System32\SmartFaceVCtrl.dll
[2008/04/24 21:23:58 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IppLib.dll
[2007/12/21 18:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2007/02/07 18:58:12 | 000,039,899 | ---- | C] () -- C:\Windows\System32\rtsicis.ini
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,399,496 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,708,802 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,143,794 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/06/07 14:23:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv7.dll
[2006/03/09 11:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2006/03/07 12:59:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv6.dll
[2006/01/10 18:11:06 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv5.dll
[2005/07/22 23:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
[2002/09/18 00:45:00 | 000,119,808 | ---- | C] () -- C:\Windows\lsb_un20.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:5466F106
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:CE7C61DF

< End of report >




____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________

EXTRAS.TXT

OTL Extras logfile created on: 03/26/2011 9:58:32 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Owner\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 30.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 59.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289.53 Gb Total Space | 83.52 Gb Free Space | 28.85% Space Free | Partition Type: NTFS
Drive D: | 5.93 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: AL-ANABELATLIVE | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-737594619-1414829202-3786626943-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-737594619-1414829202-3786626943-1000]
"EnableNotificationsRef" = 3
"EnableNotifications" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00BF2D04-0244-4AC3-92A2-CB4A7D0C5AB9}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |
"{01E0E211-074E-4105-869D-8123F1D9E2FA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{020845BE-6739-46C8-8F9B-C9261E8749A5}" = lport=445 | protocol=6 | dir=in | app=system |
"{0385B311-F973-41EC-83E1-8EE5496C78F8}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |
"{03B72380-A97E-4F17-B928-2EB6AAAB7195}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{05BE6329-95E5-4F98-86ED-49F443E75A5E}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |
"{07F1C16A-A8C2-4177-8372-8AFB61C1DC7E}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{08489AA3-2FC1-45B6-ACE8-00A0E527D79E}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{0BE07315-0942-4DE5-9F7B-815C8F0E0048}" = lport=139 | protocol=6 | dir=in | app=system |
"{1CEF5C0C-A089-4DCC-A561-905EABE276F7}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{1D395A1F-5B33-423E-AEE4-A5978BE8FD32}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{20A1376F-B164-44E9-A697-C1A613FE70C1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{24972E88-66BA-4649-8780-FBD15F3D34C6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{30259B43-A129-4FCE-AA06-6218948F1E47}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{3356D42C-C397-4692-A379-4753C0A29AC7}" = lport=10244 | protocol=6 | dir=in | app=system |
"{33BBCE59-3814-4157-9602-8A5CED7F00E5}" = rport=5357 | protocol=6 | dir=out | app=system |
"{391A844F-9BD3-4860-B1D4-FEC06422B835}" = lport=3390 | protocol=6 | dir=in | app=system |
"{43DB69C0-EB2F-4912-B945-3043CF2B82F2}" = lport=5358 | protocol=6 | dir=in | app=system |
"{4472F1B9-ED4F-4BF3-B2D9-D426480FDC16}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{460049E5-565E-4E05-9A0E-04BD1C16E32F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{49513158-A078-4C99-A600-67B3AD050386}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{53EB8DEA-CB78-41A0-B227-B945BE4FE3F9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{543486B8-FC30-4597-99ED-9166155F8067}" = rport=10244 | protocol=6 | dir=out | app=system |
"{591F1294-DF84-49C2-888F-35CE605E29C0}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{5EDD0A5D-4623-4784-BEAD-B7917718DC1A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{60F1B8F8-0732-4209-A45F-7B02B987C40A}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{62F87E1E-4B62-4BF4-B3A1-50D0D0B7C36A}" = rport=445 | protocol=6 | dir=out | app=system |
"{6374D6D2-5E39-4C40-9AC0-2CA759450EAB}" = lport=3390 | protocol=6 | dir=in | app=system |
"{64CDCDC5-871E-4F3E-B48C-75701C2F63C2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{64E203A5-1064-4FB2-902C-74FDE8CDBAD0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{69A044C1-473C-464A-92B3-59135599CE6F}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{6B88F8BC-E84C-414B-8C1F-B49C842EECE5}" = rport=137 | protocol=17 | dir=out | app=system |
"{74B92391-2B52-4D00-A377-BF8D5DA17502}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{769517D0-D72E-4EFC-B2A3-2C1FE7DAEFCD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{77508F75-E78C-44AC-A1A9-801F35099454}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{77573DE2-67FC-49EA-844C-C2EF427656AA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{77F01830-4286-4ED7-AFA2-0601D79C834E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{81139B49-3D77-490A-B44A-6E7FCC1D892C}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{848F7A3F-A550-40A1-9548-84B7A7867CE3}" = rport=2869 | protocol=6 | dir=out | app=system |
"{84BDB8C3-CD22-45B5-9E95-2AA2D022E5E4}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{853AB71E-AB96-4232-9107-5FDF496678B1}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{860742CB-D14A-498E-A3E8-062A8CA6E05E}" = rport=5358 | protocol=6 | dir=out | app=system |
"{88847126-049E-48B2-A339-464132E23CCE}" = rport=138 | protocol=17 | dir=out | app=system |
"{8A1F2D57-16F7-4C97-B0AB-F3E0D0A2AAF8}" = rport=10244 | protocol=6 | dir=out | app=system |
"{8AC8AA4F-68F1-4134-B30A-C8A96FF19BE7}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{90FDDA0C-1D2F-4A65-A850-B85CE554B024}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9512DDDE-547B-47C6-A936-46CDF2508FDA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{98260269-7746-4D34-B097-BEAE4904B9AE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{997628AC-8916-4661-BFD8-4F4E771BB2F2}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{99D68F4C-00E6-4424-85D2-A3C553EEE359}" = lport=5357 | protocol=6 | dir=in | app=system |
"{A5593A1F-EBEB-43E4-B6BE-B130B0910CED}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |
"{A60EA4A4-ACD9-463D-8D4A-CC4C92592AB6}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{AA48DACF-1289-4292-92B1-1F6C2BE368C9}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{B540D46C-FC9D-474E-BBD7-1F9EBAEEF77B}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{B739E584-FBA3-433A-8907-F0882C293FCD}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{B78ECC0C-8036-4B5D-A3DE-DF4CD762D9BF}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{B8505121-DB9F-437A-9286-A045A6A5F80C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{BBC07CE3-3030-469B-9EC7-8FE61B66C59F}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{BEC3AD5E-C5E7-460A-B092-BB6CF4DCD10A}" = rport=139 | protocol=6 | dir=out | app=system |
"{C064525B-DC11-4D53-BA2A-0D8812CB918E}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{C32F8FFE-791B-4CCA-B6F5-83575E24068E}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{C6BAF045-E0C0-4057-AEAF-E937354FF96B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C8187CF8-55E6-41A9-9B3F-EE8EA33CE3E0}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{C886AAB7-0E57-4B18-ABFA-682C963A9480}" = lport=137 | protocol=17 | dir=in | app=system |
"{C8943415-F701-4F60-A40E-02ED397BA7A1}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{CB3A0E13-D327-4E57-A5C1-F9EC7B173C38}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{CF32FFCF-8AFF-45A9-A62D-2E97CCD9ADEF}" = lport=10244 | protocol=6 | dir=in | app=system |
"{D2ED127E-5D75-4C6F-956A-118C43748382}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{D3882DEC-D460-4225-9F32-EC4BE69D7953}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D424A092-6FAA-45D8-B66C-40AFE2D77B1C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D62F9642-A492-4540-A540-1E6C413DEACA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D644331D-257A-4E65-9DA9-7EB5589C7745}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{D6AE02D3-CEA9-49DC-90B8-D179D5B9413B}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{D894F7BB-A4D2-481B-BF2E-BAA394E020C0}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{DCC0CDE5-DF33-4B9D-B01D-DCC763A90C68}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F60BC57E-8063-4BF5-9851-7D683E6EABE4}" = lport=138 | protocol=17 | dir=in | app=system |
"{F9418F02-4E68-44FA-93BC-FC5A71BE3A29}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{FEEF8B01-B514-4400-A5B2-E71361F5E02F}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{001212B8-24B0-4849-897D-52A083D011DC}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{015714D1-0140-4448-B231-88D93DDFD35E}" = dir=in | app=c:\program files\cyberlink\powercinema for toshiba\pcmservice.exe |
"{060BA20F-BB0A-48EC-A60E-54BDFBAD9DC4}" = protocol=6 | dir=in | app=c:\program files\google\google media server\googlemediaserver.exe |
"{0698FACE-6CC5-4C8A-B576-8E0971A6B45A}" = dir=in | app=c:\program files\cyberlink\powercinema for toshiba\kernel\dms\clmsservice.exe |
"{07EEECF9-C0BA-4B3C-B5C7-76D022B6CF1D}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{09BB27D7-6FC7-4EE1-BF49-4BB216BC7563}" = dir=in | app=c:\program files\cyberlink\powercinema for toshiba\powercinema.exe |
"{0A2D7AB3-CD57-4D2B-92A1-99F2B6ACAF01}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{0D828BB7-3121-4AFB-A0C8-0EA6AD822AEF}" = protocol=17 | dir=in | app=c:\program files\v cast music with rhapsody\rhapsody.exe |
"{0FE1EFAC-7ACD-4FB9-AF92-4F7040A1A98D}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{11183A23-37E9-428E-BF9E-0AAE16EDDA42}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{199FF393-994C-41FE-A2AB-A1140FF77522}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{1A17E11F-BC41-48C5-A454-870FC0367EB1}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{1FDB826C-95AD-4606-A453-80854F4D457A}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{21ED9279-EF95-4A24-BE98-7EC48DC23050}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{2397402F-FE83-4B8B-9DB3-14043AA7E833}" = protocol=17 | dir=in | app=c:\windows\system32\lxczcoms.exe |
"{249C9A92-94A3-4866-B7AB-3FD5DEDD0114}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{2B173D73-7459-46B4-9B63-7E67CC873F4B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2B78B989-1D2E-4F7D-B9F0-F2960EE657FA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{2D30B65E-DF82-48FA-96AE-3836A15979FE}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{31736075-3D5D-46B5-BC30-298EDE82421F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{32AF8879-8651-4CB8-A704-CF2DB945796E}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{36D5FB64-2AA0-4C49-A1BA-1FF2F5E9BDF8}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{39E73054-0953-4B18-A32B-DC2D37D77F31}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{412B519F-23D6-4F02-9982-673EC410615C}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe |
"{43C6BB1F-00CE-422F-ACD6-F002B2EC2BA2}" = protocol=6 | dir=in | app=c:\program files\gamers unite! snag bar\toolbarupdate.exe |
"{443A7CED-51C7-4D42-83A9-65C7F8A574FE}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{454AB259-120C-4909-9080-E75FCB195CB1}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{45841437-EC1D-4691-A2EE-9BE1FF0AEEB9}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{4771F34A-3BE1-45DD-AC22-6B56E4A8584A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{478BE9D8-F7D1-40F8-99D8-4200507D1CB0}" = protocol=6 | dir=in | app=c:\program files\gamers unite! snag bar\troubleshooter.exe |
"{4C69E2CF-D680-4A69-9299-D2724A7549CB}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{4E108C88-8322-47F9-9575-1D79F3C49769}" = protocol=17 | dir=in | app=c:\program files\gamers unite! snag bar\toolbarupdate.exe |
"{561C9D3A-5641-481D-AB75-32F6FD68A7CC}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{56AAA889-5D9D-4EF0-AEA0-66FE9003D611}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{59993AF5-094A-4047-830F-FCD47AC9B091}" = protocol=6 | dir=in | app=c:\program files\v cast music with rhapsody\rhapsody.exe |
"{66A32BE0-C64C-4E3D-A942-99BD78C198D9}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{6919D3F4-36BF-476B-9A5A-C7C1C6E522BC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6929F614-32A0-49EC-B824-758A27EBA50F}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{6C52C556-11F0-4118-9F69-45775DAEE510}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{74200ED4-BABF-410D-B9F0-80EA0CE17811}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{75188999-B905-4D52-9680-48552FDBDE79}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7BC6A084-105E-4AB7-8B75-31C2B88E6DF4}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{7D368844-4C0B-4321-BDE2-62A321BB6449}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxczpswx.exe |
"{877DE89E-F239-41F2-9E76-36D4197CB26A}" = dir=in | app=c:\program files\cyberlink\powercinema for toshiba\kernel\dmp\clbrowserengine.exe |
"{87FDDD66-3C7E-4EF5-ABB9-84AD035035CF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{88FE2657-C1AF-4BA9-9E43-6419767C2033}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{8BB2AA68-446C-4B30-AAF7-3A1270D45FEA}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{8E2CA677-BA62-4FC4-92A8-56CCF1428A82}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{92B36205-0450-4195-8D48-CBE0B7E91563}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{95F8036F-D96A-41D8-AF3B-DCDFFD97E562}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{9715C000-C026-465E-B2A1-B3D89E2F6E29}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{A102BCEF-D825-41FA-8E76-8FF4F5B3E5CC}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{A9874FF4-BF10-48B4-86DD-8DDCFC875F6C}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{A9F930B3-E87A-4A87-9531-C669D5DF4EEC}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxczpswx.exe |
"{AC393840-BEB8-4C12-8116-5AAD1FB3BF7C}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{B1B6C2EC-FA0E-450C-9A63-FA1D1EBC44E3}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{B52CC94B-C902-41A5-8495-67D1EFCD7DC7}" = protocol=17 | dir=in | app=c:\program files\gamers unite! snag bar\troubleshooter.exe |
"{B55391B4-1951-4813-816D-4F42571CCE91}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B6F42892-5568-4DE7-8387-FEE1A3ED9577}" = protocol=17 | dir=in | app=c:\program files\google\google media server\googlemediaserver.exe |
"{BA544CDD-502C-4F71-B92D-10CB688748B4}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{BD0191A9-D351-49BB-8747-58A7EABA48B2}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{BFF4A7D7-E77E-40EB-9FF8-19226DBED32C}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe |
"{C12B10C3-3C74-43B7-8104-E346DB56A3E2}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{C1E0E195-D09D-4B1F-ABC4-EBD0AF01DA05}" = protocol=6 | dir=in | app=c:\windows\system32\lxczcoms.exe |
"{C2BA8B4F-BADA-4B3F-8CFA-E088717798D4}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{C93C7B92-D70F-469E-834A-45AB45631A7E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CB360177-0C1A-4AB1-8EC7-3BA3D06186FE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CCC03128-C5C8-4DB6-B15F-211409345F4F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D5B15408-84CA-4213-97B0-FABD19BE0277}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D8988140-A75B-4C82-90CA-91625EC9DC13}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{DCD681C4-4D61-47ED-B821-117EDB6FD637}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{DF5DE5D0-7726-4B47-B157-93F23E08D9AA}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{E6662EFE-0CE0-49AD-8058-94F8824505A2}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{EDCA0B41-BD43-4621-96E5-92DF4C8F5F6A}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{EF09C1D8-0829-4204-9D4B-BB42C13A7C65}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{F1545AC0-495B-4EAB-B516-F5295F55055C}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{F3E06FE1-AD5C-4171-B93F-CC2F8B2EA6D3}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{FB972EB6-BD33-4194-AB3C-14BF03780942}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{FF55A5DF-0F3C-4E6C-885A-8975C6D8DF6A}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"TCP Query User{111A6595-56C6-4BF4-A149-514E01F16977}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{117B59AD-2C60-4102-9570-28551CB0BA1B}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{19F0FE65-856E-4FB1-A8B7-B1941A434982}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{28F0AA44-E819-4A90-9597-47501D03BBDE}C:\program files\google\google desktop search\googledesktop.exe" = protocol=6 | dir=in | app=c:\program files\google\google desktop search\googledesktop.exe |
"TCP Query User{5C1790FC-927C-4439-8853-5BC18668B438}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{BB77942D-8FC2-4BC1-833A-D43C66B84CC2}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{C9690721-491E-49CC-BFF0-E5DFA2F92FDC}C:\users\owner\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"UDP Query User{01F6B025-8DDA-402C-A54A-AE140CEC753A}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{2135D622-8242-4BDD-8568-0525DD00E8AA}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{43EEE6A8-77A6-4864-8EFA-2C85ABB5D8E6}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{4C7E0F06-4718-4394-A86E-31FDE74DC460}C:\program files\google\google desktop search\googledesktop.exe" = protocol=17 | dir=in | app=c:\program files\google\google desktop search\googledesktop.exe |
"UDP Query User{743054C4-C945-46AD-991A-CEBD2A1E1170}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{91036E4D-2258-4BED-95B2-12B150E91C3E}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{EC5A63E6-30A0-4A9A-9EDD-90FF186BDF69}C:\users\owner\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{0DDCEC37-369C-484B-B16D-B4413FD42FB9}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{105FF94C-C179-ECD4-0233-0D3454313976}" = Robo.to Maker
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{23C12370-3A82-4558-B727-F345B473AD87}" = BlackBerry Device Software Updater
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema for TOSHIBA
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 24
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{4F44B5AE-82A6-4A8A-A3E3-E24D489728E3}" = Microsoft SQL Server 2008 Native Client
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6ED37A91-7710-3183-BE50-AB043FF6689E}" = Microsoft Team Foundation Server 2010 Object Model - ENU
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{78C3657E-742C-40B1-9F53-E5A921D40F17}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84A78614-0E4B-4A4E-BA8C-2B0A05A08E4E}" = BlackBerry Desktop Software 6.0.1
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8912A802-1DD4-41F3-8450-B3209081BDB9}" = Sprint media manager
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DC069E7-893C-41E1-9442-DE89FEC33371}" = Xobni Core
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140011-0062-0409-0000-0000000FF1CE}" = Microsoft Office Home and Business 2010 - English
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-004E-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector 32-bit
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007C-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Facebook 32-bit
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.2
"{97CE8B73-AA5A-4987-A1BE-50DD1A187478}" = Microsoft Sync Framework SDK v1.0 SP1
"{97F81AF1-0E47-DC99-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 ATL (x86) WinSXS MSM
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93762E6-8EA6-4E7F-9557-64E51AA3AB84}" = CASIO USB Driver V1.0.8003.1229
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.3
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C485E390-78F5-4D5B-B56A-20A4C59B022A}" = FM Tuner Utility
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C6DD625F-4B61-4561-8286-87CA0275CEA1}" = Microsoft Sync Framework Runtime v1.0 SP1 (x86)
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{C768790F-04FB-11E0-9B2C-001AA037B01E}" = Google Earth
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}" = Quicken 2010
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D441BD04-E548-4F8E-97A4-1B66135BAAA8}" = Microsoft SQL Server 2008 Setup Support Files
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DC3D6AFB-78B4-489F-81D7-30B66E0C2417}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x86)
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1E56B8A-1AAF-422A-91DB-625059FB9863}" = TOSHIBA Desktop Links
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5AE9031-79A5-4627-9641-BEFA82819B08}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F751C062-87DA-4D33-8A12-6E7F1D4C051C}" = Netflix in Windows Media Center
"{F990B526-8F7C-46E0-B1F1-6C893A8B478F}" = Microsoft Sync Framework Services v1.0 SP1 (x86)
"{FB356619-7ECE-42BC-A28A-541973E29F28}" = TOSHIBA PowerCinema Helper
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AxCrypt" = AxCrypt (Remove Only)
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0.1
"com.particle.robo.maker.A33A86C9198814C653B5322B7C3836412E75C70C.1" = Robo.to Maker
"Digsby" = Digsby
"Free FLV Converter_is1" = Free FLV Converter V 6.93.0
"Gamers Unite! Snag Bar" = Gamers Unite! Snag Bar
"G-Force" = G-Force
"Google Media Server" = Google Media Server
"HDMI" = Intel® Graphics Media Accelerator Driver
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema for TOSHIBA
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{A1644527-B0FF-485B-8412-3C7504A2F188}" = Quantum of Solace™ 1.1 Patch
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft DirectX SDK (February 2010)" = Microsoft DirectX SDK (February 2010)
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"N360" = Norton Security Suite
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Picasa 3" = Picasa 3
"PROHYBRIDR" = 2007 Microsoft Office system
"RealPlayer 12.0" = RealPlayer
"SpywareBlaster_is1" = SpywareBlaster 4.4
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"VLC media player" = VLC media player 1.0.1
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
"XobniMain" = Xobni
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"Zynga Toolbar" = Zynga Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-737594619-1414829202-3786626943-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"HuluDesktop" = HuluDesktop
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 03/26/2011 10:32:41 AM | Computer Name = al-anabelatlive-com | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 46950716

Error - 03/26/2011 10:55:24 AM | Computer Name = al-anabelatlive-com | Source = Windows Search Service | ID = 3013
Description =

Error - 03/26/2011 10:55:33 AM | Computer Name = al-anabelatlive-com | Source = Windows Search Service | ID = 3013
Description =

Error - 03/26/2011 10:55:34 AM | Computer Name = al-anabelatlive-com | Source = Windows Search Service | ID = 3013
Description =

Error - 03/26/2011 10:55:35 AM | Computer Name = al-anabelatlive-com | Source = Windows Search Service | ID = 3013
Description =

Error - 03/26/2011 10:55:35 AM | Computer Name = al-anabelatlive-com | Source = Windows Search Service | ID = 3013
Description =

Error - 03/26/2011 10:55:40 AM | Computer Name = al-anabelatlive-com | Source = Windows Search Service | ID = 3013
Description =

Error - 03/26/2011 10:55:40 AM | Computer Name = al-anabelatlive-com | Source = Windows Search Service | ID = 3013
Description =

Error - 03/26/2011 10:55:40 AM | Computer Name = al-anabelatlive-com | Source = Windows Search Service | ID = 3013
Description =

Error - 03/26/2011 10:55:40 AM | Computer Name = al-anabelatlive-com | Source = Windows Search Service | ID = 3013
Description =

[ Media Center Events ]
Error - 08/11/2009 7:31:30 PM | Computer Name = BrianHenley | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 09/05/2010 11:08:15 PM | Computer Name = al-anabelatlive-com | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.WaitForUploadComplete failed. Please
try to ping www.msn.com prior to filing a bug.; Win32 GetLastError returned 10000109
Process: DefaultDomain Object Name: Media Center Guide

[ OSession Events ]
Error - 08/29/2010 3:26:02 PM | Computer Name = al-anabelatlive-com | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 03/22/2011 5:23:15 PM | Computer Name = al-anabelatlive-com | Source = Service Control Manager | ID = 7009
Description =

Error - 03/22/2011 5:23:15 PM | Computer Name = al-anabelatlive-com | Source = Service Control Manager | ID = 7000
Description =

Error - 03/23/2011 1:59:09 PM | Computer Name = al-anabelatlive-com | Source = DCOM | ID = 10010
Description =

Error - 03/23/2011 2:02:37 PM | Computer Name = al-anabelatlive-com | Source = Service Control Manager | ID = 7000
Description =

Error - 03/23/2011 6:25:22 PM | Computer Name = al-anabelatlive-com | Source = DCOM | ID = 10010
Description =

Error - 03/23/2011 6:28:38 PM | Computer Name = al-anabelatlive-com | Source = Service Control Manager | ID = 7000
Description =

Error - 03/25/2011 2:20:17 PM | Computer Name = al-anabelatlive-com | Source = DCOM | ID = 10005
Description =

Error - 03/25/2011 2:20:17 PM | Computer Name = al-anabelatlive-com | Source = Service Control Manager | ID = 7009
Description =

Error - 03/25/2011 2:20:17 PM | Computer Name = al-anabelatlive-com | Source = Service Control Manager | ID = 7000
Description =

Error - 03/26/2011 10:32:35 AM | Computer Name = al-anabelatlive-com | Source = Service Control Manager | ID = 7011
Description =


< End of report >



____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________




Thanks again,

Brian

#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:08:09 PM

Posted 26 March 2011 - 10:22 AM

Hi Brian!

How are you doing today?

Lets take a look and see what we can do to improve the performance of your computer. I am not really seeing any signs of malware in the logs you posted. Lets run a few scans to see if it helps with the performance of things.

Disable SpyBot TeaTimer
We need to disable Spybot S&D's "TeaTimer"
TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.
  • Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  • If prompted with a legal dialog, accept the warning.
  • Click Posted Image and then on "Advanced Mode"
    Posted Image
  • You may be presented with a warning dialog. If so, press Posted Image
  • Click on Posted Image
  • Click on Posted Image
  • Uncheck this checkbox:
    Posted Image
  • Close/Exit Spybot Search and Destroy


NEXT:



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :Services
    :OTL
    IE - HKU\S-1-5-21-737594619-1414829202-3786626943-1000\..\URLSearchHook: - Reg Error: Key error. File not found
    IE - HKU\S-1-5-21-737594619-1414829202-3786626943-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - Reg Error: Key error. File not found
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found.
    O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found.
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: CabBuilder http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab (Reg Error: Key error.)
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:


Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



SFC ScanNow

We need to run SFC Scan Now.

We will need to open up an elevated command prompt. This can be down by clicking on Start > All Programs > Accessories, right click on Command Prompt, and then click on Run as Administrator.

You will need to click Allow.

Type the following command below, and then press ENTER:

sfc /scannow

The sfc /scannow command scans all protected system files and replaces incorrect versions with correct Microsoft versions.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 brianch

brianch
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:07:09 PM

Posted 26 March 2011 - 10:53 AM

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-737594619-1414829202-3786626943-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-737594619-1414829202-3786626943-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ not found.
Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
C:\Windows\Downloaded Program Files\OnlineScanner.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Starting removal of ActiveX control CabBuilder
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\CabBuilder\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\CabBuilder\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\CabBuilder\ not found.
C:\Windows\LMIE63A.tmp\rescue.log deleted successfully.
C:\Windows\LMIE63A.tmp folder deleted successfully.
C:\Windows\msdownld.tmp folder deleted successfully.
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Owner\Desktop\cmd.bat deleted successfully.
C:\Users\Owner\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56545 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Owner
->Temp folder emptied: 141720062 bytes
->Temporary Internet Files folder emptied: 114571253 bytes
->Java cache emptied: 40142230 bytes
->FireFox cache emptied: 116363417 bytes
->Google Chrome cache emptied: 52648460 bytes
->Apple Safari cache emptied: 88794112 bytes
->Opera cache emptied: 272 bytes
->Flash cache emptied: 1160325 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7089598 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 537.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Owner
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 03262011_102526

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:08:09 PM

Posted 26 March 2011 - 10:55 AM

:thumbsup:

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 brianch

brianch
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:07:09 PM

Posted 26 March 2011 - 12:44 PM

I ran the SFC Scan and it said "Windows Resource Protection found corrupt files but was unable to fix some of them"
But I opened IE and browsed for a while and everthing seems to be working well again.
Thanks again for your help, ST

Brian

#8 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:08:09 PM

Posted 26 March 2011 - 12:53 PM

Brian,

Run these two scans for me:


ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
    • Enable Anti-Stealth technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:


Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#9 brianch

brianch
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:07:09 PM

Posted 26 March 2011 - 03:36 PM

ESET :

Unfortunatly, I had to leave and could not let it finish. I will re scan with ESAT when I return tomorrow night or Monday.

Thanks again for all of your help, ST



____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________

SECURITY CHECK:

Results of screen317's Security Check version 0.99.10
Windows Vista Service Pack 2 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java™ 6 Update 24
Adobe Flash Player 10.2.152.32
Adobe Reader 9.4.3
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.16) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
Windows Defender MSASCui.exe
Spybot Teatimer.exe is disabled!
ESET ESET Online Scanner OnlineScannerApp.exe
ESET ESET Online Scanner OnlineCmdLineScanner.exe
Windows Defender MSASCui.exe
``````````End of Log````````````

#10 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:08:09 PM

Posted 27 March 2011 - 08:51 AM

Brian,

Unfortunatly, I had to leave and could not let it finish. I will re scan with ESAT when I return tomorrow night or Monday.

Okay.

When you get a chance please re-run ESET and post the results when it finishes, and then do this:

Update Adobe Reader
Earlier versions of Adobe Reader have known security flaws so it is recommended that you update your copy
  • Go to Start > Control Panel > Add/Remove Programs
  • Remove ALL instances of Adobe Reader
  • Re-boot your computer as required.
  • Once ALL versions of Adobe Reader have been uninstalled, visit: <<here>> and download the latest version of Adobe Reader
Alternative Option: after uninstalling Adobe Reader, you could try installing Foxit Reader from >here< Foxit Reader has fewer add-ons therefore loads more quickly.



NEXT:



OTL Custom Scan

We need to run an OTL Custom Scan
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following bolded text into the Posted Image textbox.


    netsvcs
    drivers32
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Push the Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.


NEXT:



Please be sure to provide an update on how things are currently running in your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#11 brianch

brianch
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:07:09 PM

Posted 27 March 2011 - 10:29 PM

The issue is still occurring on my computer. Here is the OTL log: (ESET found no viruses)

Error: Unable to interpret <netsvcs> in the current context!
Error: Unable to interpret <drivers32> in the current context!
Error: Unable to interpret <HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU> in the current context!
Error: Unable to interpret <HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs> in the current context!

OTL by OldTimer - Version 3.2.22.3 log created on 03272011_222751

#12 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:08:09 PM

Posted 28 March 2011 - 09:03 AM

It appears you ran an OTL Fix rather than a new OTL scan. Please run the OTL custom scan instructions in this post: http://www.bleepingcomputer.com/forums/topic386112.html/page__view__findpost__p__2184048 and post the results in your next reply.

Edited by SweetTech, 28 March 2011 - 09:04 AM.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#13 brianch

brianch
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:07:09 PM

Posted 28 March 2011 - 09:43 AM

my mistake:

OTL LOG:

OTL logfile created on: 03/28/2011 9:32:14 AM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Owner\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 37.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289.53 Gb Total Space | 92.63 Gb Free Space | 31.99% Space Free | Partition Type: NTFS

Computer Name: AL-ANABELATLIVE | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2011/03/26 09:56:28 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2011/03/24 14:40:30 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/03/12 14:32:11 | 000,122,040 | ---- | M] (dotSyntax, LLC) -- C:\Program Files\Digsby\lib\digsby-app.exe
PRC - [2010/11/29 15:58:34 | 001,294,712 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
PRC - [2010/11/29 15:58:30 | 000,054,136 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe
PRC - [2010/11/16 11:17:05 | 000,274,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2010/10/17 10:42:21 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
PRC - [2010/06/30 13:37:52 | 000,052,664 | ---- | M] () -- C:\Program Files\Tether\TBService.exe
PRC - [2010/04/24 01:10:54 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/04/24 01:10:44 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/03/16 04:52:02 | 000,055,016 | ---- | M] (Xobni Corporation) -- C:\Program Files\Xobni\XobniService.exe
PRC - [2010/02/28 02:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
PRC - [2010/02/25 19:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccsvchst.exe
PRC - [2010/01/15 07:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/07/07 10:43:36 | 000,622,080 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Media Server\GoogleMediaServer.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/10 17:54:28 | 000,200,704 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe
PRC - [2009/04/10 17:54:22 | 000,143,360 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/07/18 23:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/07/10 19:58:40 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2008/04/30 22:41:12 | 000,815,104 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008/04/30 22:10:10 | 000,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/04/24 21:35:46 | 000,073,728 | ---- | M] (Toshiba) -- C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
PRC - [2008/04/11 13:57:14 | 000,124,264 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2008/04/08 18:14:50 | 006,037,504 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/02/06 16:52:52 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
PRC - [2008/02/06 16:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2008/01/20 21:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/12/03 20:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe
PRC - [2007/11/21 20:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2007/09/28 18:03:46 | 000,075,136 | ---- | M] ( TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
PRC - [2007/06/16 00:01:58 | 000,448,080 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SmoothView\SmoothView.exe
PRC - [2006/10/05 15:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/08/23 18:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (SafeList) ==========

MOD - [2011/03/26 09:56:28 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
MOD - [2010/11/16 11:18:39 | 000,040,448 | ---- | M] (RealNetworks, Inc.) -- C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
MOD - [2010/09/20 14:26:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\4.3.0.5\asoehook.dll
MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2010/05/25 21:53:18 | 000,653,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4974_none_50940634bcb759cb\msvcr90.dll
MOD - [2010/05/25 21:53:18 | 000,569,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4974_none_50940634bcb759cb\msvcp90.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/11/29 15:58:30 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/06/30 13:37:52 | 000,052,664 | ---- | M] () [Auto | Running] -- C:\Program Files\Tether\TBService.exe -- (Tether)
SRV - [2010/04/24 01:10:54 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/04/24 01:10:44 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/03/16 04:52:02 | 000,055,016 | ---- | M] (Xobni Corporation) [Auto | Running] -- C:\Program Files\Xobni\XobniService.exe -- (XobniService)
SRV - [2010/02/25 19:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe -- (N360)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/07/07 10:43:36 | 000,622,080 | ---- | M] (Google Inc.) [Auto | Running] -- C:\Program Files\Google\Google Media Server\GoogleMediaServer.exe -- (Google MediaServer)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/07/18 23:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/07/10 19:58:40 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/04/30 22:41:12 | 000,815,104 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/04/30 22:10:10 | 000,466,944 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/04/24 21:35:46 | 000,073,728 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV - [2008/04/11 13:57:14 | 000,124,264 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2008/02/06 16:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/03 20:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/21 20:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2006/10/05 15:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 18:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - [2011/02/25 16:59:12 | 000,800,376 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110309.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/12/16 18:55:31 | 001,360,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110327.001\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/12/16 18:55:31 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110327.001\NAVENG.SYS -- (NAVENG)
DRV - [2010/11/08 19:50:30 | 000,353,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110325.001\IDSvix86.sys -- (IDSVix86)
DRV - [2010/06/23 09:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010/05/27 09:55:54 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/27 09:55:54 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/11 09:54:26 | 000,014,848 | --S- | M] (TetherBridge) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TBridgeDrv.sys -- (TetherBridge)
DRV - [2010/05/09 17:22:39 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/05/05 23:01:59 | 000,339,504 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0403000.005\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2010/05/05 23:01:44 | 000,044,080 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2010/04/29 00:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0403000.005\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/24 01:10:54 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2010/04/24 01:10:52 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2010/04/24 01:10:50 | 000,195,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2010/04/24 01:10:44 | 000,550,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2010/04/21 22:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0403000.005\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/21 21:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\Drivers\N360\0403000.005\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/21 21:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0403000.005\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/25 19:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0403000.005\ccHPx86.sys -- (ccHP)
DRV - [2009/12/15 14:41:30 | 000,268,912 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SRS_SSCFilter_i386.sys -- (SRS_SSCFilter) SRS Labs Audio Sandbox (WDM)
DRV - [2009/11/04 17:54:12 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/11/04 17:54:12 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/11/04 17:54:12 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/11/04 17:54:12 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/11/04 17:53:40 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/10/16 10:22:58 | 000,045,608 | ---- | M] (Tether) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\qrkis.sys -- (qrkis)
DRV - [2009/10/14 22:50:05 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\N360\0403000.005\SYMDS.SYS -- (SymDS)
DRV - [2009/03/30 03:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2008/07/18 21:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2008/07/15 22:59:06 | 000,017,960 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2008/04/28 09:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/02/15 20:01:18 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/01/18 11:22:00 | 000,009,216 | ---- | M] (Inventec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\sysprep\PEDRV.SYS -- (SVRPEDRV)
DRV - [2007/12/14 14:53:24 | 000,024,200 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2007/11/09 17:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/10/19 14:05:42 | 000,014,672 | ---- | M] (OpenLibSys.org) [Kernel | Auto | Running] -- C:\Program Files\NXP\FM Radio\OpenLibSys.sys -- (OpenLibSys)
DRV - [2007/08/21 03:13:03 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2007/07/30 13:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 12:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/07/03 16:59:10 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd) SAMSUNG Mobile Modem Diagnostic Serial Port (WDM)
DRV - [2007/07/03 16:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007/07/03 16:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007/07/03 16:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2006/11/28 18:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 16:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/09 01:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
DRV - [2006/11/09 01:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
DRV - [2006/10/23 18:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn1.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/?ref=hp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/
IE - HKCU\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn1.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/?ref=home"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: autopager@mozilla.org:0.6.2.6
FF - prefs.js..extensions.enabledItems: everywhere@kosmix.com:0.6.1
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.2.44172
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.8.5
FF - prefs.js..extensions.enabledItems: {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.7
FF - prefs.js..extensions.enabledItems: {4176DFF4-4698-11DE-BEEB-45DA55D89593}:0.8.7
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {afe43e80-0abc-4df2-81a0-3fe44b74abe8}:1.300.367
FF - prefs.js..extensions.enabledItems: {c36177c0-224a-11da-8cd6-0800200c9a91}:3.9.4
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://search.freecause.com/search?fr=freecause&ourmark=3&type=62781&p="


FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/05 23:50:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2010/06/02 15:22:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\ [2010/05/09 17:23:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/11/16 11:18:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock 2.5\extensions\\Components: C:\Program Files\Flock\components
FF - HKLM\software\mozilla\Flock 2.5\extensions\\Plugins: C:\Program Files\Flock\plugins
FF - HKLM\software\mozilla\Flock 2.5.5\extensions\\Components: C:\Program Files\Flock\components
FF - HKLM\software\mozilla\Flock 2.5.5\extensions\\Plugins: C:\Program Files\Flock\plugins
FF - HKLM\software\mozilla\Flock 2.5.6\extensions\\Components: C:\Program Files\Flock\components
FF - HKLM\software\mozilla\Flock 2.5.6\extensions\\Plugins: C:\Program Files\Flock\plugins
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/24 19:09:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/27 18:21:48 | 000,000,000 | ---D | M]

[2010/10/02 19:18:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions
[2010/04/02 22:39:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009/06/13 14:37:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b}
[2009/06/13 16:04:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2010/11/02 13:15:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\5wa21joe.default\extensions
[2010/10/02 19:09:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\5wa21joe.default\extensions\{08500494-eb6d-4747-891b-4ef78a3bbe1c}
[2010/10/02 19:09:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\5wa21joe.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/10/02 19:09:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\5wa21joe.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/02 19:09:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\5wa21joe.default\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}
[2010/10/02 19:09:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\5wa21joe.default\extensions\{5C655500-E712-41e7-9349-CE462F844B19}
[2010/10/02 19:09:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\5wa21joe.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010/10/02 19:09:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\5wa21joe.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2010/11/02 17:19:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\5wa21joe.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2010/10/02 19:09:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\5wa21joe.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
[2010/10/02 19:09:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\5wa21joe.default\extensions\autopager@mozilla.org
[2010/10/02 19:09:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\5wa21joe.default\extensions\canitbecheaper@trafficbroker.co.uk
[2010/10/02 19:09:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\5wa21joe.default\extensions\everywhere@kosmix.com
[2010/10/02 19:09:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\5wa21joe.default\extensions\FasterFox_Lite@BigRedBrent
[2010/10/02 19:09:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\5wa21joe.default\extensions\piclens@cooliris.com
[2010/11/02 13:15:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\b79xe3ai.default\extensions
[2010/06/09 15:08:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\b79xe3ai.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/07/17 20:22:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\b79xe3ai.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2010/07/17 20:22:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\b79xe3ai.default\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}
[2010/06/09 15:08:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\b79xe3ai.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/11/02 17:19:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\b79xe3ai.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2010/06/09 15:08:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\b79xe3ai.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/06/09 15:08:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\b79xe3ai.default\extensions\{d47a9f51-8281-43fa-f450-f28ef8735e9a}
[2010/06/09 15:08:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\b79xe3ai.default\extensions\{DCBD1271-D228-4082-9FBC-36D9B7660B03}
[2010/06/09 15:08:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\b79xe3ai.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/06/09 15:08:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\b79xe3ai.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2010/06/09 15:09:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\b79xe3ai.default\extensions\amznuwl@amazon.com
[2010/06/09 15:09:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\b79xe3ai.default\extensions\toolbar@ask.com
[2011/03/28 09:18:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\mg5k2a1m.default\extensions
[2011/03/25 18:16:38 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\mg5k2a1m.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/10/03 09:53:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\mg5k2a1m.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/11 20:27:54 | 000,000,000 | ---D | M] (Firefox Sync) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\mg5k2a1m.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
[2011/01/23 10:28:36 | 000,000,000 | ---D | M] (AniWeather) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\mg5k2a1m.default\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}
[2011/03/22 15:56:33 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\mg5k2a1m.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2011/03/23 09:36:08 | 000,000,000 | ---D | M] (Gamers Unite! Snag Bar) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\mg5k2a1m.default\extensions\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}
[2011/03/02 14:23:07 | 000,000,000 | ---D | M] (Fasterfox) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\mg5k2a1m.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}
[2011/03/27 18:13:02 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\mg5k2a1m.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/03/25 18:16:42 | 000,000,000 | ---D | M] (New Tab King) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\mg5k2a1m.default\extensions\{FC5BAC7D-D696-4ba6-B913-CF8F000C33DF}
[2011/03/19 11:06:31 | 000,000,000 | ---D | M] ("AutoPager") -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\mg5k2a1m.default\extensions\autopager@mozilla.org
[2010/10/03 10:10:20 | 000,000,000 | ---D | M] (Tweetbeat Firsthand) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\mg5k2a1m.default\extensions\everywhere@kosmix.com
[2011/03/25 18:16:37 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\mg5k2a1m.default\extensions\piclens@cooliris.com
[2011/03/27 18:17:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/14 16:29:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/04 13:49:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/01/11 11:08:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/18 12:31:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010/03/05 23:50:09 | 000,000,000 | ---D | M] (Google Gears) -- C:\PROGRAM FILES\GOOGLE\GOOGLE GEARS\FIREFOX
[2010/05/09 17:23:36 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\COFFPLGN
[2010/06/02 15:22:37 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPLGN
[2010/11/16 11:18:42 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/03/09 18:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll

O1 HOSTS File: ([2011/03/26 10:25:35 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Gamers Unite! Snag Bar BHO) - {26A7CA19-7D58-411D-B2DA-F1B0324CBFFC} - C:\Program Files\Gamers Unite! Snag Bar\Toolbar.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn1.dll (Conduit Ltd.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Gamers Unite! Snag Bar) - {25515A79-C1C7-4B97-97F8-31A711694487} - C:\Program Files\Gamers Unite! Snag Bar\Toolbar.dll ()
O3 - HKLM\..\Toolbar: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Gamers Unite! Snag Bar) - {25515A79-C1C7-4B97-97F8-31A711694487} - C:\Program Files\Gamers Unite! Snag Bar\Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Zynga Toolbar) - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - C:\Program Files\Zynga\tbZyn1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [PCMAgent] C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Norton Download Manager{N360S_prod_1.6.18_5.0.0.125}] C:\Users\Public\Downloads\Norton\{N360S_prod_1.6.18_5.0.0.125}\N360Downloader.exe (Symantec Corporation)
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpywareBlaster.lnk = C:\Program Files\SpywareBlaster\spywareblaster.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: asurion.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: chase.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: flirt4free.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: jpmorganchase.com ([connect] https in Trusted sites)
O15 - HKCU\..Trusted Domains: reliant.com ([]https in Trusted sites)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} http://mobileapps.blackberry.com/devicesoftware/AxLoader.cab (RIM AxLoader)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2011/03/27 18:20:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/03/27 18:18:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2011/03/27 18:18:47 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2011/03/27 18:14:16 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/03/27 17:22:12 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2011/03/26 14:15:19 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/03/26 14:14:11 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Owner\Desktop\esetsmartinstaller_enu.exe
[2011/03/26 13:05:01 | 000,072,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.2.4000.0.dll
[2011/03/26 13:05:00 | 000,089,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SQSRVRES.DLL
[2011/03/26 12:53:07 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/03/26 12:53:06 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/03/26 12:53:05 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/03/26 12:53:05 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/03/26 12:53:05 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/03/26 12:53:05 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/03/26 12:53:05 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/03/26 12:53:04 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/03/26 12:53:04 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/03/26 12:53:04 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/03/26 12:53:03 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/03/26 12:53:03 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/03/26 12:53:03 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/03/26 12:53:03 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/03/26 12:53:02 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/03/26 12:53:02 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/03/26 12:53:01 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/03/26 12:49:59 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011/03/26 12:49:59 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011/03/26 12:49:58 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011/03/26 12:49:58 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011/03/26 12:49:58 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011/03/26 12:49:58 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011/03/26 12:49:58 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2011/03/26 12:49:57 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/03/26 12:49:57 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011/03/26 12:49:57 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011/03/26 12:49:56 | 000,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2011/03/26 12:49:56 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011/03/26 12:49:56 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/03/26 12:49:55 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/03/26 12:49:55 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011/03/26 12:49:54 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/03/26 12:49:53 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/03/26 12:49:52 | 003,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/03/26 12:49:52 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
[2011/03/26 12:49:52 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/03/26 12:49:52 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/03/26 12:49:52 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
[2011/03/26 10:25:26 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/03/26 09:56:24 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2011/03/23 11:09:10 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/03/23 09:52:13 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/03/23 09:52:13 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/03/22 16:37:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[2011/03/15 17:58:03 | 000,000,000 | ---D | C] -- C:\Program Files\Tams11
[2011/03/10 18:07:32 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\BlackBerry
[2011/03/09 15:03:00 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cooliris
[2011/03/08 20:39:32 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/03/08 20:39:32 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011/03/08 20:39:32 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011/03/08 20:39:32 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2011/03/06 20:29:13 | 000,000,000 | ---D | C] -- C:\Program Files\ilivid
[2011/03/06 12:56:03 | 000,000,000 | ---D | C] -- C:\Program Files\Feedback Tool
[2011/02/26 14:35:13 | 000,000,000 | ---D | C] -- C:\Program Files\Quicken

========== Files - Modified Within 30 Days ==========

[2011/03/28 09:24:23 | 000,000,910 | ---- | M] () -- C:\Users\Owner\Desktop\Norton Installation Files.lnk
[2011/03/28 09:24:20 | 000,000,947 | ---- | M] () -- C:\Users\Owner\Desktop\Norton Download Manager.lnk
[2011/03/28 09:19:55 | 000,708,860 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/03/28 09:19:55 | 000,143,852 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/03/28 09:14:09 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/28 09:13:26 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/28 09:13:26 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/28 09:13:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/27 18:47:03 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/27 18:18:51 | 000,001,717 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/03/27 18:13:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-737594619-1414829202-3786626943-1000UA.job
[2011/03/27 14:45:51 | 000,000,392 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D72D7F8A-05E2-4BA3-9113-39DDEED0DD4C}.job
[2011/03/26 14:14:47 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Owner\Desktop\esetsmartinstaller_enu.exe
[2011/03/26 12:46:32 | 000,000,920 | ---- | M] () -- C:\Users\Owner\Desktop\Internet Explorer.lnk
[2011/03/26 11:13:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-737594619-1414829202-3786626943-1000Core.job
[2011/03/26 10:25:35 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/03/26 09:56:28 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2011/03/23 11:09:16 | 000,002,099 | ---- | M] () -- C:\Users\Owner\Desktop\Google Chrome.lnk
[2011/03/23 11:09:16 | 000,002,061 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/03/22 16:37:38 | 000,001,719 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/03/22 16:37:38 | 000,001,695 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/03/22 16:01:20 | 000,150,528 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/21 15:03:19 | 554,019,428 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/03/20 11:22:15 | 000,005,972 | ---- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2011/03/15 17:58:25 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/03/15 17:58:25 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/02/27 09:36:12 | 000,001,706 | ---- | M] () -- C:\Users\Owner\Desktop\Quicken 2010.lnk

========== Files Created - No Company Name ==========

[2011/03/27 18:21:48 | 000,002,411 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/03/27 18:18:51 | 000,001,717 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/03/27 17:22:12 | 000,000,947 | ---- | C] () -- C:\Users\Owner\Desktop\Norton Download Manager.lnk
[2011/03/27 17:22:12 | 000,000,910 | ---- | C] () -- C:\Users\Owner\Desktop\Norton Installation Files.lnk
[2011/03/26 12:53:03 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/03/26 12:46:32 | 000,000,920 | ---- | C] () -- C:\Users\Owner\Desktop\Internet Explorer.lnk
[2011/03/23 11:09:16 | 000,002,061 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/03/23 11:09:15 | 000,002,099 | ---- | C] () -- C:\Users\Owner\Desktop\Google Chrome.lnk
[2011/03/23 11:08:25 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-737594619-1414829202-3786626943-1000UA.job
[2011/03/23 11:08:25 | 000,000,856 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-737594619-1414829202-3786626943-1000Core.job
[2011/03/22 16:31:11 | 000,001,719 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/03/22 16:31:10 | 000,001,695 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/03/22 16:31:10 | 000,000,829 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[2011/03/15 17:58:25 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011/03/15 17:58:25 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011/03/12 17:10:29 | 000,000,392 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{D72D7F8A-05E2-4BA3-9113-39DDEED0DD4C}.job
[2011/02/27 09:36:12 | 000,001,706 | ---- | C] () -- C:\Users\Owner\Desktop\Quicken 2010.lnk
[2010/11/23 01:13:41 | 000,191,356 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/09/25 10:32:47 | 000,222,552 | ---- | C] () -- C:\Windows\RM.exe
[2010/09/21 17:01:25 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat
[2010/09/09 11:58:16 | 000,036,569 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Comma Separated Values (Windows).ADR
[2010/09/06 12:51:32 | 000,010,231 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Comma Separated Values (Windows).CAL
[2010/08/31 15:23:38 | 000,000,100 | ---- | C] () -- C:\Windows\Lexstat.ini
[2010/08/18 11:14:33 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010/08/06 14:36:42 | 000,000,089 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010/07/30 20:33:34 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/07/09 15:56:59 | 000,000,120 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2010/05/27 11:23:26 | 000,225,280 | ---- | C] () -- C:\Windows\System32\net_rim_plazmic_flint_dialog.dll
[2010/05/26 10:53:09 | 000,000,054 | ---- | C] () -- C:\Windows\Money.INI
[2010/05/10 15:46:54 | 000,268,912 | ---- | C] () -- C:\Windows\System32\drivers\SRS_SSCFilter_i386.sys
[2010/05/03 15:03:03 | 000,000,170 | ---- | C] () -- C:\Windows\wininit.ini
[2010/05/02 16:26:14 | 000,002,108 | ---- | C] () -- C:\Users\Owner\AppData\Local\rx_audio.Cache
[2010/05/02 16:25:49 | 000,000,072 | ---- | C] () -- C:\Users\Owner\AppData\Local\rx_image.Cache
[2010/04/26 23:19:47 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/04/24 21:54:39 | 000,870,128 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\mcs.rma
[2010/04/24 21:54:39 | 000,000,004 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\D771D5
[2010/03/30 00:18:49 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin
[2010/03/02 18:04:05 | 000,005,972 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2010/02/24 13:54:33 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/02/24 13:54:33 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2009/12/03 22:10:10 | 000,000,069 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2009/12/03 09:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/01 10:39:20 | 000,000,091 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2009/06/14 23:38:12 | 007,349,744 | ---- | C] () -- C:\Program Files\FLV PlayerATBSetup.exe
[2009/06/13 21:46:41 | 000,150,528 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/13 17:32:47 | 000,027,742 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\UserTile.png
[2009/06/13 14:37:53 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/06/06 03:17:39 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/06/06 03:17:39 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/06/06 03:17:13 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/06/05 19:29:41 | 000,000,013 | RHS- | C] () -- C:\Windows\System32\drivers\fbd.sys
[2009/06/05 19:29:39 | 000,000,004 | RHS- | C] () -- C:\Windows\System32\drivers\taishop.sys
[2009/05/25 11:42:06 | 000,009,728 | ---- | C] () -- C:\Windows\System32\MAPIUtils.dll
[2009/01/18 02:27:03 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2009/01/18 02:27:03 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2009/01/18 02:27:03 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2009/01/18 02:27:03 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2009/01/18 02:00:16 | 000,000,852 | ---- | C] () -- C:\Windows\System32\drivers\RTKHDRC1.dat
[2009/01/18 02:00:16 | 000,000,852 | ---- | C] () -- C:\Windows\System32\drivers\RTKHDRC0.dat
[2009/01/18 02:00:16 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2009/01/18 02:00:16 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2009/01/18 02:00:16 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
[2009/01/18 02:00:16 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2008/08/14 14:48:20 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/08/14 14:28:30 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008/08/14 14:28:30 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008/08/14 14:28:30 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008/08/14 14:28:30 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008/08/14 14:28:30 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008/08/14 14:28:30 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008/08/14 14:02:18 | 000,257,053 | ---- | C] () -- C:\Windows\WOLSET.exe
[2008/06/12 21:59:22 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2008/06/12 21:41:20 | 000,492,496 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2008/06/12 21:41:18 | 002,192,024 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2008/06/12 21:41:18 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008/04/24 21:43:50 | 000,057,344 | ---- | C] () -- C:\Windows\System32\SmartFaceVCapt.dll
[2008/04/24 21:42:44 | 000,479,232 | ---- | C] () -- C:\Windows\System32\SmartFaceVCP.dll
[2008/04/24 21:25:46 | 006,701,056 | ---- | C] () -- C:\Windows\System32\FaceHI.dll
[2008/04/24 21:25:46 | 000,995,328 | ---- | C] () -- C:\Windows\System32\FaceRec.dll
[2008/04/24 21:25:46 | 000,126,976 | ---- | C] () -- C:\Windows\System32\SmartFaceVCtrl.dll
[2008/04/24 21:23:58 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IppLib.dll
[2007/12/21 18:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2007/02/07 18:58:12 | 000,039,899 | ---- | C] () -- C:\Windows\System32\rtsicis.ini
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,399,496 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,708,860 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,143,852 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/06/07 14:23:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv7.dll
[2006/03/09 11:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2006/03/07 12:59:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv6.dll
[2006/01/10 18:11:06 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv5.dll
[2005/07/22 23:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
[2002/09/18 00:45:00 | 000,119,808 | ---- | C] () -- C:\Windows\lsb_un20.exe

========== Custom Scans ==========


< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-03-26 19:14:13

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:5466F106
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:CE7C61DF

< End of report >

#14 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:08:09 PM

Posted 28 March 2011 - 10:13 AM

Brian,

Please go to Add/Remove programs and remove this program:

McAfee Security Scan


OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :Services
    :OTL
    [2010/04/24 21:54:39 | 000,870,128 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\mcs.rma
    [2010/04/24 21:54:39 | 000,000,004 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\D771D5
    :Reg
    
    :Files
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



What issues (if any) are you still experiencing?

Edited by SweetTech, 28 March 2011 - 10:13 AM.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#15 brianch

brianch
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:07:09 PM

Posted 28 March 2011 - 10:46 AM

I'm going to use IE for a while and see if the issue still persists.



All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
C:\Users\Owner\AppData\Roaming\mcs.rma moved successfully.
C:\Users\Owner\AppData\Roaming\D771D5 moved successfully.
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Owner\Desktop\cmd.bat deleted successfully.
C:\Users\Owner\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Owner
->Temp folder emptied: 45510926 bytes
->Temporary Internet Files folder emptied: 11513236 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 133977458 bytes
->Google Chrome cache emptied: 8142713 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 7166 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 302 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 19679761 bytes

Total Files Cleaned = 209.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Owner
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 03282011_103709

Files\Folders moved on Reboot...
File\Folder C:\Users\Owner\AppData\Local\Temp\CVHLauncher(201103280915511340).log not found!

Registry entries deleted on Reboot...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users