Hi,
Thanks for your reply to my post. I have windows 64 bit vista home premium. It is not completely updated as I get an error when i try to update. It has service pack 2 on it.
I have been stalked by an electronic stalker for over 10 years. Presently my biggest problem is I can only get online in safe mode. If I boot normal starup my browsers say they cannot find server. I have tried resetting the IE internet option advanced tab reset, I have tried using some "netsh" cmd network reset, (I am not sure what it was I found it on a web page telling how to solve the problem.) I am using both Internet explorer 7 and Firefox 4.0. I cannot update to IE 8 it says it does but it always wants to do it the next time I boot up and open the Browser. I would prefer to not even use IE, but lately Firefox takes like 5 minutes to open. If I open IE and get online then firefox opens within a few seconds. I have superanti spyware and Avira anti virus (both free). I also have UBCD 4 win which I have run those same anti malware programs from, including EZ PC fix which I used to delete temporary files and restore and prefetch. I currently am using free Zone Alarm firewall. I had Comodo Free firewall but it got compromised and I uninstalled it and have been unable to reinstall it. I frequently get an error message when trying to install software, it says something about windows installer is not working. I also have a free trial version of Hitman pro, and free malwarebytes. My computer is a Toshiba satellite M305D-S4830 laptop. I went through this same hassle with my old desktop.`There is obviously something un-eraseable in the old desktop hard drive. I figure this hardrive is the same but not sure.
I do have my rebuild discs and I have wiped my computer several times in the past and reinstalled everything. Then it is only a matter of time and the same thing always happens, (cant find server).
Also I have noticed the microsoft 6to4 adapter #2 has a problem and I cannot resolve that in safe mode, according to the message that comes up when I try to search for solution online:
("This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Click 'Check for solutions' to send data about this device to Microsoft and to see if there is a solution available.")
LOGS:
OTL logfile created on: 4/3/2011 10:20:00 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\a user name\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 81.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 231.42 Gb Total Space | 178.51 Gb Free Space | 77.14% Space Free | Partition Type: NTFS
Computer Name: ACOMPUTERNAME | User Name: a user name | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2011/04/03 10:17:42 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\a user name\Downloads\OTL.exe
PRC - [2011/03/18 13:53:06 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/02/18 17:30:32 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
PRC - [2011/02/18 17:28:38 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
========== Modules (SafeList) ========== MOD - [2011/04/03 10:17:42 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\a user name\Downloads\OTL.exe
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
========== Win32 Services (SafeList) ========== SRV:
64bit: - [2011/02/15 11:26:18 | 000,822,264 | ---- | M] (Check Point Software Technologies) [Auto | Stopped] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV:
64bit: - [2010/12/14 14:39:14 | 000,036,160 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:
64bit: - [2010/06/29 13:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:
64bit: - [2008/04/24 21:57:40 | 000,084,992 | ---- | M] (Toshiba) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV:
64bit: - [2008/04/23 01:04:16 | 000,872,960 | ---- | M] (ATI Technologies Inc.) [Auto | Stopped] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV:
64bit: - [2008/02/06 16:50:18 | 000,434,016 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:
64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:
64bit: - [2007/12/03 20:04:48 | 000,175,104 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV:
64bit: - [2007/11/21 19:53:16 | 000,135,168 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:
64bit: - [2007/10/18 02:37:22 | 000,412,672 | ---- | M] (Conexant Systems, Inc.) [Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
SRV - [2011/03/19 17:35:51 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/02/18 17:30:32 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010/12/14 14:42:40 | 002,019,648 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010/12/14 14:39:10 | 000,029,504 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2010/11/30 19:13:26 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/04/17 03:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/04/16 18:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Jumpstart\jswpsapi.exe -- (jswpsapi)
SRV - [2008/04/11 14:58:10 | 000,158,568 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2008/04/11 03:51:58 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/04/04 00:01:28 | 000,036,864 | ---- | M] (TOSHIBA Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)
SRV - [2008/01/29 13:09:58 | 000,165,416 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/10/23 19:27:16 | 000,066,928 | ---- | M] () [Auto | Stopped] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2007/02/12 19:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Stopped] -- C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe -- (o2flash)
SRV - [2006/08/23 19:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
========== Driver Services (SafeList) ========== DRV:
64bit: - [2011/02/15 11:25:38 | 000,033,528 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Stopped] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV:
64bit: - [2010/11/30 19:13:39 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:
64bit: - [2010/11/30 19:13:39 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:
64bit: - [2010/08/08 23:26:23 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\pcouffin.sys -- (pcouffin)
DRV:
64bit: - [2010/05/15 16:30:50 | 000,453,720 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (vsdatant)
DRV:
64bit: - [2010/02/17 14:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:
64bit: - [2010/02/17 14:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:
64bit: - [2009/11/12 13:11:40 | 000,029,752 | ---- | M] (Resplendence Software Projects Sp.) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\rspSanity64.sys -- (rspSanity)
DRV:
64bit: - [2009/06/15 14:01:06 | 000,156,688 | ---- | M] (Kaspersky Lab) [Kernel | System | Stopped] -- C:\Windows\SysNative\DRIVERS\kl1.sys -- (kl1)
DRV:
64bit: - [2008/07/29 05:05:00 | 001,146,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\athrx.sys -- (athr)
DRV:
64bit: - [2008/04/28 19:59:26 | 000,026,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\jswpslwfx.sys -- (JSWPSLWF)
DRV:
64bit: - [2008/04/23 03:37:00 | 004,260,864 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:
64bit: - [2008/04/15 13:14:40 | 000,062,040 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\o2mdx64.sys -- (O2MDRDR)
DRV:
64bit: - [2008/04/11 00:25:30 | 000,531,968 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\tos_sps64.sys -- (tos_sps64)
DRV:
64bit: - [2008/04/08 13:46:44 | 000,051,928 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\o2sdx64.sys -- (O2SDRDR)
DRV:
64bit: - [2008/04/04 13:57:00 | 000,404,992 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:
64bit: - [2008/03/25 19:51:16 | 001,487,872 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys -- (HSF_DPV)
DRV:
64bit: - [2008/03/25 19:47:06 | 000,294,400 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\CAXHWAZL.sys -- (CAXHWAZL)
DRV:
64bit: - [2008/03/25 19:45:44 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf)
DRV:
64bit: - [2008/03/04 13:32:46 | 000,222,720 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:
64bit: - [2008/01/20 22:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:
64bit: - [2007/12/20 19:10:50 | 000,028,200 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV:
64bit: - [2007/12/11 17:03:36 | 000,027,272 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tdcmdpst.sys -- (tdcmdpst)
DRV:
64bit: - [2007/11/29 20:58:58 | 000,320,048 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:
64bit: - [2007/11/09 17:00:30 | 000,026,968 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV:
64bit: - [2007/10/18 02:37:10 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio)
DRV:
64bit: - [2007/04/09 19:15:44 | 000,009,728 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\QIOMem.sys -- (QIOMem)
DRV:
64bit: - [2006/11/09 17:34:00 | 000,237,568 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\kr10n64.sys -- (KR10N64)
DRV:
64bit: - [2006/11/09 17:33:00 | 000,248,320 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\kr10i64.sys -- (KR10I64)
DRV:
64bit: - [2006/11/07 14:30:56 | 000,016,656 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV:
64bit: - [2006/10/23 19:33:08 | 000,018,944 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\tosrfec.sys -- (tosrfec)
DRV:
64bit: - [2006/09/18 17:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV:
64bit: - [2006/06/19 01:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
DRV - [2010/11/29 19:27:40 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.toshibadirect.com/dpdstartIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.msn.com/IE - HKLM\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2299568864-380025392-769564737-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
http://www.msn.com/IE - HKU\S-1-5-21-2299568864-380025392-769564737-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2299568864-380025392-769564737-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 01 B8 E0 86 75 F0 CB 01 [binary data]
IE - HKU\S-1-5-21-2299568864-380025392-769564737-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2011/03/27 14:20:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/03/24 21:48:32 | 000,000,000 | ---D | M]
[2011/03/24 21:48:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\a user name\AppData\Roaming\Mozilla\Extensions
[2011/04/03 10:13:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\a user name\AppData\Roaming\Mozilla\Firefox\Profiles\r14hu0qm.LOUIS CYPHER\extensions
[2011/04/03 10:13:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\a user name\AppData\Roaming\Mozilla\Firefox\Profiles\r14hu0qm.LOUIS CYPHER\extensions\staged
[2011/03/24 21:48:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/03/18 13:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml
O1 HOSTS File: ([2011/04/01 10:14:18 | 000,000,975 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:
64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3:
64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3:
64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:
64bit: - HKU\S-1-5-21-2299568864-380025392-769564737-1000\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\S-1-5-21-2299568864-380025392-769564737-1000\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4:
64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-2299568864-380025392-769564737-1000..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-2299568864-380025392-769564737-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-2299568864-380025392-769564737-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-2299568864-380025392-769564737-1000\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O18:
64bit: - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - Reg Error: Key error. File not found
O18:
64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:
64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:
64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:
64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:
64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:
64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:
64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:
64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:
64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:
64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20:
64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\a user name\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\a user name\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 0
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:
64bit: - HKLM\..comfile [open] -- "%1" %*
O35:
64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:
64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:
64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE - (Microsoft Corporation)
MsConfig:64bit - StartUpReg:
00TCrdMain - hkey= - key= - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg:
Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg:
Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg:
AROReminder - hkey= - key= - File not found
MsConfig:64bit - StartUpReg:
cfFncEnabler.exe - hkey= - key= - File not found
MsConfig:64bit - StartUpReg:
HSON - hkey= - key= - C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg:
NDSTray.exe - hkey= - key= - File not found
MsConfig:64bit - StartUpReg:
SmoothView - hkey= - key= - C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg:
SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg:
SynTPEnh - hkey= - key= - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
MsConfig:64bit - StartUpReg:
TPwrMain - hkey= - key= - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg:
Windows Defender - hkey= - key= - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
SafeBootMin:
64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SafeBootMin:
64bit: Base - Driver Group
SafeBootMin:
64bit: Boot Bus Extender - Driver Group
SafeBootMin:
64bit: Boot file system - Driver Group
SafeBootMin:
64bit: File system - Driver Group
SafeBootMin:
64bit: Filter - Driver Group
SafeBootMin:
64bit: HelpSvc - Service
SafeBootMin:
64bit: PCI Configuration - Driver Group
SafeBootMin:
64bit: PNP Filter - Driver Group
SafeBootMin:
64bit: Primary disk - Driver Group
SafeBootMin:
64bit: sacsvr - Service
SafeBootMin:
64bit: SCSI Class - Driver Group
SafeBootMin:
64bit: System Bus Extender - Driver Group
SafeBootMin:
64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:
64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:
64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:
64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:
64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:
64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:
64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:
64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:
64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:
64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:
64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:
64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:
64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:
64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:
64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:
64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:
64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:
64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
ActiveX:
64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX:
64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:
64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:
64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:
64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:
64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX:
64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:
64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:
64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:
64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:
64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:
64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:
64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:
64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:
64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:
64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:
64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:
64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:
64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:
64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:
64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:
64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:
64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:
64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:
64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
Drivers32:
64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.dvacm - C:\Program Files (x86)\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
NetSvcs:
64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
========== Files/Folders - Created Within 30 Days ========== [2011/04/01 10:13:44 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/04/01 10:12:41 | 000,000,000 | ---D | C] -- C:\Users\a user name\Downloads\Documents\Simply Super Software
[2011/04/01 10:12:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2011/04/01 10:12:37 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ztvcabinet.dll
[2011/04/01 10:12:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2011/04/01 10:12:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover
[2011/04/01 10:12:35 | 000,000,000 | ---D | C] -- C:\Users\a user name\AppData\Roaming\Simply Super Software
[2011/03/31 18:16:48 | 000,000,000 | ---D | C] -- C:\Users\a user name\Desktop\Gibson_Les_Paul_files
[2011/03/31 17:43:33 | 000,000,000 | ---D | C] -- C:\Users\a user name\Desktop\300-access-the-hidden-administrator-account-in-windows-vista_files
[2011/03/29 12:19:47 | 000,034,624 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2011/03/29 12:19:35 | 000,036,160 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll
[2011/03/29 12:19:34 | 000,029,504 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll
[2011/03/29 12:19:34 | 000,025,920 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2011/03/29 12:19:32 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2011/03/29 12:19:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011
[2011/03/29 12:19:03 | 000,000,000 | ---D | C] -- C:\Users\a user name\AppData\Roaming\TuneUp Software
[2011/03/29 12:18:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2011
[2011/03/29 12:17:59 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2011/03/29 11:09:13 | 000,000,000 | ---D | C] -- C:\Users\a user name\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PageFix 2.0
[2011/03/29 11:09:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PageFix 2.0
[2011/03/29 11:09:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PageFix 2.0
[2011/03/29 11:09:02 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\Setup1.exe
[2011/03/29 11:08:52 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE
[2011/03/29 10:24:16 | 000,000,000 | -HSD | C] -- C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2011/03/29 10:22:39 | 000,000,000 | ---D | C] -- C:\Users\a user name\Desktop\how-to-enable-the-windows-vista-administrator-account_files
[2011/03/29 10:22:28 | 000,000,000 | ---D | C] -- C:\Users\a user name\Desktop\Thor Electronics of California ... ThorConnect_files
[2011/03/29 10:19:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/03/29 10:19:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/03/29 10:19:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011/03/29 04:01:53 | 000,000,000 | ---D | C] -- C:\Windows\Temporary Internet Files
[2011/03/29 04:01:53 | 000,000,000 | ---D | C] -- C:\Windows\Temp
[2011/03/29 04:01:53 | 000,000,000 | ---D | C] -- C:\Windows\Recent
[2011/03/29 04:01:53 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2011/03/29 04:01:53 | 000,000,000 | ---D | C] -- C:\Windows\History
[2011/03/29 04:01:53 | 000,000,000 | ---D | C] -- C:\Windows\Cookies
[2011/03/27 15:50:14 | 000,000,000 | ---D | C] -- C:\Users\a user name\Desktop\texts
[2011/03/27 14:23:08 | 000,000,000 | ---D | C] -- C:\Users\a user name\Downloads\Documents\ForceField Shared Files
[2011/03/27 14:23:06 | 000,000,000 | ---D | C] -- C:\Users\a user name\AppData\Roaming\CheckPoint
[2011/03/27 14:19:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2011/03/27 14:19:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ZoneAlarm_Security
[2011/03/27 14:18:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZoneAlarm
[2011/03/27 14:18:43 | 000,058,368 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsregexp.dll
[2011/03/27 14:18:39 | 000,104,448 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\zlcommdb.dll
[2011/03/27 14:18:39 | 000,069,120 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\zlcomm.dll
[2011/03/27 14:18:33 | 000,043,008 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vswmi.dll
[2011/03/27 14:18:32 | 001,238,528 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\zpeng25.dll
[2011/03/27 14:18:31 | 000,302,592 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vspubapi.dll
[2011/03/27 14:18:31 | 000,110,080 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsxml.dll
[2011/03/27 14:18:31 | 000,108,032 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsmonapi.dll
[2011/03/27 14:18:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ZoneLabs
[2011/03/27 14:18:29 | 000,453,720 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysNative\drivers\vsdatant.sys
[2011/03/27 14:18:29 | 000,112,128 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsdata.dll
[2011/03/27 14:16:49 | 000,715,264 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsutil.dll
[2011/03/27 14:16:49 | 000,228,864 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsinit.dll
[2011/03/27 06:59:53 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2011/03/27 06:56:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zone Labs
[2011/03/27 06:55:23 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2011/03/27 06:55:22 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2011/03/26 01:43:56 | 000,000,000 | ---D | C] -- C:\Users\a user name\Desktop\internet-explorer-cannot-display-the-webpage_files
[2011/03/25 16:16:43 | 000,000,000 | ---D | C] -- C:\Users\a user name\Desktop\tonetricks_files
[2011/03/25 16:14:20 | 000,000,000 | ---D | C] -- C:\Users\a user name\Desktop\how-to-get-rid-of-error-1603-t58434.0_files
[2011/03/25 16:00:42 | 000,000,000 | ---D | C] -- C:\Users\a user name\Desktop\firefox-runs-slow-speed-memory-fast_files
[2011/03/24 22:53:53 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2011/03/24 22:45:44 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\COMODO
[2011/03/24 22:42:55 | 000,000,000 | ---D | C] -- C:\Users\a user name\Desktop\windows installer service_files
[2011/03/24 22:41:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hitman Pro 3.5
[2011/03/24 22:41:52 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/03/24 22:41:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/03/24 22:39:37 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2011/03/24 22:39:35 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll
[2011/03/24 22:34:12 | 000,000,000 | ---D | C] -- C:\Users\a user name\Desktop\sounds
[2011/03/24 21:50:20 | 000,000,000 | ---D | C] -- C:\Users\a user name\AppData\Roaming\Malwarebytes
[2011/03/24 21:50:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/03/24 21:50:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/24 21:50:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/03/24 21:50:09 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/03/24 21:50:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/03/24 21:48:40 | 000,000,000 | ---D | C] -- C:\Users\a user name\AppData\Roaming\Mozilla
[2011/03/24 21:48:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011/03/20 02:39:23 | 000,000,000 | ---D | C] -- C:\Users\a user name\Desktop\schmuck
[2011/03/19 18:07:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 3
[2011/03/19 18:06:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2011/03/15 14:19:18 | 000,000,000 | ---D | C] -- C:\Users\a user name\AppData\Roaming\Spesoft Text To MP3
[2011/03/15 14:19:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spesoft Text To MP3 Speaker
[2011/03/15 14:19:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spesoft Text To MP3 Speaker
[2011/03/14 21:37:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/03/14 21:36:58 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/03/12 07:28:52 | 000,000,000 | ---D | C] -- C:\Users\a user name\Desktop\spanfly_files
[2011/03/06 07:14:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YouTube Downloader
[2011/03/06 07:14:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YouTube Downloader
[2010/08/19 17:28:00 | 002,131,336 | ---- | C] (Ask.com ) -- C:\Program Files (x86)\Common Files\AskToolbarInstaller.exe
[2010/08/08 23:26:23 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\a user name\AppData\Roaming\pcouffin.sys
[4 C:\Users\a user name\AppData\Local\*.tmp files -> C:\Users\a user name\AppData\Local\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2011/04/03 10:21:50 | 000,000,732 | ---- | M] () -- C:\Users\a user name\AppData\Local\d3d9caps64.dat
[2011/04/03 10:04:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/01 14:11:42 | 000,000,406 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
[2011/04/01 14:07:42 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/01 14:07:41 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/01 10:14:18 | 000,000,975 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/04/01 10:12:39 | 000,000,959 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2011/03/31 19:01:40 | 000,000,979 | ---- | M] () -- C:\Users\a user name\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/03/31 18:16:49 | 000,157,403 | ---- | M] () -- C:\Users\a user name\Desktop\Gibson_Les_Paul.htm
[2011/03/31 17:43:37 | 000,033,441 | ---- | M] () -- C:\Users\a user name\Desktop\300-access-the-hidden-administrator-account-in-windows-vista.htm
[2011/03/29 17:41:18 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/29 17:41:18 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/29 17:09:27 | 000,001,801 | ---- | M] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2011/03/29 14:56:47 | 000,019,528 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/03/29 14:56:36 | 000,000,304 | ---- | M] () -- C:\Windows\tasks\Hitman Pro 3.5 Boot Task.job
[2011/03/29 12:19:26 | 000,001,934 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Click Maintenance.lnk
[2011/03/29 12:19:26 | 000,001,932 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2011.lnk
[2011/03/29 11:09:02 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\Setup1.exe
[2011/03/29 11:08:52 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE
[2011/03/29 10:22:41 | 000,083,887 | ---- | M] () -- C:\Users\a user name\Desktop\how-to-enable-the-windows-vista-administrator-account.html
[2011/03/29 10:22:32 | 000,084,076 | ---- | M] () -- C:\Users\a user name\Desktop\Thor Electronics of California ... ThorConnect.htm
[2011/03/29 10:19:29 | 000,001,132 | ---- | M] () -- C:\Users\a user name\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/03/29 10:19:29 | 000,001,108 | ---- | M] () -- C:\Users\a user name\Desktop\Spybot - Search & Destroy.lnk
[2011/03/27 16:57:25 | 000,392,267 | ---- | M] () -- C:\Users\a user name\Desktop\jtm45orig-schm1.jpg
[2011/03/27 16:56:02 | 000,377,745 | ---- | M] () -- C:\Users\a user name\Desktop\jtm45ri-schm1.jpg
[2011/03/27 16:27:18 | 000,010,251 | ---- | M] () -- C:\Users\a user name\Desktop\embarrassed-chimpanzee_tim-davis.jpg
[2011/03/27 14:32:46 | 000,000,930 | ---- | M] () -- C:\Users\a user name\Desktop\Internet Explorer (64-bit).lnk
[2011/03/27 14:20:44 | 000,420,800 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2011/03/27 14:18:45 | 000,000,912 | ---- | M] () -- C:\Users\a user name\Desktop\ZoneAlarm Security.lnk
[2011/03/27 08:42:54 | 000,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/03/27 08:42:54 | 000,595,684 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/03/27 08:42:54 | 000,101,350 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/03/27 06:57:05 | 000,306,486 | ---- | M] () -- C:\Users\a user name\Desktop\dotcat.jpg
[2011/03/26 01:43:57 | 000,063,968 | ---- | M] () -- C:\Users\a user name\Desktop\internet-explorer-cannot-display-the-webpage.htm
[2011/03/25 16:16:43 | 000,021,092 | ---- | M] () -- C:\Users\a user name\Desktop\tonetricks.html
[2011/03/25 16:14:20 | 000,061,784 | ---- | M] () -- C:\Users\a user name\Desktop\how-to-get-rid-of-error-1603-t58434.0.html
[2011/03/25 16:00:45 | 000,033,261 | ---- | M] () -- C:\Users\a user name\Desktop\firefox-runs-slow-speed-memory-fast.html
[2011/03/25 11:08:32 | 000,000,781 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/03/24 22:53:53 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2011/03/24 22:43:01 | 000,051,056 | ---- | M] () -- C:\Users\a user name\Desktop\windows installer service.htm
[2011/03/24 22:39:35 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll
[2011/03/24 21:50:13 | 000,000,959 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/24 21:48:42 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2011/03/24 21:48:34 | 000,000,923 | ---- | M] () -- C:\Users\a user name\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/03/24 21:48:34 | 000,000,899 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/03/19 18:07:04 | 000,001,067 | ---- | M] () -- C:\Users\a user name\Desktop\Advanced SystemCare.lnk
[2011/03/16 15:09:37 | 000,055,827 | ---- | M] () -- C:\Users\a user name\Desktop\1959.gif
[2011/03/15 14:19:09 | 000,001,008 | ---- | M] () -- C:\Users\a user name\Desktop\Spesoft Text To MP3 Speaker.lnk
[2011/03/14 21:45:09 | 000,000,799 | ---- | M] () -- C:\Users\a user name\Application Data\Microsoft\Internet Explorer\Quick Launch\CCleaner.lnk
[2011/03/12 07:55:21 | 027,987,129 | ---- | M] () -- C:\Users\a user name\Desktop\CLEOPATRA CHRIS DUARTE
[2011/03/12 07:28:59 | 000,032,806 | ---- | M] () -- C:\Users\a user name\Desktop\spanfly.html
[2011/03/11 20:43:05 | 000,080,297 | ---- | M] () -- C:\Users\a user name\Desktop\Echlob.htm_txt_Echinocystis_lobata-1.gif
[2011/03/06 15:13:32 | 001,608,596 | ---- | M] () -- C:\Users\a user name\Downloads\Documents\Wells Cunningham playing Spanish Fly by Van Halen.mp3
[2011/03/06 07:21:55 | 011,775,098 | ---- | M] () -- C:\Users\a user name\Downloads\Documents\Rolling Stones - The Last Time (1965).flv
[2011/03/06 07:21:26 | 013,721,451 | ---- | M] () -- C:\Users\a user name\Downloads\Documents\The Who See Me Feel Me Woodstock 1969 (Director's cut).flv
[2011/03/06 07:14:49 | 000,000,972 | ---- | M] () -- C:\Users\Public\Desktop\YouTube Downloader.lnk
[2011/03/06 07:12:51 | 001,024,655 | ---- | M] () -- C:\Users\a user name\Desktop\milk thistle.JPG
[2011/03/06 07:12:10 | 000,125,218 | ---- | M] () -- C:\Users\a user name\Desktop\burdock.jpg
[2011/03/06 07:11:30 | 000,023,020 | ---- | M] () -- C:\Users\a user name\Desktop\burdock-plant.jpg
[2011/03/06 07:08:40 | 000,017,920 | ---- | M] () -- C:\Users\a user name\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[4 C:\Users\a user name\AppData\Local\*.tmp files -> C:\Users\a user name\AppData\Local\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ========== [2011/04/01 10:12:39 | 000,000,959 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2011/04/01 10:12:37 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar36.dll
[2011/04/01 10:12:37 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNRAR3.dll
[2011/04/01 10:12:37 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\ztvunace26.dll
[2011/04/01 10:12:37 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\unacev2.dll
[2011/03/31 19:01:40 | 000,000,979 | ---- | C] () -- C:\Users\a user name\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/03/31 18:16:48 | 000,157,403 | ---- | C] () -- C:\Users\a user name\Desktop\Gibson_Les_Paul.htm
[2011/03/31 17:43:33 | 000,033,441 | ---- | C] () -- C:\Users\a user name\Desktop\300-access-the-hidden-administrator-account-in-windows-vista.htm
[2011/03/29 14:56:36 | 000,000,304 | ---- | C] () -- C:\Windows\tasks\Hitman Pro 3.5 Boot Task.job
[2011/03/29 12:19:26 | 000,001,934 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Click Maintenance.lnk
[2011/03/29 12:19:26 | 000,001,932 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2011.lnk
[2011/03/29 12:19:25 | 000,001,944 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011
[2011/03/29 10:22:39 | 000,083,887 | ---- | C] () -- C:\Users\a user name\Desktop\how-to-enable-the-windows-vista-administrator-account.html
[2011/03/29 10:22:28 | 000,084,076 | ---- | C] () -- C:\Users\a user name\Desktop\Thor Electronics of California ... ThorConnect.htm
[2011/03/29 10:19:29 | 000,001,132 | ---- | C] () -- C:\Users\a user name\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/03/29 10:19:29 | 000,001,108 | ---- | C] () -- C:\Users\a user name\Desktop\Spybot - Search & Destroy.lnk
[2011/03/27 16:57:25 | 000,392,267 | ---- | C] () -- C:\Users\a user name\Desktop\jtm45orig-schm1.jpg
[2011/03/27 16:56:02 | 000,377,745 | ---- | C] () -- C:\Users\a user name\Desktop\jtm45ri-schm1.jpg
[2011/03/27 16:27:18 | 000,010,251 | ---- | C] () -- C:\Users\a user name\Desktop\embarrassed-chimpanzee_tim-davis.jpg
[2011/03/27 14:32:09 | 000,000,930 | ---- | C] () -- C:\Users\a user name\Desktop\Internet Explorer (64-bit).lnk
[2011/03/27 14:18:45 | 000,000,912 | ---- | C] () -- C:\Users\a user name\Desktop\ZoneAlarm Security.lnk
[2011/03/27 14:18:29 | 000,420,800 | ---- | C] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2011/03/27 06:57:05 | 000,306,486 | ---- | C] () -- C:\Users\a user name\Desktop\dotcat.jpg
[2011/03/26 01:43:55 | 000,063,968 | ---- | C] () -- C:\Users\a user name\Desktop\internet-explorer-cannot-display-the-webpage.htm
[2011/03/25 16:16:43 | 000,021,092 | ---- | C] () -- C:\Users\a user name\Desktop\tonetricks.html
[2011/03/25 16:14:20 | 000,061,784 | ---- | C] () -- C:\Users\a user name\Desktop\how-to-get-rid-of-error-1603-t58434.0.html
[2011/03/25 16:00:41 | 000,033,261 | ---- | C] () -- C:\Users\a user name\Desktop\firefox-runs-slow-speed-memory-fast.html
[2011/03/25 11:08:32 | 000,000,781 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/03/24 22:42:53 | 000,051,056 | ---- | C] () -- C:\Users\a user name\Desktop\windows installer service.htm
[2011/03/24 22:41:53 | 000,019,528 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/03/24 22:41:52 | 000,001,801 | ---- | C] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2011/03/24 21:50:13 | 000,000,959 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/24 21:48:42 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/03/24 21:48:34 | 000,000,923 | ---- | C] () -- C:\Users\a user name\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/03/24 21:48:34 | 000,000,911 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/03/24 21:48:34 | 000,000,899 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/03/19 18:07:15 | 000,000,406 | ---- | C] () -- C:\Windows\tasks\AWC Startup.job
[2011/03/19 18:07:04 | 000,001,067 | ---- | C] () -- C:\Users\a user name\Desktop\Advanced SystemCare.lnk
[2011/03/16 15:09:36 | 000,055,827 | ---- | C] () -- C:\Users\a user name\Desktop\1959.gif
[2011/03/15 14:19:09 | 000,001,008 | ---- | C] () -- C:\Users\a user name\Desktop\Spesoft Text To MP3 Speaker.lnk
[2011/03/14 21:45:09 | 000,000,799 | ---- | C] () -- C:\Users\a user name\Application Data\Microsoft\Internet Explorer\Quick Launch\CCleaner.lnk
[2011/03/12 07:55:21 | 027,987,129 | ---- | C] () -- C:\Users\a user name\Desktop\CLEOPATRA CHRIS DUARTE
[2011/03/12 07:28:51 | 000,032,806 | ---- | C] () -- C:\Users\a user name\Desktop\spanfly.html
[2011/03/11 20:43:04 | 000,080,297 | ---- | C] () -- C:\Users\a user name\Desktop\Echlob.htm_txt_Echinocystis_lobata-1.gif
[2011/03/06 15:13:26 | 001,608,596 | ---- | C] () -- C:\Users\a user name\Downloads\Documents\Wells Cunningham playing Spanish Fly by Van Halen.mp3
[2011/03/06 07:21:55 | 011,775,098 | ---- | C] () -- C:\Users\a user name\Downloads\Documents\Rolling Stones - The Last Time (1965).flv
[2011/03/06 07:21:26 | 013,721,451 | ---- | C] () -- C:\Users\a user name\Downloads\Documents\The Who See Me Feel Me Woodstock 1969 (Director's cut).flv
[2011/03/06 07:14:49 | 000,000,972 | ---- | C] () -- C:\Users\Public\Desktop\YouTube Downloader.lnk
[2011/03/06 07:12:51 | 001,024,655 | ---- | C] () -- C:\Users\a user name\Desktop\milk thistle.JPG
[2011/03/06 07:12:10 | 000,125,218 | ---- | C] () -- C:\Users\a user name\Desktop\burdock.jpg
[2011/03/06 07:11:29 | 000,023,020 | ---- | C] () -- C:\Users\a user name\Desktop\burdock-plant.jpg
[2010/11/29 21:19:02 | 000,000,552 | ---- | C] () -- C:\Users\a user name\AppData\Local\d3d8caps.dat
[2010/11/28 10:51:26 | 000,000,036 | ---- | C] () -- C:\Users\a user name\AppData\Local\housecall.guid.cache
[2010/11/22 23:14:41 | 000,003,367 | ---- | C] () -- C:\Users\a user name\AppData\Local\Temp12.html
[2010/08/28 11:00:52 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/08/22 18:46:16 | 000,007,258 | ---- | C] () -- C:\Users\a user name\AppData\Local\Temp38.html
[2010/08/19 18:33:21 | 000,017,920 | ---- | C] () -- C:\Users\a user name\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/19 13:43:36 | 000,107,652 | ---- | C] () -- C:\Users\a user name\AppData\Roaming\PandaIDProtectHelp.chm
[2010/08/16 18:26:04 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2010/08/16 18:25:14 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2010/08/16 18:24:36 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2010/08/16 18:24:12 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2010/08/15 21:38:08 | 000,000,732 | ---- | C] () -- C:\Users\a user name\AppData\Local\d3d9caps64.dat
[2010/08/12 11:55:27 | 000,000,680 | ---- | C] () -- C:\Users\a user name\AppData\Local\d3d9caps.dat
[2010/08/09 22:58:44 | 000,001,293 | ---- | C] () -- C:\Users\a user name\AppData\Local\Temp1.html
[2010/08/08 23:26:23 | 000,099,384 | ---- | C] () -- C:\Users\a user name\AppData\Roaming\inst.exe
[2010/08/08 23:26:23 | 000,007,859 | ---- | C] () -- C:\Users\a user name\AppData\Roaming\pcouffin.cat
[2010/08/08 23:26:23 | 000,001,167 | ---- | C] () -- C:\Users\a user name\AppData\Roaming\pcouffin.inf
[2010/08/08 21:39:48 | 000,000,016 | RHS- | C] () -- C:\Windows\SysWow64\drivers\fbd.sys
[2010/08/08 21:01:42 | 000,128,113 | ---- | C] () -- C:\Windows\SysWow64\csellang.ini
[2010/08/08 21:01:42 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\csellang.dll
[2010/08/08 21:01:42 | 000,007,671 | ---- | C] () -- C:\Windows\SysWow64\cseltbl.ini
[2010/08/08 20:44:54 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/08/08 20:35:55 | 003,107,788 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.dat
[2008/05/19 19:29:53 | 000,281,088 | ---- | C] () -- C:\Windows\WOLSET.exe
[2008/05/18 22:32:27 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/05/18 22:16:22 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll
[2008/05/18 22:16:22 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll
[2008/05/18 22:16:22 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll
[2008/05/18 22:16:22 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll
[2008/05/18 22:16:22 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll
[2008/05/18 22:16:22 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/15 06:31:00 | 000,000,530 | ---- | C] () -- C:\Windows\SysWow64\tx14_ic.ini
[2007/12/21 19:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\TosBtAcc.dll
[2006/11/02 11:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 08:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 08:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 05:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2005/07/23 00:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\TosCommAPI.dll
========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: EXPLORER.EXE >[2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2008/10/29 02:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2008/10/29 23:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009/04/11 03:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009/04/11 03:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2008/10/27 22:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2008/10/29 02:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2008/10/30 01:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2008/10/27 22:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008/01/20 22:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008/01/20 22:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe
< MD5 for: WININIT.EXE >[2008/01/20 22:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe
[2008/01/20 22:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008/01/20 22:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe
[2008/01/20 22:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe
< MD5 for: WINLOGON.EXE >[2009/04/11 03:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009/04/11 03:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008/01/20 22:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 22:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
========== Alternate Data Streams ========== @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:CB0AACC9
< End of report >
OTL Extras logfile created on: 4/3/2011 10:20:00 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\a user name\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 81.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 231.42 Gb Total Space | 178.51 Gb Free Space | 77.14% Space Free | Partition Type: NTFS
Computer Name: ACOMPUTERNAME | User Name: a user name | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2299568864-380025392-769564737-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 5B 4E AA 66 D4 46 CB 01 [binary data]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== System Restore Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine -- (TOSHIBA Corporation)
========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{D01541AA-9F66-495B-A17C-09F95221CF45}" = lport=445 | protocol=6 | dir=in | app=system |
"{DBEB9E63-1FE8-4C4A-848A-1939A807ECA9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A2461D5-66A7-47CF-928B-B8C58151DDC1}" = protocol=6 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe |
"{34DE08F2-C6F8-41FF-8CC6-8EF9359BE6C3}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{37918B0E-296A-4499-910C-8DFC40F63242}" = protocol=17 | dir=in | app=c:\program files\hitman pro 3.5\hitmanpro35_x64[1].exe |
"{7B4A4D18-F861-4586-BF9C-A7BF7725E583}" = protocol=6 | dir=in | app=c:\program files (x86)\avira\antivir desktop\avcenter.exe |
"{9C7011FA-3C47-441D-9478-521FA28FA98D}" = protocol=17 | dir=in | app=c:\program files (x86)\avira\antivir desktop\avcenter.exe |
"{A4F9A935-9857-4EE1-804C-0937DAC7E1B5}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{A5080BEB-8923-4AB7-B8B9-1F59F5455558}" = protocol=17 | dir=in | app=c:\program files\toshiba\utilities\tacsprop.exe |
"{A86F41FF-37B1-4D52-B2CB-E839A9EA1554}" = protocol=6 | dir=in | app=c:\program files\hitman pro 3.5\hitmanpro35_x64[1].exe |
"{C5420278-BFEC-4516-98A8-B2EDA8054E08}" = protocol=17 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe |
"{DD456F60-38B1-4E18-96FB-2EF5D420ABB3}" = protocol=6 | dir=in | app=c:\program files\toshiba\utilities\tacsprop.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{44791AD6-C026-4889-5562-CAC89488EA87}" = ATI Catalyst Install Manager
"{5254156F-AA77-499A-B7C1-D5581D44E788}" = Marvell Miniport Driver
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{87015136-9964-D053-F673-D03EB0BE2454}" = ccc-utility64
"{AE64AAFB-8C9A-482A-B2A9-3A420A65D5D5}" = O2Micro Flash Memory Card Reader Driver (x64)
"{B431E4D3-ECE7-4D41-8668-BCF9BD685B62}" = TOSHIBA Application Disc Creator
"{C515A5CE-7B56-4C80-881C-86B7768E2FD0}" = Memeo AutoBackup
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{DF0853CA-A1D0-4169-8472-F2822C8FA1EB}" = TOSHIBA Supervisor Password
"{E8B39B08-7FAB-48CC-89E9-37C5589E130C}" = TOSHIBA Hardware Setup
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5051&SUBSYS_1179" = HDAUDIO Soft Data Fax Modem with SmartCP
"HitmanPro35" = Hitman Pro 3.5
"SanityCheck_is1" = SanityCheck 2.00
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{05AB8EF0-F783-11DF-83AC-001279CD8240}" = Google Earth Plug-in
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{085315C2-0F83-FB1E-E2C6-ADA41E050749}" = CCC Help Portuguese
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{0DE27C7D-55A7-8FCE-D849-93200DF26497}" = Catalyst Control Center Localization Hungarian
"{0F3512B1-6DBE-2ECD-82B6-FB85C54F9CFD}" = CCC Help Spanish
"{0FD12B87-324F-4BE6-F066-CBFD6AF0699A}" = Catalyst Control Center Localization Czech
"{1111F2E3-CEE5-D7E9-32DA-099A1DCAF111}" = Catalyst Control Center Localization Chinese Standard
"{12AB790B-B260-4F19-D1B1-DA3CBCA728C1}" = CCC Help German
"{14721FB2-9634-049A-2349-AAED49A8519B}" = Catalyst Control Center Localization Norwegian
"{1725241F-7AFA-1EB9-DA18-F6E264C1033D}" = CCC Help Swedish
"{1748194A-25F8-FD44-78EC-E5173DB356C1}" = Catalyst Control Center Localization Thai
"{18DBA751-ABF8-C093-905A-A5224E5E6EC6}" = CCC Help Turkish
"{1A01E3D5-8FA1-9DA1-8992-287593B5466C}" = Catalyst Control Center Localization French
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.7
"{1AB33F2D-B88D-AB12-5BB3-A007E4B40F0E}" = CCC Help Norwegian
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = Toshiba Assist
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23BE4DF2-293D-4077-82F4-1FD8C269277C}" = TuneUp Utilities Language Pack (en-US)
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java 6 Update 24
"{27DEFA86-D8E8-3DD2-6213-DB9D6D7EA2C7}" = CCC Help Polish
"{2820BE5F-883D-862B-9454-BBF1F5FE2116}" = Catalyst Control Center Localization Russian
"{2841FE03-0E4F-41AE-A351-4000C0675279}" = Catalyst Control Center Localization Greek
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{31137F89-6C6D-04D3-23DB-09B13D18A347}" = Catalyst Control Center Localization Polish
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java 6 Update 6
"{326957C7-83FD-4550-A59A-849B7B4297DE}" = Microsoft Easy Assist v2
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{392E4F5C-A71E-494C-F34A-F4723C5C0DD9}" = Skins
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{41950845-942A-F7D8-2812-C42D139D4CCD}" = Catalyst Control Center Localization Swedish
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{461D0D50-97CF-F3EE-9DBC-335BDE753341}" = CCC Help Czech
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C2E5694-E4A3-77DC-E5D7-8E3DCAAC7C5E}" = CCC Help Korean
"{4C3F3228-13BE-41D0-A782-3DDE7CB2479A}" = CD/DVD Drive Acoustic Silencer
"{5965C8A5-8040-8311-586A-A53539801C63}" = Catalyst Control Center Localization Chinese Traditional
"{6261823E-5E66-B815-5F29-1DF9B3E50C3B}" = Catalyst Control Center Graphics Full Existing
"{6605FCD1-5BEC-D2C3-0847-5FA2158B7084}" = CCC Help Chinese Traditional
"{666D8CA2-1525-FCEE-B29F-4BCE90A4DC3E}" = Catalyst Control Center Graphics Full New
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{7A11AC02-C461-42B2-B575-B29FB884FBFB}" = e-Sword
"{809A4D78-FAF0-336D-C4EF-CBE43B2269CB}" = Catalyst Control Center Localization Italian
"{81C7DB7E-2034-D1F5-1F5B-4F8902877DE6}" = Catalyst Control Center Localization Spanish
"{8377C639-F46B-B852-7DC2-1B8D45CEEB09}" = CCC Help Japanese
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{890EF3F8-742F-46BD-9E8E-084B3A1F4364}" = QuickBooks Financial Center
"{90120409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard
"{91DC8167-AAE9-387C-7A6F-053A181DFCF2}" = CCC Help English
"{9875D93B-EFB1-36F3-F025-2EFF439566EC}" = CCC Help Dutch
"{9B41480A-89CA-73E8-0C77-3A93DFA369B3}" = CCC Help Finnish
"{9CF83D92-B56A-1188-56E5-DCB07B65A082}" = CCC Help Greek
"{9F65C612-6E40-AC02-029D-36757B5A5116}" = Catalyst Control Center Localization Danish
"{A7C99B45-BECF-4913-5FAC-E9137D56E5A4}" = CCC Help Russian
"{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 2.10.478
"{A8923B3A-EC9B-9C82-4CB4-4687FB1DBC64}" = Catalyst Control Center Localization Korean
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC37027E-5035-0E85-8C74-916D3AF5202D}" = CCC Help Italian
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.2
"{B0B65799-03A7-BC11-8C04-B043FC9E83F0}" = CCC Help Thai
"{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}" = Atheros Wi-Fi Protected Setup Library
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B90C09EA-EE46-857A-F6A1-7D44593B5B42}" = CCC Help French
"{BB17A4D9-0372-4D16-4B80-F957ACFBA049}" = Catalyst Control Center Localization Turkish
"{BBA0586B-07E4-8BEB-0BD6-D26E81E2CBD0}" = CCC Help Chinese Standard
"{BCC7E198-1D10-4B55-956E-550A196F8056}" = Microsoft Office Live Meeting 2007
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{C6D274AE-F5CC-A416-15CA-1AF199DB850C}" = Catalyst Control Center Localization Portuguese
"{C82185E8-C27B-4EF4-2008-4444BC2C2B6D}" = Microsoft Streets & Trips 2008
"{CAC21CAF-EAE7-4DF4-DB11-AD19E51DD7C3}" = Catalyst Control Center Localization Finnish
"{CDA30994-D994-1006-E421-5CD2C997CEC5}" = Catalyst Control Center Graphics Light
"{CF04AD77-4F34-F226-D473-AA2721670C9B}" = Catalyst Control Center Graphics Previews Vista
"{DD354D4A-0441-6347-0285-78BF5076C30A}" = CCC Help Danish
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E52CA7AD-D8BB-A6E9-0CFD-0D9F22DA685B}" = ccc-core-static
"{EC4F3E62-F2D9-7ADB-6B6E-F4AA3BB23473}" = Catalyst Control Center Localization Dutch
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F074BF0A-E8B7-153D-15C2-FE3EE46A6570}" = Catalyst Control Center Core Implementation
"{F17A0187-80BA-D63B-3F27-1BB66273FF22}" = Catalyst Control Center Localization Japanese
"{F1E0CF51-822A-AF59-DF54-8C7420FBA43D}" = Catalyst Control Center Localization German
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{FB356619-7ECE-42BC-A28A-541973E29F28}" = TOSHIBA PowerCinema Helper
"{FC8D795B-CD15-05B2-9DD1-0DB916B61EC4}" = CCC Help Hungarian
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"AndreaMosaic" = AndreaMosaic 3.32.3
"Applian FLV Player2.0.24" = Applian FLV Player
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Bookworm Adventures Deluxe 1.0" = Bookworm Adventures Deluxe 1.0
"Free RAR Extract Frog" = Free RAR Extract Frog
"Free Window Registry Repair" = Free Window Registry Repair
"HijackThis" = HijackThis 2.0.2
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{C515A5CE-7B56-4C80-881C-86B7768E2FD0}" = Memeo AutoBackup
"InstallShield_{DF0853CA-A1D0-4169-8472-F2822C8FA1EB}" = TOSHIBA Supervisor Password
"InstallShield_{E8B39B08-7FAB-48CC-89E9-37C5589E130C}" = TOSHIBA Hardware Setup
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"KD's Guitar Utilities_is1" = KD's Guitar Utilities 1.5.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox 4.0 (x86 en-US)" = Mozilla Firefox 4.0 (x86 en-US)
"Spesoft Text To MP3 Speaker_is1" = Spesoft Text To MP3 Speaker 2.00
"ST6UNST #1" = PageFix 2.0
"Trojan Remover_is1" = Trojan Remover 6.8.2
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"WildTangent toshiba Master Uninstall" = TOSHIBA Games
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"ZoneAlarm" = ZoneAlarm
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 3/23/2011 10:39:36 PM | Computer Name = acomputername | Source = EventSystem | ID = 4621
Description =
Error - 3/24/2011 9:17:28 PM | Computer Name = acomputername | Source = EventSystem | ID = 4609
Description =
Error - 3/24/2011 9:18:21 PM | Computer Name = acomputername | Source = WinMgmt | ID = 10
Description =
Error - 3/24/2011 10:12:22 PM | Computer Name = acomputername | Source = EventSystem | ID = 4609
Description =
Error - 3/24/2011 10:13:16 PM | Computer Name = acomputername | Source = WinMgmt | ID = 10
Description =
Error - 3/25/2011 8:40:55 AM | Computer Name = acomputername | Source = WinMgmt | ID = 10
Description =
Error - 3/25/2011 8:42:37 AM | Computer Name = acomputername | Source = Windows Search Service | ID = 3013
Description =
Error - 3/25/2011 8:42:37 AM | Computer Name = acomputername | Source = Windows Search Service | ID = 3013
Description =
Error - 3/25/2011 8:42:38 AM | Computer Name = acomputername | Source = Windows Search Service | ID = 3013
Description =
Error - 3/25/2011 8:42:38 AM | Computer Name = acomputername | Source = Windows Search Service | ID = 3013
Description =
[ System Events ]
Error - 8/19/2010 1:31:44 PM | Computer Name = acomputername | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!
Error - 8/19/2010 1:32:00 PM | Computer Name = acomputername | Source = HTTP | ID = 15016
Description =
Error - 8/19/2010 1:32:52 PM | Computer Name = acomputername | Source = Service Control Manager | ID = 7026
Description =
Error - 8/19/2010 1:45:04 PM | Computer Name = acomputername | Source = Service Control Manager | ID = 7034
Description =
Error - 8/19/2010 1:45:12 PM | Computer Name = acomputername | Source = Service Control Manager | ID = 7034
Description =
Error - 8/19/2010 1:45:28 PM | Computer Name = acomputername | Source = Service Control Manager | ID = 7034
Description =
Error - 8/19/2010 1:48:19 PM | Computer Name = acomputername | Source = Service Control Manager | ID = 7000
Description =
Error - 8/19/2010 1:48:19 PM | Computer Name = acomputername | Source = Application Popup | ID = 1060
Description = \??\C:\Windows\SysWow64\drivers\RkPavproc1.sys has been blocked from
loading due to incompatibility with this system. Please contact your software vendor
for a compatible version of the driver.
Error - 8/19/2010 1:52:53 PM | Computer Name = acomputername | Source = Application Popup | ID = 1060
Description = \??\C:\Windows\SysWow64\drivers\RkPavproc1.sys has been blocked from
loading due to incompatibility with this system. Please contact your software vendor
for a compatible version of the driver.
Error - 8/19/2010 1:52:55 PM | Computer Name = acomputername | Source = Service Control Manager | ID = 7000
Description =
< End of report >
Thanks,
novacamino4444