Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help with my HIJACK THIS log


  • This topic is locked This topic is locked
38 replies to this topic

#1 novacamino4444

novacamino4444

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:19 AM

Posted 27 March 2011 - 02:57 PM

Please help if possible. I can presently only get online in safe mode. My browsers say they cannot find server if not in safe mode. I generally use Firefox, but revert to internet explorer when problems keep firefox not working. Firefox opens after about 5 minutes when not in safe mode. I have tried different scanners too, Malwarebytes, Hitman pro, superantispyware, avira.
Below is my hijack this file.
thanks for looking.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:30:30 PM, on 3/27/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19019)
Boot mode: Safe mode with network support

Running processes:
C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (file missing)
O23 - Service: ConfigFree Gadget Service - TOSHIBA Corporation. - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files (x86)\Jumpstart\jswpsapi.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)

--
End of file - 7485 bytes

Edited by Orange Blossom, 27 March 2011 - 03:22 PM.
Moved to log forum. ~ OB


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:19 PM

Posted 03 April 2011 - 08:44 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.
If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.


Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe
    hlp.dat
    /md5stop
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 novacamino4444

novacamino4444
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:19 AM

Posted 03 April 2011 - 09:58 AM

Hi,
Thanks for your reply to my post. I have windows 64 bit vista home premium. It is not completely updated as I get an error when i try to update. It has service pack 2 on it.
I have been stalked by an electronic stalker for over 10 years. Presently my biggest problem is I can only get online in safe mode. If I boot normal starup my browsers say they cannot find server. I have tried resetting the IE internet option advanced tab reset, I have tried using some "netsh" cmd network reset, (I am not sure what it was I found it on a web page telling how to solve the problem.) I am using both Internet explorer 7 and Firefox 4.0. I cannot update to IE 8 it says it does but it always wants to do it the next time I boot up and open the Browser. I would prefer to not even use IE, but lately Firefox takes like 5 minutes to open. If I open IE and get online then firefox opens within a few seconds. I have superanti spyware and Avira anti virus (both free). I also have UBCD 4 win which I have run those same anti malware programs from, including EZ PC fix which I used to delete temporary files and restore and prefetch. I currently am using free Zone Alarm firewall. I had Comodo Free firewall but it got compromised and I uninstalled it and have been unable to reinstall it. I frequently get an error message when trying to install software, it says something about windows installer is not working. I also have a free trial version of Hitman pro, and free malwarebytes. My computer is a Toshiba satellite M305D-S4830 laptop. I went through this same hassle with my old desktop.`There is obviously something un-eraseable in the old desktop hard drive. I figure this hardrive is the same but not sure.
I do have my rebuild discs and I have wiped my computer several times in the past and reinstalled everything. Then it is only a matter of time and the same thing always happens, (cant find server).
Also I have noticed the microsoft 6to4 adapter #2 has a problem and I cannot resolve that in safe mode, according to the message that comes up when I try to search for solution online:
("This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Click 'Check for solutions' to send data about this device to Microsoft and to see if there is a solution available.")


LOGS:

OTL logfile created on: 4/3/2011 10:20:00 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\a user name\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 81.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 231.42 Gb Total Space | 178.51 Gb Free Space | 77.14% Space Free | Partition Type: NTFS

Computer Name: ACOMPUTERNAME | User Name: a user name | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/03 10:17:42 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\a user name\Downloads\OTL.exe
PRC - [2011/03/18 13:53:06 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/02/18 17:30:32 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
PRC - [2011/02/18 17:28:38 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe


========== Modules (SafeList) ==========

MOD - [2011/04/03 10:17:42 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\a user name\Downloads\OTL.exe
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/02/15 11:26:18 | 000,822,264 | ---- | M] (Check Point Software Technologies) [Auto | Stopped] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV:64bit: - [2010/12/14 14:39:14 | 000,036,160 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2010/06/29 13:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2008/04/24 21:57:40 | 000,084,992 | ---- | M] (Toshiba) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV:64bit: - [2008/04/23 01:04:16 | 000,872,960 | ---- | M] (ATI Technologies Inc.) [Auto | Stopped] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV:64bit: - [2008/02/06 16:50:18 | 000,434,016 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/12/03 20:04:48 | 000,175,104 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV:64bit: - [2007/11/21 19:53:16 | 000,135,168 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2007/10/18 02:37:22 | 000,412,672 | ---- | M] (Conexant Systems, Inc.) [Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
SRV - [2011/03/19 17:35:51 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/02/18 17:30:32 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010/12/14 14:42:40 | 002,019,648 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010/12/14 14:39:10 | 000,029,504 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2010/11/30 19:13:26 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/04/17 03:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/04/16 18:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Jumpstart\jswpsapi.exe -- (jswpsapi)
SRV - [2008/04/11 14:58:10 | 000,158,568 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2008/04/11 03:51:58 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/04/04 00:01:28 | 000,036,864 | ---- | M] (TOSHIBA Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)
SRV - [2008/01/29 13:09:58 | 000,165,416 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/10/23 19:27:16 | 000,066,928 | ---- | M] () [Auto | Stopped] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2007/02/12 19:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Stopped] -- C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe -- (o2flash)
SRV - [2006/08/23 19:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/02/15 11:25:38 | 000,033,528 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Stopped] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV:64bit: - [2010/11/30 19:13:39 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2010/11/30 19:13:39 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2010/08/08 23:26:23 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2010/05/15 16:30:50 | 000,453,720 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (vsdatant)
DRV:64bit: - [2010/02/17 14:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 14:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2009/11/12 13:11:40 | 000,029,752 | ---- | M] (Resplendence Software Projects Sp.) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\rspSanity64.sys -- (rspSanity)
DRV:64bit: - [2009/06/15 14:01:06 | 000,156,688 | ---- | M] (Kaspersky Lab) [Kernel | System | Stopped] -- C:\Windows\SysNative\DRIVERS\kl1.sys -- (kl1)
DRV:64bit: - [2008/07/29 05:05:00 | 001,146,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\athrx.sys -- (athr)
DRV:64bit: - [2008/04/28 19:59:26 | 000,026,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\jswpslwfx.sys -- (JSWPSLWF)
DRV:64bit: - [2008/04/23 03:37:00 | 004,260,864 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2008/04/15 13:14:40 | 000,062,040 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\o2mdx64.sys -- (O2MDRDR)
DRV:64bit: - [2008/04/11 00:25:30 | 000,531,968 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2008/04/08 13:46:44 | 000,051,928 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\o2sdx64.sys -- (O2SDRDR)
DRV:64bit: - [2008/04/04 13:57:00 | 000,404,992 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2008/03/25 19:51:16 | 001,487,872 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2008/03/25 19:47:06 | 000,294,400 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2008/03/25 19:45:44 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2008/03/04 13:32:46 | 000,222,720 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2008/01/20 22:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2007/12/20 19:10:50 | 000,028,200 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV:64bit: - [2007/12/11 17:03:36 | 000,027,272 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2007/11/29 20:58:58 | 000,320,048 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2007/11/09 17:00:30 | 000,026,968 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2007/10/18 02:37:10 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio)
DRV:64bit: - [2007/04/09 19:15:44 | 000,009,728 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\QIOMem.sys -- (QIOMem)
DRV:64bit: - [2006/11/09 17:34:00 | 000,237,568 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\kr10n64.sys -- (KR10N64)
DRV:64bit: - [2006/11/09 17:33:00 | 000,248,320 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\kr10i64.sys -- (KR10I64)
DRV:64bit: - [2006/11/07 14:30:56 | 000,016,656 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV:64bit: - [2006/10/23 19:33:08 | 000,018,944 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\tosrfec.sys -- (tosrfec)
DRV:64bit: - [2006/09/18 17:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2006/06/19 01:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
DRV - [2010/11/29 19:27:40 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - Reg Error: Key error. File not found


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2299568864-380025392-769564737-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-2299568864-380025392-769564737-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2299568864-380025392-769564737-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 01 B8 E0 86 75 F0 CB 01 [binary data]
IE - HKU\S-1-5-21-2299568864-380025392-769564737-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2011/03/27 14:20:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/03/24 21:48:32 | 000,000,000 | ---D | M]

[2011/03/24 21:48:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\a user name\AppData\Roaming\Mozilla\Extensions
[2011/04/03 10:13:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\a user name\AppData\Roaming\Mozilla\Firefox\Profiles\r14hu0qm.LOUIS CYPHER\extensions
[2011/04/03 10:13:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\a user name\AppData\Roaming\Mozilla\Firefox\Profiles\r14hu0qm.LOUIS CYPHER\extensions\staged
[2011/03/24 21:48:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/03/18 13:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/04/01 10:14:18 | 000,000,975 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-2299568864-380025392-769564737-1000\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\S-1-5-21-2299568864-380025392-769564737-1000\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-2299568864-380025392-769564737-1000..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-2299568864-380025392-769564737-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-2299568864-380025392-769564737-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-2299568864-380025392-769564737-1000\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O18:64bit: - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\a user name\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\a user name\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 0
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE - (Microsoft Corporation)
MsConfig:64bit - StartUpReg: 00TCrdMain - hkey= - key= - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AROReminder - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: cfFncEnabler.exe - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: HSON - hkey= - key= - C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: NDSTray.exe - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: SmoothView - hkey= - key= - C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: SynTPEnh - hkey= - key= - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
MsConfig:64bit - StartUpReg: TPwrMain - hkey= - key= - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: Windows Defender - hkey= - key= - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
MsConfig:64bit - State: "startup" - Reg Error: Key error.

SafeBootMin:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.dvacm - C:\Program Files (x86)\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)

========== Files/Folders - Created Within 30 Days ==========

[2011/04/01 10:13:44 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/04/01 10:12:41 | 000,000,000 | ---D | C] -- C:\Users\a user name\Downloads\Documents\Simply Super Software
[2011/04/01 10:12:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2011/04/01 10:12:37 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ztvcabinet.dll
[2011/04/01 10:12:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2011/04/01 10:12:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover
[2011/04/01 10:12:35 | 000,000,000 | ---D | C] -- C:\Users\a user name\AppData\Roaming\Simply Super Software
[2011/03/31 18:16:48 | 000,000,000 | ---D | C] -- C:\Users\a user name\Desktop\Gibson_Les_Paul_files
[2011/03/31 17:43:33 | 000,000,000 | ---D | C] -- C:\Users\a user name\Desktop\300-access-the-hidden-administrator-account-in-windows-vista_files
[2011/03/29 12:19:47 | 000,034,624 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2011/03/29 12:19:35 | 000,036,160 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll
[2011/03/29 12:19:34 | 000,029,504 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll
[2011/03/29 12:19:34 | 000,025,920 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2011/03/29 12:19:32 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2011/03/29 12:19:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011
[2011/03/29 12:19:03 | 000,000,000 | ---D | C] -- C:\Users\a user name\AppData\Roaming\TuneUp Software
[2011/03/29 12:18:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2011
[2011/03/29 12:17:59 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2011/03/29 11:09:13 | 000,000,000 | ---D | C] -- C:\Users\a user name\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PageFix 2.0
[2011/03/29 11:09:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PageFix 2.0
[2011/03/29 11:09:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PageFix 2.0
[2011/03/29 11:09:02 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\Setup1.exe
[2011/03/29 11:08:52 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE
[2011/03/29 10:24:16 | 000,000,000 | -HSD | C] -- C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2011/03/29 10:22:39 | 000,000,000 | ---D | C] -- C:\Users\a user name\Desktop\how-to-enable-the-windows-vista-administrator-account_files
[2011/03/29 10:22:28 | 000,000,000 | ---D | C] -- C:\Users\a user name\Desktop\Thor Electronics of California ... ThorConnect_files
[2011/03/29 10:19:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/03/29 10:19:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/03/29 10:19:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011/03/29 04:01:53 | 000,000,000 | ---D | C] -- C:\Windows\Temporary Internet Files
[2011/03/29 04:01:53 | 000,000,000 | ---D | C] -- C:\Windows\Temp
[2011/03/29 04:01:53 | 000,000,000 | ---D | C] -- C:\Windows\Recent
[2011/03/29 04:01:53 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2011/03/29 04:01:53 | 000,000,000 | ---D | C] -- C:\Windows\History
[2011/03/29 04:01:53 | 000,000,000 | ---D | C] -- C:\Windows\Cookies
[2011/03/27 15:50:14 | 000,000,000 | ---D | C] -- C:\Users\a user name\Desktop\texts
[2011/03/27 14:23:08 | 000,000,000 | ---D | C] -- C:\Users\a user name\Downloads\Documents\ForceField Shared Files
[2011/03/27 14:23:06 | 000,000,000 | ---D | C] -- C:\Users\a user name\AppData\Roaming\CheckPoint
[2011/03/27 14:19:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2011/03/27 14:19:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ZoneAlarm_Security
[2011/03/27 14:18:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZoneAlarm
[2011/03/27 14:18:43 | 000,058,368 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsregexp.dll
[2011/03/27 14:18:39 | 000,104,448 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\zlcommdb.dll
[2011/03/27 14:18:39 | 000,069,120 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\zlcomm.dll
[2011/03/27 14:18:33 | 000,043,008 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vswmi.dll
[2011/03/27 14:18:32 | 001,238,528 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\zpeng25.dll
[2011/03/27 14:18:31 | 000,302,592 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vspubapi.dll
[2011/03/27 14:18:31 | 000,110,080 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsxml.dll
[2011/03/27 14:18:31 | 000,108,032 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsmonapi.dll
[2011/03/27 14:18:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ZoneLabs
[2011/03/27 14:18:29 | 000,453,720 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysNative\drivers\vsdatant.sys
[2011/03/27 14:18:29 | 000,112,128 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsdata.dll
[2011/03/27 14:16:49 | 000,715,264 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsutil.dll
[2011/03/27 14:16:49 | 000,228,864 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsinit.dll
[2011/03/27 06:59:53 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2011/03/27 06:56:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zone Labs
[2011/03/27 06:55:23 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2011/03/27 06:55:22 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2011/03/26 01:43:56 | 000,000,000 | ---D | C] -- C:\Users\a user name\Desktop\internet-explorer-cannot-display-the-webpage_files
[2011/03/25 16:16:43 | 000,000,000 | ---D | C] -- C:\Users\a user name\Desktop\tonetricks_files
[2011/03/25 16:14:20 | 000,000,000 | ---D | C] -- C:\Users\a user name\Desktop\how-to-get-rid-of-error-1603-t58434.0_files
[2011/03/25 16:00:42 | 000,000,000 | ---D | C] -- C:\Users\a user name\Desktop\firefox-runs-slow-speed-memory-fast_files
[2011/03/24 22:53:53 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2011/03/24 22:45:44 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\COMODO
[2011/03/24 22:42:55 | 000,000,000 | ---D | C] -- C:\Users\a user name\Desktop\windows installer service_files
[2011/03/24 22:41:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hitman Pro 3.5
[2011/03/24 22:41:52 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/03/24 22:41:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/03/24 22:39:37 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2011/03/24 22:39:35 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll
[2011/03/24 22:34:12 | 000,000,000 | ---D | C] -- C:\Users\a user name\Desktop\sounds
[2011/03/24 21:50:20 | 000,000,000 | ---D | C] -- C:\Users\a user name\AppData\Roaming\Malwarebytes
[2011/03/24 21:50:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/03/24 21:50:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/24 21:50:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/03/24 21:50:09 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/03/24 21:50:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/03/24 21:48:40 | 000,000,000 | ---D | C] -- C:\Users\a user name\AppData\Roaming\Mozilla
[2011/03/24 21:48:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011/03/20 02:39:23 | 000,000,000 | ---D | C] -- C:\Users\a user name\Desktop\schmuck
[2011/03/19 18:07:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 3
[2011/03/19 18:06:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2011/03/15 14:19:18 | 000,000,000 | ---D | C] -- C:\Users\a user name\AppData\Roaming\Spesoft Text To MP3
[2011/03/15 14:19:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spesoft Text To MP3 Speaker
[2011/03/15 14:19:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spesoft Text To MP3 Speaker
[2011/03/14 21:37:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/03/14 21:36:58 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/03/12 07:28:52 | 000,000,000 | ---D | C] -- C:\Users\a user name\Desktop\spanfly_files
[2011/03/06 07:14:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YouTube Downloader
[2011/03/06 07:14:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YouTube Downloader
[2010/08/19 17:28:00 | 002,131,336 | ---- | C] (Ask.com ) -- C:\Program Files (x86)\Common Files\AskToolbarInstaller.exe
[2010/08/08 23:26:23 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\a user name\AppData\Roaming\pcouffin.sys
[4 C:\Users\a user name\AppData\Local\*.tmp files -> C:\Users\a user name\AppData\Local\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/03 10:21:50 | 000,000,732 | ---- | M] () -- C:\Users\a user name\AppData\Local\d3d9caps64.dat
[2011/04/03 10:04:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/01 14:11:42 | 000,000,406 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
[2011/04/01 14:07:42 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/01 14:07:41 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/01 10:14:18 | 000,000,975 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/04/01 10:12:39 | 000,000,959 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2011/03/31 19:01:40 | 000,000,979 | ---- | M] () -- C:\Users\a user name\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/03/31 18:16:49 | 000,157,403 | ---- | M] () -- C:\Users\a user name\Desktop\Gibson_Les_Paul.htm
[2011/03/31 17:43:37 | 000,033,441 | ---- | M] () -- C:\Users\a user name\Desktop\300-access-the-hidden-administrator-account-in-windows-vista.htm
[2011/03/29 17:41:18 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/29 17:41:18 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/29 17:09:27 | 000,001,801 | ---- | M] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2011/03/29 14:56:47 | 000,019,528 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/03/29 14:56:36 | 000,000,304 | ---- | M] () -- C:\Windows\tasks\Hitman Pro 3.5 Boot Task.job
[2011/03/29 12:19:26 | 000,001,934 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Click Maintenance.lnk
[2011/03/29 12:19:26 | 000,001,932 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2011.lnk
[2011/03/29 11:09:02 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\Setup1.exe
[2011/03/29 11:08:52 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE
[2011/03/29 10:22:41 | 000,083,887 | ---- | M] () -- C:\Users\a user name\Desktop\how-to-enable-the-windows-vista-administrator-account.html
[2011/03/29 10:22:32 | 000,084,076 | ---- | M] () -- C:\Users\a user name\Desktop\Thor Electronics of California ... ThorConnect.htm
[2011/03/29 10:19:29 | 000,001,132 | ---- | M] () -- C:\Users\a user name\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/03/29 10:19:29 | 000,001,108 | ---- | M] () -- C:\Users\a user name\Desktop\Spybot - Search & Destroy.lnk
[2011/03/27 16:57:25 | 000,392,267 | ---- | M] () -- C:\Users\a user name\Desktop\jtm45orig-schm1.jpg
[2011/03/27 16:56:02 | 000,377,745 | ---- | M] () -- C:\Users\a user name\Desktop\jtm45ri-schm1.jpg
[2011/03/27 16:27:18 | 000,010,251 | ---- | M] () -- C:\Users\a user name\Desktop\embarrassed-chimpanzee_tim-davis.jpg
[2011/03/27 14:32:46 | 000,000,930 | ---- | M] () -- C:\Users\a user name\Desktop\Internet Explorer (64-bit).lnk
[2011/03/27 14:20:44 | 000,420,800 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2011/03/27 14:18:45 | 000,000,912 | ---- | M] () -- C:\Users\a user name\Desktop\ZoneAlarm Security.lnk
[2011/03/27 08:42:54 | 000,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/03/27 08:42:54 | 000,595,684 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/03/27 08:42:54 | 000,101,350 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/03/27 06:57:05 | 000,306,486 | ---- | M] () -- C:\Users\a user name\Desktop\dotcat.jpg
[2011/03/26 01:43:57 | 000,063,968 | ---- | M] () -- C:\Users\a user name\Desktop\internet-explorer-cannot-display-the-webpage.htm
[2011/03/25 16:16:43 | 000,021,092 | ---- | M] () -- C:\Users\a user name\Desktop\tonetricks.html
[2011/03/25 16:14:20 | 000,061,784 | ---- | M] () -- C:\Users\a user name\Desktop\how-to-get-rid-of-error-1603-t58434.0.html
[2011/03/25 16:00:45 | 000,033,261 | ---- | M] () -- C:\Users\a user name\Desktop\firefox-runs-slow-speed-memory-fast.html
[2011/03/25 11:08:32 | 000,000,781 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/03/24 22:53:53 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2011/03/24 22:43:01 | 000,051,056 | ---- | M] () -- C:\Users\a user name\Desktop\windows installer service.htm
[2011/03/24 22:39:35 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll
[2011/03/24 21:50:13 | 000,000,959 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/24 21:48:42 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2011/03/24 21:48:34 | 000,000,923 | ---- | M] () -- C:\Users\a user name\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/03/24 21:48:34 | 000,000,899 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/03/19 18:07:04 | 000,001,067 | ---- | M] () -- C:\Users\a user name\Desktop\Advanced SystemCare.lnk
[2011/03/16 15:09:37 | 000,055,827 | ---- | M] () -- C:\Users\a user name\Desktop\1959.gif
[2011/03/15 14:19:09 | 000,001,008 | ---- | M] () -- C:\Users\a user name\Desktop\Spesoft Text To MP3 Speaker.lnk
[2011/03/14 21:45:09 | 000,000,799 | ---- | M] () -- C:\Users\a user name\Application Data\Microsoft\Internet Explorer\Quick Launch\CCleaner.lnk
[2011/03/12 07:55:21 | 027,987,129 | ---- | M] () -- C:\Users\a user name\Desktop\CLEOPATRA CHRIS DUARTE
[2011/03/12 07:28:59 | 000,032,806 | ---- | M] () -- C:\Users\a user name\Desktop\spanfly.html
[2011/03/11 20:43:05 | 000,080,297 | ---- | M] () -- C:\Users\a user name\Desktop\Echlob.htm_txt_Echinocystis_lobata-1.gif
[2011/03/06 15:13:32 | 001,608,596 | ---- | M] () -- C:\Users\a user name\Downloads\Documents\Wells Cunningham playing Spanish Fly by Van Halen.mp3
[2011/03/06 07:21:55 | 011,775,098 | ---- | M] () -- C:\Users\a user name\Downloads\Documents\Rolling Stones - The Last Time (1965).flv
[2011/03/06 07:21:26 | 013,721,451 | ---- | M] () -- C:\Users\a user name\Downloads\Documents\The Who See Me Feel Me Woodstock 1969 (Director's cut).flv
[2011/03/06 07:14:49 | 000,000,972 | ---- | M] () -- C:\Users\Public\Desktop\YouTube Downloader.lnk
[2011/03/06 07:12:51 | 001,024,655 | ---- | M] () -- C:\Users\a user name\Desktop\milk thistle.JPG
[2011/03/06 07:12:10 | 000,125,218 | ---- | M] () -- C:\Users\a user name\Desktop\burdock.jpg
[2011/03/06 07:11:30 | 000,023,020 | ---- | M] () -- C:\Users\a user name\Desktop\burdock-plant.jpg
[2011/03/06 07:08:40 | 000,017,920 | ---- | M] () -- C:\Users\a user name\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[4 C:\Users\a user name\AppData\Local\*.tmp files -> C:\Users\a user name\AppData\Local\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/01 10:12:39 | 000,000,959 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2011/04/01 10:12:37 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar36.dll
[2011/04/01 10:12:37 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNRAR3.dll
[2011/04/01 10:12:37 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\ztvunace26.dll
[2011/04/01 10:12:37 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\unacev2.dll
[2011/03/31 19:01:40 | 000,000,979 | ---- | C] () -- C:\Users\a user name\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/03/31 18:16:48 | 000,157,403 | ---- | C] () -- C:\Users\a user name\Desktop\Gibson_Les_Paul.htm
[2011/03/31 17:43:33 | 000,033,441 | ---- | C] () -- C:\Users\a user name\Desktop\300-access-the-hidden-administrator-account-in-windows-vista.htm
[2011/03/29 14:56:36 | 000,000,304 | ---- | C] () -- C:\Windows\tasks\Hitman Pro 3.5 Boot Task.job
[2011/03/29 12:19:26 | 000,001,934 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Click Maintenance.lnk
[2011/03/29 12:19:26 | 000,001,932 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2011.lnk
[2011/03/29 12:19:25 | 000,001,944 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011
[2011/03/29 10:22:39 | 000,083,887 | ---- | C] () -- C:\Users\a user name\Desktop\how-to-enable-the-windows-vista-administrator-account.html
[2011/03/29 10:22:28 | 000,084,076 | ---- | C] () -- C:\Users\a user name\Desktop\Thor Electronics of California ... ThorConnect.htm
[2011/03/29 10:19:29 | 000,001,132 | ---- | C] () -- C:\Users\a user name\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/03/29 10:19:29 | 000,001,108 | ---- | C] () -- C:\Users\a user name\Desktop\Spybot - Search & Destroy.lnk
[2011/03/27 16:57:25 | 000,392,267 | ---- | C] () -- C:\Users\a user name\Desktop\jtm45orig-schm1.jpg
[2011/03/27 16:56:02 | 000,377,745 | ---- | C] () -- C:\Users\a user name\Desktop\jtm45ri-schm1.jpg
[2011/03/27 16:27:18 | 000,010,251 | ---- | C] () -- C:\Users\a user name\Desktop\embarrassed-chimpanzee_tim-davis.jpg
[2011/03/27 14:32:09 | 000,000,930 | ---- | C] () -- C:\Users\a user name\Desktop\Internet Explorer (64-bit).lnk
[2011/03/27 14:18:45 | 000,000,912 | ---- | C] () -- C:\Users\a user name\Desktop\ZoneAlarm Security.lnk
[2011/03/27 14:18:29 | 000,420,800 | ---- | C] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2011/03/27 06:57:05 | 000,306,486 | ---- | C] () -- C:\Users\a user name\Desktop\dotcat.jpg
[2011/03/26 01:43:55 | 000,063,968 | ---- | C] () -- C:\Users\a user name\Desktop\internet-explorer-cannot-display-the-webpage.htm
[2011/03/25 16:16:43 | 000,021,092 | ---- | C] () -- C:\Users\a user name\Desktop\tonetricks.html
[2011/03/25 16:14:20 | 000,061,784 | ---- | C] () -- C:\Users\a user name\Desktop\how-to-get-rid-of-error-1603-t58434.0.html
[2011/03/25 16:00:41 | 000,033,261 | ---- | C] () -- C:\Users\a user name\Desktop\firefox-runs-slow-speed-memory-fast.html
[2011/03/25 11:08:32 | 000,000,781 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/03/24 22:42:53 | 000,051,056 | ---- | C] () -- C:\Users\a user name\Desktop\windows installer service.htm
[2011/03/24 22:41:53 | 000,019,528 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/03/24 22:41:52 | 000,001,801 | ---- | C] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2011/03/24 21:50:13 | 000,000,959 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/24 21:48:42 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/03/24 21:48:34 | 000,000,923 | ---- | C] () -- C:\Users\a user name\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/03/24 21:48:34 | 000,000,911 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/03/24 21:48:34 | 000,000,899 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/03/19 18:07:15 | 000,000,406 | ---- | C] () -- C:\Windows\tasks\AWC Startup.job
[2011/03/19 18:07:04 | 000,001,067 | ---- | C] () -- C:\Users\a user name\Desktop\Advanced SystemCare.lnk
[2011/03/16 15:09:36 | 000,055,827 | ---- | C] () -- C:\Users\a user name\Desktop\1959.gif
[2011/03/15 14:19:09 | 000,001,008 | ---- | C] () -- C:\Users\a user name\Desktop\Spesoft Text To MP3 Speaker.lnk
[2011/03/14 21:45:09 | 000,000,799 | ---- | C] () -- C:\Users\a user name\Application Data\Microsoft\Internet Explorer\Quick Launch\CCleaner.lnk
[2011/03/12 07:55:21 | 027,987,129 | ---- | C] () -- C:\Users\a user name\Desktop\CLEOPATRA CHRIS DUARTE
[2011/03/12 07:28:51 | 000,032,806 | ---- | C] () -- C:\Users\a user name\Desktop\spanfly.html
[2011/03/11 20:43:04 | 000,080,297 | ---- | C] () -- C:\Users\a user name\Desktop\Echlob.htm_txt_Echinocystis_lobata-1.gif
[2011/03/06 15:13:26 | 001,608,596 | ---- | C] () -- C:\Users\a user name\Downloads\Documents\Wells Cunningham playing Spanish Fly by Van Halen.mp3
[2011/03/06 07:21:55 | 011,775,098 | ---- | C] () -- C:\Users\a user name\Downloads\Documents\Rolling Stones - The Last Time (1965).flv
[2011/03/06 07:21:26 | 013,721,451 | ---- | C] () -- C:\Users\a user name\Downloads\Documents\The Who See Me Feel Me Woodstock 1969 (Director's cut).flv
[2011/03/06 07:14:49 | 000,000,972 | ---- | C] () -- C:\Users\Public\Desktop\YouTube Downloader.lnk
[2011/03/06 07:12:51 | 001,024,655 | ---- | C] () -- C:\Users\a user name\Desktop\milk thistle.JPG
[2011/03/06 07:12:10 | 000,125,218 | ---- | C] () -- C:\Users\a user name\Desktop\burdock.jpg
[2011/03/06 07:11:29 | 000,023,020 | ---- | C] () -- C:\Users\a user name\Desktop\burdock-plant.jpg
[2010/11/29 21:19:02 | 000,000,552 | ---- | C] () -- C:\Users\a user name\AppData\Local\d3d8caps.dat
[2010/11/28 10:51:26 | 000,000,036 | ---- | C] () -- C:\Users\a user name\AppData\Local\housecall.guid.cache
[2010/11/22 23:14:41 | 000,003,367 | ---- | C] () -- C:\Users\a user name\AppData\Local\Temp12.html
[2010/08/28 11:00:52 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/08/22 18:46:16 | 000,007,258 | ---- | C] () -- C:\Users\a user name\AppData\Local\Temp38.html
[2010/08/19 18:33:21 | 000,017,920 | ---- | C] () -- C:\Users\a user name\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/19 13:43:36 | 000,107,652 | ---- | C] () -- C:\Users\a user name\AppData\Roaming\PandaIDProtectHelp.chm
[2010/08/16 18:26:04 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2010/08/16 18:25:14 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2010/08/16 18:24:36 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2010/08/16 18:24:12 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2010/08/15 21:38:08 | 000,000,732 | ---- | C] () -- C:\Users\a user name\AppData\Local\d3d9caps64.dat
[2010/08/12 11:55:27 | 000,000,680 | ---- | C] () -- C:\Users\a user name\AppData\Local\d3d9caps.dat
[2010/08/09 22:58:44 | 000,001,293 | ---- | C] () -- C:\Users\a user name\AppData\Local\Temp1.html
[2010/08/08 23:26:23 | 000,099,384 | ---- | C] () -- C:\Users\a user name\AppData\Roaming\inst.exe
[2010/08/08 23:26:23 | 000,007,859 | ---- | C] () -- C:\Users\a user name\AppData\Roaming\pcouffin.cat
[2010/08/08 23:26:23 | 000,001,167 | ---- | C] () -- C:\Users\a user name\AppData\Roaming\pcouffin.inf
[2010/08/08 21:39:48 | 000,000,016 | RHS- | C] () -- C:\Windows\SysWow64\drivers\fbd.sys
[2010/08/08 21:01:42 | 000,128,113 | ---- | C] () -- C:\Windows\SysWow64\csellang.ini
[2010/08/08 21:01:42 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\csellang.dll
[2010/08/08 21:01:42 | 000,007,671 | ---- | C] () -- C:\Windows\SysWow64\cseltbl.ini
[2010/08/08 20:44:54 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/08/08 20:35:55 | 003,107,788 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.dat
[2008/05/19 19:29:53 | 000,281,088 | ---- | C] () -- C:\Windows\WOLSET.exe
[2008/05/18 22:32:27 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/05/18 22:16:22 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll
[2008/05/18 22:16:22 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll
[2008/05/18 22:16:22 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll
[2008/05/18 22:16:22 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll
[2008/05/18 22:16:22 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll
[2008/05/18 22:16:22 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/15 06:31:00 | 000,000,530 | ---- | C] () -- C:\Windows\SysWow64\tx14_ic.ini
[2007/12/21 19:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\TosBtAcc.dll
[2006/11/02 11:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 08:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 08:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 05:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2005/07/23 00:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\TosCommAPI.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2008/10/29 02:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2008/10/29 23:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009/04/11 03:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009/04/11 03:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2008/10/27 22:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2008/10/29 02:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2008/10/30 01:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2008/10/27 22:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008/01/20 22:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008/01/20 22:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe

< MD5 for: WININIT.EXE >
[2008/01/20 22:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe
[2008/01/20 22:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008/01/20 22:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe
[2008/01/20 22:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 03:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009/04/11 03:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008/01/20 22:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 22:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:CB0AACC9

< End of report >

OTL Extras logfile created on: 4/3/2011 10:20:00 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\a user name\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 81.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 231.42 Gb Total Space | 178.51 Gb Free Space | 77.14% Space Free | Partition Type: NTFS

Computer Name: ACOMPUTERNAME | User Name: a user name | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2299568864-380025392-769564737-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 5B 4E AA 66 D4 46 CB 01 [binary data]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine -- (TOSHIBA Corporation)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{D01541AA-9F66-495B-A17C-09F95221CF45}" = lport=445 | protocol=6 | dir=in | app=system |
"{DBEB9E63-1FE8-4C4A-848A-1939A807ECA9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A2461D5-66A7-47CF-928B-B8C58151DDC1}" = protocol=6 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe |
"{34DE08F2-C6F8-41FF-8CC6-8EF9359BE6C3}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{37918B0E-296A-4499-910C-8DFC40F63242}" = protocol=17 | dir=in | app=c:\program files\hitman pro 3.5\hitmanpro35_x64[1].exe |
"{7B4A4D18-F861-4586-BF9C-A7BF7725E583}" = protocol=6 | dir=in | app=c:\program files (x86)\avira\antivir desktop\avcenter.exe |
"{9C7011FA-3C47-441D-9478-521FA28FA98D}" = protocol=17 | dir=in | app=c:\program files (x86)\avira\antivir desktop\avcenter.exe |
"{A4F9A935-9857-4EE1-804C-0937DAC7E1B5}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{A5080BEB-8923-4AB7-B8B9-1F59F5455558}" = protocol=17 | dir=in | app=c:\program files\toshiba\utilities\tacsprop.exe |
"{A86F41FF-37B1-4D52-B2CB-E839A9EA1554}" = protocol=6 | dir=in | app=c:\program files\hitman pro 3.5\hitmanpro35_x64[1].exe |
"{C5420278-BFEC-4516-98A8-B2EDA8054E08}" = protocol=17 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe |
"{DD456F60-38B1-4E18-96FB-2EF5D420ABB3}" = protocol=6 | dir=in | app=c:\program files\toshiba\utilities\tacsprop.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{44791AD6-C026-4889-5562-CAC89488EA87}" = ATI Catalyst Install Manager
"{5254156F-AA77-499A-B7C1-D5581D44E788}" = Marvell Miniport Driver
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{87015136-9964-D053-F673-D03EB0BE2454}" = ccc-utility64
"{AE64AAFB-8C9A-482A-B2A9-3A420A65D5D5}" = O2Micro Flash Memory Card Reader Driver (x64)
"{B431E4D3-ECE7-4D41-8668-BCF9BD685B62}" = TOSHIBA Application Disc Creator
"{C515A5CE-7B56-4C80-881C-86B7768E2FD0}" = Memeo AutoBackup
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{DF0853CA-A1D0-4169-8472-F2822C8FA1EB}" = TOSHIBA Supervisor Password
"{E8B39B08-7FAB-48CC-89E9-37C5589E130C}" = TOSHIBA Hardware Setup
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5051&SUBSYS_1179" = HDAUDIO Soft Data Fax Modem with SmartCP
"HitmanPro35" = Hitman Pro 3.5
"SanityCheck_is1" = SanityCheck 2.00
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{05AB8EF0-F783-11DF-83AC-001279CD8240}" = Google Earth Plug-in
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{085315C2-0F83-FB1E-E2C6-ADA41E050749}" = CCC Help Portuguese
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{0DE27C7D-55A7-8FCE-D849-93200DF26497}" = Catalyst Control Center Localization Hungarian
"{0F3512B1-6DBE-2ECD-82B6-FB85C54F9CFD}" = CCC Help Spanish
"{0FD12B87-324F-4BE6-F066-CBFD6AF0699A}" = Catalyst Control Center Localization Czech
"{1111F2E3-CEE5-D7E9-32DA-099A1DCAF111}" = Catalyst Control Center Localization Chinese Standard
"{12AB790B-B260-4F19-D1B1-DA3CBCA728C1}" = CCC Help German
"{14721FB2-9634-049A-2349-AAED49A8519B}" = Catalyst Control Center Localization Norwegian
"{1725241F-7AFA-1EB9-DA18-F6E264C1033D}" = CCC Help Swedish
"{1748194A-25F8-FD44-78EC-E5173DB356C1}" = Catalyst Control Center Localization Thai
"{18DBA751-ABF8-C093-905A-A5224E5E6EC6}" = CCC Help Turkish
"{1A01E3D5-8FA1-9DA1-8992-287593B5466C}" = Catalyst Control Center Localization French
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.7
"{1AB33F2D-B88D-AB12-5BB3-A007E4B40F0E}" = CCC Help Norwegian
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = Toshiba Assist
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23BE4DF2-293D-4077-82F4-1FD8C269277C}" = TuneUp Utilities Language Pack (en-US)
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 24
"{27DEFA86-D8E8-3DD2-6213-DB9D6D7EA2C7}" = CCC Help Polish
"{2820BE5F-883D-862B-9454-BBF1F5FE2116}" = Catalyst Control Center Localization Russian
"{2841FE03-0E4F-41AE-A351-4000C0675279}" = Catalyst Control Center Localization Greek
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{31137F89-6C6D-04D3-23DB-09B13D18A347}" = Catalyst Control Center Localization Polish
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java™ 6 Update 6
"{326957C7-83FD-4550-A59A-849B7B4297DE}" = Microsoft Easy Assist v2
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{392E4F5C-A71E-494C-F34A-F4723C5C0DD9}" = Skins
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{41950845-942A-F7D8-2812-C42D139D4CCD}" = Catalyst Control Center Localization Swedish
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{461D0D50-97CF-F3EE-9DBC-335BDE753341}" = CCC Help Czech
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C2E5694-E4A3-77DC-E5D7-8E3DCAAC7C5E}" = CCC Help Korean
"{4C3F3228-13BE-41D0-A782-3DDE7CB2479A}" = CD/DVD Drive Acoustic Silencer
"{5965C8A5-8040-8311-586A-A53539801C63}" = Catalyst Control Center Localization Chinese Traditional
"{6261823E-5E66-B815-5F29-1DF9B3E50C3B}" = Catalyst Control Center Graphics Full Existing
"{6605FCD1-5BEC-D2C3-0847-5FA2158B7084}" = CCC Help Chinese Traditional
"{666D8CA2-1525-FCEE-B29F-4BCE90A4DC3E}" = Catalyst Control Center Graphics Full New
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{7A11AC02-C461-42B2-B575-B29FB884FBFB}" = e-Sword
"{809A4D78-FAF0-336D-C4EF-CBE43B2269CB}" = Catalyst Control Center Localization Italian
"{81C7DB7E-2034-D1F5-1F5B-4F8902877DE6}" = Catalyst Control Center Localization Spanish
"{8377C639-F46B-B852-7DC2-1B8D45CEEB09}" = CCC Help Japanese
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{890EF3F8-742F-46BD-9E8E-084B3A1F4364}" = QuickBooks Financial Center
"{90120409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard
"{91DC8167-AAE9-387C-7A6F-053A181DFCF2}" = CCC Help English
"{9875D93B-EFB1-36F3-F025-2EFF439566EC}" = CCC Help Dutch
"{9B41480A-89CA-73E8-0C77-3A93DFA369B3}" = CCC Help Finnish
"{9CF83D92-B56A-1188-56E5-DCB07B65A082}" = CCC Help Greek
"{9F65C612-6E40-AC02-029D-36757B5A5116}" = Catalyst Control Center Localization Danish
"{A7C99B45-BECF-4913-5FAC-E9137D56E5A4}" = CCC Help Russian
"{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 2.10.478
"{A8923B3A-EC9B-9C82-4CB4-4687FB1DBC64}" = Catalyst Control Center Localization Korean
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC37027E-5035-0E85-8C74-916D3AF5202D}" = CCC Help Italian
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.2
"{B0B65799-03A7-BC11-8C04-B043FC9E83F0}" = CCC Help Thai
"{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}" = Atheros Wi-Fi Protected Setup Library
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B90C09EA-EE46-857A-F6A1-7D44593B5B42}" = CCC Help French
"{BB17A4D9-0372-4D16-4B80-F957ACFBA049}" = Catalyst Control Center Localization Turkish
"{BBA0586B-07E4-8BEB-0BD6-D26E81E2CBD0}" = CCC Help Chinese Standard
"{BCC7E198-1D10-4B55-956E-550A196F8056}" = Microsoft Office Live Meeting 2007
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{C6D274AE-F5CC-A416-15CA-1AF199DB850C}" = Catalyst Control Center Localization Portuguese
"{C82185E8-C27B-4EF4-2008-4444BC2C2B6D}" = Microsoft Streets & Trips 2008
"{CAC21CAF-EAE7-4DF4-DB11-AD19E51DD7C3}" = Catalyst Control Center Localization Finnish
"{CDA30994-D994-1006-E421-5CD2C997CEC5}" = Catalyst Control Center Graphics Light
"{CF04AD77-4F34-F226-D473-AA2721670C9B}" = Catalyst Control Center Graphics Previews Vista
"{DD354D4A-0441-6347-0285-78BF5076C30A}" = CCC Help Danish
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E52CA7AD-D8BB-A6E9-0CFD-0D9F22DA685B}" = ccc-core-static
"{EC4F3E62-F2D9-7ADB-6B6E-F4AA3BB23473}" = Catalyst Control Center Localization Dutch
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F074BF0A-E8B7-153D-15C2-FE3EE46A6570}" = Catalyst Control Center Core Implementation
"{F17A0187-80BA-D63B-3F27-1BB66273FF22}" = Catalyst Control Center Localization Japanese
"{F1E0CF51-822A-AF59-DF54-8C7420FBA43D}" = Catalyst Control Center Localization German
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{FB356619-7ECE-42BC-A28A-541973E29F28}" = TOSHIBA PowerCinema Helper
"{FC8D795B-CD15-05B2-9DD1-0DB916B61EC4}" = CCC Help Hungarian
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"AndreaMosaic" = AndreaMosaic 3.32.3
"Applian FLV Player2.0.24" = Applian FLV Player
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Bookworm Adventures Deluxe 1.0" = Bookworm Adventures Deluxe 1.0
"Free RAR Extract Frog" = Free RAR Extract Frog
"Free Window Registry Repair" = Free Window Registry Repair
"HijackThis" = HijackThis 2.0.2
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{C515A5CE-7B56-4C80-881C-86B7768E2FD0}" = Memeo AutoBackup
"InstallShield_{DF0853CA-A1D0-4169-8472-F2822C8FA1EB}" = TOSHIBA Supervisor Password
"InstallShield_{E8B39B08-7FAB-48CC-89E9-37C5589E130C}" = TOSHIBA Hardware Setup
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"KD's Guitar Utilities_is1" = KD's Guitar Utilities 1.5.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox 4.0 (x86 en-US)" = Mozilla Firefox 4.0 (x86 en-US)
"Spesoft Text To MP3 Speaker_is1" = Spesoft Text To MP3 Speaker 2.00
"ST6UNST #1" = PageFix 2.0
"Trojan Remover_is1" = Trojan Remover 6.8.2
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"WildTangent toshiba Master Uninstall" = TOSHIBA Games
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"ZoneAlarm" = ZoneAlarm

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/23/2011 10:39:36 PM | Computer Name = acomputername | Source = EventSystem | ID = 4621
Description =

Error - 3/24/2011 9:17:28 PM | Computer Name = acomputername | Source = EventSystem | ID = 4609
Description =

Error - 3/24/2011 9:18:21 PM | Computer Name = acomputername | Source = WinMgmt | ID = 10
Description =

Error - 3/24/2011 10:12:22 PM | Computer Name = acomputername | Source = EventSystem | ID = 4609
Description =

Error - 3/24/2011 10:13:16 PM | Computer Name = acomputername | Source = WinMgmt | ID = 10
Description =

Error - 3/25/2011 8:40:55 AM | Computer Name = acomputername | Source = WinMgmt | ID = 10
Description =

Error - 3/25/2011 8:42:37 AM | Computer Name = acomputername | Source = Windows Search Service | ID = 3013
Description =

Error - 3/25/2011 8:42:37 AM | Computer Name = acomputername | Source = Windows Search Service | ID = 3013
Description =

Error - 3/25/2011 8:42:38 AM | Computer Name = acomputername | Source = Windows Search Service | ID = 3013
Description =

Error - 3/25/2011 8:42:38 AM | Computer Name = acomputername | Source = Windows Search Service | ID = 3013
Description =

[ System Events ]
Error - 8/19/2010 1:31:44 PM | Computer Name = acomputername | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 8/19/2010 1:32:00 PM | Computer Name = acomputername | Source = HTTP | ID = 15016
Description =

Error - 8/19/2010 1:32:52 PM | Computer Name = acomputername | Source = Service Control Manager | ID = 7026
Description =

Error - 8/19/2010 1:45:04 PM | Computer Name = acomputername | Source = Service Control Manager | ID = 7034
Description =

Error - 8/19/2010 1:45:12 PM | Computer Name = acomputername | Source = Service Control Manager | ID = 7034
Description =

Error - 8/19/2010 1:45:28 PM | Computer Name = acomputername | Source = Service Control Manager | ID = 7034
Description =

Error - 8/19/2010 1:48:19 PM | Computer Name = acomputername | Source = Service Control Manager | ID = 7000
Description =

Error - 8/19/2010 1:48:19 PM | Computer Name = acomputername | Source = Application Popup | ID = 1060
Description = \??\C:\Windows\SysWow64\drivers\RkPavproc1.sys has been blocked from
loading due to incompatibility with this system. Please contact your software vendor
for a compatible version of the driver.

Error - 8/19/2010 1:52:53 PM | Computer Name = acomputername | Source = Application Popup | ID = 1060
Description = \??\C:\Windows\SysWow64\drivers\RkPavproc1.sys has been blocked from
loading due to incompatibility with this system. Please contact your software vendor
for a compatible version of the driver.

Error - 8/19/2010 1:52:55 PM | Computer Name = acomputername | Source = Service Control Manager | ID = 7000
Description =


< End of report >

Thanks,
novacamino4444

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:19 PM

Posted 03 April 2011 - 12:47 PM

Hi,

please run TDSSKiller next:
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt

  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

regards myrit

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 novacamino4444

novacamino4444
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:19 AM

Posted 03 April 2011 - 01:50 PM

2011/04/03 14:47:26.0135 1376 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/03 14:47:28.0139 1376 ================================================================================
2011/04/03 14:47:28.0139 1376 SystemInfo:
2011/04/03 14:47:28.0139 1376
2011/04/03 14:47:28.0139 1376 OS Version: 6.0.6002 ServicePack: 2.0
2011/04/03 14:47:28.0139 1376 Product type: Workstation
2011/04/03 14:47:28.0139 1376 ComputerName: ACOMPUTERNAME
2011/04/03 14:47:28.0139 1376 UserName: a user name
2011/04/03 14:47:28.0139 1376 Windows directory: C:\Windows
2011/04/03 14:47:28.0139 1376 System windows directory: C:\Windows
2011/04/03 14:47:28.0139 1376 Running under WOW64
2011/04/03 14:47:28.0139 1376 Processor architecture: Intel x64
2011/04/03 14:47:28.0139 1376 Number of processors: 2
2011/04/03 14:47:28.0139 1376 Page size: 0x1000
2011/04/03 14:47:28.0139 1376 Boot type: Safe boot with network
2011/04/03 14:47:28.0139 1376 ================================================================================
2011/04/03 14:47:28.0549 1376 Initialize success
2011/04/03 14:47:41.0715 0448 ================================================================================
2011/04/03 14:47:41.0715 0448 Scan started
2011/04/03 14:47:41.0715 0448 Mode: Manual;
2011/04/03 14:47:41.0715 0448 ================================================================================
2011/04/03 14:47:42.0561 0448 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
2011/04/03 14:47:42.0816 0448 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
2011/04/03 14:47:42.0983 0448 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
2011/04/03 14:47:43.0075 0448 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
2011/04/03 14:47:43.0132 0448 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
2011/04/03 14:47:43.0398 0448 AFD (12415ccfd3e7cec55b5184e67b039fe4) C:\Windows\system32\drivers\afd.sys
2011/04/03 14:47:43.0559 0448 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
2011/04/03 14:47:43.0695 0448 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
2011/04/03 14:47:43.0863 0448 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
2011/04/03 14:47:43.0902 0448 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
2011/04/03 14:47:44.0016 0448 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
2011/04/03 14:47:44.0344 0448 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
2011/04/03 14:47:44.0456 0448 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
2011/04/03 14:47:44.0581 0448 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/03 14:47:44.0668 0448 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
2011/04/03 14:47:44.0774 0448 athr (45511c7e870d3adddd60049232ea96b3) C:\Windows\system32\DRIVERS\athrx.sys
2011/04/03 14:47:45.0121 0448 atikmdag (f59742a4507960b9013365c74dc25c48) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/04/03 14:47:45.0382 0448 AtiPcie (69eebb256503cded9bd0e9e43128c626) C:\Windows\system32\DRIVERS\AtiPcie.sys
2011/04/03 14:47:45.0544 0448 avgntflt (39c2e2870fc0c2ae0595b883cbe716b4) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/04/03 14:47:45.0694 0448 avipbb (c98fa6e5ad0e857d22716bd2b8b1f399) C:\Windows\system32\DRIVERS\avipbb.sys
2011/04/03 14:47:45.0856 0448 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
2011/04/03 14:47:45.0968 0448 bowser (8b2b19031d0aeade6e1b933df1acba7e) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/03 14:47:46.0081 0448 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
2011/04/03 14:47:46.0104 0448 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
2011/04/03 14:47:46.0292 0448 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
2011/04/03 14:47:46.0355 0448 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
2011/04/03 14:47:46.0419 0448 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
2011/04/03 14:47:46.0499 0448 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
2011/04/03 14:47:46.0602 0448 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
2011/04/03 14:47:46.0780 0448 CAXHWAZL (cd69e6640bc4778eb4159d34a707106e) C:\Windows\system32\DRIVERS\CAXHWAZL.sys
2011/04/03 14:47:46.0914 0448 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/03 14:47:47.0024 0448 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/03 14:47:47.0172 0448 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
2011/04/03 14:47:47.0305 0448 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
2011/04/03 14:47:47.0493 0448 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/04/03 14:47:47.0600 0448 cmdGuard (b4d52f718ca1025f06d1800258dd611b) C:\Windows\system32\DRIVERS\cmdguard.sys
2011/04/03 14:47:47.0726 0448 cmdHlp (574202ba8869f961c6a00ba3d59e0542) C:\Windows\system32\DRIVERS\cmdhlp.sys
2011/04/03 14:47:47.0828 0448 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
2011/04/03 14:47:47.0912 0448 CnxtHdAudService (5a220d86c6e0dd92ea0ea157ed3ca267) C:\Windows\system32\drivers\CHDRT64.sys
2011/04/03 14:47:48.0048 0448 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
2011/04/03 14:47:48.0142 0448 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
2011/04/03 14:47:48.0429 0448 DfsC (36cd31121f228e7e79bae60aa45764c6) C:\Windows\system32\Drivers\dfsc.sys
2011/04/03 14:47:48.0588 0448 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
2011/04/03 14:47:48.0828 0448 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
2011/04/03 14:47:48.0936 0448 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/03 14:47:49.0080 0448 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
2011/04/03 14:47:49.0287 0448 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
2011/04/03 14:47:49.0496 0448 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
2011/04/03 14:47:49.0709 0448 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
2011/04/03 14:47:49.0866 0448 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
2011/04/03 14:47:49.0938 0448 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
2011/04/03 14:47:50.0111 0448 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/03 14:47:50.0190 0448 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
2011/04/03 14:47:50.0270 0448 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
2011/04/03 14:47:50.0339 0448 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/03 14:47:50.0425 0448 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
2011/04/03 14:47:50.0624 0448 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/03 14:47:50.0665 0448 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
2011/04/03 14:47:50.0901 0448 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
2011/04/03 14:47:51.0075 0448 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/03 14:47:51.0209 0448 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
2011/04/03 14:47:51.0295 0448 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
2011/04/03 14:47:51.0370 0448 HidUsb (d02c82cb3a20f391c8aeff94e8e0baa1) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/03 14:47:51.0590 0448 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
2011/04/03 14:47:51.0721 0448 HSF_DPV (ebdba99c2362457be429f024396b63be) C:\Windows\system32\DRIVERS\CAX_DPV.sys
2011/04/03 14:47:51.0967 0448 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
2011/04/03 14:47:52.0078 0448 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
2011/04/03 14:47:52.0250 0448 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/03 14:47:52.0352 0448 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
2011/04/03 14:47:52.0562 0448 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
2011/04/03 14:47:52.0690 0448 inspect (99e37315e6f0e10e78e8866056b33542) C:\Windows\system32\DRIVERS\inspect.sys
2011/04/03 14:47:52.0756 0448 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
2011/04/03 14:47:52.0906 0448 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/03 14:47:53.0066 0448 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/03 14:47:53.0287 0448 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
2011/04/03 14:47:53.0397 0448 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
2011/04/03 14:47:53.0466 0448 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
2011/04/03 14:47:53.0563 0448 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
2011/04/03 14:47:53.0722 0448 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/03 14:47:53.0881 0448 ISWKL (9d7ac39e2f3a45d6fc277ec10c2732eb) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
2011/04/03 14:47:54.0022 0448 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
2011/04/03 14:47:54.0108 0448 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
2011/04/03 14:47:54.0276 0448 JSWPSLWF (9d86c5091209ca4bd3762bed6f654501) C:\Windows\system32\DRIVERS\jswpslwfx.sys
2011/04/03 14:47:54.0388 0448 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/03 14:47:54.0506 0448 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/03 14:47:54.0746 0448 kl1 (ae1589b6bf163797514cd90924361e29) C:\Windows\system32\DRIVERS\kl1.sys
2011/04/03 14:47:54.0850 0448 KR10I64 (7c999f96b239e214154db3c808e6736a) C:\Windows\system32\drivers\kr10i64.sys
2011/04/03 14:47:55.0002 0448 KR10N64 (8cb9a9164d4e789424f943fa718fa3f2) C:\Windows\system32\drivers\kr10n64.sys
2011/04/03 14:47:55.0155 0448 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/03 14:47:55.0367 0448 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
2011/04/03 14:47:55.0610 0448 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/03 14:47:55.0844 0448 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
2011/04/03 14:47:55.0909 0448 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
2011/04/03 14:47:56.0005 0448 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
2011/04/03 14:47:56.0135 0448 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
2011/04/03 14:47:56.0179 0448 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/04/03 14:47:56.0367 0448 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
2011/04/03 14:47:56.0489 0448 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
2011/04/03 14:47:56.0625 0448 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
2011/04/03 14:47:56.0729 0448 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/03 14:47:56.0774 0448 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/03 14:47:56.0899 0448 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/03 14:47:56.0998 0448 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
2011/04/03 14:47:57.0172 0448 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
2011/04/03 14:47:57.0285 0448 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/03 14:47:57.0429 0448 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
2011/04/03 14:47:57.0541 0448 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
2011/04/03 14:47:57.0620 0448 mrxsmb (d58d129e26705e83a4deba7177eb7972) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/03 14:47:57.0751 0448 mrxsmb10 (d5be5c14e0f1dc489f5bb2a67983f630) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/03 14:47:57.0862 0448 mrxsmb20 (09a2990c3b293c212816c9bc0d7c200e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/03 14:47:58.0032 0448 msahci (aa459f2ab3ab603c357ff117cae3d818) C:\Windows\system32\drivers\msahci.sys
2011/04/03 14:47:58.0167 0448 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
2011/04/03 14:47:58.0288 0448 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
2011/04/03 14:47:58.0437 0448 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
2011/04/03 14:47:58.0654 0448 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/03 14:47:58.0725 0448 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/03 14:47:58.0780 0448 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
2011/04/03 14:47:58.0878 0448 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
2011/04/03 14:47:59.0029 0448 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/03 14:47:59.0155 0448 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
2011/04/03 14:47:59.0264 0448 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
2011/04/03 14:47:59.0375 0448 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/03 14:47:59.0561 0448 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
2011/04/03 14:47:59.0675 0448 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/03 14:47:59.0778 0448 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/03 14:47:59.0861 0448 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/03 14:48:00.0030 0448 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
2011/04/03 14:48:00.0095 0448 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/03 14:48:00.0235 0448 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/03 14:48:00.0456 0448 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
2011/04/03 14:48:00.0582 0448 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
2011/04/03 14:48:00.0726 0448 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/03 14:48:00.0898 0448 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
2011/04/03 14:48:01.0187 0448 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
2011/04/03 14:48:01.0240 0448 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
2011/04/03 14:48:01.0306 0448 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
2011/04/03 14:48:01.0428 0448 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
2011/04/03 14:48:01.0640 0448 O2MDRDR (6531dced1f12f8863f5c335c4a89a02e) C:\Windows\system32\DRIVERS\o2mdx64.sys
2011/04/03 14:48:01.0743 0448 O2SDRDR (e91b345d7e8ffaf29164b81311623941) C:\Windows\system32\DRIVERS\o2sdx64.sys
2011/04/03 14:48:01.0866 0448 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/04/03 14:48:02.0128 0448 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
2011/04/03 14:48:02.0207 0448 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
2011/04/03 14:48:02.0328 0448 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
2011/04/03 14:48:02.0458 0448 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
2011/04/03 14:48:02.0493 0448 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
2011/04/03 14:48:02.0652 0448 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys
2011/04/03 14:48:02.0820 0448 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
2011/04/03 14:48:03.0290 0448 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/03 14:48:03.0350 0448 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\DRIVERS\processr.sys
2011/04/03 14:48:03.0511 0448 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/03 14:48:03.0598 0448 QIOMem (030176bd0b4aaea01a651b51efe295bb) C:\Windows\system32\DRIVERS\QIOMem.sys
2011/04/03 14:48:03.0715 0448 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
2011/04/03 14:48:03.0913 0448 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
2011/04/03 14:48:04.0003 0448 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/03 14:48:04.0169 0448 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/03 14:48:04.0295 0448 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/03 14:48:04.0464 0448 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/03 14:48:04.0544 0448 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/03 14:48:04.0620 0448 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/03 14:48:04.0743 0448 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/03 14:48:04.0872 0448 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
2011/04/03 14:48:05.0010 0448 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/03 14:48:05.0079 0448 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
2011/04/03 14:48:05.0341 0448 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/03 14:48:05.0428 0448 rspSanity (aa6ea4919e02812ff08cc5fdd7bb8a68) C:\Windows\system32\DRIVERS\rspSanity64.sys
2011/04/03 14:48:05.0741 0448 SASDIFSV (99df79c258b3342b6c8a5f802998de56) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
2011/04/03 14:48:05.0832 0448 SASKUTIL (2859c35c0651e8eb0d86d48e740388f2) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
2011/04/03 14:48:05.0988 0448 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
2011/04/03 14:48:06.0277 0448 sdbus (b42ee50f7d24f837f925332eb349eca5) C:\Windows\system32\DRIVERS\sdbus.sys
2011/04/03 14:48:06.0382 0448 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/04/03 14:48:06.0474 0448 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
2011/04/03 14:48:06.0539 0448 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
2011/04/03 14:48:06.0652 0448 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
2011/04/03 14:48:06.0802 0448 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
2011/04/03 14:48:06.0864 0448 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
2011/04/03 14:48:06.0957 0448 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
2011/04/03 14:48:07.0027 0448 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
2011/04/03 14:48:07.0154 0448 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
2011/04/03 14:48:07.0232 0448 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
2011/04/03 14:48:07.0491 0448 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
2011/04/03 14:48:07.0616 0448 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
2011/04/03 14:48:07.0707 0448 srv (8cd33a47ca02c79038b669f31f95bdac) C:\Windows\system32\DRIVERS\srv.sys
2011/04/03 14:48:07.0892 0448 srv2 (1bedf533096c56e70f87e3e3ee02caf5) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/03 14:48:07.0977 0448 srvnet (2b8c340f830c465f514d966f7e6a822f) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/03 14:48:08.0124 0448 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/03 14:48:08.0286 0448 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
2011/04/03 14:48:08.0357 0448 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
2011/04/03 14:48:08.0428 0448 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
2011/04/03 14:48:08.0529 0448 SynTP (8de55385370e47f0e851c9bd6c310e9d) C:\Windows\system32\DRIVERS\SynTP.sys
2011/04/03 14:48:08.0781 0448 Tcpip (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\drivers\tcpip.sys
2011/04/03 14:48:09.0025 0448 Tcpip6 (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/03 14:48:09.0187 0448 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/03 14:48:09.0254 0448 tdcmdpst (d45586a9facb2c9708b10e491ef748a6) C:\Windows\system32\DRIVERS\tdcmdpst.sys
2011/04/03 14:48:09.0340 0448 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
2011/04/03 14:48:09.0425 0448 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
2011/04/03 14:48:09.0566 0448 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/03 14:48:09.0664 0448 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/03 14:48:10.0079 0448 tosrfec (9fb4aa68d4e833c795994513bc9e3aca) C:\Windows\system32\DRIVERS\tosrfec.sys
2011/04/03 14:48:10.0166 0448 tos_sps64 (711ee5ea958c345a50b69abbbd74d646) C:\Windows\system32\DRIVERS\tos_sps64.sys
2011/04/03 14:48:10.0432 0448 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/03 14:48:10.0712 0448 TuneUpUtilitiesDrv (dcc94c51d27c7ec0dadeca8f64c94fcf) C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys
2011/04/03 14:48:10.0833 0448 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
2011/04/03 14:48:10.0910 0448 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/03 14:48:10.0998 0448 TVALZ (9a744cc3d804ec38a6c2c65bc3c6fcd8) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
2011/04/03 14:48:11.0150 0448 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
2011/04/03 14:48:11.0242 0448 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/03 14:48:11.0481 0448 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
2011/04/03 14:48:11.0550 0448 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
2011/04/03 14:48:11.0667 0448 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
2011/04/03 14:48:11.0725 0448 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
2011/04/03 14:48:11.0822 0448 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/03 14:48:12.0057 0448 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/03 14:48:12.0091 0448 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
2011/04/03 14:48:12.0149 0448 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/03 14:48:12.0223 0448 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/03 14:48:12.0360 0448 usbohci (e406b003a354776d317762694956b0fc) C:\Windows\system32\DRIVERS\usbohci.sys
2011/04/03 14:48:12.0425 0448 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys
2011/04/03 14:48:12.0527 0448 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/03 14:48:12.0580 0448 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/03 14:48:12.0707 0448 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
2011/04/03 14:48:12.0782 0448 UVCFTR (060b7863943625e0193a3575c0c59e52) C:\Windows\system32\Drivers\UVCFTR_S.SYS
2011/04/03 14:48:12.0878 0448 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/03 14:48:12.0913 0448 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
2011/04/03 14:48:13.0031 0448 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
2011/04/03 14:48:13.0132 0448 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
2011/04/03 14:48:13.0253 0448 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
2011/04/03 14:48:13.0372 0448 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
2011/04/03 14:48:13.0549 0448 vsdatant (f3099c3d724816493df8bbc5168f81cd) C:\Windows\system32\drivers\vsdatant.sys
2011/04/03 14:48:13.0713 0448 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
2011/04/03 14:48:13.0893 0448 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
2011/04/03 14:48:14.0032 0448 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/03 14:48:14.0071 0448 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/03 14:48:14.0132 0448 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
2011/04/03 14:48:14.0285 0448 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/03 14:48:14.0536 0448 winachsf (9e6c63f94d2c3d884a8936e448b1028b) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
2011/04/03 14:48:14.0764 0448 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/04/03 14:48:14.0861 0448 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/03 14:48:15.0091 0448 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/03 14:48:15.0222 0448 XAudio (f22e443518bc599d12888daf292a56d8) C:\Windows\system32\DRIVERS\xaudio64.sys
2011/04/03 14:48:15.0397 0448 yukonx64 (3373a1402397bd13455608e5852e1505) C:\Windows\system32\DRIVERS\yk60x64.sys
2011/04/03 14:48:15.0475 0448 ================================================================================
2011/04/03 14:48:15.0475 0448 Scan finished
2011/04/03 14:48:15.0475 0448 ================================================================================

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:19 PM

Posted 03 April 2011 - 01:53 PM

Hi,

please run ComboFix next:

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 novacamino4444

novacamino4444
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:19 AM

Posted 03 April 2011 - 02:49 PM

Hi myrti,
Thanks again. I may have messed up. As far as I could tell I only had zone alarm running, which I turned off for the combofix scan. When I started combo fix it gave a message about not being administrator and needing to enter a cmd prompt to do so then it went on. I can't recall if that happened 1st or 2nd but there was also a message saying avira desktop and some other Avira process were running. I could find niether in the task manager so I uninstalled Avira. Combo fix ran and then at some point the computer restared and it created this log:

ComboFix 11-04-03.01 - a user name 04/03/2011 15:08:12.1.2 - x64 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3837.2896 [GMT -4:00]
Running from: c:\users\a user name\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
SP: AntiVir Desktop *Enabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\a user name\AppData\Roaming\inst.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_WMPNETWORKSVC
-------\Service_WMPNetworkSvc
.
.
((((((((((((((((((((((((( Files Created from 2011-03-03 to 2011-04-03 )))))))))))))))))))))))))))))))
.
.
2011-04-01 14:12 . 2006-06-19 16:01 69632 ----a-w- c:\windows\SysWow64\ztvcabinet.dll
2011-04-01 14:12 . 2006-05-25 18:52 162304 ----a-w- c:\windows\SysWow64\ztvunrar36.dll
2011-04-01 14:12 . 2005-08-26 04:50 77312 ----a-w- c:\windows\SysWow64\ztvunace26.dll
2011-04-01 14:12 . 2003-02-02 23:06 153088 ----a-w- c:\windows\SysWow64\UNRAR3.dll
2011-04-01 14:12 . 2002-03-06 04:00 75264 ----a-w- c:\windows\SysWow64\unacev2.dll
2011-04-01 14:12 . 2011-04-01 14:12 -------- d-----w- c:\programdata\Simply Super Software
2011-04-01 14:12 . 2011-04-01 14:12 -------- d-----w- c:\program files (x86)\Trojan Remover
2011-04-01 14:12 . 2011-04-01 14:12 -------- d-----w- c:\users\a user name\AppData\Roaming\Simply Super Software
2011-03-31 22:54 . 2011-03-31 22:55 -------- d-----w- c:\users\Administrator
2011-03-29 16:19 . 2010-12-14 18:43 34624 ----a-w- c:\windows\system32\TURegOpt.exe
2011-03-29 16:19 . 2010-12-14 18:39 36160 ----a-w- c:\windows\system32\uxtuneup.dll
2011-03-29 16:19 . 2010-12-14 18:39 25920 ----a-w- c:\windows\system32\authuitu.dll
2011-03-29 16:19 . 2010-12-14 18:39 29504 ----a-w- c:\windows\SysWow64\uxtuneup.dll
2011-03-29 16:19 . 2010-12-14 18:39 21312 ----a-w- c:\windows\SysWow64\authuitu.dll
2011-03-29 16:19 . 2011-03-29 16:19 -------- d-----w- c:\users\a user name\AppData\Roaming\TuneUp Software
2011-03-29 16:18 . 2011-03-29 16:19 -------- d-----w- c:\program files (x86)\TuneUp Utilities 2011
2011-03-29 16:17 . 2011-03-29 21:05 -------- d-----w- c:\programdata\TuneUp Software
2011-03-29 15:09 . 2011-03-29 15:09 -------- d-----w- c:\program files (x86)\PageFix 2.0
2011-03-29 15:09 . 2011-03-29 15:09 249856 ------w- c:\windows\Setup1.exe
2011-03-29 15:08 . 2011-03-29 15:08 73216 ----a-w- c:\windows\ST6UNST.EXE
2011-03-29 14:24 . 2011-03-29 14:24 -------- d-sh--w- c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-03-29 14:19 . 2011-03-31 05:31 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-03-29 14:19 . 2011-03-29 14:26 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-03-29 08:01 . 2011-03-29 08:01 -------- d-----w- c:\windows\Recent
2011-03-29 08:01 . 2011-03-29 08:01 -------- d-----w- c:\windows\Cookies
2011-03-29 08:01 . 2011-03-29 08:01 -------- d-----w- c:\users\Recent
2011-03-29 08:01 . 2011-03-29 08:01 -------- d-----w- c:\users\Cookies
2011-03-27 18:23 . 2011-03-27 18:23 -------- d-----w- c:\users\a user name\AppData\Roaming\CheckPoint
2011-03-27 18:19 . 2011-03-27 18:19 -------- d-----w- c:\program files (x86)\Conduit
2011-03-27 18:19 . 2011-03-27 18:19 -------- d-----w- c:\program files (x86)\ZoneAlarm_Security
2011-03-27 18:18 . 2011-02-18 21:28 69120 ----a-w- c:\windows\SysWow64\zlcomm.dll
2011-03-27 18:18 . 2011-02-18 21:28 104448 ----a-w- c:\windows\SysWow64\zlcommdb.dll
2011-03-27 18:18 . 2011-02-18 21:28 1238528 ----a-w- c:\windows\SysWow64\zpeng25.dll
2011-03-27 18:18 . 2011-03-27 18:20 -------- d-----w- c:\windows\SysWow64\ZoneLabs
2011-03-27 18:18 . 2010-05-15 20:30 453720 ----a-w- c:\windows\system32\drivers\vsdatant.sys
2011-03-27 10:59 . 2011-03-27 10:59 -------- d-----w- c:\program files\CheckPoint
2011-03-27 10:56 . 2011-03-27 10:56 -------- d-----w- c:\program files (x86)\Zone Labs
2011-03-27 10:55 . 2011-03-27 10:55 -------- d-----w- c:\programdata\CheckPoint
2011-03-27 10:55 . 2011-04-03 19:21 -------- d-----w- c:\windows\Internet Logs
2011-03-25 02:53 . 2011-03-25 02:53 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-03-25 02:41 . 2011-03-29 18:56 19528 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-03-25 02:41 . 2011-03-25 02:41 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-03-25 02:41 . 2011-03-25 02:53 -------- d-----w- c:\programdata\Hitman Pro
2011-03-25 02:39 . 2011-03-25 17:52 -------- d-----w- c:\program files\COMODO
2011-03-25 02:39 . 2011-03-25 02:39 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2011-03-25 01:50 . 2011-03-25 01:50 -------- d-----w- c:\users\a user name\AppData\Roaming\Malwarebytes
2011-03-25 01:50 . 2010-12-20 22:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-03-25 01:50 . 2011-03-25 01:50 -------- d-----w- c:\programdata\Malwarebytes
2011-03-25 01:50 . 2011-03-25 01:50 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-03-25 01:50 . 2010-12-20 22:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-19 22:06 . 2011-03-19 22:06 -------- d-----w- c:\program files (x86)\IObit
2011-03-15 18:19 . 2011-03-17 07:00 -------- d-----w- c:\users\a user name\AppData\Roaming\Spesoft Text To MP3
2011-03-15 18:19 . 2011-03-15 18:19 -------- d-----w- c:\program files (x86)\Spesoft Text To MP3 Speaker
2011-03-15 01:36 . 2011-03-25 15:08 -------- d-----w- c:\program files\CCleaner
2011-03-06 11:14 . 2011-03-06 11:14 -------- d-----w- c:\program files (x86)\YouTube Downloader
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-03 02:40 . 2010-08-09 22:03 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-01-20 16:46 . 2011-03-01 19:54 900480 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-01-20 16:17 . 2011-03-01 19:54 366592 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:17 . 2011-03-01 19:54 625152 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:16 . 2011-03-01 19:54 287232 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:16 . 2011-03-01 19:54 327680 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:16 . 2011-03-01 19:54 196096 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:16 . 2011-03-01 19:54 1268224 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:16 . 2011-03-01 19:54 748544 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:16 . 2011-03-01 19:54 47104 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:16 . 2011-03-01 19:54 3548672 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:16 . 2011-03-01 19:54 35840 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:14 . 2011-03-01 19:54 278528 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 16:14 . 2011-03-01 19:54 195072 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 16:08 . 2011-03-01 19:54 478720 ----a-w- c:\windows\SysWow64\dxgi.dll
2011-01-20 16:08 . 2011-03-01 19:54 219648 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2011-01-20 16:08 . 2011-03-01 19:54 160768 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2011-01-20 16:08 . 2011-03-01 19:54 1029120 ----a-w- c:\windows\SysWow64\d3d10.dll
2011-01-20 16:08 . 2011-03-01 19:54 189952 ----a-w- c:\windows\SysWow64\d3d10core.dll
2011-01-20 16:07 . 2011-03-01 19:54 258048 ----a-w- c:\windows\SysWow64\winspool.drv
2011-01-20 16:07 . 2011-03-01 19:54 586240 ----a-w- c:\windows\SysWow64\stobject.dll
2011-01-20 16:06 . 2011-03-01 19:54 2873344 ----a-w- c:\windows\SysWow64\mf.dll
2011-01-20 16:04 . 2011-03-01 19:54 209920 ----a-w- c:\windows\SysWow64\mfplat.dll
2011-01-20 16:04 . 2011-03-01 19:54 98816 ----a-w- c:\windows\SysWow64\mfps.dll
2011-01-20 15:01 . 2011-03-01 19:55 3068416 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 15:01 . 2011-03-01 19:55 1653760 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:59 . 2011-03-01 19:54 1032192 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:58 . 2011-03-01 19:54 1461760 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:57 . 2011-03-01 19:55 479744 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-20 14:57 . 2011-03-01 19:55 231936 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:42 . 2011-03-01 19:55 1257984 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:41 . 2011-03-01 19:55 428544 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:40 . 2011-03-01 19:54 345088 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:40 . 2011-03-01 19:54 34304 ----a-w- c:\windows\system32\mfpmp.exe
2011-01-20 14:40 . 2011-03-01 19:54 377344 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:37 . 2011-03-01 19:55 2002944 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:35 . 2011-03-01 19:54 566272 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 14:28 . 2011-03-01 19:55 1554432 ----a-w- c:\windows\SysWow64\xpsservices.dll
2011-01-20 14:27 . 2011-03-01 19:55 876032 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-01-20 14:25 . 2011-03-01 19:54 847360 ----a-w- c:\windows\SysWow64\OpcServices.dll
2011-01-20 14:24 . 2011-03-01 19:55 288768 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-01-20 14:24 . 2011-03-01 19:55 135680 ----a-w- c:\windows\SysWow64\XpsRasterService.dll
2011-01-20 14:15 . 2011-03-01 19:55 979456 ----a-w- c:\windows\SysWow64\MFH264Dec.dll
2011-01-20 14:14 . 2011-03-01 19:54 357376 ----a-w- c:\windows\SysWow64\MFHEAACdec.dll
2011-01-20 14:14 . 2011-03-01 19:54 302592 ----a-w- c:\windows\SysWow64\mfmp4src.dll
2011-01-20 14:14 . 2011-03-01 19:54 261632 ----a-w- c:\windows\SysWow64\mfreadwrite.dll
2011-01-20 14:12 . 2011-03-01 19:55 1172480 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2011-01-20 14:11 . 2011-03-01 19:54 486400 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2011-01-20 14:06 . 2011-03-01 19:55 834048 ----a-w- c:\windows\system32\d2d1.dll
2011-01-20 14:02 . 2011-03-01 19:55 1555968 ----a-w- c:\windows\system32\DWrite.dll
2011-01-20 14:02 . 2011-03-01 19:55 1147904 ----a-w- c:\windows\system32\FntCache.dll
2011-01-20 13:47 . 2011-03-01 19:55 683008 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-01-20 13:44 . 2011-03-01 19:55 1068544 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-01-14 05:38 . 2010-06-02 02:00 362784 ----a-w- c:\windows\system32\guard64.dll
2011-01-14 05:38 . 2010-06-02 02:00 89840 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-01-14 05:38 . 2010-06-04 18:55 250008 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-01-14 05:38 . 2010-06-02 02:00 38864 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-01-14 05:38 . 2010-06-02 02:00 14184 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-01-08 09:03 . 2011-02-26 20:56 48128 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 08:47 . 2011-02-26 20:56 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2011-01-08 06:45 . 2011-02-26 20:56 367104 ----a-w- c:\windows\system32\atmfd.dll
2011-01-08 06:28 . 2011-02-26 20:56 292352 ----a-w- c:\windows\SysWow64\atmfd.dll
2011-01-05 15:04 . 2011-01-05 15:04 737280 ----a-w- c:\windows\iun6002.exe
2010-02-10 08:18 . 2010-08-19 21:28 2131336 ----a-w- c:\program files (x86)\Common Files\AskToolbarInstaller.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-02-26 2987976]
"ccleaner"="c:\program files\CCleaner\CCleaner64.exe" [2011-03-23 3528504]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="c:\program files (x86)\Zone Labs\ZoneAlarm\zlclient.exe" [2011-02-18 1043968]
"TrojanScanner"="c:\program files (x86)\Trojan Remover\Trjscan.exe" [2010-11-24 1233856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R1 SABKUTIL;SABKUTIL; [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-05 136176]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files (x86)\Jumpstart\jswpsapi.exe [2008-04-16 954368]
R3 rspSanity;rspSanity;c:\windows\system32\DRIVERS\rspSanity64.sys [x]
R3 vsdatant7;vsdatant7; [x]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x64.sys [x]
R4 fbdpinger;fbdpinger; [x]
R4 KR10I64;KR10I64;c:\windows\system32\drivers\kr10i64.sys [x]
R4 KR10N64;KR10N64;c:\windows\system32\drivers\kr10n64.sys [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2008-04-04 36864]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-17 40960]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2011-02-15 33528]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2011-02-15 822264]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-04 175104]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2010-12-14 2019648]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2mdx64.sys [x]
S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sdx64.sys [x]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [x]
S3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [2008-04-25 84992]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2010-11-29 11856]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-03 c:\windows\Tasks\AWC Startup.job
- c:\program files (x86)\IObit\Advanced SystemCare 3\AWC.exe [2011-03-19 20:19]
.
2011-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-05 03:34]
.
2011-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-05 03:34]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2011-02-15 1123320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
FF - ProfilePath - c:\users\a user name\AppData\Roaming\Mozilla\Firefox\Profiles\r14hu0qm.LOUIS CYPHER\
FF - prefs.js: browser.startup.homepage - google.com
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: content.notify.interval - 750000
FF - user.js: content.max.tokenizing.time - 2250000
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6} - (no file)
ShellIconOverlayIdentifiers-{9AE343CB-BA45-4618-AF6A-0230EE6FC793} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\program files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\program files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files (x86)\TuneUp Utilities 2011\TuneUpSystemStatusCheck.exe
.
**************************************************************************
.
Completion time: 2011-04-03 15:29:14 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-03 19:29
.
Pre-Run: 191,441,571,840 bytes free
Post-Run: 187,061,592,064 bytes free
.
- - End Of File - - 1EF3233121E78FC452CF09ED75611D84

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:19 PM

Posted 03 April 2011 - 03:33 PM

Hi,

has this helped you to go online? The log is looking clean.

What applications have you tried to go online with? What did they say?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 novacamino4444

novacamino4444
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:19 AM

Posted 03 April 2011 - 03:45 PM

Hi Myrti,
No. I can still only get online in safe mode. I forget some things. When the browsers are trying to connect in the lower left corner of the browser it suddenly changes and says something like res\\iframe.dll and then it just stops trying to connect and says the server cannot be found. I am connecting by wifi, (only option as I am an over the road trucker). I am trying to go online with Internet explorer and or Firefox 4.0.
Thanks,
novacamino4444

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:19 PM

Posted 03 April 2011 - 04:02 PM

Hi,

could you please disable (or uninstall) all your security programs and let me know if you can then go online. It is possible that your firewall is blocking you for example.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 novacamino4444

novacamino4444
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:19 AM

Posted 03 April 2011 - 04:46 PM

Hi,
I disabled all the security and it still will not find the server. It did try something new though, it said it could not diagnose the problem because the diagnostic services were disabled. It has never said that before.
I have dealt with this problem over and over for years. No one has ever found anything in the computer although the Avira did find a couple of things the first time I tried running it with the UBCD 4 win, but I was not having the problem I amn right now, although it always ends up being this problem and then I have to wipe the drive and reinstall everything. I am hoping to not have to do that. Whatever security software I have tried it always ends up unusable. I have tried ov er the years zone alarm free, zone alarm pro, comodo free, Mcaffee security suite, Kaspersky securtiy suite, AVG free, Noton 360, Sygate firewall free, superantispyware free, and several other I do not recall. Whoever this hacker is made the zone alarm pro PERMANENTLY unusable, even after wiping the drive repeatedly 35 times. I know enough not to try and use multiple firewalls and multiple antimalware applications simultaneously. I can tell you one of the more interesting things that happend with the sygate firewall was that I serendipitously copied and pasted some of the binary code being displayed on the firewall itno the address bar and hit enter and it took me to a site that offered downloads to remote contolling software to hack a computer with. But I do not remember what it was. the other day they were opening my dvd drive over and over again. Anyway thank you for your assistance.
novacamino4444

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:19 PM

Posted 03 April 2011 - 04:55 PM

Hi,

I'm willing to bet that some of your issues come from using TuneUp and "optimizing your PC", there's a reason the registry is the way it is and deleting random parts of it usually doesn't end too well.


Do you use a router to connect to the internet?

Do you use Ipv4 or IPv6?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 novacamino4444

novacamino4444
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:19 AM

Posted 03 April 2011 - 05:29 PM

Hi,
no I do not use a router I connect with wifi at the truckstops.
Thanks
novacamino

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:19 PM

Posted 03 April 2011 - 05:48 PM

Hi,

can you elaborate a little on what happens in normal mode:

You launch internet explorer, which won't go online and then firefox launches by itself but can't get online either?

Cna you connect with instant messengers or similar? Do updates still work?

regards myrti

Edited by myrti, 03 April 2011 - 05:49 PM.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 novacamino4444

novacamino4444
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:19 AM

Posted 03 April 2011 - 06:02 PM

Hi Myrti,
Firefox does not open by itself, it just takes a few minutes to open but it does not connect either. When I try to connect to the wifi it takes much longer for the computer to successfully connect if at all. Then when I open IE it starts to find the webpage and suddenly gives out and says it cannot find the server. When I get firefox to open it does the same thing. I dop not know if I can instant message. Do you mean instant message in safe mode?
Thanks,
novacamino4444




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users