Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Encrypting Files, Trojan-Ransom?

Started by gustind , Mar 11 2009 11:28 PM

  • Please log in to reply

#1
gustind
Posted 11 March 2009 - 11:28 PM

gustind

    New Member

  • Member
  • Pip
  • 6 posts
Good day,

I was studying online while an Info window popped up. I disregarded the pop-up and noticed that my desktop had a !!Read Me!!.txt file on it. The text in the e-mail was as follows:

some files on your machine are encrypted and your private informations were collected and sent to us.to decrypt files so you could use them again, you have to buy our decryptor.after you buy decryptor, your files will be decrypted, and we will destroy your private informations from our system, and help you remove malicious software from your system.to buy decryptor, contact us at: [email protected] or [email protected] you dont contact us, your private informations will be shared and you will loose all your data.


I ran Kaspersky Anti-Virus as well as Malwarebytes' with little success. KAV removed the .exe files from my Windows folder. However the extent of the damage is still visible on my laptop where most of my files are encrypted. I'd like to confirm that there are no additional malware infections on my system. I think I am over losing the data since I have been reading up on the algorithim's used in this bloody thing.

Hijack this says:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:37:30, on 11/03/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ltmoh\ltmoh.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark 5400 Series\lxctmon.exe
C:\Program Files\Lexmark 5400 Series\ezprint.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Daniel\Program Files\DNA\btdna.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Daniel\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.shoptoshiba.ca/welcome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.shoptoshiba.ca/welcome
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"
O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll,[email protected]
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Daniel\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Wallpapers.lnk = ?
O4 - Global Startup: MiniEYE-MiniREAD Launch.lnk = C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: acaptuser32.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Icecast-trunk Streaming Media Server (Icecast-trunk) - Unknown owner - C:\Program Files\Icecast2 Win32\icecastService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxct_device - - C:\Windows\system32\lxctcoms.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 12927 bytes


Uninstall list is also available on demand. Thanks for the assistance.
  • 0

Advertisements

#2
kahdah
Posted 12 March 2009 - 06:38 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello gustind

Welcome to G2Go. :)
=====================
  • Download OTListIt2 to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
===========
Download the GMER Rootkit Scanner.
Click the Download exe button and save the randomly named file to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click randomlynamed.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.
  • 0

#3
gustind
Posted 12 March 2009 - 01:20 PM

gustind

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I tried GMER twice but I kept getting the blue screen half way through the scan. A dmp file is available if requied. The OTListIT is here:

OTListIt Extras logfile created on: 12/03/2009 14:51:16 - Run 1
OTListIt2 by OldTimer - Version 2.0.3.5 Folder = C:\Users\Daniel\Desktop
Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1.87 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 48.88% Memory free
4.00 Gb Paging File | 3.12 Gb Available in Paging File | 77.93% Paging File free
Paging file location(s): c:\pagefile.sys 2874 2875;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 173.27 Gb Total Space | 83.88 Gb Free Space | 48.41% Space Free | Partition Type: NTFS
Drive D: | 6.01 Gb Total Space | 5.95 Gb Free Space | 99.01% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DANIEL-LAPTOP
Current User Name: Daniel
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent (BitTorrent, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{0221A397-962E-6D84-F786-64E445617999}" = CCC Help English
"{08CB1B3E-D42C-3ED5-7896-F8BC31839315}" = Catalyst Control Center Localization Czech
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{0C9B3E29-3B8B-295E-773B-82F3516F17DD}" = CCC Help Thai
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{0D99E1E9-D28C-6806-0820-13E10082CE7B}" = CCC Help Italian
"{0DC5B855-1CE2-9EA3-AA12-78C8939F68EF}" = Catalyst Control Center Core Implementation
"{0E2C948E-44D6-9A1C-54E7-05217E7DCC13}" = CCC Help Dutch
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1B5AB0D6-4F7C-9B93-5323-9037F1E61142}" = CCC Help Chinese Standard
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{21EA2A28-3146-E63D-16EE-0BF9FA3D6F5E}" = Catalyst Control Center Localization German
"{22543949-70E8-45D0-A938-F38143EB8BF8}" = Catalyst Control Center - Branding
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{29411F51-EE9E-4403-8A72-B440E6520A57}" = vPorterACARS
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2BDF38E0-1A7F-4220-B4B7-118DD45E5E13}" = TOSHIBA Supervisor Password
"{31C97472-E522-A760-F46D-FC0648F77E9C}" = CCC Help French
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java™ 6 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{406AD3D7-F5BB-49C1-A280-6BCB5F6BC099}" = MySQL Server 5.0
"{40E3BE50-51A6-F8A0-DB5F-7C2698FA5E1F}" = CCC Help Spanish
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{432DC370-01EF-F2D8-34C3-27DCC9B13083}" = CCC Help Norwegian
"{44151656-ECAC-99DC-1AC5-1F06A1A62939}" = Catalyst Control Center Graphics Light
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{454AB369-FABF-EB84-FBC1-CA4E8FBD3926}" = Catalyst Control Center Localization Hungarian
"{470BB39A-7231-4077-AD3D-86067AD04604}" = Native Instruments Audio 8 DJ Driver
"{497268C1-AE62-4A1D-1129-1D03183538B0}" = Catalyst Control Center Localization Portuguese
"{4CE6623E-C867-81B3-8B94-A4FE021782BF}" = CCC Help Portuguese
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{55FE1E6B-4E8A-0F2B-5B36-8F4363A0AEBC}" = Catalyst Control Center Localization Chinese Traditional
"{59DC42FB-13A7-45E1-BCC3-37CE5977951E}" = CCC Help Japanese
"{59DF97C6-3144-FA5A-4380-6B891BB44812}" = CCC Help German
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5BBE3EAB-D749-0560-2C39-53DC8531CB01}" = Catalyst Control Center Localization Korean
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5F190B78-64A5-4B6C-9F17-EBB50FFA4E8E}" = Wallpapers
"{5F9EEE99-15FE-4AC4-B400-6C6568E87557}" = FS Design Studio V3
"{608738F2-51B4-CD53-C1CC-220363513ED7}" = CCC Help Czech
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{649C3B52-AA90-1F36-3D36-CE7F2BB1CB8C}" = Catalyst Control Center Localization Chinese Standard
"{654CABFA-4289-9EC0-F088-34BFCC84A798}" = Catalyst Control Center Localization Turkish
"{6580C5A3-2336-4EC5-85F1-3448C5F6208A}" = Kaspersky Anti-Virus 2009
"{65CC9CE1-AAF1-866B-B07E-FECC0B53277E}" = Catalyst Control Center Localization Danish
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A9DF7EE-E7B9-E4F1-204A-FE72F47231CB}" = CCC Help Finnish
"{6C06AC26-DBD1-46E5-9863-33E7633566E5}" = ActiveSky Version 6 and ActiveSky Graphics
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{7163A2F1-2DED-9EF4-24FC-06D607D2A9C9}" = Catalyst Control Center Graphics Full New
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{731341F3-55AA-8488-A3F1-3D4C43412C87}" = CCC Help Russian
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{7A929336-7D2E-C4E3-2AC9-CA80FBEB5701}" = Catalyst Control Center Localization Spanish
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{84C7D852-CDF6-7006-91C7-E6A54519E5D5}" = Catalyst Control Center Graphics Full Existing
"{870815CA-6B60-47B6-88DD-A67F42D2F03E}" = GPL MPEG-1/2 DirectShow Decoder Filter
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B288238-8225-4B7E-AAA2-5AB7D62200BD}" = Prop-Liners Collection
"{8E850D2A-F5E9-C322-ABFF-683C69686C13}" = Catalyst Control Center Localization Russian
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}_WebDesigner_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}_WebDesigner_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}_WebDesigner_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0026-0000-0000-0000000FF1CE}" = Microsoft Expression Web
"{90120000-0026-0000-0000-0000000FF1CE}_WebDesigner_{9037FDA8-8383-4B6F-859D-D49C3C625225}" = Microsoft Expression Web Service Pack 1 (SP1)
"{90120000-0026-0409-0000-0000000FF1CE}" = Microsoft Expression Web MUI (English)
"{90120000-0026-0409-0000-0000000FF1CE}_WebDesigner_{DA3B8FC6-8B1D-447A-A5EE-B226DCC10662}" = Microsoft Expression Web Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}_WebDesigner_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}_WebDesigner_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{924EB80F-C2BB-4B9F-8412-88BBA937393F}" = MobileMe Control Panel
"{93FE0FBE-23F5-7BF4-9085-6E046D609F22}" = CCC Help Chinese Traditional
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98E28570-B754-40B0-8B14-E242CB879EC5}" = Multisim 8
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A4512736-8D63-4298-9271-5329931FA46B}" = Microsoft SQL Server Management Studio Express
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A74BE9F1-1129-FB71-DA7B-96F5D99CA330}" = Catalyst Control Center Localization Finnish
"{A762A897-3E65-E264-5188-CBAD303064C2}" = Skins
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AB79C30D-A920-D219-B4FD-C9552A0419D3}" = CCC Help Polish
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AD6A78C4-AD77-448D-4F9D-43AD80C8D8FF}" = Catalyst Control Center Localization French
"{AEE482BA-1731-499C-346D-B5F498B7DBF8}" = CCC Help Turkish
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP1
"{B33CD700-6738-11D4-87FE-0080C6F974A2}" = eyeQ
"{B3E356C8-CEB3-467C-EA92-8FC2CA15AD51}" = Catalyst Control Center Localization Polish
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BBD408BC-486B-9857-C805-945F8F083877}" = CCC Help Swedish
"{BE044C42-908B-4952-5140-E2B8FD67F267}" = CCC Help Danish
"{BFC85CDC-BD7C-4FDD-9507-8D74B5A79404}" = TOSHIBA Hardware Setup
"{C29D1033-0247-FFC6-7895-204ABABA0F20}" = ccc-utility
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{C643EEE3-A55A-58D1-D543-ED46726288CB}" = CCC Help Greek
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D0B87CB2-8599-4975-0E50-DB2F8E6B9AE6}" = Catalyst Control Center Localization Thai
"{D64DCF1C-7A95-49A4-BAFA-C42B5CF6B8B6}" = Works Suite OS Pack
"{DA401137-8791-F77A-591C-F0BC3E7ED04E}" = Catalyst Control Center Localization Greek
"{DC9B7572-50C6-180D-916D-3E2CBD00C0C7}" = Catalyst Control Center Localization Japanese
"{DEB5C10B-9DD8-4D26-BBAF-37831290AAB1}" = Multisim 8
"{DFCFF0F1-005D-E317-733D-8D19D54FBF08}" = Catalyst Control Center Localization Swedish
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E748D6A5-D03D-BDE1-C094-DAE3F5BCEEF6}" = Catalyst Control Center Graphics Previews Vista
"{E8316038-8C38-52A8-9014-FD35536567E8}" = Catalyst Control Center Localization Dutch
"{E96A0335-C6EA-D11A-3A49-8586A8FED544}" = ccc-core-static
"{E9E6642B-0714-37B4-0248-D036B60F8F12}" = CCC Help Korean
"{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}" = Microsoft SQL Server VSS Writer
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F05E0039-D2A7-198B-B79E-285395EBB5BB}" = Catalyst Control Center Localization Italian
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}" = iTunes
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F734CA55-0939-1F1A-A8B5-19B91B3D4B1F}" = Catalyst Control Center Localization Norwegian
"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client
"{FE4C0830-A0F3-B67E-93BC-21C4B0BB0267}" = CCC Help Hungarian
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"421CGoldenEagle12" = Flight One Software - Skyhawk 172R
"ACSim_is1" = ACSim Version 1.0
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"Audacity_is1" = Audacity 1.2.6
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP1
"Cole2k Media - Codec Pack" = Cole2k Media - Codec Pack (Advanced) 7.1.0
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ExpressBurn" = Express Burn
"Flight Simulator 9.0" = Microsoft Flight Simulator 2004 A Century of Flight
"Fraps" = Fraps (remove only)
"FS_Real_Time" = FS Real Time v1.88
"Google Updater" = Google Updater
"Graphmatica" = Graphmatica
"HijackThis" = HijackThis 2.0.2
"Icecast2 Win32_is1" = Icecast 2.3.2
"InstallShield_{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{8B288238-8225-4B7E-AAA2-5AB7D62200BD}" = Prop-Liners Collection
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"InstallWIX_{6580C5A3-2336-4EC5-85F1-3448C5F6208A}" = Kaspersky Anti-Virus 2009
"IvAc_is1" = IvAc v1.1.12 (b183)
"Level-D Simulations 767-300" = Level-D Simulations 767-300
"Lexmark 5400 Series" = Lexmark 5400 Series
"LimeWire" = LimeWire 4.16.7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MixPad" = MixPad
"Mozilla Firefox (3.0.7)" = Mozilla Firefox (3.0.7)
"Native Instruments Audio 8 DJ Driver" = Native Instruments Audio 8 DJ Driver
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments Traktor DJ Studio 3" = Native Instruments Traktor DJ Studio 3
"OnlinePlay" = OnlinePlay 1.0
"PhotoStitch" = Canon Utilities PhotoStitch
"PROHYBRIDR" = 2007 Microsoft Office system
"RealPlayer 6.0" = RealPlayer
"RiseOfNationsExpansion 1.0" = Rise of Nations
"SquawkBox 3" = SquawkBox 3
"Switch" = Switch Sound File Converter
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"TWRTrainer" = TWRTrainer
"UltSounds" = Windows Sound Schemes
"UltSounds2" = Ultimate Extras sounds from Microsoft® Tinker™
"Verbose" = Verbose Uninstall
"VRC" = VRC
"WavePad" = WavePad Sound Editor
"WebDesigner" = Microsoft Expression Web
"Winamp" = Winamp
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"171a3bd25b2ddd36" = vroute.info
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 14/02/2009 11:02:22 | Computer Name = Daniel-Laptop | Source = MsiInstaller | ID = 1023
Description =

Error - 15/02/2009 11:03:49 | Computer Name = Daniel-Laptop | Source = MsiInstaller | ID = 10005
Description =

Error - 15/02/2009 11:03:49 | Computer Name = Daniel-Laptop | Source = MsiInstaller | ID = 1023
Description =

Error - 17/02/2009 11:02:52 | Computer Name = Daniel-Laptop | Source = MsiInstaller | ID = 10005
Description =

Error - 17/02/2009 11:02:53 | Computer Name = Daniel-Laptop | Source = MsiInstaller | ID = 1023
Description =

Error - 17/02/2009 20:02:18 | Computer Name = Daniel-Laptop | Source = Microsoft-Windows-RestartManager | ID = 10006
Description =

Error - 17/02/2009 20:02:38 | Computer Name = Daniel-Laptop | Source = Microsoft-Windows-RestartManager | ID = 10006
Description =

Error - 18/02/2009 12:52:18 | Computer Name = Daniel-Laptop | Source = MsiInstaller | ID = 10005
Description =

Error - 18/02/2009 12:52:19 | Computer Name = Daniel-Laptop | Source = MsiInstaller | ID = 1023
Description =

Error - 18/02/2009 18:01:47 | Computer Name = Daniel-Laptop | Source = Application Hang | ID = 1002
Description = The program ASv6.exe version 6.0.0.4411 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 11ac Start Time: 01c991ea8e060244 Termination Time: 108

[ Media Center Events ]
Error - 23/02/2009 16:39:25 | Computer Name = Daniel-Laptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 23/02/2009 19:21:33 | Computer Name = Daniel-Laptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 23/02/2009 21:34:38 | Computer Name = Daniel-Laptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 24/02/2009 10:16:44 | Computer Name = Daniel-Laptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 24/02/2009 20:39:04 | Computer Name = Daniel-Laptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 25/02/2009 10:33:38 | Computer Name = Daniel-Laptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 25/02/2009 20:27:02 | Computer Name = Daniel-Laptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 26/02/2009 10:52:13 | Computer Name = Daniel-Laptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 26/02/2009 19:05:52 | Computer Name = Daniel-Laptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 09/03/2009 15:43:31 | Computer Name = Daniel-Laptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ OSession Events ]
Error - 12/02/2009 22:02:51 | Computer Name = Daniel-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 905
seconds with 360 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 11/03/2009 19:42:37 | Computer Name = Daniel-Laptop | Source = Service Control Manager | ID = 7000
Description =

Error - 11/03/2009 19:42:37 | Computer Name = Daniel-Laptop | Source = Service Control Manager | ID = 7009
Description =

Error - 11/03/2009 19:42:37 | Computer Name = Daniel-Laptop | Source = Service Control Manager | ID = 7000
Description =

Error - 11/03/2009 19:46:32 | Computer Name = Daniel-Laptop | Source = Service Control Manager | ID = 7022
Description =

Error - 12/03/2009 12:27:24 | Computer Name = Daniel-Laptop | Source = HTTP | ID = 15016
Description =

Error - 12/03/2009 12:28:20 | Computer Name = Daniel-Laptop | Source = Service Control Manager | ID = 7000
Description =

Error - 12/03/2009 12:28:20 | Computer Name = Daniel-Laptop | Source = Service Control Manager | ID = 7009
Description =

Error - 12/03/2009 12:28:20 | Computer Name = Daniel-Laptop | Source = Service Control Manager | ID = 7000
Description =

Error - 12/03/2009 14:42:19 | Computer Name = Daniel-Laptop | Source = bowser | ID = 8003
Description =

Error - 12/03/2009 14:42:28 | Computer Name = Daniel-Laptop | Source = bowser | ID = 8003
Description =


< End of report >



OTListIt logfile created on: 12/03/2009 14:51:16 - Run 1
OTListIt2 by OldTimer - Version 2.0.3.5 Folder = C:\Users\Daniel\Desktop
Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1.87 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 48.88% Memory free
4.00 Gb Paging File | 3.12 Gb Available in Paging File | 77.93% Paging File free
Paging file location(s): c:\pagefile.sys 2874 2875;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 173.27 Gb Total Space | 83.88 Gb Free Space | 48.41% Space Free | Partition Type: NTFS
Drive D: | 6.01 Gb Total Space | 5.95 Gb Free Space | 99.01% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DANIEL-LAPTOP
Current User Name: Daniel
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
PRC - C:\Windows\system32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
PRC - C:\Program Files\Icecast2 Win32\icecastService.exe ()
PRC - C:\Windows\system32\lxctcoms.exe ( )
PRC - C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe ()
PRC - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\system32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
PRC - C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
PRC - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Windows\system32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
PRC - C:\Windows\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Winamp\winampa.exe ()
PRC - C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Lexmark 5400 Series\lxctmon.exe ()
PRC - C:\Program Files\Lexmark 5400 Series\ezprint.exe (Lexmark International Inc.)
PRC - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe (Kaspersky Lab)
PRC - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe ()
PRC - C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
PRC - C:\Users\Daniel\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE (Advanced Micro Devices Inc.)
PRC - C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
PRC - C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe ()
PRC - C:\Program Files\Wallpapers\Wallpaper_tray.exe (Thin Martian)
PRC - C:\Windows\ehome\ehmsas.exe (Microsoft Corporation)
PRC - C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe ()
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynToshiba.exe (Synaptics, Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
PRC - C:\Windows\system32\conime.exe (Microsoft Corporation)
PRC - C:\Users\Daniel\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (AdobeActiveFileMonitor6.0 [Auto | Running]) -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
SRV - (AgereModemAudio [Auto | Running]) -- C:\Windows\system32\agrsmsvc.exe (Agere Systems)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Ati External Event Utility [Auto | Stopped]) -- C:\Windows\system32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (AVP [Auto | Running]) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe (Kaspersky Lab)
SRV - (BcmSqlStartupSvc [Auto | Running]) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (CFSvcs [Auto | Running]) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (FontCache3.0.0.0 [On_Demand | Running]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (gusvc [Auto | Running]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (Icecast-trunk [Auto | Running]) -- C:\Program Files\Icecast2 Win32\icecastService.exe ()
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (lxct_device [Auto | Running]) -- C:\Windows\system32\lxctcoms.exe ( )
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (MSSQL$MSSMLBIZ [On_Demand | Stopped]) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper [Disabled | Stopped]) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (MySQL [Auto | Running]) -- C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe ()
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (SQLBrowser [Auto | Running]) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (SQLWriter [Auto | Running]) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (TNaviSrv [Auto | Running]) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (TODDSrv [Auto | Running]) -- C:\Windows\system32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (TosCoSrv [Auto | Running]) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (TOSHIBA Bluetooth Service [Auto | Stopped]) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (UleadBurningHelper [Auto | Running]) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc [Auto | Running]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (adp94xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (adpahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (adpu160m [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (adpu320 [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (AgereSoftModem [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\AGRSM.sys (Agere Systems)
DRV - (aic78xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (aliide [Disabled | Stopped]) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (arc [Disabled | Stopped]) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (arcsas [Disabled | Stopped]) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (athr [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\athr.sys (Atheros Communications, Inc.)
DRV - (atikmdag [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV - (AtiPcie [Boot | Running]) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV - (BrFiltLo [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (Brserid [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrSerWdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (cmdide [Disabled | Stopped]) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (E1G60 [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\E1G60I32.sys (Intel Corporation)
DRV - (elxstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (FwLnk [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\FwLnk.sys (TOSHIBA Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\Windows\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HpCISSs [Disabled | Stopped]) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (iaStorV [Disabled | Stopped]) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (iirsp [Disabled | Stopped]) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\Windows\system32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (iteatapi [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (iteraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (kl1 [System | Running]) -- C:\Windows\system32\DRIVERS\kl1.sys (Kaspersky Lab)
DRV - (klbg [Boot | Running]) -- C:\Windows\system32\drivers\klbg.sys (Kaspersky Lab)
DRV - (KLIF [System | Running]) -- C:\Windows\system32\DRIVERS\klif.sys (Kaspersky Lab)
DRV - (KLIM6 [System | Running]) -- C:\Windows\system32\DRIVERS\klim6.sys (Kaspersky Lab)
DRV - (LSI_FC [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (LSI_SAS [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (LSI_SCSI [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (MBAMSwissArmy [On_Demand | Stopped]) -- C:\Windows\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (megasas [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (Mraid35x [Disabled | Stopped]) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Ndisprot [On_Demand | Stopped]) -- C:\Windows\system32\drivers\Ndisprot.sys ()
DRV - (nfrd960 [Disabled | Stopped]) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (ntrigdigi [Disabled | Stopped]) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (nvraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (PxHelp20 [Boot | Running]) -- C:\Windows\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql2300 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (ql40xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (rimmptsk [Auto | Running]) -- C:\Windows\system32\DRIVERS\rimmptsk.sys (REDC)
DRV - (rimsptsk [Auto | Running]) -- C:\Windows\system32\DRIVERS\rimsptsk.sys (REDC)
DRV - (rismxdp [Auto | Running]) -- C:\Windows\system32\DRIVERS\rixdptsk.sys (REDC)
DRV - (RTL8169 [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\Rtlh86.sys (Realtek Corporation )
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Running]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (secdrv [Auto | Running]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SiSRaid2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (SiSRaid4 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (sptd [Boot | Running]) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (Symc8xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_hi [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Sym_u3 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (SynTP [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (tdcmdpst [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (tosrfec [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\tosrfec.sys (TOSHIBA Corporation)
DRV - (TVALZ [Boot | Running]) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (uliahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (UlSata [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (ulsata2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\Windows\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\Windows\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (UVCFTR [On_Demand | Running]) -- C:\Windows\System32\Drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)
DRV - (viaide [Disabled | Stopped]) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (vsmraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.shoptoshiba.ca/welcome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.shoptoshiba.ca/welcome

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}:6.0.06
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.7
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Components -> %ProgramFiles%\MOZILLA FIREFOX\COMPONENTS [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2009/03/11 09:20:11 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Plugins -> %ProgramFiles%\MOZILLA FIREFOX\PLUGINS [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2009/03/05 10:10:22 00,000,000 | ---D | M]
FF - C:\Users\Daniel\AppData\Roaming\mozilla\Extensions [2008/08/29 16:04:06 00,000,000 | ---D | M]
FF - C:\Users\Daniel\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2008/08/29 16:04:06 00,000,000 | ---D | M]
FF - C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\lgqus4cb.default\extensions [2009/03/11 14:26:48 00,000,000 | ---D | M]
FF - C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\lgqus4cb.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2009/03/11 14:26:49 00,000,000 | ---D | M]
FF - C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\lgqus4cb.default\extensions\[email protected] [2009/03/11 14:26:48 00,000,000 | ---D | M]
FF - C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\lgqus4cb.default\extensions\[email protected] [2009/03/11 14:26:48 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions [2009/03/11 14:02:35 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/03/05 10:10:22 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED} [2008/12/06 12:09:20 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} [2008/06/18 17:46:46 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [2008/08/08 08:06:37 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [2009/01/02 15:13:16 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions\[email protected] [2008/08/29 16:04:02 00,000,000 | ---D | M]

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - Reg Error: Key error. File not found
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" (Kaspersky Lab)
O4 - HKLM..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" (Chicony)
O4 - HKLM..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe" (Lexmark International Inc.)
O4 - HKLM..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s ()
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [LXCTCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll,[email protected] (Lexmark International Inc.)
O4 - HKLM..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe" ()
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKLM..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE (TOSHIBA Corporation)
O4 - HKLM..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" ()
O4 - HKLM..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide (Microsoft Corporation)
O4 - HKCU..\Run: [BitTorrent DNA] "C:\Users\Daniel\Program Files\DNA\btdna.exe" (BitTorrent, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun (DT Soft Ltd)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe (Agere Systems)
O4 - HKCU..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (Microsoft Corporation)
O4 - HKCU..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (Skype Technologies S.A.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [TOSCDSPD] TOSCDSPD.EXE File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra Button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll (Kaspersky Lab)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Expression\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] - C:\Windows\system32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] - C:\Windows\system32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [@%SystemRoot%\system32\wshtcpip.dll,-60103] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [NTDS] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zon...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/octet-stream - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\system32\acaptuser32.dll (Adobe Systems, Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd3.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\system32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\system32\klogon.dll (Kaspersky Lab)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\system32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\autoexec.bat () - [ NTFS ]
O33 - MountPoints2\{3a6d0861-2be5-11dd-943f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{3a6d0861-2be5-11dd-943f-806e6f6e6963}\Shell\AutoRun\command - "" = E:\stub.exe -- File not found
O33 - MountPoints2\{473e2305-c07f-11dd-877b-00a0d19c5bc6}\Shell\AutoRun\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\svchost.exe
O33 - MountPoints2\{473e2305-c07f-11dd-877b-00a0d19c5bc6}\Shell\open\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\svchost.exe
O33 - MountPoints2\{473e230a-c07f-11dd-877b-00a0d19c5bc6}\Shell - "" = AutoRun
O33 - MountPoints2\{473e230a-c07f-11dd-877b-00a0d19c5bc6}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{5285bcf8-59cb-11dd-a467-00a0d19c5bc6}\Shell\Auto\command - "" = F:\kav6.0.1 -- File not found
O33 - MountPoints2\{5285bcf8-59cb-11dd-a467-00a0d19c5bc6}\Shell\AutoRun\command - "" = C:\Windows\system32\Shell32.DLL -- [2008/11/06 09:14:25 | 11,580,928 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{5c02baea-b58f-11dd-ad52-00a0d19c5bc6}\Shell - "" = AutoRun
O33 - MountPoints2\{5c02baea-b58f-11dd-ad52-00a0d19c5bc6}\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found
O33 - MountPoints2\{bd9788f3-098e-11de-9616-00a0d19c5bc6}\Shell\AutoRun\command - "" = G:\ts_root\clock.exe -- File not found
O33 - MountPoints2\{bd9788f3-098e-11de-9616-00a0d19c5bc6}\Shell\open\command - "" = G:\ts_root\clock.exe -- File not found
O33 - MountPoints2\{c37ee2ae-6954-11dd-86f1-00a0d19c5bc6}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{e55629ee-a8fb-11dd-992e-00a0d19c5bc6}\Shell\AutoRun\command - "" = F:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe -- File not found
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\Windows\System32\*.tmp files]
[1 C:\Windows\*.tmp files]
[2009/03/12 12:39:56 | 00,497,664 | ---- | C] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTListIt2.exe
[2009/03/11 23:01:34 | 10,622,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
[2009/03/11 23:01:29 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2009/03/11 23:01:28 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2009/03/11 23:01:28 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2009/03/11 23:01:27 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2009/03/11 22:29:36 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\Daniel\Desktop\HiJackThis.exe
[2009/03/11 22:07:56 | 00,268,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll
[2009/03/11 21:04:28 | 02,033,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2009/03/11 16:23:54 | 00,064,032 | ---- | C] () -- C:\Users\Daniel\Desktop\AER200 ASGN1 NAV MAPTIME50Q-1.DOC.CRYPTED.crypted
[2009/03/11 16:23:53 | 01,124,624 | ---- | C] () -- C:\Users\Daniel\Desktop\BALKAN.SCT.crypted
[2009/03/11 16:23:53 | 00,024,784 | ---- | C] () -- C:\Users\Daniel\Desktop\DANIEL GUSTIN RESUME.DOCX.CRYPTED.crypted
[2009/03/11 16:23:53 | 00,014,416 | ---- | C] () -- C:\Users\Daniel\Desktop\PHY2.XLSX.CRYPTED.crypted
[2009/03/11 16:23:53 | 00,009,616 | ---- | C] () -- C:\Users\Daniel\Desktop\EYEQ_V3.3_SPEED_READING_BETA_11B_&_SERIAL.ISO-JGT.NFO.CRYPTED.crypted
[2009/03/11 16:23:36 | 18,561,776 | ---- | C] () -- C:\Users\Daniel\Desktop\PORTERDASH8-Q400.ZIP.CRYPTED.crypted
[2009/03/11 16:23:35 | 00,752,912 | ---- | C] () -- C:\Users\Daniel\Desktop\VPORTERACARS.ZIP.crypted
[2009/03/11 16:23:35 | 00,209,792 | ---- | C] () -- C:\Users\Daniel\Desktop\RAPTORSOFFER.PDF.CRYPTED.crypted
[2009/03/11 16:23:35 | 00,036,848 | ---- | C] () -- C:\Users\Daniel\Desktop\SENECA COLLEGE OF APPLIED ARTS AND TECHNOLOGY.DOCX.crypted
[2009/03/11 16:23:35 | 00,000,192 | ---- | C] () -- C:\Users\Daniel\Desktop\~$ORTER SOPSS.DOC.CRYPTED.crypted
[2009/03/11 16:23:35 | 00,000,176 | ---- | C] () -- C:\Users\Daniel\Desktop\~$R200 ASGN1 NAV MAPTIME50Q-1.DOC.crypted
[2009/03/11 16:07:38 | 20,112,17920 | -HS- | C] () -- C:\hiberfil.sys
[2009/03/11 14:20:37 | 00,047,728 | ---- | C] () -- C:\Users\Daniel\Documents\26-0726_0811-02_BO.PDF.CRYPTED.crypted
[2009/03/11 14:20:36 | 00,180,768 | ---- | C] () -- C:\Users\Daniel\Documents\3 PRACTICE ALTIMETRY PROBLEMS GIVEN IN CLASS NO ANSWERS.PPT.CRYPTED.crypted
[2009/03/11 14:20:35 | 01,022,032 | ---- | C] () -- C:\Users\Daniel\Documents\AC CIRCUIT ANALYSIS.PPTX.CRYPTED.crypted
[2009/03/11 14:20:26 | 06,201,472 | ---- | C] () -- C:\Users\Daniel\Documents\ATC_MAOPS_FR.PDF.CRYPTED.crypted
[2009/03/11 14:20:26 | 00,029,216 | ---- | C] () -- C:\Users\Daniel\Documents\BOSNIAN AND CROATIAN JOINT TRAINING DEPARTMENT.DOC.CRYPTED.crypted
[2009/03/11 14:20:25 | 00,167,456 | ---- | C] () -- C:\Users\Daniel\Documents\CE 3250 PROJECT REVISED.DOC.CRYPTED.crypted
[2009/03/11 14:20:25 | 00,015,648 | ---- | C] () -- C:\Users\Daniel\Documents\COPY OF SID STAR CHART.XLSX.CRYPTED.crypted
[2009/03/11 14:20:25 | 00,014,928 | ---- | C] () -- C:\Users\Daniel\Documents\COMESSAY.DOCX.CRYPTED.crypted
[2009/03/11 14:20:25 | 00,014,160 | ---- | C] () -- C:\Users\Daniel\Documents\COST OF FLYING.XLSX.CRYPTED.crypted
[2009/03/11 14:20:25 | 00,011,616 | ---- | C] () -- C:\Users\Daniel\Documents\COMPONENTS OF CULTURE.DOCX.CRYPTED.crypted
[2009/03/11 14:20:25 | 00,000,320 | ---- | C] () -- C:\Users\Daniel\Documents\CYQB-YTZ.SFP.CRYPTED.crypted
[2009/03/11 14:20:25 | 00,000,320 | ---- | C] () -- C:\Users\Daniel\Documents\CYHZ-CYTZ.SFP.CRYPTED.crypted
[2009/03/11 14:20:24 | 00,876,944 | ---- | C] () -- C:\Users\Daniel\Documents\ELE 200 LAB2.DOCX.CRYPTED.crypted
[2009/03/11 14:20:23 | 00,325,264 | ---- | C] () -- C:\Users\Daniel\Documents\EXERCISE PROBLEMS FOR STUDENTS (CH 4).PPTX.CRYPTED.crypted
[2009/03/11 14:20:23 | 00,247,440 | ---- | C] () -- C:\Users\Daniel\Documents\ENGINE.DOCX.CRYPTED.crypted
[2009/03/11 14:20:23 | 00,069,760 | ---- | C] () -- C:\Users\Daniel\Documents\HOSTING.PDF.CRYPTED.crypted
[2009/03/11 14:20:23 | 00,016,672 | ---- | C] () -- C:\Users\Daniel\Documents\HI.ACROBATSECURITYSETTINGS.CRYPTED.crypted
[2009/03/11 14:20:22 | 00,099,520 | ---- | C] () -- C:\Users\Daniel\Documents\ILS26.JPG.CRYPTED.crypted
[2009/03/11 14:20:22 | 00,087,072 | ---- | C] () -- C:\Users\Daniel\Documents\LAB.DOC.CRYPTED.crypted
[2009/03/11 14:20:22 | 00,027,616 | ---- | C] () -- C:\Users\Daniel\Documents\ICAO FLIGHT PLAN FORM.PDF.CRYPTED.crypted
[2009/03/11 14:20:22 | 00,000,288 | ---- | C] () -- C:\Users\Daniel\Documents\KEWR-CYTZ.SFP.CRYPTED.crypted
[2009/03/11 14:20:21 | 00,271,904 | ---- | C] () -- C:\Users\Daniel\Documents\LAB4.DOC.CRYPTED.crypted
[2009/03/11 14:20:20 | 00,828,960 | ---- | C] () -- C:\Users\Daniel\Documents\LAB5.DOC.CRYPTED.crypted
[2009/03/11 14:20:20 | 00,221,216 | ---- | C] () -- C:\Users\Daniel\Documents\LABDC 3.DOCX.CRYPTED.crypted
[2009/03/11 14:20:20 | 00,215,056 | ---- | C] () -- C:\Users\Daniel\Documents\MET FOR PPL.PDF.CRYPTED.crypted
[2009/03/11 14:20:19 | 00,072,224 | ---- | C] () -- C:\Users\Daniel\Documents\METEROLOGY 1.DOC.CRYPTED.crypted
[2009/03/11 14:20:18 | 00,261,344 | ---- | C] () -- C:\Users\Daniel\Documents\VFR%20PLANNING%20LOG%20-%20SIDE%20B.PDF.CRYPTED.crypted
[2009/03/11 14:20:18 | 00,209,136 | ---- | C] () -- C:\Users\Daniel\Documents\METEROLOGY 2.PDF.CRYPTED.crypted
[2009/03/11 14:20:18 | 00,192,832 | ---- | C] () -- C:\Users\Daniel\Documents\VFR%20PLANNING%20LOG%20-%20SIDE%20A.PDF.CRYPTED.crypted
[2009/03/11 14:20:18 | 00,143,392 | ---- | C] () -- C:\Users\Daniel\Documents\METEROLOGY 2.DOC.CRYPTED.crypted
[2009/03/11 14:20:18 | 00,049,184 | ---- | C] () -- C:\Users\Daniel\Documents\VFR.DOC.CRYPTED.crypted
[2009/03/11 14:20:18 | 00,012,624 | ---- | C] () -- C:\Users\Daniel\Documents\OCCURANCEREPORT.DOCX.CRYPTED.crypted
[2009/03/11 14:20:17 | 00,019,648 | ---- | C] () -- C:\Users\Daniel\Documents\WX PACKAGE FOR AER200.PDF.CRYPTED.crypted
[2009/03/11 14:20:17 | 00,000,320 | ---- | C] () -- C:\Users\Daniel\Documents\YUL-YTZ.SFP.CRYPTED.crypted
[2009/03/11 14:20:17 | 00,000,320 | ---- | C] () -- C:\Users\Daniel\Documents\YTZ-KEWR.SFP.CRYPTED.crypted
[2009/03/11 14:20:17 | 00,000,304 | ---- | C] () -- C:\Users\Daniel\Documents\YTZ-YUL.SFP.CRYPTED.crypted
[2009/03/11 14:20:17 | 00,000,304 | ---- | C] () -- C:\Users\Daniel\Documents\YTZ-YQB.SFP.CRYPTED.crypted
[2009/03/11 14:20:17 | 00,000,304 | ---- | C] () -- C:\Users\Daniel\Documents\YOW-YHZ.SFP.CRYPTED.crypted
[2009/03/11 14:20:17 | 00,000,288 | ---- | C] () -- C:\Users\Daniel\Documents\YTZ-YOW.SFP.CRYPTED.crypted
[2009/03/11 14:20:17 | 00,000,272 | ---- | C] () -- C:\Users\Daniel\Documents\YOW-YTZ.SFP.CRYPTED.crypted
[2009/03/06 15:38:30 | 00,000,006 | ---- | C] () -- C:\Windows\oodcnt3.ini
[2009/03/06 15:38:28 | 00,000,000 | ---D | C] -- C:\Program Files\Application name
[2009/03/04 01:30:24 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\SWF Studio
[2009/03/04 01:30:19 | 00,000,000 | -HSD | C] -- C:\Users\Daniel\AppData\Roaming\.#
[2009/03/04 01:30:15 | 00,002,519 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wallpapers.lnk
[2009/03/04 01:30:15 | 00,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Wallpapers
[2009/03/04 01:30:15 | 00,000,000 | ---D | C] -- C:\Program Files\Wallpapers
[2009/02/28 20:31:14 | 00,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2009/02/28 20:31:13 | 00,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2009/02/28 20:31:13 | 00,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2009/02/28 20:31:12 | 00,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2009/02/28 20:31:12 | 00,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2009/02/28 20:31:12 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2009/02/28 20:31:09 | 00,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2009/02/28 20:31:08 | 00,326,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2009/02/28 20:22:16 | 00,096,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfshim.dll
[2009/02/28 20:22:13 | 00,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscoree.dll
[2009/02/28 20:22:11 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2009/02/28 20:21:51 | 00,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2009/02/28 20:21:44 | 00,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2009/02/19 23:00:14 | 00,002,601 | ---- | C] () -- C:\Users\Daniel\Desktop\vPorterACARS.lnk
[2009/02/18 23:58:59 | 00,000,000 | ---D | C] -- C:\Users\Daniel\Documents\SQL Server Management Studio Express
[2009/02/17 20:05:31 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2009/02/17 20:05:11 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2009/02/17 20:04:58 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2009/02/17 20:01:15 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2009/02/17 00:50:12 | 00,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\CZYZ sector
[2009/02/14 11:02:53 | 01,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/02/14 11:02:53 | 00,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/02/14 11:02:53 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/02/14 11:02:51 | 03,580,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/02/14 11:02:51 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/02/14 11:02:51 | 00,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/02/14 11:02:49 | 01,166,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/02/14 11:02:48 | 00,827,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/02/14 11:02:46 | 06,069,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/02/14 11:01:55 | 00,000,000 | ---D | C] -- C:\Windows\SQL9_KB960089_ENU
[2009/02/13 08:44:43 | 00,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2009/02/13 08:44:12 | 00,000,000 | ---D | C] -- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/02/13 08:44:12 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/02/13 08:42:07 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/02/13 08:40:09 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/02/11 13:04:57 | 00,000,189 | ---- | C] () -- C:\Users\Daniel\Desktop\USB GUSTIN (G) - Shortcut.lnk

========== Files - Modified Within 30 Days ==========

[1 C:\Windows\System32\*.tmp files]
[1 C:\Windows\*.tmp files]
[2009/03/12 14:50:19 | 00,548,896 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox2.dat
[2009/03/12 14:50:17 | 00,004,004 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox2.idx
[2009/03/12 14:39:30 | 00,004,672 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/03/12 14:39:29 | 00,004,672 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/03/12 14:39:09 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/03/12 13:01:20 | 00,760,648 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/03/12 13:01:20 | 00,649,990 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/03/12 13:01:20 | 00,124,218 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/03/12 12:40:26 | 00,497,664 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTListIt2.exe
[2009/03/12 12:30:04 | 00,002,519 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wallpapers.lnk
[2009/03/12 12:27:23 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/03/12 12:27:09 | 00,399,056 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/03/12 12:25:46 | 20,112,17920 | -HS- | M] () -- C:\hiberfil.sys
[2009/03/12 01:45:01 | 08,074,784 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.dat
[2009/03/12 01:45:01 | 00,065,212 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.idx
[2009/03/12 01:40:43 | 02,600,666 | -H-- | M] () -- C:\Users\Daniel\AppData\Local\IconCache.db
[2009/03/11 22:29:54 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\Daniel\Desktop\HiJackThis.exe
[2009/03/11 19:36:00 | 00,239,120 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2009/03/11 19:36:00 | 00,033,808 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klbg.sys
[2009/03/11 19:35:51 | 00,101,287 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2009/03/11 19:35:51 | 00,089,601 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2009/03/11 16:23:54 | 01,124,624 | ---- | M] () -- C:\Users\Daniel\Desktop\BALKAN.SCT.crypted
[2009/03/11 16:23:54 | 00,064,032 | ---- | M] () -- C:\Users\Daniel\Desktop\AER200 ASGN1 NAV MAPTIME50Q-1.DOC.CRYPTED.crypted
[2009/03/11 16:23:53 | 18,561,776 | ---- | M] () -- C:\Users\Daniel\Desktop\PORTERDASH8-Q400.ZIP.CRYPTED.crypted
[2009/03/11 16:23:53 | 00,024,784 | ---- | M] () -- C:\Users\Daniel\Desktop\DANIEL GUSTIN RESUME.DOCX.CRYPTED.crypted
[2009/03/11 16:23:53 | 00,014,416 | ---- | M] () -- C:\Users\Daniel\Desktop\PHY2.XLSX.CRYPTED.crypted
[2009/03/11 16:23:53 | 00,009,616 | ---- | M] () -- C:\Users\Daniel\Desktop\EYEQ_V3.3_SPEED_READING_BETA_11B_&_SERIAL.ISO-JGT.NFO.CRYPTED.crypted
[2009/03/11 16:23:36 | 00,209,792 | ---- | M] () -- C:\Users\Daniel\Desktop\RAPTORSOFFER.PDF.CRYPTED.crypted
[2009/03/11 16:23:35 | 00,752,912 | ---- | M] () -- C:\Users\Daniel\Desktop\VPORTERACARS.ZIP.crypted
[2009/03/11 16:23:35 | 00,036,848 | ---- | M] () -- C:\Users\Daniel\Desktop\SENECA COLLEGE OF APPLIED ARTS AND TECHNOLOGY.DOCX.crypted
[2009/03/11 16:23:35 | 00,000,192 | ---- | M] () -- C:\Users\Daniel\Desktop\~$ORTER SOPSS.DOC.CRYPTED.crypted
[2009/03/11 16:23:35 | 00,000,176 | ---- | M] () -- C:\Users\Daniel\Desktop\~$R200 ASGN1 NAV MAPTIME50Q-1.DOC.crypted
[2009/03/11 14:31:23 | 00,000,006 | ---- | M] () -- C:\Windows\oodcnt3.ini
[2009/03/11 14:20:37 | 00,180,768 | ---- | M] () -- C:\Users\Daniel\Documents\3 PRACTICE ALTIMETRY PROBLEMS GIVEN IN CLASS NO ANSWERS.PPT.CRYPTED.crypted
[2009/03/11 14:20:37 | 00,047,728 | ---- | M] () -- C:\Users\Daniel\Documents\26-0726_0811-02_BO.PDF.CRYPTED.crypted
[2009/03/11 14:20:36 | 01,022,032 | ---- | M] () -- C:\Users\Daniel\Documents\AC CIRCUIT ANALYSIS.PPTX.CRYPTED.crypted
[2009/03/11 14:20:35 | 06,201,472 | ---- | M] () -- C:\Users\Daniel\Documents\ATC_MAOPS_FR.PDF.CRYPTED.crypted
[2009/03/11 14:20:26 | 00,167,456 | ---- | M] () -- C:\Users\Daniel\Documents\CE 3250 PROJECT REVISED.DOC.CRYPTED.crypted
[2009/03/11 14:20:26 | 00,029,216 | ---- | M] () -- C:\Users\Daniel\Documents\BOSNIAN AND CROATIAN JOINT TRAINING DEPARTMENT.DOC.CRYPTED.crypted
[2009/03/11 14:20:25 | 00,876,944 | ---- | M] () -- C:\Users\Daniel\Documents\ELE 200 LAB2.DOCX.CRYPTED.crypted
[2009/03/11 14:20:25 | 00,015,648 | ---- | M] () -- C:\Users\Daniel\Documents\COPY OF SID STAR CHART.XLSX.CRYPTED.crypted
[2009/03/11 14:20:25 | 00,014,928 | ---- | M] () -- C:\Users\Daniel\Documents\COMESSAY.DOCX.CRYPTED.crypted
[2009/03/11 14:20:25 | 00,014,160 | ---- | M] () -- C:\Users\Daniel\Documents\COST OF FLYING.XLSX.CRYPTED.crypted
[2009/03/11 14:20:25 | 00,011,616 | ---- | M] () -- C:\Users\Daniel\Documents\COMPONENTS OF CULTURE.DOCX.CRYPTED.crypted
[2009/03/11 14:20:25 | 00,000,320 | ---- | M] () -- C:\Users\Daniel\Documents\CYQB-YTZ.SFP.CRYPTED.crypted
[2009/03/11 14:20:25 | 00,000,320 | ---- | M] () -- C:\Users\Daniel\Documents\CYHZ-CYTZ.SFP.CRYPTED.crypted
[2009/03/11 14:20:24 | 00,247,440 | ---- | M] () -- C:\Users\Daniel\Documents\ENGINE.DOCX.CRYPTED.crypted
[2009/03/11 14:20:23 | 00,325,264 | ---- | M] () -- C:\Users\Daniel\Documents\EXERCISE PROBLEMS FOR STUDENTS (CH 4).PPTX.CRYPTED.crypted
[2009/03/11 14:20:23 | 00,069,760 | ---- | M] () -- C:\Users\Daniel\Documents\HOSTING.PDF.CRYPTED.crypted
[2009/03/11 14:20:23 | 00,027,616 | ---- | M] () -- C:\Users\Daniel\Documents\ICAO FLIGHT PLAN FORM.PDF.CRYPTED.crypted
[2009/03/11 14:20:23 | 00,016,672 | ---- | M] () -- C:\Users\Daniel\Documents\HI.ACROBATSECURITYSETTINGS.CRYPTED.crypted
[2009/03/11 14:20:22 | 00,271,904 | ---- | M] () -- C:\Users\Daniel\Documents\LAB4.DOC.CRYPTED.crypted
[2009/03/11 14:20:22 | 00,099,520 | ---- | M] () -- C:\Users\Daniel\Documents\ILS26.JPG.CRYPTED.crypted
[2009/03/11 14:20:22 | 00,087,072 | ---- | M] () -- C:\Users\Daniel\Documents\LAB.DOC.CRYPTED.crypted
[2009/03/11 14:20:22 | 00,000,288 | ---- | M] () -- C:\Users\Daniel\Documents\KEWR-CYTZ.SFP.CRYPTED.crypted
[2009/03/11 14:20:21 | 00,828,960 | ---- | M] () -- C:\Users\Daniel\Documents\LAB5.DOC.CRYPTED.crypted
[2009/03/11 14:20:20 | 00,221,216 | ---- | M] () -- C:\Users\Daniel\Documents\LABDC 3.DOCX.CRYPTED.crypted
[2009/03/11 14:20:20 | 00,215,056 | ---- | M] () -- C:\Users\Daniel\Documents\MET FOR PPL.PDF.CRYPTED.crypted
[2009/03/11 14:20:19 | 00,143,392 | ---- | M] () -- C:\Users\Daniel\Documents\METEROLOGY 2.DOC.CRYPTED.crypted
[2009/03/11 14:20:19 | 00,072,224 | ---- | M] () -- C:\Users\Daniel\Documents\METEROLOGY 1.DOC.CRYPTED.crypted
[2009/03/11 14:20:18 | 00,261,344 | ---- | M] () -- C:\Users\Daniel\Documents\VFR%20PLANNING%20LOG%20-%20SIDE%20B.PDF.CRYPTED.crypted
[2009/03/11 14:20:18 | 00,209,136 | ---- | M] () -- C:\Users\Daniel\Documents\METEROLOGY 2.PDF.CRYPTED.crypted
[2009/03/11 14:20:18 | 00,192,832 | ---- | M] () -- C:\Users\Daniel\Documents\VFR%20PLANNING%20LOG%20-%20SIDE%20A.PDF.CRYPTED.crypted
[2009/03/11 14:20:18 | 00,049,184 | ---- | M] () -- C:\Users\Daniel\Documents\VFR.DOC.CRYPTED.crypted
[2009/03/11 14:20:18 | 00,012,624 | ---- | M] () -- C:\Users\Daniel\Documents\OCCURANCEREPORT.DOCX.CRYPTED.crypted
[2009/03/11 14:20:17 | 00,019,648 | ---- | M] () -- C:\Users\Daniel\Documents\WX PACKAGE FOR AER200.PDF.CRYPTED.crypted
[2009/03/11 14:20:17 | 00,000,320 | ---- | M] () -- C:\Users\Daniel\Documents\YUL-YTZ.SFP.CRYPTED.crypted
[2009/03/11 14:20:17 | 00,000,320 | ---- | M] () -- C:\Users\Daniel\Documents\YTZ-KEWR.SFP.CRYPTED.crypted
[2009/03/11 14:20:17 | 00,000,304 | ---- | M] () -- C:\Users\Daniel\Documents\YTZ-YUL.SFP.CRYPTED.crypted
[2009/03/11 14:20:17 | 00,000,304 | ---- | M] () -- C:\Users\Daniel\Documents\YTZ-YQB.SFP.CRYPTED.crypted
[2009/03/11 14:20:17 | 00,000,304 | ---- | M] () -- C:\Users\Daniel\Documents\YOW-YHZ.SFP.CRYPTED.crypted
[2009/03/11 14:20:17 | 00,000,288 | ---- | M] () -- C:\Users\Daniel\Documents\YTZ-YOW.SFP.CRYPTED.crypted
[2009/03/11 14:20:17 | 00,000,272 | ---- | M] () -- C:\Users\Daniel\Documents\YOW-YTZ.SFP.CRYPTED.crypted
[2009/03/08 21:09:19 | 00,002,601 | ---- | M] () -- C:\Users\Daniel\Desktop\vPorterACARS.lnk
[2009/03/07 16:29:12 | 00,079,360 | ---- | M] () -- C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/06 22:28:46 | 00,000,074 | ---- | M] () -- C:\Windows\ACSim.ini
[2009/02/19 19:14:30 | 21,034,9696 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/02/17 20:06:46 | 00,000,771 | ---- | M] () -- C:\Users\Daniel\Documents\My Sharing Folders.lnk
[2009/02/11 13:04:57 | 00,000,189 | ---- | M] () -- C:\Users\Daniel\Desktop\USB GUSTIN (G) - Shortcut.lnk

========== LOP Check ==========

[2009/03/12 12:27:23 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/03/12 01:44:25 | 00,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >
  • 0

#4
kahdah
Posted 13 March 2009 - 05:59 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please plug in any removable drives that you have before running Combofix:
=====================================================
Download ComboFix from one of these locations:

Link 1
Link 2
Link 3


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#5
gustind
Posted 13 March 2009 - 12:06 PM

gustind

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
ComboFix 09-03-12.01 - Daniel 2009-03-13 13:57:13.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.1917.1125 [GMT -4:00]
Running from: c:\users\Daniel\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Daniel\AppData\Roaming\.#
c:\users\Daniel\AppData\Roaming\.#\[email protected]@1BC28F8.###
c:\users\Daniel\AppData\Roaming\.#\[email protected]@1BC2928.###
c:\users\Daniel\AppData\Roaming\.#\[email protected]@1BC2958.###
c:\users\Daniel\AppData\Roaming\.#\[email protected]@E228F8.###
c:\users\Daniel\AppData\Roaming\.#\[email protected]@E22928.###
c:\users\Daniel\AppData\Roaming\.#\[email protected]@E22958.###
c:\users\Daniel\AppData\Roaming\.#\[email protected]@3C28F8.###
c:\users\Daniel\AppData\Roaming\.#\[email protected]@3C2928.###
c:\users\Daniel\AppData\Roaming\.#\[email protected]@3C2958.###
D:\resycled

.
((((((((((((((((((((((((( Files Created from 2009-02-13 to 2009-03-13 )))))))))))))))))))))))))))))))
.

2009-03-11 23:01 . 2008-12-15 23:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2009-03-11 23:01 . 2008-12-16 01:31 7,680 --a------ c:\windows\System32\spwmp.dll
2009-03-11 23:01 . 2008-12-16 01:31 4,096 --a------ c:\windows\System32\msdxm.ocx
2009-03-11 23:01 . 2008-12-16 01:31 4,096 --a------ c:\windows\System32\dxmasf.dll
2009-03-11 22:07 . 2008-11-27 00:43 268,288 --a------ c:\windows\System32\schannel.dll
2009-03-11 21:04 . 2009-02-08 23:10 2,033,152 --a------ c:\windows\System32\win32k.sys
2009-03-06 15:38 . 2009-03-06 15:38 <DIR> d-------- c:\program files\Application name
2009-03-06 15:38 . 2009-03-11 14:31 6 --a------ c:\windows\oodcnt3.ini
2009-03-04 01:30 . 2009-03-04 01:30 <DIR> d-------- c:\users\Daniel\AppData\Roaming\Wallpapers
2009-03-04 01:30 . 2009-03-04 01:30 <DIR> d-------- c:\program files\Wallpapers
2009-03-04 01:30 . 2009-03-04 01:30 <DIR> d-------- c:\program files\Common Files\SWF Studio
2009-03-02 20:15 . 2009-03-02 22:38 <DIR> d-------- c:\users\Daniel\The Lord of the Rings-The Return of the King-Extended Edition[2003]DVDrip[AC-3(5.1)ENG][UKB-RG Xvid]-keltz
2009-02-28 20:31 . 2008-06-19 21:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
2009-02-28 20:31 . 2008-06-19 21:14 622,080 --a------ c:\windows\System32\icardagt.exe
2009-02-28 20:31 . 2008-06-19 21:14 326,160 --a------ c:\windows\System32\PresentationHost.exe
2009-02-28 20:31 . 2008-06-19 21:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2009-02-28 20:31 . 2008-06-19 21:14 97,800 --a------ c:\windows\System32\infocardapi.dll
2009-02-28 20:31 . 2008-06-19 21:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
2009-02-28 20:31 . 2008-06-19 21:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl
2009-02-28 20:31 . 2008-06-19 21:14 11,264 --a------ c:\windows\System32\icardres.dll
2009-02-28 20:22 . 2008-07-27 14:03 282,112 --a------ c:\windows\System32\mscoree.dll
2009-02-28 20:22 . 2008-07-27 14:03 96,760 --a------ c:\windows\System32\dfshim.dll
2009-02-28 20:22 . 2008-07-27 14:03 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-02-28 20:21 . 2008-07-27 14:03 158,720 --a------ c:\windows\System32\mscorier.dll
2009-02-28 20:21 . 2008-07-27 14:03 83,968 --a------ c:\windows\System32\mscories.dll
2009-02-22 02:00 . 2009-02-22 02:00 <DIR> d-------- c:\users\Daniel\q400
2009-02-21 23:04 . 2009-02-22 01:58 47,468,688 --a------ c:\users\Daniel\FS2004 Aerosim Propliners.zip
2009-02-21 22:07 . 2009-02-26 18:08 <DIR> d-------- c:\users\Daniel\marko.perkovic.thompson.diskografija.[www.balwa.ath.cx]
2009-02-19 20:52 . 2009-02-19 20:52 <DIR> d-------- c:\users\Daniel\flightplans
2009-02-19 20:45 . 2009-02-19 20:45 <DIR> d-------- c:\users\Daniel\crews
2009-02-17 20:18 . 2009-03-12 15:19 <DIR> d-------- c:\users\Daniel\Tracing
2009-02-17 20:05 . 2009-02-17 20:05 <DIR> d-------- c:\program files\Microsoft
2009-02-17 20:04 . 2009-02-17 20:04 <DIR> d-------- c:\program files\Windows Live SkyDrive
2009-02-17 20:01 . 2009-02-17 20:01 <DIR> d-------- c:\program files\Common Files\Windows Live
2009-02-16 16:25 . 2009-02-16 16:26 <DIR> d-------- c:\users\Daniel\Native Instruments Traktor DJ Studio 3.4.1.040
2009-02-14 11:02 . 2009-01-14 23:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-02-14 11:02 . 2009-01-15 02:11 827,392 --a------ c:\windows\System32\wininet.dll
2009-02-14 11:01 . 2009-02-14 11:02 <DIR> d-------- c:\windows\SQL9_KB960089_ENU
2009-02-13 08:44 . 2009-02-13 08:44 <DIR> d----c--- c:\windows\System32\DRVSTORE
2009-02-13 08:44 . 2009-02-13 08:44 <DIR> d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-02-13 08:44 . 2009-02-13 08:44 <DIR> d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-02-13 08:44 . 2009-02-13 08:44 <DIR> d-------- c:\program files\iTunes
2009-02-13 08:44 . 2008-04-17 14:12 107,368 --a------ c:\windows\System32\GEARAspi.dll
2009-02-13 08:44 . 2008-04-17 14:12 15,464 --a------ c:\windows\System32\drivers\GEARAspiWDM.sys
2009-02-13 08:42 . 2009-02-13 08:42 <DIR> d-------- c:\program files\Bonjour
2009-02-13 08:40 . 2009-02-13 08:41 <DIR> d-------- c:\program files\QuickTime

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-13 18:01 --------- d-----w c:\users\Daniel\AppData\Roaming\DNA
2009-03-13 17:36 --------- d-----w c:\users\Daniel\AppData\Roaming\Skype
2009-03-13 15:54 --------- d-----w c:\users\Daniel\AppData\Roaming\skypePM
2009-03-13 12:04 581,664 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-03-13 12:03 --------- d-----w c:\programdata\Microsoft Help
2009-03-13 12:02 4,116 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-03-12 19:40 --------- d-----w c:\programdata\Google Updater
2009-03-12 19:19 --------- d-----w c:\programdata\Kaspersky Lab
2009-03-12 05:45 8,074,784 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-03-12 05:45 65,212 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-03-11 23:36 33,808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-03-11 23:35 89,601 ----a-w c:\windows\system32\drivers\klick.dat
2009-03-11 23:35 101,287 ----a-w c:\windows\system32\drivers\klin.dat
2009-03-11 20:19 --------- d-----w c:\program files\SUPERAntiSpyware
2009-03-11 20:16 --------- d-----w c:\program files\DNA
2009-03-11 18:31 --------- d-----w c:\program files\Lx_cats
2009-03-11 18:26 --------- d-----w c:\programdata\FLEXnet
2009-03-11 18:26 --------- d-----w c:\program files\VRC1
2009-03-11 00:30 --------- d-----w c:\program files\ServInfo
2009-03-04 05:30 --------- d-----w c:\users\Daniel\AppData\Roaming\BitTorrent
2009-02-22 06:02 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-18 00:04 --------- d-----w c:\program files\Windows Live
2009-02-13 12:44 --------- d-----w c:\program files\iPod
2009-02-13 12:44 --------- d-----w c:\program files\Common Files\Apple
2009-02-12 15:16 --------- d-----w c:\users\Daniel\AppData\Roaming\5400 Series
2009-02-08 04:42 737,280 ----a-w c:\windows\iun6002.exe
2009-02-07 16:34 --------- d-----w c:\users\Daniel\AppData\Roaming\LimeWire
2009-02-07 16:34 --------- d-----w c:\program files\IVAO
2009-02-06 23:52 49,504 ----a-w c:\windows\System32\sirenacm.dll
2009-02-06 16:12 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-02-02 20:40 174 --sha-w c:\program files\desktop.ini
2009-02-02 20:29 --------- d-----w c:\program files\Windows Sidebar
2009-02-02 20:29 --------- d-----w c:\program files\Windows Photo Gallery
2009-02-02 20:29 --------- d-----w c:\program files\Windows Mail
2009-02-02 20:29 --------- d-----w c:\program files\Windows Journal
2009-02-02 20:29 --------- d-----w c:\program files\Windows Defender
2009-02-02 20:29 --------- d-----w c:\program files\Windows Collaboration
2009-02-02 20:29 --------- d-----w c:\program files\Windows Calendar
2009-02-02 16:37 82,432 ----a-w c:\windows\System32\axaltocm.dll
2009-02-02 16:37 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2009-01-29 23:17 --------- d-----w c:\program files\FS Real Time
2009-01-26 05:51 --------- d-----w c:\users\Daniel\AppData\Roaming\NCH Swift Sound
2009-01-26 05:51 --------- d-----w c:\program files\NCH Swift Sound
2009-01-22 22:18 --------- d-----w c:\program files\MSECache
2009-01-02 19:12 410,984 ----a-w c:\windows\System32\deploytk.dll
2008-10-18 01:43 348,824 ----a-w c:\users\Daniel\MixPad setup.exe
2008-12-04 22:10 61 --sh--w c:\windows\cnerolf.dat
2008-12-12 03:40 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-12-12 03:40 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-12-12 03:40 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2007-01-09 191552]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"BitTorrent DNA"="c:\users\Daniel\Program Files\DNA\btdna.exe" [2009-03-11 342848]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-03-11 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-15 102400]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-05-22 538744]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-05-22 413696]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2007-01-09 191552]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-15 448080]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-02 136600]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 411192]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-07-09 36352]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-11 67488]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-09-10 185896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"lxctmon.exe"="c:\program files\Lexmark 5400 Series\lxctmon.exe" [2006-11-22 291760]
"Lexmark 5400 Series Fax Server"="c:\program files\Lexmark 5400 Series\fm3032.exe" [2006-11-22 304048]
"EzPrint"="c:\program files\Lexmark 5400 Series\ezprint.exe" [2006-11-22 82864]
"LXCTCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [2006-11-21 106496]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-03-11 206088]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-09 c:\windows\RtHDVCpl.exe]

c:\users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Wallpapers.lnk - c:\users\Daniel\AppData\Roaming\Microsoft\Installer\{5F190B78-64A5-4B6C-9F17-EBB50FFA4E8E}\_24A1F02D259352EF048309.exe [2009-03-04 134658]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
MiniEYE-MiniREAD Launch.lnk - c:\program files\Infinite Mind LC\eyeQ\ARLaunch.exe [2008-11-18 323584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-02-05 11:22 356352 c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=acaptuser32.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\vio\dvacm.acm
"msacm.ac3filter"= ac3filter.acm
"vidc.hfyu"= huffyuv.dll
"msacm.divxa32"= DivXa32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"UDP Query User{213D39A8-9783-410C-BBAE-D077BF453E69}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{0D4C09D7-1D05-4F41-9433-6F4E63E360AB}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{66B6CB93-9F14-4CF9-9B36-4A0EFF109056}c:\\program files\\vrc\\vrc.exe"= TCP:c:\program files\vrc\vrc.exe:VRC
"TCP Query User{FE06D090-68B4-4649-A029-8A955ADB0447}c:\\program files\\vrc\\vrc.exe"= UDP:c:\program files\vrc\vrc.exe:VRC
"UDP Query User{A0D44FC7-C39D-444A-8DFE-5221D1554C8D}c:\\program files\\vrc\\vrc.exe"= TCP:c:\program files\vrc\vrc.exe:VRC
"TCP Query User{875CEBE8-76C7-4B8A-95CB-5A8EE824235F}c:\\program files\\vrc\\vrc.exe"= UDP:c:\program files\vrc\vrc.exe:VRC
"{B03FDFCC-DEDB-459D-BDC2-ACFDAE074F21}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B475B9BF-1AAB-41EE-9413-60360A5223E1}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C8C7E91B-C973-46FA-A01C-7D5FFAAD0348}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{C447A080-3810-46CB-88BA-49327F08CA1F}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"UDP Query User{C6A0E22A-EFEC-433A-9AAD-C5AFCF35AEF4}c:\\windows\\system32\\dpnsvr.exe"= TCP:c:\windows\system32\dpnsvr.exe:Microsoft DirectPlay8 Server
"TCP Query User{5013E563-45AD-4EF9-99AB-444D10695E8B}c:\\windows\\system32\\dpnsvr.exe"= UDP:c:\windows\system32\dpnsvr.exe:Microsoft DirectPlay8 Server
"UDP Query User{944B05F6-DFD2-4D41-AC6B-714742680E27}c:\\program files\\microsoft games\\flight simulator 9\\fs9.exe"= TCP:c:\program files\microsoft games\flight simulator 9\fs9.exe:Microsoft Flight Simulator
"TCP Query User{EF5620A6-6CF2-49C7-A2AB-729CE4C8A3EA}c:\\program files\\microsoft games\\flight simulator 9\\fs9.exe"= UDP:c:\program files\microsoft games\flight simulator 9\fs9.exe:Microsoft Flight Simulator
"{66144DD3-6345-4A05-A808-50045574877D}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"UDP Query User{C3EDE767-7054-46FE-B718-94BD540A0F2D}c:\\program files\\microsoft games\\flight simulator 9\\fs9.exe"= TCP:c:\program files\microsoft games\flight simulator 9\fs9.exe:Microsoft Flight Simulator
"TCP Query User{A0735644-D4EE-400A-A465-906D4B11478C}c:\\program files\\microsoft games\\flight simulator 9\\fs9.exe"= UDP:c:\program files\microsoft games\flight simulator 9\fs9.exe:Microsoft Flight Simulator
"UDP Query User{2CD0B2D2-02BC-4CF9-AF43-078CC35B2F4F}c:\\windows\\system32\\dpnsvr.exe"= TCP:c:\windows\system32\dpnsvr.exe:Microsoft DirectPlay8 Server
"TCP Query User{CAE471D8-49D4-4C14-AABA-A6722D100D3E}c:\\windows\\system32\\dpnsvr.exe"= UDP:c:\windows\system32\dpnsvr.exe:Microsoft DirectPlay8 Server
"{F220A67B-A726-441C-9FAD-473677DE7ED7}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{A04297A5-3F81-4EEB-B300-B6128F55A86A}c:\\program files\\squawkbox3\\squawkbox.exe"= UDP:c:\program files\squawkbox3\squawkbox.exe:squawkbox.exe
"UDP Query User{7B3A5F30-44AA-4D88-8BAB-02DF41717073}c:\\program files\\squawkbox3\\squawkbox.exe"= TCP:c:\program files\squawkbox3\squawkbox.exe:squawkbox.exe
"{C9CFE0F6-B383-4F33-B966-AEA098E3409F}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{CD240E72-3270-45CA-BA33-7DDC6778B8CF}"= TCP:c:\program files\DNA\btdna.exe:DNA
"{8FB74790-E643-4CF5-B1CB-C5BBB5E67831}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{E38D8FF1-3A7E-476C-B770-0384448FF6DF}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{ED0253E1-69D3-44FF-A16F-4F0E02873CB1}c:\\users\\daniel\\program files\\dna\\btdna.exe"= UDP:c:\users\daniel\program files\dna\btdna.exe:btdna.exe
"UDP Query User{467CC3D5-C20C-46AB-8029-F9ADDC340E90}c:\\users\\daniel\\program files\\dna\\btdna.exe"= TCP:c:\users\daniel\program files\dna\btdna.exe:btdna.exe
"{FD1D7AB4-C10F-4A88-9E8D-759DA4EB9634}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{70731F3F-22B9-450A-B61E-8BE2BE87D0D1}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{CAF04D61-87BF-44C1-B2D4-FE1CFF505B7D}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{FFBDF2B9-2D1F-4342-9705-7759622C58F3}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{D9F188A4-3C36-491D-9AE5-1B0F8482B355}"= UDP:c:\program files\Microsoft Games\Rise of Nations\thrones.exe:Rise of Nations
"{1EA7F069-0E92-4332-A174-244723CE30ED}"= TCP:c:\program files\Microsoft Games\Rise of Nations\thrones.exe:Rise of Nations
"{E6B270D9-D606-4764-B03D-931CAC31CE4D}"= Disabled:UDP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{8A0BF977-51F7-45ED-9ABC-D99F98FAEFFD}"= Disabled:TCP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"TCP Query User{C4B0643F-BE31-4E01-8797-B324223A4859}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{DDB7DEFD-A0D3-434D-88DF-05FBC7612734}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"{B4BDBE31-9D21-455D-B536-39B4A5517449}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{3AAE3857-1AE5-418A-A076-F4E495DBE097}c:\\program files\\squawkbox3\\squawkbox_fs.exe"= UDP:c:\program files\squawkbox3\squawkbox_fs.exe:squawkbox_fs.exe
"UDP Query User{8FD26B56-6056-42C3-B239-3DA768DFFB26}c:\\program files\\squawkbox3\\squawkbox_fs.exe"= TCP:c:\program files\squawkbox3\squawkbox_fs.exe:squawkbox_fs.exe
"TCP Query User{65B089D9-A7EB-46B2-901A-F9703F69043C}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{0E786BBF-5140-40B7-9ED7-1530C0DC477A}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{CC4249F5-63CB-4640-AF5B-9710BD282BDA}c:\\program files\\microsoft games\\microsoft flight simulator x\\fsx.exe"= UDP:c:\program files\microsoft games\microsoft flight simulator x\fsx.exe:Microsoft Flight Simulator®
"UDP Query User{4AE87F20-C7D0-48E4-A654-CC70E6B8FE60}c:\\program files\\microsoft games\\microsoft flight simulator x\\fsx.exe"= TCP:c:\program files\microsoft games\microsoft flight simulator x\fsx.exe:Microsoft Flight Simulator®
"TCP Query User{400A2655-FCCA-40BA-9CCF-69FE8687DAE5}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{11E716CD-13FF-4E10-A7A6-0278E196E646}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"TCP Query User{14D5F666-2726-4494-A39D-9B88392DBC64}c:\\program files\\spacialaudio\\sambc\\sambc.exe"= UDP:c:\program files\spacialaudio\sambc\sambc.exe:SAMBC
"UDP Query User{0D69871A-7EF7-472B-A2B4-DAFA354B1317}c:\\program files\\spacialaudio\\sambc\\sambc.exe"= TCP:c:\program files\spacialaudio\sambc\sambc.exe:SAMBC
"TCP Query User{6EEFDB3E-FBE3-4D75-98E2-503D57B29593}c:\\program files\\native instruments\\traktor dj studio 3\\traktordjstudio3.exe"= UDP:c:\program files\native instruments\traktor dj studio 3\traktordjstudio3.exe:Traktor DJ Studio 3
"UDP Query User{3063EB55-EE3F-41B2-941C-F52FA2DCD85E}c:\\program files\\native instruments\\traktor dj studio 3\\traktordjstudio3.exe"= TCP:c:\program files\native instruments\traktor dj studio 3\traktordjstudio3.exe:Traktor DJ Studio 3
"TCP Query User{07BE0566-8AC6-4341-877A-F92409508697}c:\\program files\\spacialaudio\\sambc\\sambc.exe"= UDP:c:\program files\spacialaudio\sambc\sambc.exe:SAMBC
"UDP Query User{F05F6E1B-2430-4D0E-8225-4C23129DD067}c:\\program files\\spacialaudio\\sambc\\sambc.exe"= TCP:c:\program files\spacialaudio\sambc\sambc.exe:SAMBC
"TCP Query User{B5B81ED9-1FFD-448F-AB3F-3E35E1CCB16F}c:\\program files\\windows media components\\encoder\\wmenc.exe"= UDP:c:\program files\windows media components\encoder\wmenc.exe:Windows Media Encoder
"UDP Query User{4F24859A-E840-48D9-B5BA-83A391B21149}c:\\program files\\windows media components\\encoder\\wmenc.exe"= TCP:c:\program files\windows media components\encoder\wmenc.exe:Windows Media Encoder
"TCP Query User{8A2A4961-AA5F-43F3-AC60-9D83DDD5A915}c:\\program files\\squawkbox3\\squawkbox.exe"= UDP:c:\program files\squawkbox3\squawkbox.exe:squawkbox.exe
"UDP Query User{79A5A27A-CCDC-496D-BF53-2163EB187A96}c:\\program files\\squawkbox3\\squawkbox.exe"= TCP:c:\program files\squawkbox3\squawkbox.exe:squawkbox.exe
"TCP Query User{A6989F35-8F5C-4157-A67C-C19336DF3623}c:\\program files\\icecast2 win32\\icecast2win.exe"= UDP:c:\program files\icecast2 win32\icecast2win.exe:Icecast2win
"UDP Query User{03DD2EF2-E1AE-4624-85FB-58B8B77F529F}c:\\program files\\icecast2 win32\\icecast2win.exe"= TCP:c:\program files\icecast2 win32\icecast2win.exe:Icecast2win
"{A62DE25C-4038-43A3-98C4-B9AEEF5A38E9}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{8DA1DC4D-728F-4F26-B56F-D60A6B32B545}"= TCP:c:\program files\DNA\btdna.exe:DNA
"{5445CEE7-1325-4DA2-AD15-2410F63629C4}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{64845934-D790-4754-AFE3-BD294D3428DE}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{11133B10-5B68-475F-ABBA-6B7E6B6B0ED5}"= UDP:c:\windows\System32\lxctcoms.exe:Lexmark Communications System
"{14FD6D5A-02EF-43A1-ABEE-0DF0A830B164}"= TCP:c:\windows\System32\lxctcoms.exe:Lexmark Communications System
"{29BD6EF8-505C-4879-AE1E-F255AC6FC631}"= UDP:c:\program files\Lexmark 5400 Series\lxctmon.exe:Device Monitor
"{D109068B-CE66-4EC8-8530-A993CC89817A}"= TCP:c:\program files\Lexmark 5400 Series\lxctmon.exe:Device Monitor
"{5EBA1284-1EF8-4904-8610-FCA72496BB3A}"= UDP:c:\program files\Lexmark 5400 Series\LXCTaiox.exe:All In One Center
"{A6676850-0C9B-4304-A8DB-D24BED8C501E}"= TCP:c:\program files\Lexmark 5400 Series\LXCTaiox.exe:All In One Center
"{97393971-7CD8-4156-8B40-05C8B1D238B5}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{1343C094-2FD8-400F-8152-BAF1244989C7}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{174C6C2D-CE2D-4993-97ED-FC9B127FCFC0}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (TCP-In)
"{57F992C0-140F-4360-B809-DD42F075EE29}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (UDP-In)
"TCP Query User{638AE790-4D64-4583-BE8B-C7F9961E2897}c:\\program files\\asrc\\asrc.exe"= UDP:c:\program files\asrc\asrc.exe:ASRC executable
"UDP Query User{F3E5CACF-1A9C-4043-AD0E-F62F1F61482A}c:\\program files\\asrc\\asrc.exe"= TCP:c:\program files\asrc\asrc.exe:ASRC executable
"TCP Query User{4B4EFF1A-7548-4B3D-87EC-7D16574443D1}c:\\program files\\squawkbox3\\squawkbox_fs.exe"= UDP:c:\program files\squawkbox3\squawkbox_fs.exe:squawkbox_fs.exe
"UDP Query User{D5177F11-3A0B-40EF-8537-C996BCE938FA}c:\\program files\\squawkbox3\\squawkbox_fs.exe"= TCP:c:\program files\squawkbox3\squawkbox_fs.exe:squawkbox_fs.exe
"{5B94F317-ECAB-4478-947C-8D79FD45F5AC}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{105C47ED-36F0-4988-8300-86A2CE2944D8}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{32786789-F090-4491-9A4B-C814F710801B}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{7136CBB6-10A9-4952-A5AE-D90AA40CF0D5}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{9558A28A-D755-4200-9E50-269F0E2550F5}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{BDF908F5-E78B-4857-A4DF-90690EC9F183}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [2008-01-29 33808]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [2008-07-09 20496]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-12-04 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-12-04 55024]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-11 30312]
R2 Icecast-trunk;Icecast-trunk Streaming Media Server;c:\program files\Icecast2 Win32\icecastService.exe [2008-10-25 417792]
R3 FwLnk;FwLnk Driver;c:\windows\System32\drivers\FwLnk.sys [2008-06-18 7168]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-04 7408]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\drivers\mbamswissarmy.sys [2008-12-26 38496]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224]
S3 Ndisprot;ArcNet NDIS Protocol Driver;c:\windows\System32\drivers\ndisprot.sys [2008-11-11 29192]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\shell\AutoRun\command - H:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3a6d0861-2be5-11dd-943f-806e6f6e6963}]
\shell\AutoRun\command - E:\stub.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{473e230a-c07f-11dd-877b-00a0d19c5bc6}]
\shell\AutoRun\command - H:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5285bcf8-59cb-11dd-a467-00a0d19c5bc6}]
\shell\Auto\command - F:\kav6.0.1.411en
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\kav6.0.1.411en

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c02baea-b58f-11dd-ad52-00a0d19c5bc6}]
\shell\AutoRun\command - F:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd9788f3-098e-11de-9616-00a0d19c5bc6}]
\shell\AutoRun\command - g:\ts_root\clock.exe
\shell\open\command - g:\ts_root\clock.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c37ee2ae-6954-11dd-86f1-00a0d19c5bc6}]
\shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e55629ee-a8fb-11dd-992e-00a0d19c5bc6}]
\shell\AutoRun\command - f:\portableapps\PortableAppsMenu\PortableAppsMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
%SystemRoot%\system32\soundschemes2.exe /AddRegistration
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-TOSCDSPD - TOSCDSPD.EXE


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
mStart Page = hxxp://www.shoptoshiba.ca/welcome
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\lgqus4cb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\users\Daniel\Program Files\DNA\plugins\npbtdna.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-13 14:02:08
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCTCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll,[email protected]???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-03-13 14:04:05
ComboFix-quarantined-files.txt 2009-03-13 18:04:03

Pre-Run: 88,358,629,376 bytes free
Post-Run: 88,770,318,336 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
341 --- E O F --- 2009-03-13 12:03:26



Thanks!
  • 0

#6
kahdah
Posted 13 March 2009 - 04:56 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please plug in any removable drives that you have before running Combofix:
================================
1. Please open Notepad
  • Click Start , then Run
  • type in notepad in the Run Box then hit ok.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Driver::
Ndisprot

File::
c:\windows\oodcnt3.ini
c:\windows\cnerolf.dat
c:\windows\System32\drivers\ndisprot.sys
E:\stub.exe
g:\ts_root\clock.exe

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3a6d0861-2be5-11dd-943f-806e6f6e6963}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{473e230a-c07f-11dd-877b-00a0d19c5bc6}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5285bcf8-59cb-11dd-a467-00a0d19c5bc6}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c02baea-b58f-11dd-ad52-00a0d19c5bc6}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd9788f3-098e-11de-9616-00a0d19c5bc6}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c37ee2ae-6954-11dd-86f1-00a0d19c5bc6}]


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

  • 0

#7
gustind
Posted 13 March 2009 - 11:48 PM

gustind

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
ComboFix 09-03-13.01 - Daniel 2009-03-13 21:16:24.2 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.1917.1089 [GMT -4:00]
Running from: c:\users\Daniel\Desktop\ComboFix.exe
Command switches used :: c:\users\Daniel\Desktop\CFScript.txt
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)
* Created a new restore point

FILE ::
c:\windows\cnerolf.dat
c:\windows\oodcnt3.ini
c:\windows\System32\drivers\ndisprot.sys
E:\stub.exe
g:\ts_root\clock.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\cnerolf.dat
c:\windows\oodcnt3.ini
c:\windows\System32\drivers\ndisprot.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Ndisprot


((((((((((((((((((((((((( Files Created from 2009-02-14 to 2009-03-14 )))))))))))))))))))))))))))))))
.

2009-03-11 23:01 . 2008-12-15 23:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2009-03-11 23:01 . 2008-12-16 01:31 7,680 --a------ c:\windows\System32\spwmp.dll
2009-03-11 23:01 . 2008-12-16 01:31 4,096 --a------ c:\windows\System32\msdxm.ocx
2009-03-11 23:01 . 2008-12-16 01:31 4,096 --a------ c:\windows\System32\dxmasf.dll
2009-03-11 22:07 . 2008-11-27 00:43 268,288 --a------ c:\windows\System32\schannel.dll
2009-03-11 21:04 . 2009-02-08 23:10 2,033,152 --a------ c:\windows\System32\win32k.sys
2009-03-06 15:38 . 2009-03-06 15:38 <DIR> d-------- c:\program files\Application name
2009-03-04 01:30 . 2009-03-04 01:30 <DIR> d-------- c:\users\Daniel\AppData\Roaming\Wallpapers
2009-03-04 01:30 . 2009-03-04 01:30 <DIR> d-------- c:\program files\Wallpapers
2009-03-04 01:30 . 2009-03-04 01:30 <DIR> d-------- c:\program files\Common Files\SWF Studio
2009-03-02 20:15 . 2009-03-02 22:38 <DIR> d-------- c:\users\Daniel\The Lord of the Rings-The Return of the King-Extended Edition[2003]DVDrip[AC-3(5.1)ENG][UKB-RG Xvid]-keltz
2009-02-28 20:31 . 2008-06-19 21:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
2009-02-28 20:31 . 2008-06-19 21:14 622,080 --a------ c:\windows\System32\icardagt.exe
2009-02-28 20:31 . 2008-06-19 21:14 326,160 --a------ c:\windows\System32\PresentationHost.exe
2009-02-28 20:31 . 2008-06-19 21:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2009-02-28 20:31 . 2008-06-19 21:14 97,800 --a------ c:\windows\System32\infocardapi.dll
2009-02-28 20:31 . 2008-06-19 21:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
2009-02-28 20:31 . 2008-06-19 21:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl
2009-02-28 20:31 . 2008-06-19 21:14 11,264 --a------ c:\windows\System32\icardres.dll
2009-02-28 20:22 . 2008-07-27 14:03 282,112 --a------ c:\windows\System32\mscoree.dll
2009-02-28 20:22 . 2008-07-27 14:03 96,760 --a------ c:\windows\System32\dfshim.dll
2009-02-28 20:22 . 2008-07-27 14:03 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-02-28 20:21 . 2008-07-27 14:03 158,720 --a------ c:\windows\System32\mscorier.dll
2009-02-28 20:21 . 2008-07-27 14:03 83,968 --a------ c:\windows\System32\mscories.dll
2009-02-22 02:00 . 2009-02-22 02:00 <DIR> d-------- c:\users\Daniel\q400
2009-02-21 23:04 . 2009-02-22 01:58 47,468,688 --a------ c:\users\Daniel\FS2004 Aerosim Propliners.zip
2009-02-21 22:07 . 2009-02-26 18:08 <DIR> d-------- c:\users\Daniel\marko.perkovic.thompson.diskografija.[www.balwa.ath.cx]
2009-02-19 20:52 . 2009-02-19 20:52 <DIR> d-------- c:\users\Daniel\flightplans
2009-02-19 20:45 . 2009-02-19 20:45 <DIR> d-------- c:\users\Daniel\crews
2009-02-17 20:18 . 2009-03-13 21:25 <DIR> d-------- c:\users\Daniel\Tracing
2009-02-17 20:05 . 2009-02-17 20:05 <DIR> d-------- c:\program files\Microsoft
2009-02-17 20:04 . 2009-02-17 20:04 <DIR> d-------- c:\program files\Windows Live SkyDrive
2009-02-17 20:01 . 2009-02-17 20:01 <DIR> d-------- c:\program files\Common Files\Windows Live
2009-02-16 16:25 . 2009-02-16 16:26 <DIR> d-------- c:\users\Daniel\Native Instruments Traktor DJ Studio 3.4.1.040
2009-02-14 11:02 . 2009-01-14 23:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-02-14 11:02 . 2009-01-15 02:11 827,392 --a------ c:\windows\System32\wininet.dll
2009-02-14 11:01 . 2009-02-14 11:02 <DIR> d-------- c:\windows\SQL9_KB960089_ENU

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-14 01:25 --------- d-----w c:\programdata\Kaspersky Lab
2009-03-14 01:24 --------- d-----w c:\users\Daniel\AppData\Roaming\DNA
2009-03-14 01:23 622,624 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-03-14 01:23 4,256 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-03-14 01:21 8,074,784 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-03-14 01:21 65,212 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-03-14 00:34 --------- d-----w c:\users\Daniel\AppData\Roaming\Skype
2009-03-13 22:20 --------- d-----w c:\users\Daniel\AppData\Roaming\skypePM
2009-03-13 21:57 --------- d-----w c:\users\Daniel\AppData\Roaming\LimeWire
2009-03-13 12:03 --------- d-----w c:\programdata\Microsoft Help
2009-03-12 19:40 --------- d-----w c:\programdata\Google Updater
2009-03-11 23:36 33,808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-03-11 23:35 89,601 ----a-w c:\windows\system32\drivers\klick.dat
2009-03-11 23:35 101,287 ----a-w c:\windows\system32\drivers\klin.dat
2009-03-11 20:19 --------- d-----w c:\program files\SUPERAntiSpyware
2009-03-11 20:16 --------- d-----w c:\program files\DNA
2009-03-11 18:31 --------- d-----w c:\program files\Lx_cats
2009-03-11 18:26 --------- d-----w c:\programdata\FLEXnet
2009-03-11 18:26 --------- d-----w c:\program files\VRC1
2009-03-11 00:30 --------- d-----w c:\program files\ServInfo
2009-03-04 05:30 --------- d-----w c:\users\Daniel\AppData\Roaming\BitTorrent
2009-02-22 06:02 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-18 00:04 --------- d-----w c:\program files\Windows Live
2009-02-13 12:44 --------- d-----w c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-02-13 12:44 --------- d-----w c:\program files\iTunes
2009-02-13 12:44 --------- d-----w c:\program files\iPod
2009-02-13 12:44 --------- d-----w c:\program files\Common Files\Apple
2009-02-13 12:42 --------- d-----w c:\program files\Bonjour
2009-02-13 12:41 --------- d-----w c:\program files\QuickTime
2009-02-12 15:16 --------- d-----w c:\users\Daniel\AppData\Roaming\5400 Series
2009-02-08 04:42 737,280 ----a-w c:\windows\iun6002.exe
2009-02-07 16:34 --------- d-----w c:\program files\IVAO
2009-02-06 23:52 49,504 ----a-w c:\windows\System32\sirenacm.dll
2009-02-06 16:12 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-02-02 20:40 174 --sha-w c:\program files\desktop.ini
2009-02-02 20:29 --------- d-----w c:\program files\Windows Sidebar
2009-02-02 20:29 --------- d-----w c:\program files\Windows Photo Gallery
2009-02-02 20:29 --------- d-----w c:\program files\Windows Mail
2009-02-02 20:29 --------- d-----w c:\program files\Windows Journal
2009-02-02 20:29 --------- d-----w c:\program files\Windows Defender
2009-02-02 20:29 --------- d-----w c:\program files\Windows Collaboration
2009-02-02 20:29 --------- d-----w c:\program files\Windows Calendar
2009-02-02 16:37 82,432 ----a-w c:\windows\System32\axaltocm.dll
2009-02-02 16:37 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2009-01-29 23:17 --------- d-----w c:\program files\FS Real Time
2009-01-26 05:51 --------- d-----w c:\users\Daniel\AppData\Roaming\NCH Swift Sound
2009-01-26 05:51 --------- d-----w c:\program files\NCH Swift Sound
2009-01-22 22:18 --------- d-----w c:\program files\MSECache
2009-01-02 19:12 410,984 ----a-w c:\windows\System32\deploytk.dll
2008-10-18 01:43 348,824 ----a-w c:\users\Daniel\MixPad setup.exe
2008-12-12 03:40 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-12-12 03:40 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-12-12 03:40 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((( [email protected]_14.03.10.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-21 00:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
- 2009-03-12 05:44:58 4,931,112 ----a-w c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-03-14 01:21:30 4,931,112 ----a-w c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-03-12 19:15:50 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-03-14 01:22:27 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-03-12 19:15:50 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-03-14 01:22:27 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-03-13 18:02:16 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-03-14 01:23:14 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2009-03-13 16:06:02 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-03-13 23:37:36 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-03-13 16:06:02 32,768 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-13 23:37:36 32,768 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-03-13 16:06:02 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-03-13 23:37:36 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-03-13 18:01:48 786,432 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-03-14 01:28:50 786,432 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2009-03-13 17:56:59 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
+ 2009-03-14 01:13:15 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
- 2009-03-12 19:17:41 11,574 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-405801099-474205384-1913161449-1003_UserData.bin
+ 2009-03-14 01:24:45 11,598 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-405801099-474205384-1913161449-1003_UserData.bin
- 2009-03-12 19:17:41 70,452 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-03-14 01:24:45 70,672 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-03-12 05:44:26 8,030 ----a-w c:\windows\System32\WDI\ERCQueuedResolutions.dat
+ 2009-03-14 01:21:13 8,030 ----a-w c:\windows\System32\WDI\ERCQueuedResolutions.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2007-01-09 191552]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"BitTorrent DNA"="c:\users\Daniel\Program Files\DNA\btdna.exe" [2009-03-11 342848]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-03-11 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-15 102400]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-05-22 538744]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-05-22 413696]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2007-01-09 191552]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-15 448080]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-02 136600]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 411192]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-07-09 36352]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-11 67488]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-09-10 185896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"lxctmon.exe"="c:\program files\Lexmark 5400 Series\lxctmon.exe" [2006-11-22 291760]
"Lexmark 5400 Series Fax Server"="c:\program files\Lexmark 5400 Series\fm3032.exe" [2006-11-22 304048]
"EzPrint"="c:\program files\Lexmark 5400 Series\ezprint.exe" [2006-11-22 82864]
"LXCTCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [2006-11-21 106496]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-03-11 206088]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-09 c:\windows\RtHDVCpl.exe]

c:\users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Wallpapers.lnk - c:\users\Daniel\AppData\Roaming\Microsoft\Installer\{5F190B78-64A5-4B6C-9F17-EBB50FFA4E8E}\_24A1F02D259352EF048309.exe [2009-03-04 134658]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
MiniEYE-MiniREAD Launch.lnk - c:\program files\Infinite Mind LC\eyeQ\ARLaunch.exe [2008-11-18 323584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-02-05 11:22 356352 c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=acaptuser32.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\vio\dvacm.acm
"msacm.ac3filter"= ac3filter.acm
"vidc.hfyu"= huffyuv.dll
"msacm.divxa32"= DivXa32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"UDP Query User{213D39A8-9783-410C-BBAE-D077BF453E69}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{0D4C09D7-1D05-4F41-9433-6F4E63E360AB}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{66B6CB93-9F14-4CF9-9B36-4A0EFF109056}c:\\program files\\vrc\\vrc.exe"= TCP:c:\program files\vrc\vrc.exe:VRC
"TCP Query User{FE06D090-68B4-4649-A029-8A955ADB0447}c:\\program files\\vrc\\vrc.exe"= UDP:c:\program files\vrc\vrc.exe:VRC
"UDP Query User{A0D44FC7-C39D-444A-8DFE-5221D1554C8D}c:\\program files\\vrc\\vrc.exe"= TCP:c:\program files\vrc\vrc.exe:VRC
"TCP Query User{875CEBE8-76C7-4B8A-95CB-5A8EE824235F}c:\\program files\\vrc\\vrc.exe"= UDP:c:\program files\vrc\vrc.exe:VRC
"{B03FDFCC-DEDB-459D-BDC2-ACFDAE074F21}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B475B9BF-1AAB-41EE-9413-60360A5223E1}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C8C7E91B-C973-46FA-A01C-7D5FFAAD0348}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{C447A080-3810-46CB-88BA-49327F08CA1F}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"UDP Query User{C6A0E22A-EFEC-433A-9AAD-C5AFCF35AEF4}c:\\windows\\system32\\dpnsvr.exe"= TCP:c:\windows\system32\dpnsvr.exe:Microsoft DirectPlay8 Server
"TCP Query User{5013E563-45AD-4EF9-99AB-444D10695E8B}c:\\windows\\system32\\dpnsvr.exe"= UDP:c:\windows\system32\dpnsvr.exe:Microsoft DirectPlay8 Server
"UDP Query User{944B05F6-DFD2-4D41-AC6B-714742680E27}c:\\program files\\microsoft games\\flight simulator 9\\fs9.exe"= TCP:c:\program files\microsoft games\flight simulator 9\fs9.exe:Microsoft Flight Simulator
"TCP Query User{EF5620A6-6CF2-49C7-A2AB-729CE4C8A3EA}c:\\program files\\microsoft games\\flight simulator 9\\fs9.exe"= UDP:c:\program files\microsoft games\flight simulator 9\fs9.exe:Microsoft Flight Simulator
"{66144DD3-6345-4A05-A808-50045574877D}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"UDP Query User{C3EDE767-7054-46FE-B718-94BD540A0F2D}c:\\program files\\microsoft games\\flight simulator 9\\fs9.exe"= TCP:c:\program files\microsoft games\flight simulator 9\fs9.exe:Microsoft Flight Simulator
"TCP Query User{A0735644-D4EE-400A-A465-906D4B11478C}c:\\program files\\microsoft games\\flight simulator 9\\fs9.exe"= UDP:c:\program files\microsoft games\flight simulator 9\fs9.exe:Microsoft Flight Simulator
"UDP Query User{2CD0B2D2-02BC-4CF9-AF43-078CC35B2F4F}c:\\windows\\system32\\dpnsvr.exe"= TCP:c:\windows\system32\dpnsvr.exe:Microsoft DirectPlay8 Server
"TCP Query User{CAE471D8-49D4-4C14-AABA-A6722D100D3E}c:\\windows\\system32\\dpnsvr.exe"= UDP:c:\windows\system32\dpnsvr.exe:Microsoft DirectPlay8 Server
"{F220A67B-A726-441C-9FAD-473677DE7ED7}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{A04297A5-3F81-4EEB-B300-B6128F55A86A}c:\\program files\\squawkbox3\\squawkbox.exe"= UDP:c:\program files\squawkbox3\squawkbox.exe:squawkbox.exe
"UDP Query User{7B3A5F30-44AA-4D88-8BAB-02DF41717073}c:\\program files\\squawkbox3\\squawkbox.exe"= TCP:c:\program files\squawkbox3\squawkbox.exe:squawkbox.exe
"{C9CFE0F6-B383-4F33-B966-AEA098E3409F}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{CD240E72-3270-45CA-BA33-7DDC6778B8CF}"= TCP:c:\program files\DNA\btdna.exe:DNA
"{8FB74790-E643-4CF5-B1CB-C5BBB5E67831}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{E38D8FF1-3A7E-476C-B770-0384448FF6DF}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{ED0253E1-69D3-44FF-A16F-4F0E02873CB1}c:\\users\\daniel\\program files\\dna\\btdna.exe"= UDP:c:\users\daniel\program files\dna\btdna.exe:btdna.exe
"UDP Query User{467CC3D5-C20C-46AB-8029-F9ADDC340E90}c:\\users\\daniel\\program files\\dna\\btdna.exe"= TCP:c:\users\daniel\program files\dna\btdna.exe:btdna.exe
"{FD1D7AB4-C10F-4A88-9E8D-759DA4EB9634}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{70731F3F-22B9-450A-B61E-8BE2BE87D0D1}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{CAF04D61-87BF-44C1-B2D4-FE1CFF505B7D}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{FFBDF2B9-2D1F-4342-9705-7759622C58F3}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{D9F188A4-3C36-491D-9AE5-1B0F8482B355}"= UDP:c:\program files\Microsoft Games\Rise of Nations\thrones.exe:Rise of Nations
"{1EA7F069-0E92-4332-A174-244723CE30ED}"= TCP:c:\program files\Microsoft Games\Rise of Nations\thrones.exe:Rise of Nations
"{E6B270D9-D606-4764-B03D-931CAC31CE4D}"= Disabled:UDP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{8A0BF977-51F7-45ED-9ABC-D99F98FAEFFD}"= Disabled:TCP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"TCP Query User{C4B0643F-BE31-4E01-8797-B324223A4859}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{DDB7DEFD-A0D3-434D-88DF-05FBC7612734}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"{B4BDBE31-9D21-455D-B536-39B4A5517449}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{3AAE3857-1AE5-418A-A076-F4E495DBE097}c:\\program files\\squawkbox3\\squawkbox_fs.exe"= UDP:c:\program files\squawkbox3\squawkbox_fs.exe:squawkbox_fs.exe
"UDP Query User{8FD26B56-6056-42C3-B239-3DA768DFFB26}c:\\program files\\squawkbox3\\squawkbox_fs.exe"= TCP:c:\program files\squawkbox3\squawkbox_fs.exe:squawkbox_fs.exe
"TCP Query User{65B089D9-A7EB-46B2-901A-F9703F69043C}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{0E786BBF-5140-40B7-9ED7-1530C0DC477A}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{CC4249F5-63CB-4640-AF5B-9710BD282BDA}c:\\program files\\microsoft games\\microsoft flight simulator x\\fsx.exe"= UDP:c:\program files\microsoft games\microsoft flight simulator x\fsx.exe:Microsoft Flight Simulator®
"UDP Query User{4AE87F20-C7D0-48E4-A654-CC70E6B8FE60}c:\\program files\\microsoft games\\microsoft flight simulator x\\fsx.exe"= TCP:c:\program files\microsoft games\microsoft flight simulator x\fsx.exe:Microsoft Flight Simulator®
"TCP Query User{400A2655-FCCA-40BA-9CCF-69FE8687DAE5}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{11E716CD-13FF-4E10-A7A6-0278E196E646}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"TCP Query User{14D5F666-2726-4494-A39D-9B88392DBC64}c:\\program files\\spacialaudio\\sambc\\sambc.exe"= UDP:c:\program files\spacialaudio\sambc\sambc.exe:SAMBC
"UDP Query User{0D69871A-7EF7-472B-A2B4-DAFA354B1317}c:\\program files\\spacialaudio\\sambc\\sambc.exe"= TCP:c:\program files\spacialaudio\sambc\sambc.exe:SAMBC
"TCP Query User{6EEFDB3E-FBE3-4D75-98E2-503D57B29593}c:\\program files\\native instruments\\traktor dj studio 3\\traktordjstudio3.exe"= UDP:c:\program files\native instruments\traktor dj studio 3\traktordjstudio3.exe:Traktor DJ Studio 3
"UDP Query User{3063EB55-EE3F-41B2-941C-F52FA2DCD85E}c:\\program files\\native instruments\\traktor dj studio 3\\traktordjstudio3.exe"= TCP:c:\program files\native instruments\traktor dj studio 3\traktordjstudio3.exe:Traktor DJ Studio 3
"TCP Query User{07BE0566-8AC6-4341-877A-F92409508697}c:\\program files\\spacialaudio\\sambc\\sambc.exe"= UDP:c:\program files\spacialaudio\sambc\sambc.exe:SAMBC
"UDP Query User{F05F6E1B-2430-4D0E-8225-4C23129DD067}c:\\program files\\spacialaudio\\sambc\\sambc.exe"= TCP:c:\program files\spacialaudio\sambc\sambc.exe:SAMBC
"TCP Query User{B5B81ED9-1FFD-448F-AB3F-3E35E1CCB16F}c:\\program files\\windows media components\\encoder\\wmenc.exe"= UDP:c:\program files\windows media components\encoder\wmenc.exe:Windows Media Encoder
"UDP Query User{4F24859A-E840-48D9-B5BA-83A391B21149}c:\\program files\\windows media components\\encoder\\wmenc.exe"= TCP:c:\program files\windows media components\encoder\wmenc.exe:Windows Media Encoder
"TCP Query User{8A2A4961-AA5F-43F3-AC60-9D83DDD5A915}c:\\program files\\squawkbox3\\squawkbox.exe"= UDP:c:\program files\squawkbox3\squawkbox.exe:squawkbox.exe
"UDP Query User{79A5A27A-CCDC-496D-BF53-2163EB187A96}c:\\program files\\squawkbox3\\squawkbox.exe"= TCP:c:\program files\squawkbox3\squawkbox.exe:squawkbox.exe
"TCP Query User{A6989F35-8F5C-4157-A67C-C19336DF3623}c:\\program files\\icecast2 win32\\icecast2win.exe"= UDP:c:\program files\icecast2 win32\icecast2win.exe:Icecast2win
"UDP Query User{03DD2EF2-E1AE-4624-85FB-58B8B77F529F}c:\\program files\\icecast2 win32\\icecast2win.exe"= TCP:c:\program files\icecast2 win32\icecast2win.exe:Icecast2win
"{A62DE25C-4038-43A3-98C4-B9AEEF5A38E9}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{8DA1DC4D-728F-4F26-B56F-D60A6B32B545}"= TCP:c:\program files\DNA\btdna.exe:DNA
"{5445CEE7-1325-4DA2-AD15-2410F63629C4}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{64845934-D790-4754-AFE3-BD294D3428DE}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{11133B10-5B68-475F-ABBA-6B7E6B6B0ED5}"= UDP:c:\windows\System32\lxctcoms.exe:Lexmark Communications System
"{14FD6D5A-02EF-43A1-ABEE-0DF0A830B164}"= TCP:c:\windows\System32\lxctcoms.exe:Lexmark Communications System
"{29BD6EF8-505C-4879-AE1E-F255AC6FC631}"= UDP:c:\program files\Lexmark 5400 Series\lxctmon.exe:Device Monitor
"{D109068B-CE66-4EC8-8530-A993CC89817A}"= TCP:c:\program files\Lexmark 5400 Series\lxctmon.exe:Device Monitor
"{5EBA1284-1EF8-4904-8610-FCA72496BB3A}"= UDP:c:\program files\Lexmark 5400 Series\LXCTaiox.exe:All In One Center
"{A6676850-0C9B-4304-A8DB-D24BED8C501E}"= TCP:c:\program files\Lexmark 5400 Series\LXCTaiox.exe:All In One Center
"{97393971-7CD8-4156-8B40-05C8B1D238B5}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{1343C094-2FD8-400F-8152-BAF1244989C7}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{174C6C2D-CE2D-4993-97ED-FC9B127FCFC0}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (TCP-In)
"{57F992C0-140F-4360-B809-DD42F075EE29}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (UDP-In)
"TCP Query User{638AE790-4D64-4583-BE8B-C7F9961E2897}c:\\program files\\asrc\\asrc.exe"= UDP:c:\program files\asrc\asrc.exe:ASRC executable
"UDP Query User{F3E5CACF-1A9C-4043-AD0E-F62F1F61482A}c:\\program files\\asrc\\asrc.exe"= TCP:c:\program files\asrc\asrc.exe:ASRC executable
"TCP Query User{4B4EFF1A-7548-4B3D-87EC-7D16574443D1}c:\\program files\\squawkbox3\\squawkbox_fs.exe"= UDP:c:\program files\squawkbox3\squawkbox_fs.exe:squawkbox_fs.exe
"UDP Query User{D5177F11-3A0B-40EF-8537-C996BCE938FA}c:\\program files\\squawkbox3\\squawkbox_fs.exe"= TCP:c:\program files\squawkbox3\squawkbox_fs.exe:squawkbox_fs.exe
"{5B94F317-ECAB-4478-947C-8D79FD45F5AC}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{105C47ED-36F0-4988-8300-86A2CE2944D8}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{32786789-F090-4491-9A4B-C814F710801B}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{7136CBB6-10A9-4952-A5AE-D90AA40CF0D5}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{9558A28A-D755-4200-9E50-269F0E2550F5}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{BDF908F5-E78B-4857-A4DF-90690EC9F183}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [2008-01-29 33808]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [2008-07-09 20496]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-12-04 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-12-04 55024]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-11 30312]
R2 Icecast-trunk;Icecast-trunk Streaming Media Server;c:\program files\Icecast2 Win32\icecastService.exe [2008-10-25 417792]
R3 FwLnk;FwLnk Driver;c:\windows\System32\drivers\FwLnk.sys [2008-06-18 7168]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-04 7408]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\drivers\mbamswissarmy.sys [2008-12-26 38496]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224]

--- Other Services/Drivers In Memory ---

*Deregistered* - sptd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e55629ee-a8fb-11dd-992e-00a0d19c5bc6}]
\shell\AutoRun\command - f:\portableapps\PortableAppsMenu\PortableAppsMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
%SystemRoot%\system32\soundschemes2.exe /AddRegistration
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
mStart Page = hxxp://www.shoptoshiba.ca/welcome
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\lgqus4cb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\users\Daniel\Program Files\DNA\plugins\npbtdna.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-13 21:28:47
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCTCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll,[email protected]???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Toshiba\ConfigFree\CFSvcs.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\windows\System32\lxctcoms.exe
c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\System32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\System32\conime.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\program files\Synaptics\SynTP\SynToshiba.exe
c:\program files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Wallpapers\Wallpaper_tray.exe
c:\windows\ehome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\System32\LogonUI.exe
.
**************************************************************************
.
Completion time: 2009-03-13 21:34:20 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-14 01:34:06
ComboFix2.txt 2009-03-13 18:04:07

Pre-Run: 88,204,881,920 bytes free
Post-Run: 87,852,593,152 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
385 --- E O F --- 2009-03-13 12:03:26



Hijack This:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:47:56, on 14/03/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ltmoh\ltmoh.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Lexmark 5400 Series\lxctmon.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Daniel\Program Files\DNA\btdna.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe
C:\Program Files\Wallpapers\Wallpaper_tray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Daniel\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.shoptoshiba.ca/welcome
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"
O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll,[email protected]
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Daniel\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Wallpapers.lnk = ?
O4 - Global Startup: MiniEYE-MiniREAD Launch.lnk = C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: acaptuser32.dll C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Icecast-trunk Streaming Media Server (Icecast-trunk) - Unknown owner - C:\Program Files\Icecast2 Win32\icecastService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxct_device - - C:\Windows\system32\lxctcoms.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 12097 bytes


Thanks again.
  • 0

#8
kahdah
Posted 14 March 2009 - 07:08 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Click on Start Scanning at the bottom of the page.
  • Install the Active X controls when prompted.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.

  • 0

#9
gustind
Posted 14 March 2009 - 10:56 AM

gustind

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I keep getting a blue screen when it scans. Something to do with klif.sys

Cheers.
  • 0

#10
kahdah
Posted 14 March 2009 - 12:20 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
That scanner doesn't like kaspersky that file is a kaspersky driver file that is why it blue screens.
===========================
Let's try this one.

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, in the menu, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Post that log in your next reply.

(Note if you cannot open the log it produces then right click on it and choose rename.
Rename it to .txt and you will be able to open it)
  • 0

#11
gustind
Posted 14 March 2009 - 04:13 PM

gustind

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Keep getting errors when I try to run it. All in all scan isn't starting.
  • 0

#12
kahdah
Posted 14 March 2009 - 07:17 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
OKay let's do this then.

Update Kaspersky please and do a full scan let it delete what it finds.
Then open Kaspersky and click on Reports then go to today's scan report, highlight it then click Save at the top right.
Please post that report to me here.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP