Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Cant remove Rootkit..Agent [Solved]


  • This topic is locked This topic is locked

#1
Ellis03

Ellis03

    New Member

  • Member
  • Pip
  • 9 posts
I ALREADY FOLLOW THE STEPS IN Malware and Spyware Cleaning Guide..BUT IT SEEMS THAT THERE IS ONE PROBLEM LEFT..I CANT REMOVE THE ROOTKIT.AGENT LOCATED AT C:\windows\system32\Drivers\ztbcaud.sys
I USED MBAM TO REMOVE IT BUT AFTER THE REBOOT AND RUN THE MBAM AGAIN TO RE-CHECK..IT COMES BACK AGAIN..I TRIED IT MANY TIMES BUT IT JUST KEEPS ON COMING BACK

HERES THE LOG :
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3930

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

4/25/2010 9:53:42 AM
mbam-log-2010-04-25 (09-53-42).txt

Scan type: Quick scan
Objects scanned: 101262
Time elapsed: 5 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\windows\system32\Drivers\ztbcaud.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
IT SAYS THAT IT IS SUCCESFULLY QUARANTINED BUT WHEN I GO TO THE QUARANTINE VAULT OT DELETE IT..ITS NOT THERE

HERE ARE ALSO THE GMERS LOGS THAT I ATTACH..AND ALSO THE OTL..WHICH IVE MADE WHEN I FOLLOW THE INTRUCTIONS ON THE Malware and Spyware Cleaning Guide..HOPE THAT SOMEONE WILL HELP ME AS SOON AS POSSIBLE..THANX IN ADVANCE

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-25 06:16:42
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\TOSHIBA\AppData\Local\Temp\pwldrfow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0x899AF9E4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAlpcConnectPort [0x899B0D62]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAlpcCreatePort [0x899AFBD0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0x899AED1E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0x899AF64A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0x899AEBFA]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0x899AF3E0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0x899B09F2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0x899AE73E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThreadEx [0x899AFCE0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDuplicateObject [0x899AE570]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0x899B062E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0x899AEFBA]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0x899AF826]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenProcess [0x899AE254]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0x899AF26A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenThread [0x899AE3EC]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0x899B00C2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0x899B0376]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0x899B07FA]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0x899AEF54]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0x899AF156]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateProcess [0x899AEA98]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0x899AE93E]

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302CAF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302C104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302C3F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83014634
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83014898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302C1DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302C958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302C6F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302CF2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302D1A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 8308C599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 830B0F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 220 830B8730 4 Bytes [E4, F9, 9A, 89]
.text ntkrnlpa.exe!RtlSidHashLookup + 248 830B8758 8 Bytes [62, 0D, 9B, 89, D0, FB, 9A, ...]
.text ntkrnlpa.exe!RtlSidHashLookup + 2DC 830B87EC 4 Bytes [1E, ED, 9A, 89]
.text ntkrnlpa.exe!RtlSidHashLookup + 2F8 830B8808 4 Bytes [4A, F6, 9A, 89]
.text ntkrnlpa.exe!RtlSidHashLookup + 324 830B8834 4 Bytes [FA, EB, 9A, 89]
.text ...
? System32\drivers\jqpbgyh.sys The system cannot find the path specified. !
? System32\Drivers\ztbcaud.sys A device attached to the system is not functioning. !
.text C:\windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x837AE000, 0x3C849, 0xE8000020]
.dsrt C:\windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x837F3000, 0x3DC, 0x48000040]
.text peauth.sys ABE05C9E 27 Bytes [1E, 9E, 35, 61, C0, 25, 60, ...]
.text peauth.sys ABE05CC2 27 Bytes [1E, 9E, 35, 61, C0, 25, 60, ...]
.text user32.dll!EndTask 770EFD8E 5 Bytes JMP 10027320
.text shell32.dll!ShellExecuteW 760041F0 5 Bytes JMP 10025870
.text shell32.dll!ShellExecuteExW 76011B8C 5 Bytes JMP 10025830
.text shell32.dll!ShellExecuteEx 76239B0A 5 Bytes JMP 10025850
.text shell32.dll!ShellExecuteA 76239BA5 5 Bytes JMP 10025890
.text advapi32.dll!CreateProcessAsUserW 75B0BBDB 5 Bytes JMP 1001F6A0
.text advapi32.dll!OpenServiceW 75B0D20D 5 Bytes JMP 10026800
.text advapi32.dll!OpenServiceA 75B13B15 5 Bytes JMP 10026560
.text advapi32.dll!CreateServiceW 75B2DBC1 5 Bytes JMP 10026A70
.text advapi32.dll!CreateProcessAsUserA 75B414FD 5 Bytes JMP 1001FEB0
.text advapi32.dll!CreateServiceA 75B42120 5 Bytes JMP 10026D50
.text ole32.dll!CoGetClassObject 759DA2D4 5 Bytes JMP 10027560
.text ole32.dll!CoCreateInstanceEx 759F583F 5 Bytes JMP 100277A0
.text kernel32.dll!CreateProcessW 753A202D 5 Bytes JMP 10025D50
.text kernel32.dll!CreateProcessA 753A2062 5 Bytes JMP 10025D70
.text kernel32.dll!OpenFile 753D410F 5 Bytes JMP 10025B30
.text kernel32.dll!CopyFileW 753D8C8F 5 Bytes JMP 10025AB0
.text kernel32.dll!MoveFileW 753DA173 5 Bytes JMP 10025A30
.text kernel32.dll!CopyFileExW 753E07BB 7 Bytes JMP 10025A70
.text kernel32.dll!VirtualProtect 753E50AB 5 Bytes JMP 100258B0
.text kernel32.dll!DeleteFileW 753E656B 5 Bytes JMP 10025970
.text kernel32.dll!DeleteFileA 753E8BB6 5 Bytes JMP 10025990
.text kernel32.dll!LoadLibraryExW 753EB6BF 5 Bytes JMP 10025B50
.text kernel32.dll!LoadLibraryExA 753EBC8B 5 Bytes JMP 10025B70
.text kernel32.dll!MoveFileWithProgressW 753EBF04 5 Bytes JMP 100259B0
.text kernel32.dll!MoveFileExW 753EBF28 5 Bytes JMP 100259F0
.text kernel32.dll!CreateFileW 753F0B7D 5 Bytes JMP 10025AF0
.text kernel32.dll!GetProcAddress 753F1857 5 Bytes JMP 10025BB0
.text kernel32.dll!GetModuleHandleW 753F19C1 5 Bytes JMP 10025930
.text kernel32.dll!LoadLibraryA 753F2884 5 Bytes JMP 10025910
.text kernel32.dll!LoadLibraryW 753F28D2 5 Bytes JMP 100258F0
.text kernel32.dll!GetModuleHandleA 753F28F7 5 Bytes JMP 10025950
.text kernel32.dll!CreateFileA 753F291C 5 Bytes JMP 10025B10
.text kernel32.dll!MoveFileExA 75403013 5 Bytes JMP 10025A10
.text kernel32.dll!MoveFileWithProgressA 75403033 5 Bytes JMP 100259D0
.text kernel32.dll!CopyFileA 75407D1C 5 Bytes JMP 10025AD0
.text kernel32.dll!MoveFileA 7542AD89 5 Bytes JMP 10025A50
.text kernel32.dll!CopyFileExA 7542BBE1 5 Bytes JMP 10025A90
.text kernel32.dll!WinExec 7542E76D 5 Bytes JMP 100258D0
.text kernel32.dll!LoadModule 7542EC86 5 Bytes JMP 10025B90

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 86E197E8

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000004f halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- Threads - GMER 1.0.15 ----

Thread System [4:2332] ABF99F2E

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 0
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 0
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 1
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 0
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 0
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] Boot Bus Extender

---- EOF - GMER 1.0.15 ----

OTL logfile created on: 4/25/2010 6:35:51 AM - Run 1
OTL by OldTimer - Version 3.2.2.0 Folder = C:\Users\TOSHIBA\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 51.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 72.00 Gb Total Space | 44.83 Gb Free Space | 62.27% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 152.96 Gb Total Space | 86.38 Gb Free Space | 56.47% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TOSHIBA-PC
Current User Name: TOSHIBA
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/04/25 06:33:37 | 000,562,688 | ---- | M] (OldTimer Tools) -- C:\Users\TOSHIBA\Desktop\OTL.exe
PRC - [2010/04/22 07:22:26 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/04/09 01:26:14 | 001,769,216 | ---- | M] () -- C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
PRC - [2010/04/02 09:50:22 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/04/02 01:58:04 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/15 20:05:57 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/03/15 20:05:55 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/15 20:05:53 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/02/19 17:00:24 | 000,148,744 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO livePCsupport\CLPSLS.exe
PRC - [2009/11/25 20:42:26 | 000,095,632 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
PRC - [2009/10/31 13:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/10/11 01:16:06 | 000,081,920 | R--- | M] () -- C:\Windows\System32\SupportAppXL\cdrom_mon.exe
PRC - [2009/08/06 06:18:50 | 000,464,224 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2009/07/29 06:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2009/07/14 09:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 09:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sppsvc.exe
PRC - [2009/05/19 16:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009/03/30 16:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/03/28 10:10:56 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2009/02/21 00:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2008/11/25 13:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/11/10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (SafeList) ==========

MOD - [2010/04/25 06:33:37 | 000,562,688 | ---- | M] (OldTimer Tools) -- C:\Users\TOSHIBA\Desktop\OTL.exe
MOD - [2010/04/09 01:26:12 | 000,277,240 | ---- | M] (COMODO) -- C:\Windows\System32\guard32.dll
MOD - [2010/03/15 20:05:57 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2009/07/14 09:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/14 09:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/14 09:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/14 09:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/14 09:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/14 09:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/14 09:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/14 09:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/14 09:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (Autodesk Licensing Service)
SRV - [2010/04/09 01:26:14 | 001,769,216 | ---- | M] () [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2010/04/08 17:36:49 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/19 05:28:00 | 003,753,224 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\windows\System32\GameMon.des -- (npggsvc)
SRV - [2010/03/15 20:05:55 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/02/19 17:00:24 | 000,148,744 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe -- (CLPSLS)
SRV - [2009/10/11 01:16:06 | 000,081,920 | R--- | M] () [Auto | Running] -- C:\Windows\System32\SupportAppXL\cdrom_mon.exe -- (Autorun CDROM Monitor)
SRV - [2009/08/18 02:48:42 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/08/06 06:18:50 | 000,464,224 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2009/08/06 03:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/08/03 23:16:32 | 000,111,960 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2009/07/29 06:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2009/07/14 09:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/14 09:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/14 09:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/14 09:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/14 09:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/14 09:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/14 09:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 09:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/14 09:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/14 09:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/14 09:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/14 09:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/14 09:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/14 09:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/14 09:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/14 09:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/14 09:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/14 09:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/14 09:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/14 09:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/05/27 08:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - [2009/05/19 16:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/03/28 10:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2009/02/21 00:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2008/11/25 13:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/11/25 13:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008/11/25 13:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008/11/10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - [2010/04/22 07:22:26 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/04/09 01:25:40 | 000,074,408 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\inspect.sys -- (inspect)
DRV - [2010/04/09 01:25:38 | 000,218,560 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2010/04/09 01:25:38 | 000,030,112 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2010/03/15 20:05:57 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/15 20:05:53 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/10/14 19:08:32 | 000,032,000 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2009/10/10 21:46:06 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009/10/10 21:45:30 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009/10/10 21:42:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009/08/28 14:19:22 | 000,859,136 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2009/08/28 00:00:10 | 005,946,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2009/08/06 03:48:42 | 000,054,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2009/07/31 13:02:34 | 000,036,208 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\LPCFilter.sys -- (LPCFilter)
DRV - [2009/07/31 08:45:56 | 000,022,912 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2009/07/29 13:02:42 | 002,735,504 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/07/25 07:57:06 | 000,275,536 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2009/07/22 06:18:58 | 001,161,760 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/21 09:48:32 | 000,213,552 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2009/07/15 07:28:42 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2009/07/14 09:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/14 09:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/14 09:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/14 09:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/14 09:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/14 09:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/14 09:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/14 09:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/14 09:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/14 09:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/14 09:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/14 09:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/14 09:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/14 09:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/14 09:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/14 09:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/14 09:20:36 | 000,133,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/07/14 09:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/14 09:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/14 09:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/14 09:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/14 09:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/14 09:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/14 09:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/14 09:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/14 09:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/14 09:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/14 09:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/14 09:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/14 09:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/14 09:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/14 09:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/14 09:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/14 09:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/14 09:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/14 09:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/14 09:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/14 09:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/14 09:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/14 09:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/14 08:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/14 08:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\rdpbus.sys -- (rdpbus)
DRV - [2009/07/14 08:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/14 07:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/14 07:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/14 07:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/14 07:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 07:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
DRV - [2009/07/14 07:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/14 07:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009/07/14 07:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/14 07:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/14 07:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/14 07:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\windows\system32\DRIVERS\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/14 07:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/14 07:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/14 07:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/14 07:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/07/14 07:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/14 07:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/14 06:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 06:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/14 06:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/14 06:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/14 06:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/14 06:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/14 06:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/14 06:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/14 06:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/07/10 22:44:52 | 000,122,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2009/06/23 09:04:58 | 000,024,064 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PGEffect.sys -- (PGEffect)
DRV - [2009/06/04 23:43:16 | 000,330,264 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2009/05/23 14:52:04 | 000,167,936 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...r...Z&bmod=TSZZ
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...r...Z&bmod=TSZZ

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...r...Z&bmod=TSZZ
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.3.3
FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:3.0.1
FF - prefs.js..extensions.enabledItems: {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.2.1


FF - HKLM\software\mozilla\Firefox\Extensions\\{1DA0528B-1DD8-4167-BFAF-E0EF94939F93}: C:\Program Files\Comodo\HopSurfToolbar\hopsurfext_ff3_5 [2010/04/23 09:00:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/22 17:48:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/23 19:35:16 | 000,000,000 | ---D | M]

[2010/03/18 18:44:02 | 000,000,000 | ---D | M] -- C:\Users\TOSHIBA\AppData\Roaming\mozilla\Extensions
[2010/04/24 20:03:08 | 000,000,000 | ---D | M] -- C:\Users\TOSHIBA\AppData\Roaming\mozilla\Firefox\Profiles\v5f5tlai.default\extensions
[2010/04/23 09:20:16 | 000,000,000 | ---D | M] (Weave Sync) -- C:\Users\TOSHIBA\AppData\Roaming\mozilla\Firefox\Profiles\v5f5tlai.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
[2010/04/23 09:16:41 | 000,000,000 | ---D | M] (Google Shortcuts) -- C:\Users\TOSHIBA\AppData\Roaming\mozilla\Firefox\Profiles\v5f5tlai.default\extensions\{5C46D283-ABDE-4dce-B83C-08881401921C}
[2010/04/20 22:04:57 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\TOSHIBA\AppData\Roaming\mozilla\Firefox\Profiles\v5f5tlai.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/04/22 21:54:31 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Users\TOSHIBA\AppData\Roaming\mozilla\Firefox\Profiles\v5f5tlai.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
[2010/04/23 09:12:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TOSHIBA\AppData\Roaming\mozilla\Firefox\Profiles\v5f5tlai.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
[2010/03/29 09:46:30 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/02/26 21:21:29 | 000,000,822 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (HopSurf toolbar) - {E9FAB13D-4600-49E1-90D1-EE961C859D39} - C:\Program Files\Comodo\HopSurfToolbar\HopSurfToolbar_IE.dll (Comodo Group, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [FileHippo.com] C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [NortonOnlineBackupReminder] C:\Program Files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe (Toshiba)
O4 - HKCU..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HopSurf - {ED98F8D1-09AC-4107-B2FF-91DBE011B0C5} - C:\Program Files\Comodo\HopSurfToolbar\HopSurfToolbar_IE.dll (Comodo Group, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onec...S/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://www.bitdefend...can8/oscan8.cab (BDSCANONLINE Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (C:\windows\system32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\windows\System32\livessp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{ab016588-2ccf-11df-b101-00262243553e}\Shell - "" = AutoRun
O33 - MountPoints2\{ab016588-2ccf-11df-b101-00262243553e}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009/07/14 10:37:08 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 90 Days ==========

[2649/12/10 05:20:06 | 000,000,000 | ---D | C] -- C:\Program Files\USB Disk Security
[2010/04/25 06:33:29 | 000,562,688 | ---- | C] (OldTimer Tools) -- C:\Users\TOSHIBA\Desktop\OTL.exe
[2010/04/25 06:07:56 | 000,000,000 | ---D | C] -- C:\Users\TOSHIBA\Desktop\gmer
[2010/04/25 05:50:12 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2010/04/25 05:50:10 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2010/04/25 05:50:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/25 05:47:47 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2010/04/25 05:46:42 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/04/25 05:44:13 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\TOSHIBA\Desktop\erunt_setup.exe
[2010/04/25 05:39:14 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Users\TOSHIBA\Desktop\TFC.exe
[2010/04/24 22:32:51 | 000,000,000 | ---D | C] -- C:\windows\element
[2010/04/23 10:51:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/04/23 10:51:33 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/04/23 10:50:56 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/04/23 09:38:35 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/04/23 09:05:08 | 000,000,000 | ---D | C] -- C:\ProgramData\COMODO
[2010/04/23 08:59:18 | 000,032,000 | ---- | C] (The OpenVPN Project) -- C:\windows\System32\drivers\tap0901.sys
[2010/04/23 08:59:18 | 000,000,000 | ---D | C] -- C:\Program Files\Comodo
[2010/04/23 08:58:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader
[2010/04/22 21:36:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Agnitum
[2010/04/22 19:40:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/04/22 17:29:16 | 000,000,000 | ---D | C] -- C:\Program Files\FileHippo.com
[2010/04/22 07:48:29 | 000,000,000 | ---D | C] -- C:\windows\BDOSCAN8
[2010/04/17 05:00:05 | 000,000,000 | ---D | C] -- C:\windows\System32\MpEngineStore
[2010/04/15 15:24:37 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\RohanScreenShot
[2010/04/15 08:03:25 | 000,000,000 | ---D | C] -- C:\Users\TOSHIBA\AppData\Local\Yahoo!
[2010/04/09 18:58:07 | 003,753,224 | ---- | C] (INCA Internet Co., Ltd.) -- C:\windows\System32\GameMon.des
[2010/04/09 18:53:06 | 000,004,682 | ---- | C] (INCA Internet Co., Ltd.) -- C:\windows\System32\npptNT2.sys
[2010/04/09 18:51:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\INCA Shared
[2010/04/08 17:36:50 | 000,000,000 | ---D | C] -- C:\windows\System32\Wat
[2010/04/08 05:44:29 | 000,000,000 | ---D | C] -- C:\Users\TOSHIBA\Desktop\Shortcut to Local Games
[2010/04/07 15:16:07 | 000,000,000 | ---D | C] -- C:\Users\TOSHIBA\AppData\Roaming\WinRAR
[2010/04/07 15:14:50 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/04/07 14:11:43 | 000,000,000 | ---D | C] -- C:\Program Files\ReviverSoft
[2010/04/06 16:56:44 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/04/03 10:56:58 | 000,000,000 | ---D | C] -- C:\Users\TOSHIBA\Desktop\Shortccuts to LAN and Online Games
[2010/04/03 10:31:22 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/04/03 10:29:52 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/04/01 16:12:02 | 000,000,000 | ---D | C] -- C:\Users\TOSHIBA\AppData\Local\OLYMPUS
[2010/04/01 16:11:12 | 000,000,000 | ---D | C] -- C:\Program Files\OLYMPUS
[2010/04/01 15:34:33 | 000,000,000 | ---D | C] -- C:\Users\TOSHIBA\Documents\«i online
[2010/04/01 15:34:05 | 000,000,000 | ---D | C] -- C:\Users\TOSHIBA\Documents\BabyRan
[2010/03/31 11:29:33 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2010/03/31 11:29:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/03/31 11:29:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/03/31 11:28:59 | 000,000,000 | ---D | C] -- C:\Users\TOSHIBA\AppData\Local\Apple
[2010/03/31 11:28:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010/03/31 10:25:54 | 000,000,000 | ---D | C] -- C:\Users\TOSHIBA\AppData\Roaming\Apple Computer
[2010/03/31 10:25:54 | 000,000,000 | ---D | C] -- C:\Users\TOSHIBA\AppData\Local\Apple Computer
[2010/03/31 08:15:08 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/03/30 21:17:25 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/03/30 19:55:58 | 000,000,000 | ---D | C] -- C:\Users\TOSHIBA\Documents\Downloads
[2010/03/29 09:46:10 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/03/29 06:16:11 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010/03/25 15:22:22 | 000,000,000 | ---D | C] -- C:\Users\TOSHIBA\AppData\Roaming\Autodesk
[2010/03/22 16:31:21 | 000,000,000 | -HSD | C] -- C:\windows\System32\%APPDATA%
[2010/03/21 00:00:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Steam
[2010/03/20 08:49:47 | 000,000,000 | ---D | C] -- C:\Users\TOSHIBA\AppData\Roaming\Zen of Sudoku
[2010/03/18 18:59:59 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010/03/18 18:44:00 | 000,000,000 | ---D | C] -- C:\Users\TOSHIBA\AppData\Roaming\Mozilla
[2010/03/18 17:24:43 | 000,000,000 | ---D | C] -- C:\Users\TOSHIBA\Desktop\Shotcut to Pictures
[2010/03/16 05:07:24 | 000,000,000 | ---D | C] -- C:\Users\TOSHIBA\Documents\Corel DVD MovieFactory
[2010/03/16 05:07:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Ulead Systems
[2010/03/16 04:58:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Ulead Systems
[2010/03/16 04:58:16 | 000,000,000 | ---D | C] -- C:\Program Files\Corel
[2010/03/15 20:05:57 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\avgrsstx.dll
[2010/03/15 13:38:24 | 000,114,688 | ---- | C] (ZTE Corporation) -- C:\windows\System32\drivers\ZTEusbnet.sys
[2010/03/15 13:38:24 | 000,105,088 | ---- | C] (ZTE Incorporated) -- C:\windows\System32\drivers\ZTEusbvoice.sys
[2010/03/15 13:38:24 | 000,105,088 | ---- | C] (ZTE Incorporated) -- C:\windows\System32\drivers\ZTEusbser6k.sys
[2010/03/15 13:38:24 | 000,105,088 | ---- | C] (ZTE Incorporated) -- C:\windows\System32\drivers\ZTEusbnmeaext.sys
[2010/03/15 13:38:24 | 000,105,088 | ---- | C] (ZTE Incorporated) -- C:\windows\System32\drivers\ZTEusbnmea.sys
[2010/03/15 13:38:24 | 000,105,088 | ---- | C] (ZTE Incorporated) -- C:\windows\System32\drivers\ZTEusbmdm6k.sys
[2010/03/15 13:38:14 | 000,000,000 | ---D | C] -- C:\Program Files\SMART BRO
[2010/03/15 13:37:07 | 000,000,000 | ---D | C] -- C:\windows\System32\SupportAppXL
[2010/03/14 14:41:45 | 000,000,000 | ---D | C] -- C:\ProgramData\PopCap Games
[2010/03/14 09:23:06 | 000,000,000 | ---D | C] -- C:\Users\TOSHIBA\Documents\CAPCOM
[2010/03/08 01:19:34 | 000,000,000 | ---D | C] -- C:\windows\pss
[2010/03/07 01:13:14 | 000,000,000 | ---D | C] -- C:\Users\TOSHIBA\AppData\Local\NFS Underground 2
[2010/03/05 02:04:35 | 000,000,000 | ---D | C] -- C:\windows\SQL9_KB970892_ENU
[2010/03/05 00:49:42 | 000,000,000 | ---D | C] -- C:\Users\TOSHIBA\Tracing
[2010/03/04 19:10:29 | 000,242,896 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\drivers\avgtdix.sys
[2010/03/04 19:10:24 | 000,216,200 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\drivers\avgldx86.sys
[2010/03/04 19:10:22 | 000,029,512 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\drivers\avgmfx86.sys
[2010/03/04 19:10:22 | 000,000,000 | ---D | C] -- C:\windows\System32\drivers\Avg
[2010/03/04 19:10:20 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2010/03/04 19:10:08 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/03/04 19:10:07 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9
[2010/03/04 18:32:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office Outlook Connector
[2010/03/04 18:32:00 | 000,000,000 | ---D | C] -- C:\windows\System32\DRVSTORE
[2010/03/04 18:31:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2010/03/04 18:31:10 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2010/03/04 18:24:27 | 000,000,000 | ---D | C] -- C:\Program Files\ltmoh
[2010/03/04 18:16:26 | 000,000,000 | ---D | C] -- C:\Users\TOSHIBA\AppData\Local\Downloaded Installations
[2010/03/04 17:38:42 | 000,000,000 | ---D | C] -- C:\Users\TOSHIBA\AppData\Roaming\InstallShield
[2010/03/04 14:40:45 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2010/03/04 03:15:33 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\TOSHIBA\Desktop\mbam-setup.exe
[2010/03/03 10:30:55 | 000,000,000 | ---D | C] -- C:\Users\TOSHIBA\AppData\Roaming\Comodo
[2010/03/03 10:19:39 | 000,000,000 | ---D | C] -- C:\Users\TOSHIBA\CCleaner
[2010/03/03 00:31:46 | 000,000,000 | ---D | C] -- C:\windows\Spybot - Search & Destroy
[2010/03/03 00:31:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/02/28 03:30:43 | 000,000,000 | ---D | C] -- C:\Users\TOSHIBA\AppData\Roaming\Malwarebytes
[2010/02/28 03:30:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/02/26 21:21:10 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2010/02/26 14:59:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Grisoft
[2010/02/26 13:43:02 | 000,000,000 | ---D | C] -- C:\Users\TOSHIBA\AppData\Local\Mozilla
[2010/02/19 03:28:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/02/19 03:28:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/02/16 02:23:57 | 000,000,000 | ---D | C] -- C:\Users\TOSHIBA\AppData\Roaming\skypePM
[2010/02/16 02:21:33 | 000,000,000 | ---D | C] -- C:\Users\TOSHIBA\AppData\Roaming\Skype
[2010/02/16 02:21:15 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010/02/16 02:21:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010/02/07 22:20:17 | 000,000,000 | ---D | C] -- C:\Users\TOSHIBA\AppData\Roaming\Media Player Classic
[2010/02/06 23:06:16 | 000,000,000 | ---D | C] -- C:\Users\TOSHIBA\AppData\Roaming\Uniblue
[2010/02/06 23:02:14 | 000,630,784 | ---- | C] (On2.com) -- C:\windows\System32\vp7vfw.dll
[2010/02/06 23:02:14 | 000,039,936 | ---- | C] (Disappearing Inc.) -- C:\windows\System32\huffyuv.dll
[2010/02/05 21:10:47 | 000,000,000 | ---D | C] -- C:\Users\TOSHIBA\AppData\Roaming\uTorrent
[2010/02/03 02:43:07 | 000,056,816 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avgntflt.sys
[2010/01/29 16:50:24 | 000,000,000 | ---D | C] -- C:\windows\System32\sda
[2010/01/25 10:18:01 | 000,000,000 | ---D | C] -- C:\Users\TOSHIBA\AppData\Roaming\Toshiba

========== Files - Modified Within 90 Days ==========

[2010/04/25 06:38:00 | 000,860,672 | ---- | M] () -- C:\windows\System32\drivers\ztbcaud.sys
[2010/04/25 06:34:05 | 002,359,296 | -HS- | M] () -- C:\Users\TOSHIBA\ntuser.dat
[2010/04/25 06:33:37 | 000,562,688 | ---- | M] (OldTimer Tools) -- C:\Users\TOSHIBA\Desktop\OTL.exe
[2010/04/25 06:32:18 | 000,000,884 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/25 06:32:18 | 000,000,382 | ---- | M] () -- C:\windows\tasks\Registry Reviver-TOSHIBA-Startup.job
[2010/04/25 06:32:04 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2010/04/25 06:31:57 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2010/04/25 06:31:55 | 1504,346,112 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/25 06:08:48 | 000,016,080 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/25 06:08:48 | 000,016,080 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/25 06:07:10 | 000,284,915 | ---- | M] () -- C:\Users\TOSHIBA\Desktop\gmer.zip
[2010/04/25 05:54:00 | 000,000,888 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/25 05:50:15 | 000,000,952 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/25 05:46:44 | 000,000,980 | ---- | M] () -- C:\Users\TOSHIBA\Desktop\NTREGOPT.lnk
[2010/04/25 05:46:44 | 000,000,961 | ---- | M] () -- C:\Users\TOSHIBA\Desktop\ERUNT.lnk
[2010/04/25 05:44:24 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\TOSHIBA\Desktop\erunt_setup.exe
[2010/04/25 05:39:22 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Users\TOSHIBA\Desktop\TFC.exe
[2010/04/24 18:59:36 | 000,000,036 | ---- | M] () -- C:\Users\TOSHIBA\AppData\Local\housecall.guid.cache
[2010/04/24 18:26:15 | 059,237,375 | ---- | M] () -- C:\windows\System32\drivers\Avg\incavi.avm
[2010/04/23 19:35:16 | 000,001,957 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/04/23 12:00:28 | 000,779,572 | ---- | M] () -- C:\windows\System32\PerfStringBackup.INI
[2010/04/23 12:00:28 | 000,662,068 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2010/04/23 12:00:28 | 000,121,224 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2010/04/23 11:53:53 | 000,002,143 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/04/23 11:22:16 | 000,001,090 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2010/04/23 09:02:43 | 000,001,846 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
[2010/04/22 19:41:25 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2010/04/22 17:48:53 | 000,001,858 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/04/22 17:29:17 | 000,001,888 | ---- | M] () -- C:\Users\TOSHIBA\Desktop\Update Checker.lnk
[2010/04/22 07:22:26 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\drivers\avgtdix.sys
[2010/04/20 19:04:12 | 000,001,671 | ---- | M] () -- C:\Users\TOSHIBA\Desktop\CCleaner.lnk
[2010/04/18 04:26:14 | 000,000,017 | ---- | M] () -- C:\Users\TOSHIBA\AppData\Local\resmon.resmoncfg
[2010/04/10 05:44:43 | 000,417,976 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2010/04/09 22:33:02 | 000,109,208 | ---- | M] () -- C:\Users\TOSHIBA\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/04/01 16:11:16 | 000,001,062 | ---- | M] () -- C:\Users\TOSHIBA\Desktop\OLYMPUS Master 2.lnk
[2010/03/31 11:29:36 | 000,002,479 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2010/03/30 05:56:21 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/03/30 05:56:21 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2010/03/19 05:28:00 | 003,753,224 | ---- | M] (INCA Internet Co., Ltd.) -- C:\windows\System32\GameMon.des
[2010/03/16 05:02:25 | 000,015,134 | ---- | M] () -- C:\windows\System32\results.xml
[2010/03/15 20:05:57 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\drivers\avgmfx86.sys
[2010/03/15 20:05:57 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\avgrsstx.dll
[2010/03/15 20:05:53 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\drivers\avgldx86.sys
[2010/03/15 16:25:53 | 000,012,820 | ---- | M] () -- C:\Users\TOSHIBA\Documents\The other side of me lyrics.docx
[2010/03/15 13:38:20 | 000,001,588 | ---- | M] () -- C:\Users\Public\Desktop\SMART BRO.lnk
[2010/03/04 19:14:08 | 000,142,495 | ---- | M] () -- C:\windows\System32\drivers\Avg\microavi.avg
[2010/03/04 19:10:29 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010/03/04 19:10:22 | 006,061,540 | ---- | M] () -- C:\windows\System32\drivers\Avg\avi7.avg
[2010/03/04 19:10:22 | 000,492,629 | ---- | M] () -- C:\windows\System32\drivers\Avg\miniavi.avg
[2010/03/04 19:10:22 | 000,113,461 | ---- | M] () -- C:\windows\System32\drivers\Avg\iavichjw.avm
[2010/03/04 03:15:34 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\TOSHIBA\Desktop\mbam-setup.exe
[2010/03/04 02:57:21 | 001,474,832 | ---- | M] () -- C:\windows\System32\drivers\sfi.dat
[2010/02/26 13:43:03 | 000,000,000 | ---- | M] () -- C:\windows\nsreg.dat
[2010/02/09 02:06:03 | 000,000,000 | ---- | M] () -- C:\windows\PowerReg.dat

========== Files Created - No Company Name ==========

[2010/04/25 06:06:52 | 000,284,915 | ---- | C] () -- C:\Users\TOSHIBA\Desktop\gmer.zip
[2010/04/25 05:50:15 | 000,000,952 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/25 05:46:44 | 000,000,980 | ---- | C] () -- C:\Users\TOSHIBA\Desktop\NTREGOPT.lnk
[2010/04/25 05:46:44 | 000,000,961 | ---- | C] () -- C:\Users\TOSHIBA\Desktop\ERUNT.lnk
[2010/04/24 18:59:36 | 000,000,036 | ---- | C] () -- C:\Users\TOSHIBA\AppData\Local\housecall.guid.cache
[2010/04/23 11:53:53 | 000,002,143 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/04/23 11:22:16 | 000,001,090 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2010/04/23 10:51:49 | 000,001,957 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/04/23 09:02:43 | 000,001,846 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
[2010/04/22 17:29:17 | 000,001,888 | ---- | C] () -- C:\Users\TOSHIBA\Desktop\Update Checker.lnk
[2010/04/18 04:26:14 | 000,000,017 | ---- | C] () -- C:\Users\TOSHIBA\AppData\Local\resmon.resmoncfg
[2010/04/09 18:53:06 | 000,005,174 | ---- | C] () -- C:\windows\System32\nppt9x.vxd
[2010/04/07 14:12:25 | 000,000,382 | ---- | C] () -- C:\windows\tasks\Registry Reviver-TOSHIBA-Startup.job
[2010/04/01 16:11:16 | 000,001,062 | ---- | C] () -- C:\Users\TOSHIBA\Desktop\OLYMPUS Master 2.lnk
[2010/03/31 11:29:36 | 000,002,479 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2010/03/30 20:04:11 | 000,001,858 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/03/30 10:27:39 | 000,000,888 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/30 10:27:38 | 000,000,884 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/30 05:56:21 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/03/30 05:56:21 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010/03/15 16:25:52 | 000,012,820 | ---- | C] () -- C:\Users\TOSHIBA\Documents\The other side of me lyrics.docx
[2010/03/15 13:38:14 | 000,001,588 | ---- | C] () -- C:\Users\Public\Desktop\SMART BRO.lnk
[2010/03/04 19:10:29 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010/03/04 19:10:22 | 059,237,375 | ---- | C] () -- C:\windows\System32\drivers\Avg\incavi.avm
[2010/03/04 19:10:22 | 006,061,540 | ---- | C] () -- C:\windows\System32\drivers\Avg\avi7.avg
[2010/03/04 19:10:22 | 000,492,629 | ---- | C] () -- C:\windows\System32\drivers\Avg\miniavi.avg
[2010/03/04 19:10:22 | 000,142,495 | ---- | C] () -- C:\windows\System32\drivers\Avg\microavi.avg
[2010/03/04 19:10:22 | 000,113,461 | ---- | C] () -- C:\windows\System32\drivers\Avg\iavichjw.avm
[2010/03/03 10:32:10 | 001,474,832 | ---- | C] () -- C:\windows\System32\drivers\sfi.dat
[2010/03/03 10:19:40 | 000,001,671 | ---- | C] () -- C:\Users\TOSHIBA\Desktop\CCleaner.lnk
[2010/02/26 13:43:03 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat
[2010/02/26 02:30:57 | 000,860,672 | ---- | C] () -- C:\windows\System32\drivers\ztbcaud.sys
[2010/02/16 02:23:57 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/02/09 02:06:03 | 000,000,000 | ---- | C] () -- C:\windows\PowerReg.dat
[2010/01/12 23:17:54 | 000,178,176 | ---- | C] () -- C:\windows\System32\unrar.dll
[2010/01/12 23:17:53 | 000,000,038 | ---- | C] () -- C:\windows\avisplitter.ini
[2010/01/12 23:17:51 | 000,881,664 | ---- | C] () -- C:\windows\System32\xvidcore.dll
[2010/01/12 23:17:51 | 000,205,824 | ---- | C] () -- C:\windows\System32\xvidvfw.dll
[2010/01/12 23:17:49 | 000,000,547 | ---- | C] () -- C:\windows\System32\ff_vfw.dll.manifest
[2010/01/12 23:17:48 | 000,085,504 | ---- | C] () -- C:\windows\System32\ff_vfw.dll
[2010/01/02 12:39:14 | 000,000,014 | RHS- | C] () -- C:\windows\System32\drivers\fbd.sys
[2010/01/02 12:32:36 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2010/01/02 12:14:08 | 000,073,728 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll
[2009/07/14 07:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/14 07:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/07/10 22:44:40 | 000,004,608 | ---- | C] () -- C:\windows\System32\HdmiCoin.dll
[2005/03/01 15:30:20 | 000,000,453 | ---- | C] () -- C:\windows\bdoscandellang.ini

========== LOP Check ==========

[2010/03/25 15:22:22 | 000,000,000 | ---D | M] -- C:\Users\TOSHIBA\AppData\Roaming\Autodesk
[2010/04/18 03:23:30 | 000,000,000 | ---D | M] -- C:\Users\TOSHIBA\AppData\Roaming\TeraCopy
[2010/01/25 10:18:01 | 000,000,000 | ---D | M] -- C:\Users\TOSHIBA\AppData\Roaming\Toshiba
[2010/02/06 23:06:16 | 000,000,000 | ---D | M] -- C:\Users\TOSHIBA\AppData\Roaming\Uniblue
[2010/04/24 23:34:29 | 000,000,000 | ---D | M] -- C:\Users\TOSHIBA\AppData\Roaming\uTorrent
[2010/01/02 12:38:56 | 000,000,000 | ---D | M] -- C:\Users\TOSHIBA\AppData\Roaming\WinBatch
[2010/03/20 08:49:52 | 000,000,000 | ---D | M] -- C:\Users\TOSHIBA\AppData\Roaming\Zen of Sudoku
[2010/04/25 06:32:18 | 000,000,382 | ---- | M] () -- C:\Windows\Tasks\Registry Reviver-TOSHIBA-Startup.job
[2010/03/25 14:01:48 | 000,032,598 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2009/07/14 09:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 09:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/14 09:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/14 09:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 09:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/14 09:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/14 09:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 09:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: IASTOR.SYS >
[2009/06/04 23:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009/06/04 23:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009/06/04 23:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\drivers\iaStor.sys
[2009/06/04 23:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_4f144d6467fc7c22\iaStor.sys

< MD5 for: IASTORV.SYS >
[2009/07/14 09:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009/07/14 09:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 09:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/14 09:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/14 09:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVRAID.SYS >
[2009/07/14 09:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\System32\drivers\nvraid.sys
[2009/07/14 09:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvraid.sys
[2009/07/14 09:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2009/07/14 09:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009/07/14 09:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 09:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/14 09:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009/07/14 09:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/14 09:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/07/14 09:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010/04/25 06:50:10 | 000,860,672 | ---- | M] () Unable to obtain MD5 -- C:\windows\System32\drivers\ztbcaud.sys

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >
[2010/03/15 20:05:53 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/03/15 20:05:57 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/04/22 07:22:26 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/04/09 01:25:36 | 000,016,744 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmderd.sys
[2010/04/09 01:25:38 | 000,218,560 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdGuard.sys
[2010/04/09 01:25:38 | 000,030,112 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdhlp.sys
[2010/04/09 01:25:40 | 000,074,408 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\inspect.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/02/27 15:32:05 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb.sys
[2010/02/27 15:32:26 | 000,221,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys
[2010/02/27 15:32:12 | 000,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys
[2010/04/25 06:50:10 | 000,860,672 | ---- | M] () -- C:\windows\System32\drivers\ztbcaud.sys

< End of report >

OTL Extras logfile created on: 4/25/2010 6:35:51 AM - Run 1
OTL by OldTimer - Version 3.2.2.0 Folder = C:\Users\TOSHIBA\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 51.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 72.00 Gb Total Space | 44.83 Gb Free Space | 62.27% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 152.96 Gb Total Space | 86.38 Gb Free Space | 56.47% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TOSHIBA-PC
Current User Name: TOSHIBA
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MIF5BA~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth
"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = [email protected] 1.0
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{3A1AB8E6-748E-4B95-AA2D-FE9952EB3106}" = OLYMPUS Master 2
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype™
"{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}" = SMART BRO
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = Toshiba Application and Driver Installer
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A31A5DFC-3439-48FC-99BB-5174168AE471}" = COMODO livePCsupport
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{CC6B1BB4-4E06-4A5B-A166-B371B551324B}" = COMODO Internet Security
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DA84ECBF-4B79-47F2-B34C-95C38484C058}" = Skype Launcher
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = Toshiba Quality Application
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F793D123-07BD-4B44-9B97-3D6338B9DB37}" = MyToshiba
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG9Uninstall" = AVG Free 9.0
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CCleaner" = CCleaner
"Comodo HopSurf Toolbar" = Comodo HopSurf
"Comodo TrustConnect™_is1" = Comodo TrustConnect™ v.1.7.1
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"FileHippo.com" = FileHippo.com Update Checker
"HDMI" = Intel® Graphics Media Accelerator Driver
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.6.1 (Full)
"LTMOH" = LSI V92 MOH Application
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"PROHYBRIDR" = 2007 Microsoft Office system
"RealAlt_is1" = Real Alternative 1.9.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeraCopy_is1" = TeraCopy 2.01
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.7.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/14/2010 2:25:33 PM | Computer Name = TOSHIBA-PC | Source = Bonjour Service | ID = 100
Description = 196: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 4/15/2010 1:19:30 AM | Computer Name = TOSHIBA-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/15/2010 1:19:30 AM | Computer Name = TOSHIBA-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1076

Error - 4/15/2010 1:19:30 AM | Computer Name = TOSHIBA-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1076

Error - 4/15/2010 5:05:08 AM | Computer Name = TOSHIBA-PC | Source = Application Hang | ID = 1002
Description = The program Neuz.exe version 3.8.22.1 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 1434 Start Time:
01cadc76e59b690c Termination Time: 94 Application Path: E:\Games\Online Games\LanzFlyff\Neuz.exe

Report
Id:

Error - 4/15/2010 5:45:41 AM | Computer Name = TOSHIBA-PC | Source = Application Hang | ID = 1002
Description = The program Neuz.exe version 3.8.22.1 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 1778 Start Time:
01cadc7ac5afe9fe Termination Time: 4389 Application Path: E:\Games\Online Games\LanzFlyff\Neuz.exe

Report
Id: a32b16a1-4873-11df-b66d-00262243553e

Error - 4/15/2010 7:38:43 AM | Computer Name = TOSHIBA-PC | Source = Application Hang | ID = 1002
Description = The program Neuz.exe version 3.8.22.1 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 15a8 Start Time:
01cadc873d1db853 Termination Time: 32 Application Path: E:\Games\Online Games\LanzFlyff\Neuz.exe

Report
Id:

Error - 4/15/2010 6:18:16 PM | Computer Name = TOSHIBA-PC | Source = VSS | ID = 8193
Description =

Error - 4/15/2010 9:14:29 PM | Computer Name = TOSHIBA-PC | Source = Application Hang | ID = 1002
Description = The program Neuz.exe version 3.8.22.1 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: b1c Start Time:
01cadcec6b085cdb Termination Time: 21 Application Path: E:\Games\Online Games\LanzFlyff\Neuz.exe

Report
Id:

Error - 4/16/2010 12:42:51 PM | Computer Name = TOSHIBA-PC | Source = VSS | ID = 8193
Description =

[ Media Center Events ]
Error - 3/26/2010 4:21:07 AM | Computer Name = TOSHIBA-PC | Source = MCUpdate | ID = 0
Description = 4:21:07 PM - Error connecting to the internet. 4:21:07 PM - Unable
to contact server..

Error - 3/26/2010 4:21:16 AM | Computer Name = TOSHIBA-PC | Source = MCUpdate | ID = 0
Description = 4:21:12 PM - Error connecting to the internet. 4:21:12 PM - Unable
to contact server..

Error - 3/26/2010 3:25:50 PM | Computer Name = TOSHIBA-PC | Source = MCUpdate | ID = 0
Description = 3:25:50 AM - Error connecting to the internet. 3:25:50 AM - Unable
to contact server..

Error - 3/26/2010 3:26:00 PM | Computer Name = TOSHIBA-PC | Source = MCUpdate | ID = 0
Description = 3:25:55 AM - Error connecting to the internet. 3:25:55 AM - Unable
to contact server..

Error - 3/27/2010 12:24:24 AM | Computer Name = TOSHIBA-PC | Source = MCUpdate | ID = 0
Description = 12:24:24 PM - Error connecting to the internet. 12:24:24 PM - Unable
to contact server..

Error - 3/27/2010 12:24:38 AM | Computer Name = TOSHIBA-PC | Source = MCUpdate | ID = 0
Description = 12:24:29 PM - Error connecting to the internet. 12:24:29 PM - Unable
to contact server..

Error - 4/7/2010 8:49:28 PM | Computer Name = TOSHIBA-PC | Source = MCUpdate | ID = 0
Description = 8:49:27 AM - Error connecting to the internet. 8:49:28 AM - Unable
to contact server..

Error - 4/7/2010 8:50:02 PM | Computer Name = TOSHIBA-PC | Source = MCUpdate | ID = 0
Description = 8:49:57 AM - Error connecting to the internet. 8:49:57 AM - Unable
to contact server..

Error - 4/21/2010 3:47:28 AM | Computer Name = TOSHIBA-PC | Source = MCUpdate | ID = 0
Description = 3:47:22 PM - Error connecting to the internet. 3:47:22 PM - Unable
to contact server..

Error - 4/21/2010 4:47:35 AM | Computer Name = TOSHIBA-PC | Source = MCUpdate | ID = 0
Description = 4:47:34 PM - Error connecting to the internet. 4:47:34 PM - Unable
to contact server..

[ System Events ]
Error - 3/30/2010 11:12:23 PM | Computer Name = TOSHIBA-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the YahooAUService service.

Error - 4/2/2010 9:46:16 PM | Computer Name = TOSHIBA-PC | Source = HTTP | ID = 15005
Description =

Error - 4/3/2010 6:04:07 AM | Computer Name = TOSHIBA-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

Error - 4/3/2010 10:26:23 AM | Computer Name = TOSHIBA-PC | Source = DCOM | ID = 10010
Description =

Error - 4/4/2010 7:48:18 PM | Computer Name = TOSHIBA-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the lmhosts service.

Error - 4/7/2010 2:15:19 AM | Computer Name = TOSHIBA-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 4/7/2010 2:15:20 AM | Computer Name = TOSHIBA-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 4/7/2010 2:15:20 AM | Computer Name = TOSHIBA-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 4/7/2010 2:15:21 AM | Computer Name = TOSHIBA-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 4/7/2010 2:15:21 AM | Computer Name = TOSHIBA-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.


< End of report >

Attached Files

  • Attached File  ark.txt   581.03KB   134 downloads
  • Attached File  Extras.Txt   49.26KB   120 downloads
  • Attached File  OTL.Txt   138.58KB   126 downloads

Edited by Gammo, 25 April 2010 - 04:53 AM.

  • 0

Advertisements


#2
ldtate

ldtate

    Malware Expert

  • Expert
  • 1,874 posts
  • MVP
Posted Image


DO NOT use any TOOLS such as Combofix, Vundofix, or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.



Vista and Windows 7 users:
1. These tools MUST be run from the executable. (.exe) every time you run them
2. With Admin Rights (Right click, choose "Run as Administrator")


Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

I suggest you do this:

XP Users

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Uncheck "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Uncheck "Hide protected operating system files."
Click Apply, and then click OK.


Vista Users

To enable the viewing of hidden and protected system files in Windows Vista please follow these steps:

Close all programs so that you are at your desktop.
Click on the Start button. This is the small round button with the Windows flag in the lower left corner.

Click on the Control Panel menu option.
When the control panel opens you can either be in Classic View or Control Panel Home view:

If you are in the Classic View do the following:
Double-click on the Folder Options icon.
Click on the View tab.


If you are in the Control Panel Home view do the following:

Click on the Appearance and Personalization link.
Click on Show Hidden Files or Folders.
Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
Remove the checkmark from the checkbox labeled Hide extensions for known file types.
Remove the checkmark from the checkbox labeled Hide protected operating system files.




Please do not delete anything unless instructed to.


We've been seeing some Java infections lately.
Go here and follow the instructions to clear your Java Cache


Next:

Please download ATF Cleaner by Atribune.
Download - ATF Cleaner»
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
[/list]If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

It's normal after running ATF cleaner that the PC will be slower to boot the first time.

Next:


Download ComboFix from one of these locations:

Link 1
Link 2 If using this link, Right Click and select Save As.


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs

  • Double click on ComboFix.exe & follow the prompts.

    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.

    Note: If you have SP3, use the SP2 package.If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.


Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.
  • 0

#3
Ellis03

Ellis03

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
SORRY 4 THE LATE REPLY...HERES THE PROCESS WHEN I RAN THE COMBOFIX.EXE.AT FIRST..WHEN COMBOFIX FINISHED ITS SCAN..IT ASK ME TO RESTORE THIS"C:\Device\HarddiskVolume1\Boot\BCD" I CLICK OK ON THIS ONE..THEN COMBOFIX AUTOMATICALLY REBOOT MY SYSTEM..BUT AFTER THE REBOOT..THE BLUE SCREEN ERROR APPEARS..I CANT RECALL ABOUT THE ERROR BUT IT IS SOMETHING RELATED TO THIS "mbr.sys" CAUSE ITS ON THE TOP OF THE BLUE SCREEN AFTER THEN IT I RESTART IT AGAIN..THEN, I SEARCHED 4 THE COMBOFIX.TXT..AS U MENTIONED IN UR REPLY..THERES NONE..SO I RAN THE COMBOFIX.EXE AGAIN THEN WHEN IT FINISHED ITS SCAN..WELL, HERES THE LOG THAT I ATTACHED AND IT DOESNT ASK TO RESTART THE COMPUTER http://www.geekstogo...t/confused1.gif

AND ONE MORE THING,ABOUT THE "Go here and follow the instructions to clear your Java Cache" I CLICK ON THIS LINK..BUT THE PROBLEM IS I DONT HAVE A JAVA ICON ON MY CONTROL PANEL..I GO TO THE LIST OF MY PROGRAMS BUT NEITHER JAVA IS NOT ON THE LIST..AND I SEARCH 4 THE FOLDERS AND FILES AND I FOUND THE JAVA FOLDERS LOCATED HERE:

JAVASCRIPTS

C:\PROGRAM FILES\ADOBE\ADOBE READER 9.0\READER

JAVASCRIPTCORE.RESOURCES

C:\PROGRAM FILES\COMMON FILES\APPLE\APPLE APPLICATION SUPPORT

JAVA

C:\PROGRAM FILE\COMMONFILES

JAVA
C:\PROGRAMDATA\SUN

JAVA

C:\PROGRAM FILES\COMMON FILES\JAVA

JAVA

C:\PROGRAM DATA\SUN\JAVA

JAVA
C:\USERS\TOSHIBA\APPDATA\LOCALLOW\SUN

JAVAPLUGIN.JAR
C:\PROGRAM FILES\SAFARI\PLUGINS TYPE:WINRAR ARCHIEVE

JAVASCRIPTCORE.DLL
C:\PROGRM FILES\COMMON FILES\APPLE\APPLE APPLICATION SUPPORT TYPE:APPLICATION EXTENSION

JAVA_01.MID

DO I NEED TO DELETE THIS FILES TO CLEAN UP MY JAVA CACHE.

AND ALSO FOLDERS "$RECYCLE.BIN" AND "$AVG" ON MY DRIVE E:\ STARTED TO APPEAR

AND IN MY DRIVE C:\..THESE FOLDERS ALSO STARTED TO APPEAR IN COLOR BLUE FONT.."$AVG","BOOT","DEVICE","QOOBOX"

I JUST WANTED TO KNOW IF WHAT THIS FOLDERS ARE FOR..ESPECIALLY ON MY DRIVE E:\ WHICH ARE BOTH EMPTY

AND ONE MORE QUESTION..IS IT OK THAT I SKIP THAT STEP ON CLEARING MY JAVA CACHE..DOES IT AFFECTS THE LOG REPORT WHEN I RAN THE COMBOFIX SCAN...SORRY THAT I HAVE SO MANY QUESTIONS..

THANX IN ADVANCE AND MORE POWERS TO YOU TEAM http://www.geekstogo...lt/thumbsup.gif

Attached Files


Edited by Ellis03, 25 April 2010 - 06:18 PM.

  • 0

#4
ldtate

ldtate

    Malware Expert

  • Expert
  • 1,874 posts
  • MVP
ComboFix 10-04-21.01 - TOSHIBA 04/26/2010 6:56.3.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1913.1103 [GMT 8:00]
Running from: c:\users\TOSHIBA\Desktop\ComboFix.exe
SP: AVG Anti-Spyware *disabled* (Outdated) {48F2E28D-ED66-4646-9C11-B3055B0AF604}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_RKHIT


((((((((((((((((((((((((( Files Created from 2010-03-25 to 2010-04-25 )))))))))))))))))))))))))))))))
.

2010-04-25 23:04 . 2010-04-25 23:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-25 22:49 . 2010-04-25 22:49 -------- dc----w- C:\Device
2010-04-25 22:47 . 2010-04-25 23:04 -------- d-----w- c:\users\TOSHIBA\AppData\Local\temp
2010-04-25 11:18 . 2010-04-25 11:26 117760 ----a-w- c:\users\TOSHIBA\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-25 11:18 . 2010-04-25 11:18 52224 ----a-w- c:\users\TOSHIBA\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-25 11:18 . 2010-04-25 11:18 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-25 03:07 . 2010-04-25 13:01 -------- d-----w- c:\program files\SpywareBlaster
2010-04-24 23:59 . 2010-04-24 23:59 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-04-24 23:59 . 2010-04-24 23:59 -------- d-----w- c:\users\TOSHIBA\AppData\Roaming\SUPERAntiSpyware.com
2010-04-24 23:58 . 2010-04-24 23:58 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-24 21:53 . 2010-04-24 21:53 5918776 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-24 21:50 . 2010-03-29 16:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-24 21:50 . 2010-04-24 21:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-24 21:50 . 2010-03-29 16:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-24 21:46 . 2010-04-24 21:46 -------- d-----w- c:\program files\ERUNT
2010-04-24 14:32 . 2010-04-24 14:32 -------- d-----w- c:\windows\element
2010-04-23 02:51 . 2010-04-23 02:51 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-23 01:38 . 2010-04-23 01:42 -------- d-----w- c:\program files\Windows Live Safety Center
2010-04-23 01:20 . 2010-04-11 13:53 79872 ----a-w- c:\users\TOSHIBA\AppData\Roaming\Mozilla\Firefox\Profiles\v5f5tlai.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
2010-04-23 01:20 . 2010-04-11 13:53 33280 ----a-w- c:\users\TOSHIBA\AppData\Roaming\Mozilla\Firefox\Profiles\v5f5tlai.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINCE\components\WeaveCrypto.dll
2010-04-23 01:05 . 2010-04-23 01:05 -------- d-----w- c:\programdata\COMODO
2010-04-23 00:59 . 2010-04-23 01:02 -------- d-----w- c:\program files\Comodo
2010-04-23 00:59 . 2009-10-14 11:08 32000 ----a-w- c:\windows\system32\drivers\tap0901.sys
2010-04-23 00:59 . 2010-04-23 00:59 5542592 ----a-w- c:\programdata\Comodo Downloader\hopsurf.exe
2010-04-23 00:59 . 2010-04-23 00:59 1510584 ----a-w- c:\programdata\Comodo Downloader\trustconnectclient.exe
2010-04-23 00:58 . 2010-04-23 00:59 -------- d-----w- c:\programdata\Comodo Downloader
2010-04-22 13:36 . 2010-04-22 13:36 -------- d-----w- c:\programdata\Agnitum
2010-04-22 11:40 . 2010-04-22 11:40 -------- d-----w- c:\program files\Common Files\Skype
2010-04-22 09:29 . 2010-04-22 09:29 -------- d-----w- c:\program files\FileHippo.com
2010-04-21 23:48 . 2010-04-21 23:48 -------- d-----w- c:\windows\BDOSCAN8
2010-04-17 04:09 . 2010-02-27 12:07 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-17 04:09 . 2010-02-27 12:07 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-16 21:00 . 2010-04-17 14:35 -------- d-----w- c:\windows\system32\MpEngineStore
2010-04-15 17:39 . 2010-03-08 21:33 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-04-15 17:39 . 2010-02-27 07:32 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-15 17:39 . 2010-02-27 07:32 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-15 17:39 . 2010-02-27 07:32 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-15 00:03 . 2010-04-15 00:03 -------- d-----w- c:\users\TOSHIBA\AppData\Local\Yahoo!
2010-04-13 21:52 . 2009-12-29 06:55 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-13 21:52 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll
2010-04-12 21:39 . 2010-02-23 06:04 1664256 ----a-w- c:\programdata\AVG Security Toolbar\IEToolbar.dll
2010-04-09 10:53 . 2005-01-04 18:43 4682 ----a-w- c:\windows\system32\npptNT2.sys
2010-04-09 10:51 . 2010-04-09 10:51 -------- d-----w- c:\program files\Common Files\INCA Shared
2010-04-08 17:26 . 2010-04-08 17:26 277240 ----a-w- c:\windows\system32\guard32.dll
2010-04-08 17:25 . 2010-04-08 17:25 74408 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-04-08 17:25 . 2010-04-08 17:25 30112 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-04-08 17:25 . 2010-04-08 17:25 218560 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2010-04-08 17:25 . 2010-04-08 17:25 16744 ----a-w- c:\windows\system32\drivers\cmderd.sys
2010-04-08 09:36 . 2010-04-08 09:36 -------- d-----w- c:\windows\system32\Wat
2010-04-06 08:56 . 2010-04-06 08:56 -------- dc----w- C:\$AVG
2010-04-03 02:31 . 2009-05-18 05:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-04-03 02:31 . 2008-04-17 04:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-04-03 02:31 . 2010-04-03 02:31 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-03 02:29 . 2010-04-03 02:29 -------- d-----w- c:\program files\Apple Software Update
2010-04-01 08:12 . 2010-04-01 08:12 -------- d-----w- c:\users\TOSHIBA\AppData\Local\OLYMPUS
2010-04-01 08:11 . 2010-04-01 08:11 -------- d-----w- c:\program files\OLYMPUS
2010-03-31 03:29 . 2010-04-05 21:02 -------- d-----w- c:\programdata\Apple Computer
2010-03-31 03:29 . 2010-03-31 03:29 -------- d-----w- c:\program files\Safari
2010-03-31 03:29 . 2010-04-05 21:02 -------- d-----w- c:\program files\Common Files\Apple
2010-03-31 03:28 . 2010-03-31 03:28 -------- d-----w- c:\programdata\Apple
2010-03-31 02:25 . 2010-04-03 03:29 -------- d-----w- c:\users\TOSHIBA\AppData\Roaming\Apple Computer
2010-03-31 00:15 . 2010-04-03 02:30 -------- d-----w- c:\program files\QuickTime
2010-03-30 21:37 . 2010-02-23 07:56 977920 ----a-w- c:\windows\system32\wininet.dll
2010-03-30 13:17 . 2010-03-30 13:17 -------- d-----w- c:\program files\Bonjour
2010-03-30 02:28 . 2010-03-30 02:28 1232496 ----a-w- c:\programdata\Google\Google Toolbar\Component\GoogleCld_D9AEC8D4D1915047.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-25 16:46 . 2010-01-24 17:53 -------- d-----w- c:\users\TOSHIBA\AppData\Roaming\TeraCopy
2010-04-25 12:57 . 2010-02-05 13:10 -------- d-----w- c:\users\TOSHIBA\AppData\Roaming\uTorrent
2010-04-23 03:53 . 2009-09-17 00:08 -------- d-----w- c:\program files\Google
2010-04-23 01:00 . 2010-03-03 02:30 -------- d-----w- c:\users\TOSHIBA\AppData\Roaming\Comodo
2010-04-22 22:31 . 2009-09-17 00:13 -------- d-----w- c:\program files\Microsoft Silverlight
2010-04-22 11:42 . 2010-02-15 18:21 -------- d-----w- c:\users\TOSHIBA\AppData\Roaming\Skype
2010-04-22 11:41 . 2010-02-15 18:23 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-04-22 11:41 . 2010-02-15 18:23 -------- d-----w- c:\users\TOSHIBA\AppData\Roaming\skypePM
2010-04-22 11:40 . 2010-02-15 18:21 -------- d-----r- c:\program files\Skype
2010-04-21 23:22 . 2010-03-04 11:10 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-17 14:37 . 2009-09-17 00:20 -------- d-----w- c:\programdata\Microsoft Help
2010-04-12 21:39 . 2010-03-04 11:10 -------- d-----w- c:\programdata\AVG Security Toolbar
2010-04-09 14:33 . 2010-01-02 04:41 109208 ----a-w- c:\users\TOSHIBA\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-09 01:53 . 2010-03-04 05:12 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2010-04-09 01:52 . 2010-03-04 05:11 3605256 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2010-04-08 05:10 . 2010-03-15 05:38 -------- d-----w- c:\program files\SMART BRO
2010-04-01 22:39 . 2010-03-17 06:03 588096 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-03-29 04:24 . 2009-09-17 00:06 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-28 00:33 . 2010-03-17 06:04 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2010-03-28 00:32 . 2010-03-17 06:03 3605256 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2010-03-28 00:29 . 2010-03-04 05:11 546624 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-03-27 13:20 . 2009-09-17 00:08 -------- d-----w- c:\programdata\Partner
2010-03-27 07:16 . 2010-03-20 16:00 -------- d-----w- c:\programdata\Steam
2010-03-27 07:16 . 2010-03-14 06:41 -------- d-----w- c:\programdata\PopCap Games
2010-03-25 07:22 . 2010-03-25 07:22 -------- d-----w- c:\users\TOSHIBA\AppData\Roaming\Autodesk
2010-03-25 06:05 . 2009-09-17 00:07 -------- d-----w- c:\programdata\Norton
2010-03-20 00:49 . 2010-03-20 00:49 -------- d-----w- c:\users\TOSHIBA\AppData\Roaming\Zen of Sudoku
2010-03-18 10:59 . 2010-03-18 10:59 -------- d-----w- c:\programdata\McAfee
2010-03-15 21:07 . 2010-03-15 21:07 -------- d-----w- c:\programdata\Ulead Systems
2010-03-15 20:58 . 2010-03-15 20:58 -------- d-----w- c:\program files\Common Files\Ulead Systems
2010-03-15 20:58 . 2010-03-15 20:58 -------- d-----w- c:\program files\Corel
2010-03-15 12:05 . 2010-03-15 12:05 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-15 12:05 . 2010-03-04 11:10 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-15 12:05 . 2010-03-04 11:10 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-13 03:44 . 2009-09-17 00:07 -------- d-----w- c:\programdata\Toshiba
2010-03-13 03:44 . 2009-09-17 00:06 -------- d-----w- c:\program files\TOSHIBA
2010-03-04 18:04 . 2009-09-17 00:27 -------- d-----w- c:\program files\Microsoft SQL Server
2010-03-04 11:10 . 2010-03-04 11:10 -------- d-----w- c:\program files\AVG
2010-03-04 11:10 . 2010-03-04 11:10 -------- d-----w- c:\programdata\avg9
2010-03-04 10:32 . 2009-09-17 00:11 -------- d-----w- c:\program files\Microsoft
2010-03-04 10:32 . 2010-03-04 10:32 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2010-03-04 10:31 . 2009-09-17 00:11 -------- d-----w- c:\program files\Windows Live
2010-03-04 10:31 . 2010-03-04 10:31 -------- d-----w- c:\program files\Microsoft Sync Framework
2010-03-04 10:31 . 2010-03-04 10:31 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-03-04 10:24 . 2010-03-04 10:24 -------- d-----w- c:\program files\ltmoh
2010-03-04 10:02 . 2010-01-02 04:12 -------- d-----w- c:\program files\Realtek WLAN Driver
2010-03-04 09:59 . 2010-01-02 04:11 -------- d-----w- c:\program files\Realtek
2010-03-04 09:45 . 2010-01-02 04:11 -------- d--h--w- c:\program files\Temp
2010-03-04 09:38 . 2010-03-04 09:38 -------- d-----w- c:\users\TOSHIBA\AppData\Roaming\InstallShield
2010-03-04 05:58 . 2010-03-04 05:58 2771728 ----a-w- c:\programdata\Toshiba\TSS\Plugins\SwUpdates\Packages\9b62b774-1719-469f-b061-f0ae76b502c4\135431_16.37.40.os2009430a_130.exe
2010-03-03 20:00 . 2010-03-03 20:00 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe
2010-03-03 18:57 . 2010-03-03 02:32 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-03-03 02:16 . 2010-03-02 16:31 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-02-27 19:30 . 2010-02-27 19:30 -------- d-----w- c:\users\TOSHIBA\AppData\Roaming\Malwarebytes
2010-02-27 19:30 . 2010-02-27 19:30 -------- d-----w- c:\programdata\Malwarebytes
2010-02-26 13:21 . 2010-02-26 13:21 -------- d-----w- c:\program files\Enigma Software Group
2010-02-26 06:59 . 2010-02-26 06:59 -------- d-----w- c:\programdata\Grisoft
2010-02-26 05:43 . 2010-02-26 05:43 0 ----a-w- c:\windows\nsreg.dat
2010-02-24 02:16 . 2010-01-03 04:57 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-12 03:46 . 2010-02-12 03:46 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 03:46 . 2010-02-12 03:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-08 18:06 . 2010-02-08 18:06 0 ----a-w- c:\windows\PowerReg.dat
2010-02-02 07:45 . 2010-02-24 13:54 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-29 05:00 . 2010-01-29 05:00 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb132D.tmp.exe
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2010-01-02 04:39 . 2010-01-02 04:39 14 --sh--r- c:\windows\System32\drivers\fbd.sys
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-02-23 06:04 1664256 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-11-25 95632]
"NortonOnlineBackupReminder"="c:\program files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-07-16 529256]
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2010-03-03 155648]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2010-03-19 5248312]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-04-01 2010864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-04-08 2029456]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-03-29 1086856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 07:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll c:\windows\System32\guard32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"

[HKLM\~\startupfolder\C:^Users^TOSHIBA^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\TOSHIBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
2009-08-05 22:04 738616 ----a-w- c:\program files\TOSHIBA\FlashCards\TCrdMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 08:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-09-02 22:41 174104 ----a-w- c:\windows\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-09-02 22:41 141848 ----a-w- c:\windows\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-03-29 16:46 1086856 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyTOSHIBA]
2009-08-06 16:13 259952 ----a-w- c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonOnlineBackupReminder]
2009-07-16 19:04 529256 ----a-w- c:\program files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-09-02 22:41 151064 ----a-w- c:\windows\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2009-07-29 05:12 7625248 ------w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-04-05 18:27 26102056 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2009-07-28 22:00 460088 ----a-w- c:\program files\TOSHIBA\SmoothView\SmoothView.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-03-30 02:27 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2009-07-21 01:46 1545512 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToshibaServiceStation]
2009-08-17 18:48 1294136 ----a-w- c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TosSENotify]
2009-08-03 15:17 611672 ----a-w- c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain]
2009-08-05 22:18 476512 ----a-w- c:\program files\TOSHIBA\Power Saver\TPwrMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TWebCamera]
2009-08-11 19:37 2446648 ----a-w- c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
2009-02-23 13:05 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe

R2 Autorun CDROM Monitor;Autorun CDROM Monitor;c:\windows\system32\SupportAppXL\cdrom_mon.exe [2009-10-10 81920]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-30 135664]
R3 GarenaPEngine;GarenaPEngine;c:\users\TOSHIBA\AppData\Local\Temp\HCE69D1.tmp [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-03-18 3753224]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-02-17 12872]
R3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-03 111960]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-08 1343400]
R3 XDva300;XDva300;c:\windows\system32\XDva300.sys [x]
R3 XDva309;XDva309;c:\windows\system32\XDva309.sys [x]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-03-15 216200]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-04-21 242896]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2010-04-08 218560]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2010-04-08 30112]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-02-17 66632]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-03-15 308064]
S2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO livePCsupport\CLPSLS.exe [2010-02-19 148744]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 122880]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 24064]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-23 167936]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2009-08-28 859136]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]


--- Other Services/Drivers In Memory ---

*Deregistered* - ztbcaud

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F793D123-07BD-4B44-9B97-3D6338B9DB37}]
2009-08-06 16:13 259952 ----a-w- c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe
.
Contents of the 'Scheduled Tasks' folder

2010-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-30 02:27]

2010-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-30 02:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSZZ&bmod=TSZZ
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.co.uk/scan_uk/scan8/oscan8.cab
FF - ProfilePath - c:\users\TOSHIBA\AppData\Roaming\Mozilla\Firefox\Profiles\v5f5tlai.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\users\TOSHIBA\AppData\Roaming\Mozilla\Firefox\Profiles\v5f5tlai.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\TOSHIBA\AppData\Local\Yahoo!\BrowserPlus\2.7.0\Plugins\npybrowserplus_2.7.0.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-SpybotSD TeaTimer - c:\windows\Spybot - Search & Destroy\TeaTimer.exe
AddRemove-TOSHIBA Software Modem - c:\windows\agrsmdel



[HKEY_LOCAL_MACHINE\system\ControlSet001\services\GarenaPEngine]
"ImagePath"="\??\c:\users\TOSHIBA\AppData\Local\Temp\HCE69D1.tmp"

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ztbcaud]

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-04-26 07:07:44
ComboFix-quarantined-files.txt 2010-04-25 23:07

Pre-Run: 49,906,782,208 bytes free
Post-Run: 49,819,951,104 bytes free

- - End Of File - - 9B907A87D7EFF5548F9D96FFF8478873
  • 0

#5
ldtate

ldtate

    Malware Expert

  • Expert
  • 1,874 posts
  • MVP
Don't worry about the java stuff.

How's it running now?
  • 0

#6
Ellis03

Ellis03

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
well..its already ok ..and guess what..i scan my computer again w/ the MBAM and its already clean..especially the infected C:\Windows\System32\drivers\ztbcaud.sys..

heres the log:
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4033

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

4/26/2010 9:04:45 AM
mbam-log-2010-04-26 (09-04-45).txt

Scan type: Quick scan
Objects scanned: 106875
Time elapsed: 5 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

but after a while i eat my breakfast..and shut down my PC..but as i boot it again..and scan it again with MBAM..the C:\Windows\System32\drivers\ztbcaud.sys..its infected again w/ the ROOTKIT.AGENT

Heres the log:
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4033

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

4/26/2010 9:41:37 AM
mbam-log-2010-04-26 (09-41-37).txt

Scan type: Quick scan
Objects scanned: 106429
Time elapsed: 5 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\windows\system32\Drivers\ztbcaud.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

i dont know what to do..why is it always coming back..??:)
i restart my PC as the MBAM requested but its just keep on coming back...about the computer behavior..well its ok..my computer is running normal..but how can i completely get rid of this annoying Rootkit.Agent and what things could this Rootkit.Agent do to my PC in near future..plss help :)

thanx in advance and more powers to you geeks to go team :)

Edited by Ellis03, 25 April 2010 - 11:42 PM.

  • 0

#7
ldtate

ldtate

    Malware Expert

  • Expert
  • 1,874 posts
  • MVP
Copy/paste the text in the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

http://www.geekstogo.com/forum/index.php?act=post&do=edit_post&f=37&t=275160&p=1816205&st=0

Collect::
C:\windows\system32\Drivers\ztbcaud.sys

Driver::
ztbcaud

Registry::
[-HKEY_LOCAL_MACHINE\system\ControlSet001\services\ztbcaud]

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:
1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...


Posted Image

Drag CFScript.txt into ComboFix.exe


Then post the results log using Copy / Paste


Also please describe how your computer behaves at the moment.

Edited by ldtate, 26 April 2010 - 05:45 AM.

  • 0

#8
Ellis03

Ellis03

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
well here it is the CF log report...but during the process when i ran the Combofix,,w/ the procedures as u have mentioned..my computer bleeps..and something about 'Disclaimer of the Warranty' on the top thingy window pop-ups..something about an agreement..and i click 'YES' on this one..is it right that that i click yes on this one???..:)
Well here is the log report..
Happy to inform u that when i scanned my computer w/ MBAM..the infected C:\Windows\System32\drivers\ztbcaud.sys is no longer there\..but do u think that infected file will go back when i boot my computer again..well i just hope that infected file will no longer come back..:)

Thank u so much 4 the help that u provided Mr.Idtate ur such a very kind person.. :)
and more powers to Geeks To Go team :)

Attached Files


  • 0

#9
Ellis03

Ellis03

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Guess whaat..i reboot my system and the C:\windows\system32\drivers\ztbcaud.sys is no more..:)

Thaaaaaaank uuuuuuuuuuuuu so much...the infected file is completely remove..especially to u Mr.Idtate,who guided me what to do..i thank u from the bottom of my heart :) and more powers to GeeksToGo Team..hope that this Team will last and help more people out there w/ serious PC problems..:)
continue to rockon geeks..:) :)

Thank u very very much..:)

ComboFix 10-04-21.01 - TOSHIBA 04/26/2010 20:43:09.8.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1913.1167 [GMT 8:00]
Running from: C:\Users\TOSHIBA\Desktop\ComboFix.exe
Command switches used :: C:\Users\TOSHIBA\Desktop\CFScript.txt
SP: AVG Anti-Spyware *disabled* (Outdated) {48F2E28D-ED66-4646-9C11-B3055B0AF604}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ZTBCAUD
-------\Service_ztbcaud


((((((((((((((((((((((((( Files Created from 2010-03-26 to 2010-04-26 )))))))))))))))))))))))))))))))
.

2010-04-26 11:19:49 . 2010-04-26 11:19:49 -------- d-----w- C:\Users\TOSHIBA\AppData\Local\Apple Computer
2010-04-26 02:14:50 . 2010-04-26 02:14:50 -------- d-----w- C:\windows\launcher
2010-04-25 22:49:10 . 2010-04-25 22:49:10 -------- dc----w- C:\Device
2010-04-25 11:18:50 . 2010-04-25 11:26:44 117760 ----a-w- C:\Users\TOSHIBA\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-25 11:18:50 . 2010-04-25 11:18:50 52224 ----a-w- C:\Users\TOSHIBA\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-25 11:18:26 . 2010-04-25 11:18:28 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2010-04-25 03:07:29 . 2010-04-25 13:01:08 -------- d-----w- C:\Program Files\SpywareBlaster
2010-04-24 23:59:50 . 2010-04-24 23:59:50 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2010-04-24 23:59:36 . 2010-04-24 23:59:36 -------- d-----w- C:\Users\TOSHIBA\AppData\Roaming\SUPERAntiSpyware.com
2010-04-24 23:58:50 . 2010-04-24 23:58:50 -------- d-----w- C:\Program Files\Common Files\Wise Installation Wizard
2010-04-24 21:53:13 . 2010-04-24 21:53:13 5918776 ----a-w- C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-24 21:50:12 . 2010-03-29 16:46:30 38224 ----a-w- C:\windows\system32\drivers\mbamswissarmy.sys
2010-04-24 21:50:10 . 2010-04-24 21:53:25 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2010-04-24 21:50:10 . 2010-03-29 16:45:52 20824 ----a-w- C:\windows\system32\drivers\mbam.sys
2010-04-24 21:46:42 . 2010-04-24 21:46:42 -------- d-----w- C:\Program Files\ERUNT
2010-04-24 14:32:51 . 2010-04-24 14:32:51 -------- d-----w- C:\windows\element
2010-04-23 02:51:33 . 2010-04-23 02:51:46 -------- d-----w- C:\Program Files\Common Files\Adobe
2010-04-23 01:38:35 . 2010-04-23 01:42:36 -------- d-----w- C:\Program Files\Windows Live Safety Center
2010-04-23 01:20:15 . 2010-04-11 13:53:44 79872 ----a-w- C:\Users\TOSHIBA\AppData\Roaming\Mozilla\Firefox\Profiles\v5f5tlai.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
2010-04-23 01:20:15 . 2010-04-11 13:53:44 33280 ----a-w- C:\Users\TOSHIBA\AppData\Roaming\Mozilla\Firefox\Profiles\v5f5tlai.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINCE\components\WeaveCrypto.dll
2010-04-23 01:05:08 . 2010-04-23 01:05:25 -------- d-----w- C:\ProgramData\COMODO
2010-04-23 00:59:18 . 2010-04-23 01:02:22 -------- d-----w- C:\Program Files\Comodo
2010-04-23 00:59:18 . 2009-10-14 11:08:32 32000 ----a-w- C:\windows\system32\drivers\tap0901.sys
2010-04-23 00:59:13 . 2010-04-23 00:59:13 5542592 ----a-w- C:\ProgramData\Comodo Downloader\hopsurf.exe
2010-04-23 00:59:13 . 2010-04-23 00:59:13 1510584 ----a-w- C:\ProgramData\Comodo Downloader\trustconnectclient.exe
2010-04-23 00:58:09 . 2010-04-23 00:59:15 -------- d-----w- C:\ProgramData\Comodo Downloader
2010-04-22 11:40:45 . 2010-04-22 11:40:45 -------- d-----w- C:\Program Files\Common Files\Skype
2010-04-22 09:29:16 . 2010-04-22 09:29:16 -------- d-----w- C:\Program Files\FileHippo.com
2010-04-21 23:48:29 . 2010-04-21 23:48:29 -------- d-----w- C:\windows\BDOSCAN8
2010-04-17 04:09:45 . 2010-02-27 12:07:48 3954568 ----a-w- C:\windows\system32\ntkrnlpa.exe
2010-04-17 04:09:45 . 2010-02-27 12:07:48 3899280 ----a-w- C:\windows\system32\ntoskrnl.exe
2010-04-16 21:00:05 . 2010-04-17 14:35:21 -------- d-----w- C:\windows\system32\MpEngineStore
2010-04-15 17:39:40 . 2010-03-08 21:33:56 427520 ----a-w- C:\windows\system32\vbscript.dll
2010-04-15 17:39:39 . 2010-02-27 07:32:26 221696 ----a-w- C:\windows\system32\drivers\mrxsmb10.sys
2010-04-15 17:39:39 . 2010-02-27 07:32:12 95744 ----a-w- C:\windows\system32\drivers\mrxsmb20.sys
2010-04-15 17:39:39 . 2010-02-27 07:32:05 123392 ----a-w- C:\windows\system32\drivers\mrxsmb.sys
2010-04-15 00:03:25 . 2010-04-15 00:03:25 -------- d-----w- C:\Users\TOSHIBA\AppData\Local\Yahoo!
2010-04-13 21:52:46 . 2009-12-29 06:55:34 172032 ----a-w- C:\windows\system32\wintrust.dll
2010-04-13 21:52:43 . 2010-01-09 06:52:59 132608 ----a-w- C:\windows\system32\cabview.dll
2010-04-12 21:39:02 . 2010-02-23 06:04:10 1664256 ----a-w- C:\ProgramData\AVG Security Toolbar\IEToolbar.dll
2010-04-09 10:53:06 . 2005-01-04 18:43:08 4682 ----a-w- C:\windows\system32\npptNT2.sys
2010-04-09 10:51:34 . 2010-04-09 10:51:34 -------- d-----w- C:\Program Files\Common Files\INCA Shared
2010-04-08 17:26:12 . 2010-04-08 17:26:12 277240 ----a-w- C:\windows\system32\guard32.dll
2010-04-08 17:25:40 . 2010-04-08 17:25:40 74408 ----a-w- C:\windows\system32\drivers\inspect.sys
2010-04-08 17:25:38 . 2010-04-08 17:25:38 30112 ----a-w- C:\windows\system32\drivers\cmdhlp.sys
2010-04-08 17:25:38 . 2010-04-08 17:25:38 218560 ----a-w- C:\windows\system32\drivers\cmdGuard.sys
2010-04-08 17:25:36 . 2010-04-08 17:25:36 16744 ----a-w- C:\windows\system32\drivers\cmderd.sys
2010-04-08 09:36:50 . 2010-04-08 09:36:51 -------- d-----w- C:\windows\system32\Wat
2010-04-06 08:56:44 . 2010-04-06 08:56:44 -------- dc----w- C:\$AVG
2010-04-03 02:31:57 . 2009-05-18 05:17:00 26600 ----a-w- C:\windows\system32\drivers\GEARAspiWDM.sys
2010-04-03 02:31:57 . 2008-04-17 04:12:54 107368 ----a-w- C:\windows\system32\GEARAspi.dll
2010-04-03 02:31:22 . 2010-04-03 02:31:54 -------- d-----w- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-03 02:29:52 . 2010-04-03 02:29:52 -------- d-----w- C:\Program Files\Apple Software Update
2010-04-01 08:12:02 . 2010-04-01 08:12:02 -------- d-----w- C:\Users\TOSHIBA\AppData\Local\OLYMPUS
2010-04-01 08:11:12 . 2010-04-01 08:11:12 -------- d-----w- C:\Program Files\OLYMPUS
2010-03-31 03:29:33 . 2010-04-05 21:02:52 -------- d-----w- C:\ProgramData\Apple Computer
2010-03-31 03:29:33 . 2010-03-31 03:29:36 -------- d-----w- C:\Program Files\Safari
2010-03-31 03:29:07 . 2010-04-05 21:02:52 -------- d-----w- C:\Program Files\Common Files\Apple
2010-03-31 03:28:57 . 2010-03-31 03:28:57 -------- d-----w- C:\ProgramData\Apple
2010-03-31 02:25:54 . 2010-04-03 03:29:45 -------- d-----w- C:\Users\TOSHIBA\AppData\Roaming\Apple Computer
2010-03-31 00:15:08 . 2010-04-03 02:30:14 -------- d-----w- C:\Program Files\QuickTime
2010-03-30 21:37:18 . 2010-02-23 07:56:00 977920 ----a-w- C:\windows\system32\wininet.dll
2010-03-30 13:17:25 . 2010-03-30 13:17:26 -------- d-----w- C:\Program Files\Bonjour
2010-03-30 02:28:11 . 2010-03-30 02:28:11 1232496 ----a-w- C:\ProgramData\Google\Google Toolbar\Component\GoogleCld_D9AEC8D4D1915047.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-26 11:57:48 . 2010-01-07 08:29:17 -------- d-----w- C:\ProgramData\Yahoo! Companion
2010-04-26 11:13:30 . 2010-02-05 13:10:47 -------- d-----w- C:\Users\TOSHIBA\AppData\Roaming\uTorrent
2010-04-25 16:46:16 . 2010-01-24 17:53:19 -------- d-----w- C:\Users\TOSHIBA\AppData\Roaming\TeraCopy
2010-04-23 03:53:16 . 2009-09-17 00:08:46 -------- d-----w- C:\Program Files\Google
2010-04-23 01:00:18 . 2010-03-03 02:30:55 -------- d-----w- C:\Users\TOSHIBA\AppData\Roaming\Comodo
2010-04-22 22:31:44 . 2009-09-17 00:13:07 -------- d-----w- C:\Program Files\Microsoft Silverlight
2010-04-22 11:42:50 . 2010-02-15 18:21:33 -------- d-----w- C:\Users\TOSHIBA\AppData\Roaming\Skype
2010-04-22 11:41:25 . 2010-02-15 18:23:57 56 ---ha-w- C:\ProgramData\ezsidmv.dat
2010-04-22 11:41:25 . 2010-02-15 18:23:57 -------- d-----w- C:\Users\TOSHIBA\AppData\Roaming\skypePM
2010-04-22 11:40:44 . 2010-02-15 18:21:15 -------- d-----r- C:\Program Files\Skype
2010-04-21 23:22:26 . 2010-03-04 11:10:29 242896 ----a-w- C:\windows\system32\drivers\avgtdix.sys
2010-04-17 14:37:29 . 2009-09-17 00:20:35 -------- d-----w- C:\ProgramData\Microsoft Help
2010-04-12 21:39:02 . 2010-03-04 11:10:20 -------- d-----w- C:\ProgramData\AVG Security Toolbar
2010-04-09 14:33:02 . 2010-01-02 04:41:46 109208 ----a-w- C:\Users\TOSHIBA\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-09 01:53:34 . 2010-03-04 05:12:05 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2010-04-09 01:52:58 . 2010-03-04 05:11:41 3605256 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2010-04-08 05:10:47 . 2010-03-15 05:38:14 -------- d-----w- C:\Program Files\SMART BRO
2010-04-01 22:39:00 . 2010-03-17 06:03:20 588096 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-03-29 04:24:00 . 2009-09-17 00:06:11 -------- d--h--w- C:\Program Files\InstallShield Installation Information
2010-03-28 00:33:04 . 2010-03-17 06:04:07 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2010-03-28 00:32:21 . 2010-03-17 06:03:52 3605256 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2010-03-28 00:29:45 . 2010-03-04 05:11:09 546624 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-03-27 13:20:19 . 2009-09-17 00:08:57 -------- d-----w- C:\ProgramData\Partner
2010-03-27 07:16:57 . 2010-03-20 16:00:43 -------- d-----w- C:\ProgramData\Steam
2010-03-27 07:16:54 . 2010-03-14 06:41:45 -------- d-----w- C:\ProgramData\PopCap Games
2010-03-25 07:22:22 . 2010-03-25 07:22:22 -------- d-----w- C:\Users\TOSHIBA\AppData\Roaming\Autodesk
2010-03-25 06:05:45 . 2009-09-17 00:07:44 -------- d-----w- C:\ProgramData\Norton
2010-03-20 00:49:52 . 2010-03-20 00:49:47 -------- d-----w- C:\Users\TOSHIBA\AppData\Roaming\Zen of Sudoku
2010-03-18 10:59:59 . 2010-03-18 10:59:59 -------- d-----w- C:\ProgramData\McAfee
2010-03-15 21:07:23 . 2010-03-15 21:07:23 -------- d-----w- C:\ProgramData\Ulead Systems
2010-03-15 20:58:20 . 2010-03-15 20:58:20 -------- d-----w- C:\Program Files\Common Files\Ulead Systems
2010-03-15 20:58:16 . 2010-03-15 20:58:16 -------- d-----w- C:\Program Files\Corel
2010-03-15 12:05:57 . 2010-03-15 12:05:57 12464 ----a-w- C:\windows\system32\avgrsstx.dll
2010-03-15 12:05:57 . 2010-03-04 11:10:22 29512 ----a-w- C:\windows\system32\drivers\avgmfx86.sys
2010-03-15 12:05:53 . 2010-03-04 11:10:24 216200 ----a-w- C:\windows\system32\drivers\avgldx86.sys
2010-03-13 03:44:19 . 2009-09-17 00:07:05 -------- d-----w- C:\ProgramData\Toshiba
2010-03-13 03:44:19 . 2009-09-17 00:06:10 -------- d-----w- C:\Program Files\TOSHIBA
2010-03-04 18:04:44 . 2009-09-17 00:27:39 -------- d-----w- C:\Program Files\Microsoft SQL Server
2010-03-04 11:10:08 . 2010-03-04 11:10:08 -------- d-----w- C:\Program Files\AVG
2010-03-04 11:10:08 . 2010-03-04 11:10:07 -------- d-----w- C:\ProgramData\avg9
2010-03-04 10:32:21 . 2009-09-17 00:11:44 -------- d-----w- C:\Program Files\Microsoft
2010-03-04 10:32:15 . 2010-03-04 10:32:15 -------- d-----w- C:\Program Files\Microsoft Office Outlook Connector
2010-03-04 10:31:58 . 2009-09-17 00:11:12 -------- d-----w- C:\Program Files\Windows Live
2010-03-04 10:31:34 . 2010-03-04 10:31:34 -------- d-----w- C:\Program Files\Microsoft Sync Framework
2010-03-04 10:31:10 . 2010-03-04 10:31:10 -------- d-----w- C:\Program Files\Windows Live SkyDrive
2010-03-04 10:24:27 . 2010-03-04 10:24:27 -------- d-----w- C:\Program Files\ltmoh
2010-03-04 10:02:29 . 2010-01-02 04:12:24 -------- d-----w- C:\Program Files\Realtek WLAN Driver
2010-03-04 09:59:54 . 2010-01-02 04:11:18 -------- d-----w- C:\Program Files\Realtek
2010-03-04 09:45:58 . 2010-01-02 04:11:17 -------- d--h--w- C:\Program Files\Temp
2010-03-04 09:38:42 . 2010-03-04 09:38:42 -------- d-----w- C:\Users\TOSHIBA\AppData\Roaming\InstallShield
2010-03-04 05:58:53 . 2010-03-04 05:58:31 2771728 ----a-w- C:\ProgramData\Toshiba\TSS\Plugins\SwUpdates\Packages\9b62b774-1719-469f-b061-f0ae76b502c4\135431_16.37.40.os2009430a_130.exe
2010-03-03 20:00:34 . 2010-03-03 20:00:34 79144 ----a-w- C:\ProgramData\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe
2010-03-03 18:57:21 . 2010-03-03 02:32:10 1474832 ----a-w- C:\windows\system32\drivers\sfi.dat
2010-02-27 19:30:43 . 2010-02-27 19:30:43 -------- d-----w- C:\Users\TOSHIBA\AppData\Roaming\Malwarebytes
2010-02-27 19:30:35 . 2010-02-27 19:30:35 -------- d-----w- C:\ProgramData\Malwarebytes
2010-02-26 06:59:24 . 2010-02-26 06:59:24 -------- d-----w- C:\ProgramData\Grisoft
2010-02-26 05:43:03 . 2010-02-26 05:43:03 0 ----a-w- C:\windows\nsreg.dat
2010-02-24 02:16:06 . 2010-01-03 04:57:16 181632 ------w- C:\windows\system32\MpSigStub.exe
2010-02-12 03:46:14 . 2010-02-12 03:46:14 91424 ----a-w- C:\windows\system32\dnssd.dll
2010-02-12 03:46:14 . 2010-02-12 03:46:14 107808 ----a-w- C:\windows\system32\dns-sd.exe
2010-02-08 18:06:03 . 2010-02-08 18:06:03 0 ----a-w- C:\windows\PowerReg.dat
2010-02-02 07:45:54 . 2010-02-24 13:54:38 2048 ----a-w- C:\windows\system32\tzres.dll
2010-01-29 05:00:22 . 2010-01-29 05:00:22 509552 ----a-w- C:\ProgramData\Google\Google Toolbar\Update\gtb132D.tmp.exe
2009-06-10 21:26:35 . 2009-07-14 02:04:20 9633792 --sha-r- C:\windows\Fonts\StaticCache.dat
2010-01-02 04:39:14 . 2010-01-02 04:39:14 14 --sh--r- C:\windows\System32\drivers\fbd.sys
2009-07-14 01:14:45 . 2009-07-13 23:42:17 396800 --sha-w- C:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 06:04:10 1664256]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-02-23 06:04:10 1664256 ----a-w- C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 06:04:10 1664256]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 06:04:10 1664256]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2009-07-14 01:14:38 1173504]
"OM2_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-11-25 12:42:26 95632]
"NortonOnlineBackupReminder"="C:\Program Files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-07-16 19:04:28 529256]
"FileHippo.com"="C:\Program Files\FileHippo.com\UpdateChecker.exe" [2010-03-03 13:31:10 155648]
"Messenger (Yahoo!)"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2010-03-19 09:27:46 5248312]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-04-01 04:28:36 2010864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" [2010-04-08 17:26:02 2029456]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 05:42:51 36272]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 18:17:47 952768]
"Malwarebytes Anti-Malware (reboot)"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2010-03-29 16:46:02 1086856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 02:13:36 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 07:21:42 548352 ----a-w- C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\Windows\System32\avgrsstx.dll C:\Windows\System32\guard32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"

[HKLM\~\startupfolder\C:^Users^TOSHIBA^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Users\TOSHIBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
2009-08-05 22:04:54 738616 ----a-w- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 08:44:34 31072 ----a-w- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-09-02 22:41:30 174104 ----a-w- C:\Windows\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-09-02 22:41:42 141848 ----a-w- C:\Windows\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-03-29 16:46:02 1086856 ----a-w- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyTOSHIBA]
2009-08-06 16:13:24 259952 ----a-w- C:\Program Files\TOSHIBA\My Toshiba\MyToshiba.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonOnlineBackupReminder]
2009-07-16 19:04:28 529256 ----a-w- C:\Program Files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-09-02 22:41:38 151064 ----a-w- C:\Windows\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2009-07-29 05:12:56 7625248 ------w- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-04-05 18:27:46 26102056 ----a-r- C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2009-07-28 22:00:10 460088 ----a-w- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-03-30 02:27:29 39408 ----a-w- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2009-07-21 01:46:40 1545512 ----a-w- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToshibaServiceStation]
2009-08-17 18:48:46 1294136 ----a-w- C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TosSENotify]
2009-08-03 15:17:06 611672 ----a-w- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain]
2009-08-05 22:18:08 476512 ----a-w- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TWebCamera]
2009-08-11 19:37:50 2446648 ----a-w- C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
2009-02-23 13:05:34 111856 ----a-w- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

R2 Autorun CDROM Monitor;Autorun CDROM Monitor;C:\windows\system32\SupportAppXL\cdrom_mon.exe [2009-10-10 17:16:06 81920]
R2 gupdate;Google Update Service (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-30 02:27:33 135664]
R3 GarenaPEngine;GarenaPEngine;C:\Users\TOSHIBA\AppData\Local\Temp\HCE69D1.tmp [x]
R3 KXUNHVMSNPC;KXUNHVMSNPC;C:\Users\TOSHIBA\AppData\Local\Temp\KXUNHVMSNPC.exe [x]
R3 npggsvc;nProtect GameGuard Service;C:\windows\system32\GameMon.des [2010-03-18 21:28:00 3753224]
R3 PIBIKNMHVGZLU;PIBIKNMHVGZLU;C:\Users\TOSHIBA\AppData\Local\Temp\PIBIKNMHVGZLU.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;C:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SASENUM;SASENUM;C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2010-02-17 03:15:58 12872]
R3 TCOB;TCOB;C:\Users\TOSHIBA\AppData\Local\Temp\TCOB.exe [x]
R3 TMachInfo;TMachInfo;C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 18:48:42 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-03 15:16:32 111960]
R3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe [2010-04-08 09:36:49 1343400]
R3 XDva300;XDva300;C:\windows\system32\XDva300.sys [x]
R3 XDva309;XDva309;C:\windows\system32\XDva309.sys [x]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\windows\System32\Drivers\avgldx86.sys [2010-03-15 12:05:53 216200]
S1 AvgTdiX;AVG Free Network Redirector;C:\windows\System32\Drivers\avgtdix.sys [2010-04-21 23:22:26 242896]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\windows\system32\DRIVERS\cmdguard.sys [2010-04-08 17:25:38 218560]
S1 cmdHlp;COMODO Internet Security Helper Driver;C:\windows\system32\DRIVERS\cmdhlp.sys [2010-04-08 17:25:38 30112]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 03:25:50 12872]
S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [2010-02-17 03:15:58 66632]
S1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 23:52:04 48128]
S2 avg9wd;AVG Free WatchDog;C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-03-15 12:05:55 308064]
S2 CLPSLS;COMODO livePCsupport Service;C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe [2010-02-19 09:00:24 148744]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 14:44:52 122880]
S3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 01:04:58 24064]
S3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-23 06:52:04 167936]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\windows\system32\DRIVERS\rtl8192se.sys [2009-08-28 06:19:22 859136]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 23:52:10 14336]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F793D123-07BD-4B44-9B97-3D6338B9DB37}]
2009-08-06 16:13:24 259952 ----a-w- C:\Program Files\TOSHIBA\My Toshiba\MyToshiba.exe
.
Contents of the 'Scheduled Tasks' folder

2010-04-26 C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-30 02:27:37 . 2010-03-30 02:27:33]

2010-04-26 C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-30 02:27:37 . 2010-03-30 02:27:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSZZ&bmod=TSZZ
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.co.uk/scan_uk/scan8/oscan8.cab
FF - ProfilePath - C:\Users\TOSHIBA\AppData\Roaming\Mozilla\Firefox\Profiles\v5f5tlai.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/bin/set
FF - component: C:\Users\TOSHIBA\AppData\Roaming\Mozilla\Firefox\Profiles\v5f5tlai.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
FF - plugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: C:\Program Files\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\TOSHIBA\AppData\Local\Yahoo!\BrowserPlus\2.7.0\Plugins\npybrowserplus_2.7.0.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - trueC:\Program Files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

Edited by ldtate, 26 April 2010 - 08:44 AM.

  • 0

#10
ldtate

ldtate

    Malware Expert

  • Expert
  • 1,874 posts
  • MVP
Good job :)

  • Click START Search
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

    If you used DeFogger
    You must remember to re-enable your Emulation drivers once we are finished, double click DeFogger to run the tool.

    • The application window will appear
    • Click the Re-enable button to re-enable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger will now ask to reboot the machine - click OK
    IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

    Your Emulation drivers are now re-enabled.


    Here's my usual all clean post

    Log looks good



    • Make your Internet Explorer more secure - This can be done by following these simple instructions:
      • From within Internet Explorer click on the Tools menu and then click on Options.
      • Click once on the Security tab
      • Click once on the Internet icon so it becomes highlighted.
      • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week
    (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.
    Without a firewall your computer is succeptible to being hacked and taken over.
    I am very serious about this and see it happen almost every day with my clients.
    Simply using a Firewall in its default configuration can lower your risk greatly.

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.
    This will ensure your computer has always the latest security updates available installed on your computer.
    If there are new updates to install, install them immediately, reboot your computer, and revisit the site
    until there are no more critical updates.

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly.
    Without regular updates you WILL NOT be protected when new malicious programs are released.

Only run one Anti-Virus and Firewall program.

I would suggest you read How to Prevent Malware:
  • 0

#11
Ellis03

Ellis03

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
dont worry about the firewall and other stuff..i have Comodo firewall..Spyware Blaster..AVG Anti-virus installed on my PC ..and my Windows are also updated :)...
but the part on where u mention about uninstalling the Combofix.well i cant find the part that u said "Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there"..and i dont have a runbox either..my OS is Windows 7 where can i find the runbox??..:)

Is it ok that i will just delete the Combofix and all its components so that it will be uninstalled??..and also about the Defogger thing where can i install it..and features does that Defogger have..what does that do on my computer??..im very sorry that i have so may questions..:)

Thank u in advance and
More powers to GeeksToGo..Team :)
  • 0

#12
ldtate

ldtate

    Malware Expert

  • Expert
  • 1,874 posts
  • MVP
You don't need to install Defogger.
We didn't need it in our fix.

You can remove these leftover files and folders if listed:
C:\ComboFix
C:\QooBox
C:\combofix.txt
C:\combofix-quarantine-files.txt
  • 0

#13
Ellis03

Ellis03

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Thank u very much 4 the help u provided Mr.Idtate..and Go Go Go!! GeeksToGo Team :)

:)
  • 0

#14
ldtate

ldtate

    Malware Expert

  • Expert
  • 1,874 posts
  • MVP
You're more than welcome.
Glad we were able to help

Peace be with you :)
  • 0

#15
ldtate

ldtate

    Malware Expert

  • Expert
  • 1,874 posts
  • MVP
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP