Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Recurring malware won't stay removed


  • Please log in to reply

#1
ewo

ewo

    New Member

  • Member
  • Pip
  • 6 posts
I've identitfied what the malware is and attempted to remove it with malwarbytes but after every reboot it comes back. I've tried adware, superantispyware, cclearner, spybot but it just keeps coming back. Here's the Hijackthis logfile:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:08:54 PM, on 09/06/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18470)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files (x86)\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Java\jre6\bin\jucheck.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Sky-Banners Browser Enhancer - {4627B3AF-C343-4674-A75A-C56086C64E6D} - C:\Windows\SysWow64\.dll
O2 - BHO: Street-Ads Browser Enhancer svdid - {5B1C0DB8-F2BF-4D42-A7C2-B0D497186931} - C:\Windows\SysWow64\svdid.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files (x86)\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files (x86)\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [MChk] C:\Windows\system32\nvdid.exe
O4 - HKLM\..\Run: [skb] rundll32 ".dll",,Run
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zon...wn.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - c:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SAS Core Service (SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)

--
End of file - 12133 bytes

any help would be greatly appreciated
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
O4 - HKLM\..\Run: [MChk] C:\Windows\system32\nvdid.exe
O4 - HKLM\..\Run: [skb] rundll32 ".dll",,Run

Are both dirty. Check them and Fix Checked and reboot. Then run MBAM and OTL from http://www.geekstogo...uide-t2852.html.

Ron
  • 0

#3
ewo

ewo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
OTL.txt:

OTL logfile created on: 09/06/2010 5:11:29 PM - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\Eden\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 217.84 Gb Total Space | 121.90 Gb Free Space | 55.96% Space Free | Partition Type: NTFS
Drive D: | 6.28 Gb Total Space | 6.22 Gb Free Space | 99.04% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: EDEN-LAPTOP
Current User Name: Eden
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/09 16:59:15 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Eden\Downloads\OTL.exe
PRC - [2010/04/29 15:39:32 | 001,090,952 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2010/04/02 23:21:46 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/02/05 02:53:29 | 000,788,880 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/02/05 02:53:28 | 001,181,328 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/11/19 22:29:16 | 000,623,960 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2009/07/26 17:44:34 | 003,883,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
PRC - [2009/03/08 23:21:02 | 000,386,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jucheck.exe
PRC - [2008/10/24 09:14:36 | 000,206,112 | ---- | M] (Macrovision Corporation) -- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2008/08/08 05:11:12 | 000,490,952 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe
PRC - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2008/01/25 10:24:08 | 002,938,184 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2008/01/22 20:13:08 | 000,288,072 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2008/01/22 11:00:30 | 004,624,384 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
PRC - [2008/01/21 16:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2008/01/09 15:02:08 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2007/12/25 14:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2007/12/25 14:06:52 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2007/10/29 14:30:14 | 000,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2007/10/25 17:41:18 | 000,413,696 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
PRC - [2007/10/04 18:39:42 | 000,077,824 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2007/09/28 16:03:46 | 000,075,136 | ---- | M] ( TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
PRC - [2007/02/12 01:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- c:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe
PRC - [2006/08/23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (SafeList) ==========

MOD - [2010/06/09 16:59:15 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Eden\Downloads\OTL.exe
MOD - [2008/01/20 19:50:03 | 000,450,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2008/01/20 19:50:01 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2008/01/20 19:48:06 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/04/28 08:23:07 | 000,120,832 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (SASCORE)
SRV:64bit: - [2009/12/09 20:30:34 | 000,017,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2008/01/20 19:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2008/01/17 16:29:48 | 000,434,016 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2007/12/03 17:04:48 | 000,175,104 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV:64bit: - [2007/11/21 17:53:16 | 000,135,168 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2007/10/17 23:37:22 | 000,412,672 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
SRV:64bit: - [2006/11/02 04:16:35 | 000,051,200 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\bthserv.dll -- (BthServ)
SRV - [2010/02/26 00:47:00 | 003,489,788 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2010/02/05 02:53:28 | 001,181,328 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/03/23 22:26:07 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2008/10/25 12:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/07/27 11:01:49 | 000,093,184 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2008/01/21 16:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/12/25 14:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2007/09/28 16:06:42 | 000,168,296 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007/09/12 18:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/02/12 01:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- c:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe -- (o2flash)
SRV - [2006/11/02 06:34:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006/11/01 23:35:15 | 000,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/01 23:35:15 | 000,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)
SRV - [2006/08/23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/02/17 11:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 11:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2010/02/05 02:53:38 | 000,069,152 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\Lbd.sys -- (Lbd)
DRV:64bit: - [2009/08/28 20:42:52 | 000,049,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/09/11 20:45:27 | 000,868,848 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2008/05/20 19:33:36 | 000,028,416 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2008/01/31 20:46:54 | 000,222,720 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDART64.sys -- (CnxtHdAudAddService)
DRV:64bit: - [2008/01/21 15:42:26 | 000,531,968 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2008/01/20 19:49:47 | 000,011,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RootMdm.sys -- (ROOTMODEM)
DRV:64bit: - [2008/01/20 19:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 19:47:27 | 000,168,704 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\usbvideo.sys -- (usbvideo)
DRV:64bit: - [2008/01/20 19:47:03 | 000,276,480 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BTHport.sys -- (BTHPORT)
DRV:64bit: - [2008/01/20 19:47:03 | 000,034,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BTHUSB.sys -- (BTHUSB)
DRV:64bit: - [2008/01/20 19:47:03 | 000,023,040 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\BthEnum.sys -- (BthEnum)
DRV:64bit: - [2008/01/20 19:47:02 | 000,115,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\bthpan.sys -- (BthPan) Bluetooth Device (Personal Area Network)
DRV:64bit: - [2008/01/20 19:46:55 | 000,111,104 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2008/01/20 19:46:52 | 000,062,976 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\rfcomm.sys -- (RFCOMM) Bluetooth Device (RFCOMM Protocol TDI)
DRV:64bit: - [2008/01/20 19:46:51 | 000,017,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2008/01/14 19:35:34 | 000,058,328 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\o2mdx64.sys -- (O2MDRDR)
DRV:64bit: - [2008/01/08 02:40:52 | 000,051,544 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\o2sdx64.sys -- (O2SDRDR)
DRV:64bit: - [2007/12/27 19:51:00 | 000,391,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2007/12/26 14:13:06 | 000,164,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\tosrfbd.sys -- (tosrfbd)
DRV:64bit: - [2007/12/20 16:10:50 | 000,028,200 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV:64bit: - [2007/11/29 16:47:54 | 000,088,320 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Tosrfhid.sys -- (Tosrfhid)
DRV:64bit: - [2007/11/29 09:45:58 | 000,044,800 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tosrfbnp.sys -- (tosrfbnp)
DRV:64bit: - [2007/11/29 02:58:58 | 000,320,048 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2007/11/09 14:00:30 | 000,026,968 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2007/11/01 02:22:50 | 001,481,216 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2007/11/01 02:19:46 | 000,293,376 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2007/11/01 02:18:32 | 000,740,864 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2007/10/18 14:25:00 | 000,051,328 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\tosrfusb.sys -- (Tosrfusb)
DRV:64bit: - [2007/10/17 23:37:10 | 000,010,240 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio)
DRV:64bit: - [2007/10/02 11:43:08 | 000,076,160 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\tosrfcom.sys -- (Tosrfcom)
DRV:64bit: - [2007/09/29 08:03:32 | 000,384,024 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2007/09/25 15:19:08 | 003,196,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw4v64.sys -- (NETw4v64) Intel®
DRV:64bit: - [2007/09/12 23:27:10 | 007,041,312 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2007/06/06 00:23:24 | 000,125,440 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2007/05/01 03:00:00 | 000,052,856 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007/04/09 01:15:44 | 000,009,728 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\QIOMem.sys -- (QIOMem)
DRV:64bit: - [2006/11/01 22:28:10 | 000,273,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2006/10/23 16:33:08 | 000,018,944 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tosrfec.sys -- (tosrfec)
DRV:64bit: - [2006/10/19 13:10:40 | 000,027,456 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2006/10/11 16:31:00 | 000,050,688 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tosporte.sys -- (tosporte)
DRV:64bit: - [2006/06/18 22:27:24 | 000,017,024 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
DRV:64bit: - [2005/07/13 06:43:00 | 000,028,160 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\tosrfnds.sys -- (tosrfnds)
DRV - [2006/09/18 14:36:40 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2006/09/18 14:35:23 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
DRV - [2006/06/18 22:26:50 | 000,094,208 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\mdmxsdk.dll -- (mdmxsdk)
DRV - [2005/01/01 02:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.shoptoshiba.ca/welcome
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.shoptoshiba.ca/welcome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {4776510a-a1f4-41f3-a3c8-35b474ecef23}:1.0.8

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/04/14 07:04:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/04/02 23:21:46 | 000,000,000 | ---D | M]

[2008/07/16 12:56:36 | 000,000,000 | ---D | M] -- C:\Users\Eden\AppData\Roaming\Mozilla\Extensions
[2010/06/09 00:06:58 | 000,000,000 | ---D | M] -- C:\Users\Eden\AppData\Roaming\Mozilla\Firefox\Profiles\l6d1t15a.default\extensions
[2010/04/27 10:42:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Eden\AppData\Roaming\Mozilla\Firefox\Profiles\l6d1t15a.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/25 16:14:51 | 000,000,000 | ---D | M] (Stealther) -- C:\Users\Eden\AppData\Roaming\Mozilla\Firefox\Profiles\l6d1t15a.default\extensions\{4776510a-a1f4-41f3-a3c8-35b474ecef23}
[2008/09/11 20:51:50 | 000,000,523 | ---- | M] () -- C:\Users\Eden\AppData\Roaming\Mozilla\Firefox\Profiles\l6d1t15a.default\searchplugins\daemon-search.xml
[2010/06/09 00:06:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/03/17 00:59:16 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/03/17 00:59:16 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/03/17 00:59:16 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/03/17 00:59:17 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2006/09/18 14:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (moigh Object) - {5B1C0DB8-F2BF-4D42-A7C2-B0D497186931} - C:\Windows\SysWOW64\svdid.dll ()
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HDMICtrlMan] C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe ()
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe ()
O4:64bit: - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe ()
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files (x86)\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [MsnMsgr] C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysNative\wshbth.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zon...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.144.90 64.59.144.91
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll ()
O24 - Desktop WallPaper: C:\TOSHIBA\Wallpapers\wallpaper1.jpg
O24 - Desktop BackupWallPaper: C:\TOSHIBA\Wallpapers\wallpaper1.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{6b371379-f30b-11dd-9e9e-001e6871351a}\Shell - "" = AutoRun
O33 - MountPoints2\{6b371379-f30b-11dd-9e9e-001e6871351a}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2008/01/20 20:06:38 | 000,000,000 | ---D | M]
NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll ()
NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll ()
NetSvcs: Ias - C:\Windows\SysWOW64\ias [2008/01/20 20:08:35 | 000,000,000 | ---D | M]
NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)

Drivers32:64bit: aux - C:\Windows\SysNative\wdmaud.drv ()
Drivers32:64bit: aux1 - C:\Windows\SysNative\wdmaud.drv ()
Drivers32:64bit: midi - C:\Windows\SysNative\wdmaud.drv ()
Drivers32:64bit: midi1 - C:\Windows\SysNative\wdmaud.drv ()
Drivers32:64bit: midimapper - C:\Windows\SysNative\midimap.dll ()
Drivers32:64bit: mixer - C:\Windows\SysNative\wdmaud.drv ()
Drivers32:64bit: mixer1 - C:\Windows\SysNative\wdmaud.drv ()
Drivers32:64bit: msacm.imaadpcm - C:\Windows\SysNative\imaadp32.acm ()
Drivers32:64bit: msacm.l3acm - C:\Windows\SysNative\l3codeca.acm ()
Drivers32:64bit: msacm.msadpcm - C:\Windows\SysNative\msadp32.acm ()
Drivers32:64bit: msacm.msg711 - C:\Windows\SysNative\msg711.acm ()
Drivers32:64bit: msacm.msgsm610 - C:\Windows\SysNative\msgsm32.acm ()
Drivers32:64bit: MSVideo8 - C:\Windows\SysNative\vfwwdm32.dll ()
Drivers32:64bit: vidc.i420 - C:\Windows\SysNative\iyuv_32.dll ()
Drivers32:64bit: VIDC.IYUV - C:\Windows\SysNative\iyuv_32.dll ()
Drivers32:64bit: vidc.mrle - C:\Windows\SysNative\msrle32.dll ()
Drivers32:64bit: vidc.msvc - C:\Windows\SysNative\msvidc32.dll ()
Drivers32:64bit: VIDC.UYVY - C:\Windows\SysNative\msyuv.dll ()
Drivers32:64bit: VIDC.YUY2 - C:\Windows\SysNative\msyuv.dll ()
Drivers32:64bit: VIDC.YVU9 - C:\Windows\SysNative\tsbyuv.dll ()
Drivers32:64bit: VIDC.YVYU - C:\Windows\SysNative\msyuv.dll ()
Drivers32:64bit: wave - C:\Windows\SysNative\wdmaud.drv ()
Drivers32:64bit: wave1 - C:\Windows\SysNative\wdmaud.drv ()
Drivers32:64bit: wavemapper - C:\Windows\SysNative\msacm32.drv ()
Drivers32: msacm.dvacm - C:\Program Files (x86)\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\Windows\SysWow64\sirenacm.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.ffds - C:\Program Files (x86)\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/06/09 14:40:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Antimalware
[2010/06/09 14:39:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/06/09 14:31:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/06/09 02:31:37 | 000,000,000 | ---D | C] -- C:\Users\Eden\Desktop\New Folder
[2010/06/09 02:06:09 | 000,000,000 | ---D | C] -- C:\MGtools
[2010/06/09 01:17:00 | 000,000,000 | ---D | C] -- C:\Users\Eden\Desktop\[S-Cute] 06.07up! 7th No.45 Remon Mizutama
[2010/06/08 21:54:04 | 000,000,000 | ---D | C] -- C:\Users\Eden\AppData\Roaming\SUPERAntiSpyware.com
[2010/06/08 21:54:04 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/06/08 21:53:58 | 000,000,000 | ---D | C] -- C:\ProgramData\SASCORE
[2010/06/08 21:53:56 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/05/30 02:57:05 | 000,000,000 | ---D | C] -- C:\Users\Eden\DoctorWeb
[2010/05/29 19:24:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\$NtUninstallWTF1012$
[2010/05/29 19:23:55 | 000,000,000 | ---D | C] -- C:\Users\Eden\AppData\Local\Windows Server
[2010/05/29 19:23:43 | 000,000,000 | ---D | C] -- C:\Users\Eden\AppData\Roaming\D2C574D6F0342D0A556E35704A359590
[2010/05/24 12:09:11 | 000,000,000 | ---D | C] -- C:\Users\Eden\Desktop\The.Wolfman.UNRATED.DVDRip.XviD-DiAMOND
[2010/05/24 12:05:33 | 000,000,000 | ---D | C] -- C:\Users\Eden\Desktop\Fire of Conscience 2010 BRRip XviD-sailo1
[2010/05/24 12:05:08 | 000,000,000 | ---D | C] -- C:\Users\Eden\Desktop\Worst.Case.Scenario.S01E06.HDTV.XviD-aAF [NO-RAR] - [ www.torrentday.com ]
[2010/05/24 12:04:37 | 000,000,000 | ---D | C] -- C:\Users\Eden\Desktop\Worst.Case.Scenario.S01E05.HDTV.XviD-aAF [NO-RAR] - [ www.torrentday.com ]
[2010/05/17 16:02:37 | 000,000,000 | ---D | C] -- C:\Users\Eden\Desktop\FlashPoint
[2010/04/07 16:40:43 | 003,489,788 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\GameMon.des
[2010/04/07 16:40:39 | 000,004,682 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\npptNT2.sys
[2010/04/07 16:40:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\INCA Shared
[2010/04/07 16:39:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\softnyx
[2010/03/17 23:27:01 | 000,000,000 | ---D | C] -- C:\Users\Eden\AppData\Roaming\Research In Motion
[2010/03/17 23:22:03 | 000,000,000 | ---D | C] -- C:\Program Files\Roxio
[2010/03/17 23:21:57 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield
[2010/03/17 23:21:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Sonic
[2010/03/17 23:19:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2010/03/17 23:18:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sonic Shared
[2010/03/17 23:18:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Roxio
[2010/03/17 23:18:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Roxio
[2010/03/17 23:11:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Research In Motion
[2010/03/17 23:11:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Roxio Shared
[2010/03/17 23:11:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Research In Motion
[2010/03/17 23:11:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Research In Motion
[2010/03/13 16:28:05 | 000,000,000 | ---D | C] -- C:\Users\Eden\AppData\Roaming\Malwarebytes
[2010/03/13 16:28:01 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/03/13 16:27:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/03/13 16:27:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

========== Files - Modified Within 90 Days ==========

[2010/06/09 17:08:30 | 002,621,440 | -HS- | M] () -- C:\Users\Eden\NTUSER.DAT
[2010/06/09 17:02:52 | 000,757,068 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/06/09 17:02:52 | 000,647,686 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/06/09 17:02:52 | 000,123,974 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/06/09 16:56:40 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/09 16:56:40 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/09 16:56:37 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/09 16:56:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/06/09 16:56:21 | 3211,190,272 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/09 16:55:22 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/06/09 16:55:14 | 000,524,288 | -HS- | M] () -- C:\Users\Eden\NTUSER.DAT{b5da9ed6-8842-11de-85b4-001e6871351a}.TMContainer00000000000000000001.regtrans-ms
[2010/06/09 16:55:14 | 000,065,536 | -HS- | M] () -- C:\Users\Eden\NTUSER.DAT{b5da9ed6-8842-11de-85b4-001e6871351a}.TM.blf
[2010/06/09 16:54:55 | 001,884,209 | -H-- | M] () -- C:\Users\Eden\AppData\Local\IconCache.db
[2010/06/09 16:54:07 | 000,002,557 | ---- | M] () -- C:\Users\Eden\Desktop\HiJackThis.lnk
[2010/06/09 14:39:51 | 000,000,953 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/06/09 11:19:00 | 000,427,000 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/06/09 02:30:57 | 000,198,455 | ---- | M] () -- C:\MGlogs.zip
[2010/06/09 02:03:29 | 000,000,036 | ---- | M] () -- C:\Users\Eden\AppData\Local\housecall.guid.cache
[2010/06/09 02:03:13 | 002,392,974 | ---- | M] () -- C:\Users\Eden\Desktop\MGtools.exe
[2010/06/09 00:07:26 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{18D868AC-870C-4EC8-AEB1-862E41CA5336}.job
[2010/06/08 14:07:06 | 000,310,784 | ---- | M] () -- C:\Windows\SysWow64\svdid.dll
[2010/06/08 07:51:54 | 000,040,629 | ---- | M] () -- C:\Windows\SysWow64\nvdid.exe
[2010/06/07 14:57:56 | 000,159,744 | ---- | M] () -- C:\Users\Eden\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/05 19:38:16 | 000,000,496 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Eden.job
[2010/05/29 19:24:18 | 000,050,981 | ---- | M] () -- C:\Windows\SysWow64\fkzldnwpcn.exe
[2010/05/26 09:53:52 | 000,048,128 | ---- | M] () -- C:\Windows\SysNative\atmlib.dll
[2010/05/26 07:56:53 | 000,366,080 | ---- | M] () -- C:\Windows\SysNative\atmfd.dll
[2010/05/24 23:13:59 | 000,020,040 | ---- | M] () -- C:\Users\Eden\Desktop\Eden Wong Resume.docx
[2010/05/24 09:31:20 | 000,040,633 | ---- | M] () -- C:\Windows\SysWow64\mkislnck.exe
[2010/05/16 22:49:16 | 000,194,713 | ---- | M] () -- C:\Users\Eden\Desktop\VCAABusCard.5.pdf
[2010/05/04 12:18:31 | 001,032,704 | ---- | M] () -- C:\Windows\SysNative\wininet.dll
[2010/05/04 12:16:22 | 000,208,896 | ---- | M] () -- C:\Windows\SysNative\occache.dll
[2010/05/04 12:15:02 | 001,129,984 | ---- | M] () -- C:\Windows\SysNative\mstime.dll
[2010/05/04 12:14:31 | 000,758,784 | ---- | M] () -- C:\Windows\SysNative\mshtmled.dll
[2010/05/04 12:14:22 | 000,580,608 | ---- | M] () -- C:\Windows\SysNative\msfeeds.dll
[2010/05/04 12:12:55 | 000,032,256 | ---- | M] () -- C:\Windows\SysNative\jsproxy.dll
[2010/05/04 12:12:27 | 000,375,296 | ---- | M] () -- C:\Windows\SysNative\iertutil.dll
[2010/05/04 12:12:27 | 000,249,856 | ---- | M] () -- C:\Windows\SysNative\iepeers.dll
[2010/05/04 12:12:17 | 000,480,256 | ---- | M] () -- C:\Windows\SysNative\iedkcs32.dll
[2010/05/04 12:12:17 | 000,086,528 | ---- | M] () -- C:\Windows\SysNative\ieencode.dll
[2010/05/04 12:12:16 | 000,422,400 | ---- | M] () -- C:\Windows\SysNative\ieapfltr.dll
[2010/05/04 12:12:16 | 000,267,776 | ---- | M] () -- C:\Windows\SysNative\ieaksie.dll
[2010/05/04 10:53:47 | 000,485,376 | ---- | M] () -- C:\Windows\SysNative\html.iec
[2010/05/04 10:27:37 | 000,032,768 | ---- | M] () -- C:\Windows\SysNative\ieUnatt.exe
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/04/29 15:39:28 | 000,024,664 | ---- | M] () -- C:\Windows\SysNative\drivers\mbam.sys
[2010/04/29 14:22:03 | 004,514,113 | ---- | M] () -- C:\Users\Eden\Desktop\Epik High - Wordkill (Studio Demo).mp3
[2010/04/25 22:04:47 | 009,978,856 | ---- | M] () -- C:\Users\Eden\Desktop\Billy Talent - Saint Veronika.mp3
[2010/04/16 09:40:20 | 001,570,816 | ---- | M] () -- C:\Windows\SysNative\quartz.dll
[2010/04/08 03:10:31 | 000,000,920 | ---- | M] () -- C:\Users\Eden\Desktop\GunboundWC.lnk
[2010/04/05 09:51:12 | 000,084,480 | ---- | M] () -- C:\Windows\SysNative\asycfilt.dll
[2010/04/02 17:17:34 | 000,179,091 | ---- | M] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/03/22 10:21:40 | 000,013,182 | -HS- | M] () -- C:\Users\Eden\AppData\Local\OIXQ
[2010/03/22 10:21:40 | 000,013,182 | -HS- | M] () -- C:\ProgramData\OIXQ
[2010/03/17 23:49:20 | 000,000,256 | ---- | M] () -- C:\Windows\SysWow64\pool.bin
[2010/03/17 23:25:36 | 000,125,696 | ---- | M] () -- C:\Users\Eden\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/03/12 16:26:03 | 000,012,094 | -HS- | M] () -- C:\Users\Eden\AppData\Local\c58EA

========== Files Created - No Company Name ==========

[2010/06/09 16:08:03 | 000,002,557 | ---- | C] () -- C:\Users\Eden\Desktop\HiJackThis.lnk
[2010/06/09 14:39:51 | 000,000,953 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/06/09 14:28:52 | 3211,190,272 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/09 02:06:10 | 000,198,455 | ---- | C] () -- C:\MGlogs.zip
[2010/06/09 02:03:29 | 000,000,036 | ---- | C] () -- C:\Users\Eden\AppData\Local\housecall.guid.cache
[2010/06/09 02:03:09 | 002,392,974 | ---- | C] () -- C:\Users\Eden\Desktop\MGtools.exe
[2010/06/08 14:07:06 | 000,310,784 | ---- | C] () -- C:\Windows\SysWow64\svdid.dll
[2010/06/08 11:05:44 | 000,366,080 | ---- | C] () -- C:\Windows\SysNative\atmfd.dll
[2010/06/08 11:05:42 | 000,048,128 | ---- | C] () -- C:\Windows\SysNative\atmlib.dll
[2010/06/08 11:05:39 | 000,084,480 | ---- | C] () -- C:\Windows\SysNative\asycfilt.dll
[2010/06/08 11:05:25 | 002,749,952 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2010/06/08 11:05:16 | 005,690,368 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2010/06/08 11:05:14 | 007,006,208 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2010/06/08 11:05:12 | 001,426,944 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2010/06/08 11:05:11 | 001,032,704 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2010/06/08 11:05:11 | 000,208,896 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2010/06/08 11:05:09 | 000,758,784 | ---- | C] () -- C:\Windows\SysNative\mshtmled.dll
[2010/06/08 11:05:09 | 000,422,400 | ---- | C] () -- C:\Windows\SysNative\ieapfltr.dll
[2010/06/08 11:05:08 | 000,580,608 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2010/06/08 11:05:07 | 000,480,256 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2010/06/08 11:05:07 | 000,375,296 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2010/06/08 11:05:07 | 000,249,856 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2010/06/08 11:05:05 | 000,485,376 | ---- | C] () -- C:\Windows\SysNative\html.iec
[2010/06/08 11:05:05 | 000,267,776 | ---- | C] () -- C:\Windows\SysNative\ieaksie.dll
[2010/06/08 11:05:05 | 000,032,768 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
[2010/06/08 11:05:04 | 000,086,528 | ---- | C] () -- C:\Windows\SysNative\ieencode.dll
[2010/06/08 11:05:03 | 001,129,984 | ---- | C] () -- C:\Windows\SysNative\mstime.dll
[2010/06/08 11:05:03 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2010/06/08 11:05:02 | 001,383,424 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2010/06/08 11:04:51 | 001,570,816 | ---- | C] () -- C:\Windows\SysNative\quartz.dll
[2010/06/08 07:51:54 | 000,040,629 | ---- | C] () -- C:\Windows\SysWow64\nvdid.exe
[2010/05/29 19:24:18 | 000,050,981 | ---- | C] () -- C:\Windows\SysWow64\fkzldnwpcn.exe
[2010/05/26 12:07:06 | 000,002,048 | ---- | C] () -- C:\Windows\SysNative\tzres.dll
[2010/05/24 09:31:20 | 000,040,633 | ---- | C] () -- C:\Windows\SysWow64\mkislnck.exe
[2010/05/16 22:49:13 | 000,194,713 | ---- | C] () -- C:\Users\Eden\Desktop\VCAABusCard.5.pdf
[2010/05/16 22:38:29 | 000,020,040 | ---- | C] () -- C:\Users\Eden\Desktop\Eden Wong Resume.docx
[2010/05/11 12:37:39 | 000,974,848 | ---- | C] () -- C:\Windows\SysNative\inetcomm.dll
[2010/04/29 14:20:41 | 004,514,113 | ---- | C] () -- C:\Users\Eden\Desktop\Epik High - Wordkill (Studio Demo).mp3
[2010/04/25 15:51:53 | 009,978,856 | ---- | C] () -- C:\Users\Eden\Desktop\Billy Talent - Saint Veronika.mp3
[2010/04/13 13:55:05 | 001,420,688 | ---- | C] () -- C:\Windows\SysNative\drivers\tcpip.sys
[2010/04/13 13:55:05 | 000,224,256 | ---- | C] () -- C:\Windows\SysNative\iphlpsvc.dll
[2010/04/13 13:55:05 | 000,029,696 | ---- | C] () -- C:\Windows\SysNative\drivers\tunnel.sys
[2010/04/13 13:54:56 | 000,273,920 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb10.sys
[2010/04/13 13:54:56 | 000,135,168 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb.sys
[2010/04/13 13:54:56 | 000,105,472 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb20.sys
[2010/04/13 13:54:53 | 004,690,832 | ---- | C] () -- C:\Windows\SysNative\ntoskrnl.exe
[2010/04/13 13:54:43 | 000,603,648 | ---- | C] () -- C:\Windows\SysNative\vbscript.dll
[2010/04/13 13:54:38 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\l3codeca.acm
[2010/04/13 10:42:26 | 000,104,960 | ---- | C] () -- C:\Windows\SysNative\cabview.dll
[2010/04/13 10:42:24 | 000,218,112 | ---- | C] () -- C:\Windows\SysNative\wintrust.dll
[2010/04/07 16:40:39 | 000,005,174 | ---- | C] () -- C:\Windows\SysWow64\nppt9x.vxd
[2010/04/07 16:40:12 | 000,000,920 | ---- | C] () -- C:\Users\Eden\Desktop\GunboundWC.lnk
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/03/22 10:18:29 | 000,013,182 | -HS- | C] () -- C:\Users\Eden\AppData\Local\OIXQ
[2010/03/22 10:18:29 | 000,013,182 | -HS- | C] () -- C:\ProgramData\OIXQ
[2010/03/17 23:27:02 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\pool.bin
[2010/03/17 23:21:51 | 000,010,488 | ---- | C] () -- C:\Windows\SysNative\drivers\cdr4_xp.sys
[2010/03/17 23:21:50 | 000,052,856 | ---- | C] () -- C:\Windows\SysNative\drivers\PxHlpa64.sys
[2010/03/17 23:21:50 | 000,010,488 | ---- | C] () -- C:\Windows\SysNative\drivers\cdralw2k.sys
[2010/03/17 23:12:56 | 000,031,744 | ---- | C] () -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys
[2010/03/14 02:31:07 | 000,270,208 | ---- | C] () -- C:\Windows\SysNative\MpSigStub.exe
[2010/03/13 16:27:59 | 000,024,664 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2010/03/12 16:24:22 | 000,012,094 | -HS- | C] () -- C:\Users\Eden\AppData\Local\c58EA
[2009/05/24 18:07:04 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI
[2009/04/04 12:25:24 | 000,000,000 | ---- | C] () -- C:\Windows\ToDisc.INI
[2009/02/25 16:11:30 | 000,000,122 | ---- | C] () -- C:\Windows\WA.INI
[2008/12/11 04:21:19 | 000,017,408 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll
[2008/09/18 19:26:10 | 000,000,260 | ---- | C] () -- C:\Windows\RomeTW.ini
[2008/07/16 12:19:03 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll
[2008/07/16 12:19:03 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll
[2008/07/16 12:19:03 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll
[2008/07/16 12:19:03 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll
[2008/07/16 12:19:03 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll
[2008/07/16 12:19:03 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll
[2008/07/16 12:15:41 | 000,128,113 | ---- | C] () -- C:\Windows\SysWow64\csellang.ini
[2008/07/16 12:15:41 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\csellang.dll
[2008/07/16 12:15:41 | 000,007,671 | ---- | C] () -- C:\Windows\SysWow64\cseltbl.ini
[2008/05/22 08:16:58 | 000,003,584 | ---- | C] () -- C:\Windows\SysWow64\wceprv.dll
[2008/03/04 19:52:34 | 000,286,720 | ---- | C] () -- C:\Windows\SysWow64\libcurl.dll
[2008/02/19 20:09:55 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/02/19 19:28:04 | 000,700,730 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2008/02/19 12:30:20 | 001,238,832 | ---- | C] () -- C:\Windows\SysWow64\igmedkrn.dll
[2008/02/19 12:30:20 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igmedcompkrn.dll
[2008/01/20 19:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 19:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2007/12/21 16:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\TosBtAcc.dll
[2007/10/31 10:39:54 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll
[2007/05/17 14:58:10 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\libexpatw.dll
[2005/07/22 21:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\TosCommAPI.dll

========== LOP Check ==========

[2010/05/29 21:01:02 | 000,000,000 | ---D | M] -- C:\Users\Eden\AppData\Roaming\D2C574D6F0342D0A556E35704A359590
[2008/09/11 20:44:14 | 000,000,000 | ---D | M] -- C:\Users\Eden\AppData\Roaming\DAEMON Tools
[2008/12/29 19:21:42 | 000,000,000 | ---D | M] -- C:\Users\Eden\AppData\Roaming\NCH Swift Sound
[2010/03/17 23:27:01 | 000,000,000 | ---D | M] -- C:\Users\Eden\AppData\Roaming\Research In Motion
[2010/01/15 19:34:57 | 000,000,000 | ---D | M] -- C:\Users\Eden\AppData\Roaming\Stardock
[2008/11/02 14:34:00 | 000,000,000 | ---D | M] -- C:\Users\Eden\AppData\Roaming\TOSHIBA
[2010/06/09 16:55:24 | 000,032,556 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/06/09 00:07:26 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{18D868AC-870C-4EC8-AEB1-862E41CA5336}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/06/09 16:56:19 | 000,047,119 | ---- | M] () -- C:\aaw7boot.log
[2008/01/20 19:50:15 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2008/02/19 18:47:05 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2010/06/09 16:56:21 | 3211,190,272 | -HS- | M] () -- C:\hiberfil.sys
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2010/05/29 19:37:38 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2010/06/09 02:30:57 | 000,198,455 | ---- | M] () -- C:\MGlogs.zip
[2010/06/09 16:56:19 | 3524,902,912 | -HS- | M] () -- C:\pagefile.sys
[2010/05/29 21:35:48 | 000,000,352 | ---- | M] () -- C:\rkill.log
[2009/05/26 13:03:36 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/07/27 18:12:49 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/05/26 13:03:36 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/07/27 18:12:49 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\user32.dll /md5 >
[2008/01/20 19:49:14 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\SysWOW64\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/01/20 19:50:35 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\SysWOW64\ws2_32.dll

========== Files - Unicode (All) ==========
[2010/03/04 00:45:07 | 004,801,063 | ---- | M] ()(C:\Users\Eden\Desktop\?????? - ??? ?? ??? ? ? ???.MP3) -- C:\Users\Eden\Desktop\드렁큰타이거 - 소외된 모두 왼발을 한 보 앞으로.MP3
[2010/03/04 00:44:53 | 004,801,063 | ---- | C] ()(C:\Users\Eden\Desktop\?????? - ??? ?? ??? ? ? ???.MP3) -- C:\Users\Eden\Desktop\드렁큰타이거 - 소외된 모두 왼발을 한 보 앞으로.MP3
< End of report >
  • 0

#4
ewo

ewo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Extra.txt:

OTL Extras logfile created on: 09/06/2010 5:11:29 PM - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\Eden\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 217.84 Gb Total Space | 121.90 Gb Free Space | 55.96% Space Free | Partition Type: NTFS
Drive D: | 6.28 Gb Total Space | 6.22 Gb Free Space | 99.04% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: EDEN-LAPTOP
Current User Name: Eden
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l ()
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{18067574-DB9A-4D56-B21E-B231C38E62F3}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{1CBADB53-D1AF-41A2-BCF1-806901A4CBE6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{231E0186-0E2D-40DD-8C26-242A40803CDF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2C966CFF-CE51-4DBB-BE17-8D344F6041CC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{39A31EB2-A7D9-42C4-A861-5B01582540C9}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7D7DF23C-34E4-4432-82CF-7A747EAC247A}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{96661D22-4DF1-4915-B355-F5728C7797EA}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{9A53F486-FBCA-43B7-AC1F-1830ADBC23EC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B97ED532-AF40-4646-ADD8-5C19EA2548FA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CF3F5E40-BA11-41F4-9DF2-35EAA5C3EC12}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{D8E4CB7F-9B1C-48C7-B434-F93DFD810544}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05C5CC31-AE7B-4CF6-AFBE-674517C997A3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{10A54E43-20C9-457B-BF0C-59A868345187}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{208B6E3F-769C-4FE0-B147-152F65B137A2}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{23C3518E-6B13-40C9-A236-FA1D56BFE5AC}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{46FE1D4F-0D80-4532-A047-1A3EACE2E8EC}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{62FBA283-70DA-4CBB-81AE-42420193300B}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{74BEC92C-E05C-4BCA-B0BE-04E5158EA92B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{7D724824-6480-475E-8421-13401E5BE442}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{C2D59985-78A5-48DC-8915-32A465A10B7D}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{D2F49369-3A3B-4A49-A403-EA39E9232974}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{DCFFBD17-54F1-49FA-B308-7C0E3586D4D4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"TCP Query User{1F456786-FA41-4F1A-86C8-ABD900907B05}C:\users\eden\desktop\wicked-dow2\dow2.exe" = protocol=6 | dir=in | app=c:\users\eden\desktop\wicked-dow2\dow2.exe |
"TCP Query User{447F9730-D392-40CD-A83A-C4A9A32E04E6}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{8923A1F2-53A8-4C40-B494-CEC3CC18F5BB}C:\program files (x86)\softnyx\gunboundwc\gunbound.gme" = protocol=6 | dir=in | app=c:\program files (x86)\softnyx\gunboundwc\gunbound.gme |
"TCP Query User{A7ECDA7D-C4B0-4BFD-BCDE-C38F2C03254F}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{1C84D6DB-1235-41C5-AA1A-0EEFA6609B7A}C:\users\eden\desktop\wicked-dow2\dow2.exe" = protocol=17 | dir=in | app=c:\users\eden\desktop\wicked-dow2\dow2.exe |
"UDP Query User{3450076F-3BD5-4DD3-A5B7-4B85DAF1FDA2}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{40C7F588-C56D-49B5-B631-47DA59B89ABE}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{7B57F264-AB4B-4664-9FC8-67F263CE7F3E}C:\program files (x86)\softnyx\gunboundwc\gunbound.gme" = protocol=17 | dir=in | app=c:\program files (x86)\softnyx\gunboundwc\gunbound.gme |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{22ABA92B-6C1B-46D8-AC2B-C48EEAE172A9}" = VD64Inst
"{39107B20-EA1C-4974-881C-607300BB3C99}" = MobileMe Control Panel
"{3F2B4DAD-88CB-4F5B-86B2-DF3384063EFA}" = O2Micro Flash Memory Card Reader Driver (x64)
"{5254156F-AA77-499A-B7C1-D5581D44E788}" = Marvell Miniport Driver
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{63DA1F6A-2E65-4367-99B9-9E39FADEC446}" = HDMI Control Manager
"{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}" = Microsoft SQL Server Native Client
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{84BC87D4-0480-4E10-B15D-1E7886D55180}" = iTunes
"{86177DAE-38B1-49DD-912E-35CB703AB779}" = Microsoft SQL Server VSS Writer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95C9C76F-ECF3-40FA-94F8-5DDFB6BAF40D}" = Microsoft Security Essentials
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{DF0853CA-A1D0-4169-8472-F2822C8FA1EB}" = TOSHIBA Supervisor Password
"{E590FD1C-E8C6-4D2E-8CA9-77B403F7EE01}" = Microsoft Antimalware
"{E8B39B08-7FAB-48CC-89E9-37C5589E130C}" = TOSHIBA Hardware Setup
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5051&SUBSYS_1179" = HDAUDIO Soft Data Fax Modem with SmartCP
"HDMI" = Intel® Graphics Media Accelerator Driver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"$NtUninstallMTF1011$" = Street-Ads Browser Enhancer
"$NtUninstallWTF1012$" = Sky-Banners browser enhancer
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = Toshiba Assist
"{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 12
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4C3F3228-13BE-41D0-A782-3DDE7CB2479A}" = CD/DVD Drive Acoustic Silencer
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
"{63DA1F6A-2E65-4367-99B9-9E39FADEC446}" = HDMI Control Manager
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}" = BlackBerry® Media Sync
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75AD7D33-EF26-4609-9D8D-CBF7F9AC5E08}" = Freedom Force
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5D65411-8E73-4C85-AD80-9FE8B7391CF9}" = Rome Total War - patch 1.3
"{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War™
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}" = Roxio Media Manager
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"BlackBerry_{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CCleaner" = CCleaner (remove only)
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ExpressBurn" = Express Burn
"fkzldnwpcn" = Performance Platform Voguecash
"Galactic Civilizations II - Dread Lords" = Galactic Civilizations II - Dread Lords
"GunboundWC_is1" = GunboundWC
"HijackThis" = HijackThis 2.0.2
"Impulse" = Impulse
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{63DA1F6A-2E65-4367-99B9-9E39FADEC446}" = HDMI Control Manager
"InstallShield_{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War™
"InstallShield_{DF0853CA-A1D0-4169-8472-F2822C8FA1EB}" = TOSHIBA Supervisor Password
"InstallShield_{E8B39B08-7FAB-48CC-89E9-37C5589E130C}" = TOSHIBA Hardware Setup
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"IsoBuster_is1" = IsoBuster 2.5
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"NSS" = Norton Security Scan
"OnlinePlay" = OnlinePlay 1.0
"SecureW2 EAP Suite" = SecureW2 EAP Suite 1.1.1 for Windows
"Switch" = Switch Sound File Converter
"VLC media player" = VideoLAN VLC media player 0.8.6i
"WavePad" = WavePad Sound Editor
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Color Vision" = Color Vision

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 04/06/2010 3:07:11 AM | Computer Name = Eden-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 05/06/2010 1:45:26 AM | Computer Name = Eden-Laptop | Source = WinMgmt | ID = 10
Description =

Error - 05/06/2010 10:52:32 AM | Computer Name = Eden-Laptop | Source = WinMgmt | ID = 10
Description =

Error - 05/06/2010 10:58:04 AM | Computer Name = Eden-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 07/06/2010 1:19:57 AM | Computer Name = Eden-Laptop | Source = WinMgmt | ID = 10
Description =

Error - 07/06/2010 5:57:38 PM | Computer Name = Eden-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 08/06/2010 9:33:32 PM | Computer Name = Eden-Laptop | Source = WinMgmt | ID = 10
Description =

Error - 08/06/2010 9:51:18 PM | Computer Name = Eden-Laptop | Source = WinMgmt | ID = 10
Description =

Error - 08/06/2010 9:51:42 PM | Computer Name = Eden-Laptop | Source = EventSystem | ID = 4609
Description =

Error - 08/06/2010 10:35:51 PM | Computer Name = Eden-Laptop | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 09/06/2010 5:30:36 PM | Computer Name = Eden-Laptop | Source = Service Control Manager | ID = 7009
Description =

Error - 09/06/2010 6:43:14 PM | Computer Name = Eden-Laptop | Source = Service Control Manager | ID = 7031
Description =

Error - 09/06/2010 6:43:14 PM | Computer Name = Eden-Laptop | Source = Service Control Manager | ID = 7034
Description =

Error - 09/06/2010 6:44:18 PM | Computer Name = Eden-Laptop | Source = DCOM | ID = 10010
Description =

Error - 09/06/2010 6:45:41 PM | Computer Name = Eden-Laptop | Source = HTTP | ID = 15016
Description =

Error - 09/06/2010 6:47:07 PM | Computer Name = Eden-Laptop | Source = Service Control Manager | ID = 7009
Description =

Error - 09/06/2010 6:58:51 PM | Computer Name = Eden-Laptop | Source = HTTP | ID = 15016
Description =

Error - 09/06/2010 7:00:19 PM | Computer Name = Eden-Laptop | Source = Service Control Manager | ID = 7009
Description =

Error - 09/06/2010 7:56:37 PM | Computer Name = Eden-Laptop | Source = HTTP | ID = 15016
Description =

Error - 09/06/2010 7:58:05 PM | Computer Name = Eden-Laptop | Source = Service Control Manager | ID = 7009
Description =


< End of report >
  • 0

#5
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c

:OTL
O2 - BHO: (moigh Object) - {5B1C0DB8-F2BF-4D42-A7C2-B0D497186931} - C:\Windows\SysWOW64\svdid.dll ()
[2010/06/08 14:07:06 | 000,310,784 | ---- | M] () -- C:\Windows\SysWow64\svdid.dll
[2010/06/08 07:51:54 | 000,040,629 | ---- | M] () -- C:\Windows\SysWow64\nvdid.exe
[2010/05/29 19:24:18 | 000,050,981 | ---- | M] () -- C:\Windows\SysWow64\fkzldnwpcn.exe
[2010/06/09 00:07:26 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{18D868AC-870C-4EC8-AEB1-862E41CA5336}.job
[2010/06/05 19:38:16 | 000,000,496 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Eden.job
[2010/05/24 09:31:20 | 000,040,633 | ---- | M] () -- C:\Windows\SysWow64\mkislnck.exe
[2010/03/12 16:26:03 | 000,012,094 | -HS- | M] () -- C:\Users\Eden\AppData\Local\c58EA
[2010/03/22 10:21:40 | 000,013,182 | -HS- | M] () -- C:\Users\Eden\AppData\Local\OIXQ
[2010/03/22 10:21:40 | 000,013,182 | -HS- | M] () -- C:\ProgramData\OIXQ
[2010/03/04 00:45:07 | 004,801,063 | ---- | M] ()(C:\Users\Eden\Desktop\?????? - ??? ?? ??? ? ? ???.MP3) -- C:\Users\Eden\Desktop\드렁큰타이거 - 소외된 모두 왼발을 한 보 앞으로.MP3
[2010/03/04 00:44:53 | 004,801,063 | ---- | C] ()(C:\Users\Eden\Desktop\?????? - ??? ?? ??? ? ? ???.MP3) -- C:\Users\Eden\Desktop\드렁큰타이거 - 소외된 모두 왼발을 한 보 앞으로.MP3

:Files
C:\Windows\SysWow64\svdid.dll
C:\Windows\SysWow64\nvdid.exe
C:\Windows\SysWow64\fkzldnwpcn.exe
C:\Windows\tasks\User_Feed_Synchronization-{18D868AC-870C-4EC8-AEB1-862E41CA5336}.job
C:\Windows\tasks\Norton Security Scan for Eden.job
C:\Windows\SysWow64\mkislnck.exe
C:\Users\Eden\AppData\Local\c58EA
C:\Users\Eden\AppData\Local\OIXQ
C:\ProgramData\OIXQ
	  
:Commands
[purity]
[emptytemp]
[Reboot]
then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done.

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


Ron

Edited by RKinner, 09 June 2010 - 06:41 PM.

  • 0

#6
ewo

ewo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
OTL logfile created on: 09/06/2010 5:46:13 PM - Run 2
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\Eden\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 53.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 217.84 Gb Total Space | 121.55 Gb Free Space | 55.80% Space Free | Partition Type: NTFS
Drive D: | 6.28 Gb Total Space | 6.22 Gb Free Space | 99.04% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: EDEN-LAPTOP
Current User Name: Eden
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/09 16:59:15 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Eden\Downloads\OTL.exe
PRC - [2010/04/02 23:21:46 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/02/05 02:53:28 | 001,181,328 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/11/19 22:29:16 | 000,623,960 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2009/07/26 17:44:34 | 003,883,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
PRC - [2009/07/08 12:31:24 | 000,236,016 | ---- | M] (Sonic Solutions) -- C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
PRC - [2008/10/24 09:14:36 | 000,206,112 | ---- | M] (Macrovision Corporation) -- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2008/10/15 02:04:34 | 000,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe
PRC - [2008/08/08 05:11:12 | 000,490,952 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe
PRC - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2008/01/25 10:24:08 | 002,938,184 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2008/01/22 20:13:08 | 000,288,072 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2008/01/22 11:00:30 | 004,624,384 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
PRC - [2008/01/21 16:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2008/01/09 15:02:08 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2007/12/25 14:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2007/10/29 14:30:14 | 000,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2007/10/25 17:41:18 | 000,413,696 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
PRC - [2007/10/04 18:39:42 | 000,077,824 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2007/09/28 16:03:46 | 000,075,136 | ---- | M] ( TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
PRC - [2007/02/12 01:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- c:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe
PRC - [2006/08/23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (SafeList) ==========

MOD - [2010/06/09 16:59:15 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Eden\Downloads\OTL.exe
MOD - [2008/01/20 19:50:03 | 000,450,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2008/01/20 19:50:01 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2008/01/20 19:48:06 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/04/28 08:23:07 | 000,120,832 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (SASCORE)
SRV:64bit: - [2009/12/09 20:30:34 | 000,017,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2008/01/20 19:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stop_Pending] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2008/01/17 16:29:48 | 000,434,016 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2007/12/03 17:04:48 | 000,175,104 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV:64bit: - [2007/11/21 17:53:16 | 000,135,168 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2007/10/17 23:37:22 | 000,412,672 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
SRV:64bit: - [2006/11/02 04:16:35 | 000,051,200 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\bthserv.dll -- (BthServ)
SRV - [2010/02/26 00:47:00 | 003,489,788 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2010/02/05 02:53:28 | 001,181,328 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/03/23 22:26:07 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2008/10/25 12:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/07/27 11:01:49 | 000,093,184 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2008/01/21 16:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/12/25 14:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2007/09/28 16:06:42 | 000,168,296 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007/09/12 18:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/02/12 01:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- c:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe -- (o2flash)
SRV - [2006/11/02 06:34:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006/11/01 23:35:15 | 000,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/01 23:35:15 | 000,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)
SRV - [2006/08/23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/02/17 11:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 11:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2010/02/05 02:53:38 | 000,069,152 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\Lbd.sys -- (Lbd)
DRV:64bit: - [2009/08/28 20:42:52 | 000,049,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/09/11 20:45:27 | 000,868,848 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2008/05/20 19:33:36 | 000,028,416 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2008/01/31 20:46:54 | 000,222,720 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDART64.sys -- (CnxtHdAudAddService)
DRV:64bit: - [2008/01/21 15:42:26 | 000,531,968 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2008/01/20 19:49:47 | 000,011,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RootMdm.sys -- (ROOTMODEM)
DRV:64bit: - [2008/01/20 19:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 19:47:27 | 000,168,704 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\usbvideo.sys -- (usbvideo)
DRV:64bit: - [2008/01/20 19:47:03 | 000,276,480 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BTHport.sys -- (BTHPORT)
DRV:64bit: - [2008/01/20 19:47:03 | 000,034,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BTHUSB.sys -- (BTHUSB)
DRV:64bit: - [2008/01/20 19:47:03 | 000,023,040 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\BthEnum.sys -- (BthEnum)
DRV:64bit: - [2008/01/20 19:47:02 | 000,115,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\bthpan.sys -- (BthPan) Bluetooth Device (Personal Area Network)
DRV:64bit: - [2008/01/20 19:46:55 | 000,111,104 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2008/01/20 19:46:52 | 000,062,976 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\rfcomm.sys -- (RFCOMM) Bluetooth Device (RFCOMM Protocol TDI)
DRV:64bit: - [2008/01/20 19:46:51 | 000,017,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2008/01/14 19:35:34 | 000,058,328 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\o2mdx64.sys -- (O2MDRDR)
DRV:64bit: - [2008/01/08 02:40:52 | 000,051,544 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\o2sdx64.sys -- (O2SDRDR)
DRV:64bit: - [2007/12/27 19:51:00 | 000,391,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2007/12/26 14:13:06 | 000,164,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\tosrfbd.sys -- (tosrfbd)
DRV:64bit: - [2007/12/20 16:10:50 | 000,028,200 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV:64bit: - [2007/11/29 16:47:54 | 000,088,320 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Tosrfhid.sys -- (Tosrfhid)
DRV:64bit: - [2007/11/29 09:45:58 | 000,044,800 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tosrfbnp.sys -- (tosrfbnp)
DRV:64bit: - [2007/11/29 02:58:58 | 000,320,048 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2007/11/09 14:00:30 | 000,026,968 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2007/11/01 02:22:50 | 001,481,216 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2007/11/01 02:19:46 | 000,293,376 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2007/11/01 02:18:32 | 000,740,864 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2007/10/18 14:25:00 | 000,051,328 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\tosrfusb.sys -- (Tosrfusb)
DRV:64bit: - [2007/10/17 23:37:10 | 000,010,240 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio)
DRV:64bit: - [2007/10/02 11:43:08 | 000,076,160 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\tosrfcom.sys -- (Tosrfcom)
DRV:64bit: - [2007/09/29 08:03:32 | 000,384,024 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2007/09/25 15:19:08 | 003,196,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw4v64.sys -- (NETw4v64) Intel®
DRV:64bit: - [2007/09/12 23:27:10 | 007,041,312 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2007/06/06 00:23:24 | 000,125,440 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2007/05/01 03:00:00 | 000,052,856 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007/04/09 01:15:44 | 000,009,728 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\QIOMem.sys -- (QIOMem)
DRV:64bit: - [2006/11/01 22:28:10 | 000,273,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2006/10/23 16:33:08 | 000,018,944 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tosrfec.sys -- (tosrfec)
DRV:64bit: - [2006/10/19 13:10:40 | 000,027,456 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2006/10/11 16:31:00 | 000,050,688 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tosporte.sys -- (tosporte)
DRV:64bit: - [2006/06/18 22:27:24 | 000,017,024 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
DRV:64bit: - [2005/07/13 06:43:00 | 000,028,160 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\tosrfnds.sys -- (tosrfnds)
DRV - [2006/09/18 14:36:40 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2006/09/18 14:35:23 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
DRV - [2006/06/18 22:26:50 | 000,094,208 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\mdmxsdk.dll -- (mdmxsdk)
DRV - [2005/01/01 02:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.shoptoshiba.ca/welcome
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.shoptoshiba.ca/welcome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {4776510a-a1f4-41f3-a3c8-35b474ecef23}:1.0.8

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/04/14 07:04:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/04/02 23:21:46 | 000,000,000 | ---D | M]

[2008/07/16 12:56:36 | 000,000,000 | ---D | M] -- C:\Users\Eden\AppData\Roaming\Mozilla\Extensions
[2010/06/09 00:06:58 | 000,000,000 | ---D | M] -- C:\Users\Eden\AppData\Roaming\Mozilla\Firefox\Profiles\l6d1t15a.default\extensions
[2010/04/27 10:42:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Eden\AppData\Roaming\Mozilla\Firefox\Profiles\l6d1t15a.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/25 16:14:51 | 000,000,000 | ---D | M] (Stealther) -- C:\Users\Eden\AppData\Roaming\Mozilla\Firefox\Profiles\l6d1t15a.default\extensions\{4776510a-a1f4-41f3-a3c8-35b474ecef23}
[2008/09/11 20:51:50 | 000,000,523 | ---- | M] () -- C:\Users\Eden\AppData\Roaming\Mozilla\Firefox\Profiles\l6d1t15a.default\searchplugins\daemon-search.xml
[2010/06/09 00:06:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/03/17 00:59:16 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/03/17 00:59:16 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/03/17 00:59:16 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/03/17 00:59:17 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2006/09/18 14:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HDMICtrlMan] C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe ()
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe ()
O4:64bit: - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe ()
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files (x86)\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [MsnMsgr] C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysNative\wshbth.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zon...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.144.90 64.59.144.91
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll ()
O24 - Desktop WallPaper: C:\TOSHIBA\Wallpapers\wallpaper1.jpg
O24 - Desktop BackupWallPaper: C:\TOSHIBA\Wallpapers\wallpaper1.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{6b371379-f30b-11dd-9e9e-001e6871351a}\Shell - "" = AutoRun
O33 - MountPoints2\{6b371379-f30b-11dd-9e9e-001e6871351a}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/06/09 17:42:41 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/06/09 14:40:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Antimalware
[2010/06/09 14:39:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/06/09 14:31:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/06/09 02:31:37 | 000,000,000 | ---D | C] -- C:\Users\Eden\Desktop\New Folder
[2010/06/09 02:06:09 | 000,000,000 | ---D | C] -- C:\MGtools
[2010/06/09 01:17:00 | 000,000,000 | ---D | C] -- C:\Users\Eden\Desktop\[S-Cute] 06.07up! 7th No.45 Remon Mizutama
[2010/06/08 21:54:04 | 000,000,000 | ---D | C] -- C:\Users\Eden\AppData\Roaming\SUPERAntiSpyware.com
[2010/06/08 21:54:04 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/06/08 21:53:58 | 000,000,000 | ---D | C] -- C:\ProgramData\SASCORE
[2010/06/08 21:53:56 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/05/30 02:57:05 | 000,000,000 | ---D | C] -- C:\Users\Eden\DoctorWeb
[2010/05/29 19:24:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\$NtUninstallWTF1012$
[2010/05/29 19:23:55 | 000,000,000 | ---D | C] -- C:\Users\Eden\AppData\Local\Windows Server
[2010/05/29 19:23:43 | 000,000,000 | ---D | C] -- C:\Users\Eden\AppData\Roaming\D2C574D6F0342D0A556E35704A359590
[2010/05/24 12:09:11 | 000,000,000 | ---D | C] -- C:\Users\Eden\Desktop\The.Wolfman.UNRATED.DVDRip.XviD-DiAMOND
[2010/05/24 12:05:33 | 000,000,000 | ---D | C] -- C:\Users\Eden\Desktop\Fire of Conscience 2010 BRRip XviD-sailo1
[2010/05/24 12:05:08 | 000,000,000 | ---D | C] -- C:\Users\Eden\Desktop\Worst.Case.Scenario.S01E06.HDTV.XviD-aAF [NO-RAR] - [ www.torrentday.com ]
[2010/05/24 12:04:37 | 000,000,000 | ---D | C] -- C:\Users\Eden\Desktop\Worst.Case.Scenario.S01E05.HDTV.XviD-aAF [NO-RAR] - [ www.torrentday.com ]
[2010/05/17 16:02:37 | 000,000,000 | ---D | C] -- C:\Users\Eden\Desktop\FlashPoint
[2010/04/07 16:40:43 | 003,489,788 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\GameMon.des
[2010/04/07 16:40:39 | 000,004,682 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\npptNT2.sys
[2010/04/07 16:40:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\INCA Shared
[2010/04/07 16:39:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\softnyx
[2010/03/17 23:27:01 | 000,000,000 | ---D | C] -- C:\Users\Eden\AppData\Roaming\Research In Motion
[2010/03/17 23:22:03 | 000,000,000 | ---D | C] -- C:\Program Files\Roxio
[2010/03/17 23:21:57 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield
[2010/03/17 23:21:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Sonic
[2010/03/17 23:19:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2010/03/17 23:18:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sonic Shared
[2010/03/17 23:18:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Roxio
[2010/03/17 23:18:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Roxio
[2010/03/17 23:11:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Research In Motion
[2010/03/17 23:11:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Roxio Shared
[2010/03/17 23:11:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Research In Motion
[2010/03/17 23:11:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Research In Motion
[2010/03/13 16:28:05 | 000,000,000 | ---D | C] -- C:\Users\Eden\AppData\Roaming\Malwarebytes
[2010/03/13 16:28:01 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/03/13 16:27:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/03/13 16:27:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

========== Files - Modified Within 90 Days ==========

[2010/06/09 17:48:55 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/06/09 17:48:55 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 4).job
[2010/06/09 17:48:54 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 3).job
[2010/06/09 17:48:54 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 2).job
[2010/06/09 17:48:54 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 1).job
[2010/06/09 17:48:28 | 002,621,440 | -HS- | M] () -- C:\Users\Eden\NTUSER.DAT
[2010/06/09 17:45:03 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/09 17:45:03 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/09 17:44:58 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/09 17:44:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/06/09 17:44:46 | 3211,190,272 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/09 17:43:44 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/06/09 17:43:35 | 000,524,288 | -HS- | M] () -- C:\Users\Eden\NTUSER.DAT{b5da9ed6-8842-11de-85b4-001e6871351a}.TMContainer00000000000000000001.regtrans-ms
[2010/06/09 17:43:35 | 000,065,536 | -HS- | M] () -- C:\Users\Eden\NTUSER.DAT{b5da9ed6-8842-11de-85b4-001e6871351a}.TM.blf
[2010/06/09 17:29:47 | 000,757,068 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/06/09 17:29:47 | 000,647,686 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/06/09 17:29:47 | 000,123,974 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/06/09 17:20:27 | 001,884,571 | -H-- | M] () -- C:\Users\Eden\AppData\Local\IconCache.db
[2010/06/09 16:54:07 | 000,002,557 | ---- | M] () -- C:\Users\Eden\Desktop\HiJackThis.lnk
[2010/06/09 14:39:51 | 000,000,953 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/06/09 11:19:00 | 000,427,000 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/06/09 02:30:57 | 000,198,455 | ---- | M] () -- C:\MGlogs.zip
[2010/06/09 02:03:29 | 000,000,036 | ---- | M] () -- C:\Users\Eden\AppData\Local\housecall.guid.cache
[2010/06/09 02:03:13 | 002,392,974 | ---- | M] () -- C:\Users\Eden\Desktop\MGtools.exe
[2010/06/07 14:57:56 | 000,159,744 | ---- | M] () -- C:\Users\Eden\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/26 09:53:52 | 000,048,128 | ---- | M] () -- C:\Windows\SysNative\atmlib.dll
[2010/05/26 07:56:53 | 000,366,080 | ---- | M] () -- C:\Windows\SysNative\atmfd.dll
[2010/05/24 23:13:59 | 000,020,040 | ---- | M] () -- C:\Users\Eden\Desktop\Eden Wong Resume.docx
[2010/05/16 22:49:16 | 000,194,713 | ---- | M] () -- C:\Users\Eden\Desktop\VCAABusCard.5.pdf
[2010/05/04 12:18:31 | 001,032,704 | ---- | M] () -- C:\Windows\SysNative\wininet.dll
[2010/05/04 12:16:22 | 000,208,896 | ---- | M] () -- C:\Windows\SysNative\occache.dll
[2010/05/04 12:15:02 | 001,129,984 | ---- | M] () -- C:\Windows\SysNative\mstime.dll
[2010/05/04 12:14:31 | 000,758,784 | ---- | M] () -- C:\Windows\SysNative\mshtmled.dll
[2010/05/04 12:14:22 | 000,580,608 | ---- | M] () -- C:\Windows\SysNative\msfeeds.dll
[2010/05/04 12:12:55 | 000,032,256 | ---- | M] () -- C:\Windows\SysNative\jsproxy.dll
[2010/05/04 12:12:27 | 000,375,296 | ---- | M] () -- C:\Windows\SysNative\iertutil.dll
[2010/05/04 12:12:27 | 000,249,856 | ---- | M] () -- C:\Windows\SysNative\iepeers.dll
[2010/05/04 12:12:17 | 000,480,256 | ---- | M] () -- C:\Windows\SysNative\iedkcs32.dll
[2010/05/04 12:12:17 | 000,086,528 | ---- | M] () -- C:\Windows\SysNative\ieencode.dll
[2010/05/04 12:12:16 | 000,422,400 | ---- | M] () -- C:\Windows\SysNative\ieapfltr.dll
[2010/05/04 12:12:16 | 000,267,776 | ---- | M] () -- C:\Windows\SysNative\ieaksie.dll
[2010/05/04 10:53:47 | 000,485,376 | ---- | M] () -- C:\Windows\SysNative\html.iec
[2010/05/04 10:27:37 | 000,032,768 | ---- | M] () -- C:\Windows\SysNative\ieUnatt.exe
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/04/29 15:39:28 | 000,024,664 | ---- | M] () -- C:\Windows\SysNative\drivers\mbam.sys
[2010/04/29 14:22:03 | 004,514,113 | ---- | M] () -- C:\Users\Eden\Desktop\Epik High - Wordkill (Studio Demo).mp3
[2010/04/25 22:04:47 | 009,978,856 | ---- | M] () -- C:\Users\Eden\Desktop\Billy Talent - Saint Veronika.mp3
[2010/04/16 09:40:20 | 001,570,816 | ---- | M] () -- C:\Windows\SysNative\quartz.dll
[2010/04/08 03:10:31 | 000,000,920 | ---- | M] () -- C:\Users\Eden\Desktop\GunboundWC.lnk
[2010/04/05 09:51:12 | 000,084,480 | ---- | M] () -- C:\Windows\SysNative\asycfilt.dll
[2010/04/02 17:17:34 | 000,179,091 | ---- | M] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/03/17 23:49:20 | 000,000,256 | ---- | M] () -- C:\Windows\SysWow64\pool.bin
[2010/03/17 23:25:36 | 000,125,696 | ---- | M] () -- C:\Users\Eden\AppData\Local\GDIPFONTCACHEV1.DAT

========== Files Created - No Company Name ==========

[2010/06/09 17:48:55 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/06/09 17:48:54 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 4).job
[2010/06/09 17:48:54 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 3).job
[2010/06/09 17:48:54 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 2).job
[2010/06/09 17:48:53 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 1).job
[2010/06/09 16:08:03 | 000,002,557 | ---- | C] () -- C:\Users\Eden\Desktop\HiJackThis.lnk
[2010/06/09 14:39:51 | 000,000,953 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/06/09 14:28:52 | 3211,190,272 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/09 02:06:10 | 000,198,455 | ---- | C] () -- C:\MGlogs.zip
[2010/06/09 02:03:29 | 000,000,036 | ---- | C] () -- C:\Users\Eden\AppData\Local\housecall.guid.cache
[2010/06/09 02:03:09 | 002,392,974 | ---- | C] () -- C:\Users\Eden\Desktop\MGtools.exe
[2010/06/08 11:05:44 | 000,366,080 | ---- | C] () -- C:\Windows\SysNative\atmfd.dll
[2010/06/08 11:05:42 | 000,048,128 | ---- | C] () -- C:\Windows\SysNative\atmlib.dll
[2010/06/08 11:05:39 | 000,084,480 | ---- | C] () -- C:\Windows\SysNative\asycfilt.dll
[2010/06/08 11:05:25 | 002,749,952 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2010/06/08 11:05:16 | 005,690,368 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2010/06/08 11:05:14 | 007,006,208 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2010/06/08 11:05:12 | 001,426,944 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2010/06/08 11:05:11 | 001,032,704 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2010/06/08 11:05:11 | 000,208,896 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2010/06/08 11:05:09 | 000,758,784 | ---- | C] () -- C:\Windows\SysNative\mshtmled.dll
[2010/06/08 11:05:09 | 000,422,400 | ---- | C] () -- C:\Windows\SysNative\ieapfltr.dll
[2010/06/08 11:05:08 | 000,580,608 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2010/06/08 11:05:07 | 000,480,256 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2010/06/08 11:05:07 | 000,375,296 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2010/06/08 11:05:07 | 000,249,856 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2010/06/08 11:05:05 | 000,485,376 | ---- | C] () -- C:\Windows\SysNative\html.iec
[2010/06/08 11:05:05 | 000,267,776 | ---- | C] () -- C:\Windows\SysNative\ieaksie.dll
[2010/06/08 11:05:05 | 000,032,768 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
[2010/06/08 11:05:04 | 000,086,528 | ---- | C] () -- C:\Windows\SysNative\ieencode.dll
[2010/06/08 11:05:03 | 001,129,984 | ---- | C] () -- C:\Windows\SysNative\mstime.dll
[2010/06/08 11:05:03 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2010/06/08 11:05:02 | 001,383,424 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2010/06/08 11:04:51 | 001,570,816 | ---- | C] () -- C:\Windows\SysNative\quartz.dll
[2010/05/26 12:07:06 | 000,002,048 | ---- | C] () -- C:\Windows\SysNative\tzres.dll
[2010/05/16 22:49:13 | 000,194,713 | ---- | C] () -- C:\Users\Eden\Desktop\VCAABusCard.5.pdf
[2010/05/16 22:38:29 | 000,020,040 | ---- | C] () -- C:\Users\Eden\Desktop\Eden Wong Resume.docx
[2010/05/11 12:37:39 | 000,974,848 | ---- | C] () -- C:\Windows\SysNative\inetcomm.dll
[2010/04/29 14:20:41 | 004,514,113 | ---- | C] () -- C:\Users\Eden\Desktop\Epik High - Wordkill (Studio Demo).mp3
[2010/04/25 15:51:53 | 009,978,856 | ---- | C] () -- C:\Users\Eden\Desktop\Billy Talent - Saint Veronika.mp3
[2010/04/13 13:55:05 | 001,420,688 | ---- | C] () -- C:\Windows\SysNative\drivers\tcpip.sys
[2010/04/13 13:55:05 | 000,224,256 | ---- | C] () -- C:\Windows\SysNative\iphlpsvc.dll
[2010/04/13 13:55:05 | 000,029,696 | ---- | C] () -- C:\Windows\SysNative\drivers\tunnel.sys
[2010/04/13 13:54:56 | 000,273,920 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb10.sys
[2010/04/13 13:54:56 | 000,135,168 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb.sys
[2010/04/13 13:54:56 | 000,105,472 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb20.sys
[2010/04/13 13:54:53 | 004,690,832 | ---- | C] () -- C:\Windows\SysNative\ntoskrnl.exe
[2010/04/13 13:54:43 | 000,603,648 | ---- | C] () -- C:\Windows\SysNative\vbscript.dll
[2010/04/13 13:54:38 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\l3codeca.acm
[2010/04/13 10:42:26 | 000,104,960 | ---- | C] () -- C:\Windows\SysNative\cabview.dll
[2010/04/13 10:42:24 | 000,218,112 | ---- | C] () -- C:\Windows\SysNative\wintrust.dll
[2010/04/07 16:40:39 | 000,005,174 | ---- | C] () -- C:\Windows\SysWow64\nppt9x.vxd
[2010/04/07 16:40:12 | 000,000,920 | ---- | C] () -- C:\Users\Eden\Desktop\GunboundWC.lnk
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/03/17 23:27:02 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\pool.bin
[2010/03/17 23:21:51 | 000,010,488 | ---- | C] () -- C:\Windows\SysNative\drivers\cdr4_xp.sys
[2010/03/17 23:21:50 | 000,052,856 | ---- | C] () -- C:\Windows\SysNative\drivers\PxHlpa64.sys
[2010/03/17 23:21:50 | 000,010,488 | ---- | C] () -- C:\Windows\SysNative\drivers\cdralw2k.sys
[2010/03/17 23:12:56 | 000,031,744 | ---- | C] () -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys
[2010/03/14 02:31:07 | 000,270,208 | ---- | C] () -- C:\Windows\SysNative\MpSigStub.exe
[2010/03/13 16:27:59 | 000,024,664 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2009/05/24 18:07:04 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI
[2009/04/04 12:25:24 | 000,000,000 | ---- | C] () -- C:\Windows\ToDisc.INI
[2009/02/25 16:11:30 | 000,000,122 | ---- | C] () -- C:\Windows\WA.INI
[2008/12/11 04:21:19 | 000,017,408 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll
[2008/09/18 19:26:10 | 000,000,260 | ---- | C] () -- C:\Windows\RomeTW.ini
[2008/07/16 12:19:03 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll
[2008/07/16 12:19:03 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll
[2008/07/16 12:19:03 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll
[2008/07/16 12:19:03 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll
[2008/07/16 12:19:03 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll
[2008/07/16 12:19:03 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll
[2008/07/16 12:15:41 | 000,128,113 | ---- | C] () -- C:\Windows\SysWow64\csellang.ini
[2008/07/16 12:15:41 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\csellang.dll
[2008/07/16 12:15:41 | 000,007,671 | ---- | C] () -- C:\Windows\SysWow64\cseltbl.ini
[2008/05/22 08:16:58 | 000,003,584 | ---- | C] () -- C:\Windows\SysWow64\wceprv.dll
[2008/03/04 19:52:34 | 000,286,720 | ---- | C] () -- C:\Windows\SysWow64\libcurl.dll
[2008/02/19 20:09:55 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/02/19 19:28:04 | 000,700,730 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2008/02/19 12:30:20 | 001,238,832 | ---- | C] () -- C:\Windows\SysWow64\igmedkrn.dll
[2008/02/19 12:30:20 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igmedcompkrn.dll
[2008/01/20 19:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 19:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2007/12/21 16:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\TosBtAcc.dll
[2007/10/31 10:39:54 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll
[2007/05/17 14:58:10 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\libexpatw.dll
[2005/07/22 21:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\TosCommAPI.dll

========== LOP Check ==========

[2010/05/29 21:01:02 | 000,000,000 | ---D | M] -- C:\Users\Eden\AppData\Roaming\D2C574D6F0342D0A556E35704A359590
[2008/09/11 20:44:14 | 000,000,000 | ---D | M] -- C:\Users\Eden\AppData\Roaming\DAEMON Tools
[2008/12/29 19:21:42 | 000,000,000 | ---D | M] -- C:\Users\Eden\AppData\Roaming\NCH Swift Sound
[2010/03/17 23:27:01 | 000,000,000 | ---D | M] -- C:\Users\Eden\AppData\Roaming\Research In Motion
[2010/01/15 19:34:57 | 000,000,000 | ---D | M] -- C:\Users\Eden\AppData\Roaming\Stardock
[2008/11/02 14:34:00 | 000,000,000 | ---D | M] -- C:\Users\Eden\AppData\Roaming\TOSHIBA
[2010/06/09 17:48:54 | 000,000,394 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 1).job
[2010/06/09 17:48:54 | 000,000,394 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 2).job
[2010/06/09 17:48:54 | 000,000,394 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 3).job
[2010/06/09 17:48:55 | 000,000,394 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 4).job
[2010/06/09 17:48:55 | 000,000,394 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2010/06/09 17:43:48 | 000,032,556 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >
  • 0

#7
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Use IE or Firefox and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.

Also do the BitDefender scan

http://www.bitdefend...nline/free.html
  • 0

#8
ewo

ewo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=ec82def57ba19e479da5e215b8194c45
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-06-10 04:55:26
# local_time=2010-06-09 09:55:26 (-0800, Pacific Daylight Time)
# country="Canada"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=6143 16777215 0 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=165097
# found=1
# cleaned=1
# scan_time=12584
C:\_OTL\MovedFiles\06092010_174241\C_Windows\SysWOW64\mkislnck.exe Win32/Adware.Lifze.J application (deleted - quarantined) 00000000000000000000000000000000 C
  • 0

#9
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
ESET just found one of the files we had moved with OTL. Your logs look clean. Unless you are still seeing a problem:

We need to clean up System Restore.
The best way is to follow Jim's procedure here http://aumha.net/vie...=...p;sk=t&sd=a
tho it hasn't been updated for Vista or Win 7 yet so To create a Restore Point try this:
right click on Computer and select Properties and System Protection (Continue) and then Create (at the bottom). OK Give it a name like Clean and then Create. OK. OK. If that's not how it works on Win 7 then you will have to read the help. I don't have Windows 7 just Vista.

Once you have created a Restore Point:

Now Start (Windows Logo Button), Programs, Accessories, Right click on Command Prompt and select Run As Administrator,
cleanmgr

Select "Files from All Users."
Continue

Select OS (C:)
OK

It will think for a few minutes.

Then come up with a few suggestions. Ignore those and press More Options. Under System Restore and Shadow Copies, click Clean Up and let it do its thing. Again if that's not how it works in 7 you will have to read the help.

To hide hidden files again:

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

You do not have the latest Java. Get the latest at:

http://www.java.com/...nload/index.jsp


Once you install it, go into Settings, Control Panel, Programs and Features, and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
I see:
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 12
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat. Adobe is fond of foisting GetPlus on you. You can let them install it and then afterwards, go into Settings, Control Panel, Programs and Features, and remove it. It probably doesn't hurt to leave it but I don't see the need for it and it has caused problems in the past.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

I recommend you install the free WinPatrol 2010 from http://www.winpatrol.com/download.html

It's a small program that will sit in your systray and warn you if something tries to make changes to your system.

If you use USB drives you might want to install Autorun Eater v2.4.
http://oldmcdonald.w...orun-eater-v24/
Another small program which will stay resident and prevent an infected USB drive from infecting your PC.

If you use Firefox then get the AdBlock Plus Add-on.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox



If your current antivirus is not a paid up subscription you should dump it and install the free Avast
http://www.avast.com...avast-home.html


Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

Ron
  • 0

#10
ewo

ewo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
thx ron
everything has been resolved
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP