[jllaz]

Update: I was able to go into User Accounts and create a New User Acct. (Tony)this is something I couldn't do before. It seems to work as the Administrator acct. I can't access the task mgr. and have no Internet connection.

[Advertisements]

I was pretty much expecting both of those things, based on the information from the last export. Your Jerry profile hive is corrupted, and enabling the Administrator account is what has allowed for creating a new profile. The quickest way to get things wrapped up now is to copy the data you wish to save from the Jerry profile over to the new one. Your documents, pictures, music, etc will be located in C:\users\Jerry and it's subfolders. Once you've done that, you can remove the Jerry account via the User Accounts control center. If you're inclined to do so, you could even create a new Jerry account afterwards and move things back.

Reboot once and logon to the new account and let me know how things are working, or if problems still exist.

[noahdfear]

I was pretty much expecting both of those things, based on the information from the last export. Your Jerry profile hive is corrupted, and enabling the Administrator account is what has allowed for creating a new profile. The quickest way to get things wrapped up now is to copy the data you wish to save from the Jerry profile over to the new one. Your documents, pictures, music, etc will be located in C:\users\Jerry and it's subfolders. Once you've done that, you can remove the Jerry account via the User Accounts control center. If you're inclined to do so, you could even create a new Jerry account afterwards and move things back.

Reboot once and logon to the new account and let me know how things are working, or if problems still exist.

[jllaz]

Just asking. Do you think is a good idea to copy the desktop in Jerry's folder also? Can I rename the User Acct. instead of creating a new "Jerry" acct. after is removed? Do you think this will take care of my internet problem? It's going to take a litle while to copy my files, I'll keep you informed.

[noahdfear]

No need for copying things like shortcuts from Jerry\desktop, but if you have documents or the like that you want to keep then do copy those to a safe location outside of the c:\users\Jerry directory. I do not advise just renaming the new profile. You would do better to delete the acount properly via User Account management, then remove the entire c:\users\Jerry folder, and finally, create a new user named Jerry.

Is the internet the only thing that appears to be not working properly? You did restart the machine since creating the new profile?

[jllaz]

I tried to remove the "JerrY" acct. through the UAC but was unable to do it. It asked me to confirm the removal a couple of times and on the last confirmation screen I press Delete but nothing happened. So, I deleted the folder and all it's contents. I logged on again and check UAC and the account is not there. Besides not being able to get on the internet, I can't access the Task Mgr. When I hit C/A/D a green checkered box appears in the task bar but it doesn't respond to either left/right clik.

[noahdfear]

Press the WinKey + R to open a Run dialog then enter the following command.

RunDll32.exe shell32.dll,Control_RunDLL ncpa.cpl

This should open the Network Connections GUI
Right click the connection icon and check the status.
If there's a problem, click Diagnose.
Make note of any errors and let me know the outcome.

I would also like you to click Details and let me know what the IPv4 address and IPv4 subnet mask is showing (if still no connection).

[jllaz]

Network and Internet>Network Connections screen open but it just hungs there, I also tried to uninstall a program and the install shield just hungs also.

[noahdfear]

Please download DDS from one of the 3 mirrors and transfer it to the computer.

Mirror 1 Mirror 2 Mirror 3

• Disable any script blocking protection
• Double click the dds icon to run the tool.
• When done, DDS will open two (2) logs:
  • DDS.txt
  • Attach.txt
• Save both reports to your desktop.

Please post the DDS.txt log and attach the attch.txt log to your next reply.

[jllaz]

I'm sorry I know this is a stupid question but, what do you mean by script blocking?, exemple if you could!

[noahdfear]

Some security programs have script blocking built-in, like many versions of Norton Antivirus. FireFox has a script blocking add-on. If active, they can interfere with the report generated by DDS. Just go ahead and run it - see what we get.

[jllaz]

OK. here it is.



DDS (Ver_09-12-01.01) - NTFSx86
Run by Tony at 17:25:51.47 on Fri 12/18/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2037.1160 [GMT -7:00]

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\BufferZone\CLNTSVC.EXE
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\BufferZone\BZRPCSS.EXE
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\BufferZone\bzdcomlaunch.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Protector Suite QL\upeksvr.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\hasplms.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\PROGRA~1\Maxtor\MANAGE~1\OneTouch.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Toshiba\IVP\ISM\pinger.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\PSIService.exe
C:\Program Files\Retrospect\Retrospect Express HD 2.0\retrorun.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Tony\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.toshibadirect.com/dpdstart
uDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: CBZurlmon Object: {311ba51f-64f2-439d-9a4a-772373d77312} - c:\program files\bufferzone\BZbho.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~3\office12\GR99D3~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: psfus - c:\windows\system32\psqlpwd.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL
LSA: Notification Packages = scecli psqlpwd

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================


==================== Find3M ====================

2009-09-12 16:14:34 952 --sha-w- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 17:28:01.13 ===============

[noahdfear]

Out of curiosity, what program did you previously try to uninstall?
Did you recently install BufferZone, and if so, did this user account problem begin around that time?

You seem to be familiar with the registry, so I'll give you instructions for re-enabling Ctrl+Alt+Del

Type regedit in the Start>Start Search window, then right click regedit.exe and select Run as administrator.
Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
In the right pane, delete the value DisableCAD
You can also delete the value DisableRegistryTools if you wish. Though it's not actually disabling anything, it's not a default value.
Close the Registry Editor

I'm puzzled by the lack of any information in the Services/Drivers section of the log, as well as the Created Last 30 and Find3M sections.
Please run an OTL quick scan, no custom scan required, then post the log.

[jllaz]

As I was testing what programs I could run after I run the custom command provided by Chamber. I tried to run AutoCad and instead of running the install shield came up. I though it was probably a stealth program trying to install something unwanted,so I did a hard shutdown and notified Chamber. After a few times I notice that it was this program that was lounging the ins-shield so I try to uninstall it. Also, you are right. I was using BufferZone-Beta and I tried to upgrade to BufferZonePro. To do this, I needed to uninstall the Beta software. when I tried to doit something went wrong becouse when I tried to install the upgrade I could not doit and yes it was around that time that I stared having problems. I hope this explanation helps any. this is the OTL result.


OTL logfile created on: 12/18/2009 7:37:55 PM - Run 3
OTL by OldTimer - Version 3.1.8.0 Folder = C:\Users\Tony\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.08 Gb Available Physical Memory | 54.20% Memory free
4.00 Gb Paging File | 3.03 Gb Available in Paging File | 75.64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 184.84 Gb Total Space | 71.34 Gb Free Space | 38.59% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JERRY-PC
Current User Name: Tony
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/18 17:18:00 | 00,524,288 | ---- | M] () -- C:\Users\Tony\Desktop\dds.scr
PRC - [2009/11/23 19:33:57 | 00,529,920 | ---- | M] (OldTimer Tools) -- C:\Users\Tony\Desktop\OTL.exe
PRC - [2009/09/05 22:38:15 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/09/05 22:21:03 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe
PRC - [2009/09/05 21:58:05 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
PRC - [2009/08/28 18:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/22 17:14:26 | 00,797,080 | ---- | M] () -- C:\Program Files\BufferZone\ClntSvc.exe
PRC - [2008/12/22 17:14:24 | 00,065,240 | ---- | M] () -- C:\Program Files\BufferZone\BZRpcSs.exe
PRC - [2008/12/22 17:14:16 | 00,069,336 | ---- | M] () -- C:\Program Files\BufferZone\BZDcomLaunch.exe
PRC - [2008/12/22 17:14:16 | 00,069,336 | ---- | M] () -- C:\Program Files\BufferZone\BZDcomLaunch.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/07/07 08:42:02 | 00,809,296 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/05/08 14:58:40 | 00,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
PRC - [2008/01/18 22:33:36 | 01,143,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe
PRC - [2008/01/18 22:33:32 | 01,233,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
PRC - [2008/01/18 22:33:24 | 00,020,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RacAgent.exe
PRC - [2008/01/18 22:33:06 | 00,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
PRC - [2007/11/14 12:08:48 | 00,027,400 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\upeksvr.exe
PRC - [2007/04/27 20:15:46 | 00,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2007/03/20 14:22:06 | 00,114,344 | ---- | M] ( ) -- C:\Program Files\Maxtor\Utils\SyncServices.exe
PRC - [2007/03/15 13:48:26 | 00,535,807 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\System32\hasplms.exe
PRC - [2007/02/27 16:57:48 | 00,716,456 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Maxtor\ManagerApp\OneTouch.exe
PRC - [2007/02/10 04:29:56 | 00,089,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2007/02/10 04:29:54 | 29,178,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2007/02/10 04:29:48 | 00,242,544 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2007/02/02 14:56:52 | 00,118,784 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2007/01/25 17:50:26 | 00,063,096 | ---- | M] () -- c:\Toshiba\IVP\swupdate\swupdtmr.exe
PRC - [2007/01/25 17:47:50 | 00,136,816 | ---- | M] () -- C:\Toshiba\IVP\ISM\pinger.exe
PRC - [2007/01/22 12:11:50 | 00,108,064 | ---- | M] (EMC Corporation) -- C:\Program Files\Retrospect\Retrospect Express HD 2.0\retrorun.exe
PRC - [2006/12/19 23:15:44 | 00,428,152 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2006/11/14 20:33:10 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2006/11/10 14:22:26 | 00,417,792 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2006/11/02 19:40:12 | 00,174,656 | ---- | M] () -- C:\Windows\System32\PSIService.exe
PRC - [2006/10/27 07:33:00 | 00,159,744 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
PRC - [2006/10/05 12:10:12 | 00,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/08/23 16:39:48 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2006/05/25 18:30:16 | 00,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe


========== Modules (SafeList) ==========

MOD - [2009/11/23 19:33:57 | 00,529,920 | ---- | M] (OldTimer Tools) -- C:\Users\Tony\Desktop\OTL.exe
MOD - [2008/12/22 17:14:50 | 00,167,640 | ---- | M] () -- C:\Program Files\BufferZone\RlHook.dll
MOD - [2008/12/22 17:14:28 | 00,134,360 | ---- | M] (www.madshi.net) -- C:\Windows\System32\madCHook.dll
MOD - [2008/01/18 22:26:36 | 01,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/09/08 20:09:30 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/09/06 19:42:27 | 00,085,096 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2009/09/06 07:49:44 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/09/05 21:58:14 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2009/09/05 21:58:10 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2009/09/05 21:58:05 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2009/09/05 21:43:04 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/09/05 20:27:38 | 00,182,768 | ---- | M] (Google) -- C:\Virtual\Untrusted\C_\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc_Untrusted_BZ)
SRV - [2009/09/05 20:27:38 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/08/28 18:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/12/22 17:14:26 | 00,797,080 | ---- | M] () -- C:\Program Files\BufferZone\ClntSvc.exe -- (BufferZoneSvc)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/19 18:23:16 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2008/08/15 04:46:20 | 00,284,016 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2008/07/18 12:13:20 | 00,053,760 | ---- | M] (Hewlett-Packard) -- C:\Windows\System32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2008/07/18 12:13:20 | 00,044,032 | ---- | M] (Hewlett-Packard) -- C:\Windows\System32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2008/07/07 08:42:02 | 00,809,296 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/03/25 20:27:36 | 00,135,168 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2008/01/18 22:38:26 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/18 22:33:40 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008/01/18 22:33:10 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr)
SRV - [2007/05/09 15:16:34 | 01,862,144 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager)
SRV - [2007/04/27 20:15:46 | 00,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2007/03/20 14:22:06 | 00,114,344 | ---- | M] ( ) -- C:\Program Files\Maxtor\Utils\SyncServices.exe -- (NTService1)
SRV - [2007/03/15 13:48:26 | 00,535,807 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\System32\hasplms.exe -- (hasplms)
SRV - [2007/02/10 04:29:56 | 00,089,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2007/02/10 04:29:54 | 29,178,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - [2007/02/10 04:29:48 | 00,242,544 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2007/02/02 14:56:52 | 00,118,784 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007/01/25 17:50:26 | 00,063,096 | ---- | M] () -- c:\Toshiba\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2007/01/25 17:47:50 | 00,136,816 | ---- | M] () -- C:\Toshiba\IVP\ISM\pinger.exe -- (pinger)
SRV - [2007/01/22 12:11:50 | 00,108,064 | ---- | M] (EMC Corporation) -- C:\Program Files\Retrospect\Retrospect Express HD 2.0\retrorun.exe -- (RetroExpLauncher)
SRV - [2006/12/19 23:15:44 | 00,428,152 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2006/11/14 20:33:10 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2006/11/02 19:40:12 | 00,174,656 | ---- | M] () -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/11/02 05:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched)
SRV - [2006/11/02 05:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/27 07:36:32 | 00,303,104 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - [2006/10/27 07:35:16 | 00,880,640 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9)
SRV - [2006/10/27 07:33:00 | 00,159,744 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9)
SRV - [2006/10/26 23:47:54 | 00,065,824 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2006/10/26 21:14:42 | 00,057,344 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9)
SRV - [2006/10/26 21:14:16 | 00,294,912 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9)
SRV - [2006/10/26 18:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/10/05 12:10:12 | 00,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 16:39:48 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006/05/25 18:30:16 | 00,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2005/10/14 01:50:20 | 00,045,272 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2004/10/22 02:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/07 13:20:07 | 00,000,000 | ---D | M]


O1 HOSTS File: (27 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (CBZurlmon Object) - {311BA51F-64F2-439D-9A4A-772373D77312} - C:\Program Files\BufferZone\BZbho.dll (Trustware)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.85.102 68.87.69.150
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\psfus: DllName - C:\Windows\system32\psqlpwd.dll - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 14 Days ==========

[2009/12/18 17:31:57 | 00,000,000 | ---D | C] -- C:\Users\Tony\AppData\Local\Apple
[2009/12/18 12:54:50 | 00,339,456 | ---- | C] (OldTimer Tools) -- C:\Users\Tony\Desktop\TFC.exe
[2009/12/18 12:54:50 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Users\Tony\Desktop\SysRestorePoint.exe
[2009/12/18 12:54:49 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\Tony\Desktop\setup-spybotsd162.exe
[2009/12/18 12:54:49 | 04,045,536 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Tony\Desktop\mb-am-setup.exe
[2009/12/18 12:54:49 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\Tony\Desktop\HijackThisInstaller.exe
[2009/12/18 12:54:49 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Tony\Desktop\erunt_setup.exe
[2009/12/18 12:54:49 | 00,529,920 | ---- | C] (OldTimer Tools) -- C:\Users\Tony\Desktop\OTL.exe
[2009/12/18 12:54:49 | 00,472,064 | ---- | C] ( ) -- C:\Users\Tony\Desktop\RootRepeal.exe
[2009/12/18 12:54:45 | 00,000,000 | ---D | C] -- C:\Users\Tony\Desktop\Project Files - Photoshop TnT
[2009/12/18 12:48:11 | 00,004,608 | ---- | C] () -- C:\Users\Tony\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/18 12:41:20 | 00,000,000 | ---D | C] -- C:\Users\Tony\Documents\Tutorials
[2009/12/18 12:41:20 | 00,000,000 | ---D | C] -- C:\Users\Tony\Documents\Small Business Accounting
[2009/12/18 12:31:56 | 00,000,000 | R--D | C] -- C:\Users\Tony\Documents\Shareaza Downloads
[2009/12/18 12:31:56 | 00,000,000 | ---D | C] -- C:\Users\Tony\Documents\Recetas
[2009/12/18 12:31:56 | 00,000,000 | ---D | C] -- C:\Users\Tony\Documents\QPPriv
[2009/12/18 12:31:33 | 00,000,000 | ---D | C] -- C:\Users\Tony\Documents\Lazmir Document Files
[2009/12/18 12:31:33 | 00,000,000 | ---D | C] -- C:\Users\Tony\Documents\Corel User Files
[2009/12/18 12:31:19 | 00,000,000 | ---D | C] -- C:\Users\Tony\Documents\Books
[2009/12/18 12:31:00 | 00,000,000 | ---D | C] -- C:\Users\Tony\Documents\Apartments
[2009/12/18 11:00:18 | 00,000,000 | ---D | C] -- C:\Users\Tony\Documents\Adobe
[2009/12/18 08:37:08 | 03,846,507 | -H-- | C] () -- C:\Users\Tony\AppData\Local\IconCache.db
[2009/12/18 07:57:33 | 00,000,000 | ---D | C] -- C:\Users\Tony\AppData\Local\Autodesk
[2009/12/18 07:57:32 | 00,000,000 | ---D | C] -- C:\Users\Tony\AppData\Roaming\Autodesk
[2009/12/18 07:49:14 | 00,000,000 | ---D | C] -- C:\Users\Tony\AppData\Local\Adobe
[2009/12/18 07:48:59 | 00,174,232 | ---- | C] () -- C:\Users\Tony\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/12/18 07:46:22 | 00,000,000 | R--D | C] -- C:\Users\Tony\Searches
[2009/12/18 07:46:10 | 00,000,000 | ---D | C] -- C:\Users\Tony\AppData\Roaming\Identities
[2009/12/18 07:46:08 | 00,000,000 | R--D | C] -- C:\Users\Tony\Contacts
[2009/12/18 07:46:07 | 00,000,000 | ---D | C] -- C:\Users\Tony\AppData\Local\VirtualStore
[2009/12/18 07:46:01 | 00,000,000 | -HSD | C] -- C:\Users\Tony\AppData\Local\Temporary Internet Files
[2009/12/18 07:46:01 | 00,000,000 | -HSD | C] -- C:\Users\Tony\Templates
[2009/12/18 07:46:01 | 00,000,000 | -HSD | C] -- C:\Users\Tony\Start Menu
[2009/12/18 07:46:01 | 00,000,000 | -HSD | C] -- C:\Users\Tony\SendTo
[2009/12/18 07:46:01 | 00,000,000 | -HSD | C] -- C:\Users\Tony\Recent
[2009/12/18 07:46:01 | 00,000,000 | -HSD | C] -- C:\Users\Tony\PrintHood
[2009/12/18 07:46:01 | 00,000,000 | -HSD | C] -- C:\Users\Tony\NetHood
[2009/12/18 07:46:01 | 00,000,000 | -HSD | C] -- C:\Users\Tony\Documents\My Videos
[2009/12/18 07:46:01 | 00,000,000 | -HSD | C] -- C:\Users\Tony\Documents\My Pictures
[2009/12/18 07:46:01 | 00,000,000 | -HSD | C] -- C:\Users\Tony\Documents\My Music
[2009/12/18 07:46:01 | 00,000,000 | -HSD | C] -- C:\Users\Tony\My Documents
[2009/12/18 07:46:01 | 00,000,000 | -HSD | C] -- C:\Users\Tony\Local Settings
[2009/12/18 07:46:01 | 00,000,000 | -HSD | C] -- C:\Users\Tony\AppData\Local\History
[2009/12/18 07:46:01 | 00,000,000 | -HSD | C] -- C:\Users\Tony\Cookies
[2009/12/18 07:46:01 | 00,000,000 | -HSD | C] -- C:\Users\Tony\Application Data
[2009/12/18 07:46:01 | 00,000,000 | -HSD | C] -- C:\Users\Tony\AppData\Local\Application Data
[2009/12/18 07:45:49 | 00,000,000 | --SD | C] -- C:\Users\Tony\AppData\Roaming\Microsoft
[2009/12/18 07:45:49 | 00,000,000 | R--D | C] -- C:\Users\Tony\Videos
[2009/12/18 07:45:49 | 00,000,000 | R--D | C] -- C:\Users\Tony\Saved Games
[2009/12/18 07:45:49 | 00,000,000 | R--D | C] -- C:\Users\Tony\Pictures
[2009/12/18 07:45:49 | 00,000,000 | R--D | C] -- C:\Users\Tony\Music
[2009/12/18 07:45:49 | 00,000,000 | R--D | C] -- C:\Users\Tony\Links
[2009/12/18 07:45:49 | 00,000,000 | R--D | C] -- C:\Users\Tony\Favorites
[2009/12/18 07:45:49 | 00,000,000 | R--D | C] -- C:\Users\Tony\Downloads
[2009/12/18 07:45:49 | 00,000,000 | R--D | C] -- C:\Users\Tony\Documents
[2009/12/18 07:45:49 | 00,000,000 | R--D | C] -- C:\Users\Tony\Desktop
[2009/12/18 07:45:49 | 00,000,000 | -H-D | C] -- C:\Users\Tony\AppData
[2009/12/18 07:45:49 | 00,000,000 | ---D | C] -- C:\Users\Tony\AppData\Local\temp
[2009/12/18 07:45:49 | 00,000,000 | ---D | C] -- C:\Users\Tony\AppData\Local\Microsoft
[2009/12/18 07:45:49 | 00,000,000 | ---D | C] -- C:\Users\Tony\AppData\Roaming\Media Center Programs
[2009/12/18 07:45:49 | 00,000,000 | ---D | C] -- C:\Users\Tony\AppData\Roaming\Malwarebytes
[2009/12/18 07:45:49 | 00,000,000 | ---D | C] -- C:\Users\Tony\AppData\Roaming\Macromedia
[2009/12/18 07:45:49 | 00,000,000 | ---D | C] -- C:\Users\Tony\Documents\HTML
[2009/12/18 07:45:49 | 00,000,000 | ---D | C] -- C:\Users\Tony\AppData\Roaming\DAEMON Tools
[2009/12/18 07:45:49 | 00,000,000 | ---D | C] -- C:\Users\Tony\AppData\Roaming\Corel
[2009/12/18 07:45:49 | 00,000,000 | ---D | C] -- C:\Users\Tony\AppData\Roaming\Chief Architect Full Version 11
[2009/12/18 07:45:49 | 00,000,000 | ---D | C] -- C:\Users\Tony\AppData\Roaming\Adobe
[2009/12/15 20:39:07 | 00,000,067 | -HS- | C] () -- C:\ProgramData\desktop.ini
[2006/09/14 10:32:20 | 00,028,672 | R--- | C] ( ) -- C:\Windows\System32\DivXGraphBuilderCallback.dll

========== Files - Modified Within 14 Days ==========

[2009/12/18 19:39:30 | 01,048,576 | -HS- | M] () -- C:\Users\Tony\NTUSER.DAT
[2009/12/18 19:21:51 | 00,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/12/18 19:21:51 | 00,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/12/18 17:21:51 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/12/18 17:21:13 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/12/18 17:20:57 | 21,371,20768 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/18 17:18:00 | 00,524,288 | ---- | M] () -- C:\Users\Tony\Desktop\dds.scr
[2009/12/18 17:17:06 | 00,524,288 | -HS- | M] () -- C:\Users\Tony\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2009/12/18 17:17:06 | 00,065,536 | -HS- | M] () -- C:\Users\Tony\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2009/12/18 17:17:01 | 03,846,507 | -H-- | M] () -- C:\Users\Tony\AppData\Local\IconCache.db
[2009/12/18 12:48:12 | 00,004,608 | ---- | M] () -- C:\Users\Tony\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/18 08:37:12 | 00,524,288 | -HS- | M] () -- C:\Users\Tony\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2009/12/18 07:48:59 | 00,174,232 | ---- | M] () -- C:\Users\Tony\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/12/18 07:46:01 | 00,000,020 | -HS- | M] () -- C:\Users\Tony\ntuser.ini
[2009/12/17 21:29:55 | 00,002,585 | ---- | M] () -- C:\Users\Public\Desktop\Quattro Pro X3.lnk
[2009/12/11 20:25:24 | 02,469,624 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2009/12/18 17:24:54 | 00,524,288 | ---- | C] () -- C:\Users\Tony\Desktop\dds.scr
[2009/12/18 12:54:50 | 00,001,066 | ---- | C] () -- C:\Users\Tony\Desktop\Spybot - Search & Destroy.lnk
[2009/12/18 12:54:49 | 00,001,891 | ---- | C] () -- C:\Users\Tony\Desktop\HijackThis.lnk
[2009/12/18 12:54:49 | 00,001,768 | ---- | C] () -- C:\Users\Tony\Desktop\DVD Decrypter.lnk
[2009/12/18 12:54:49 | 00,001,321 | ---- | C] () -- C:\Users\Tony\Desktop\Microsoft Office Accounting 2008.lnk
[2009/12/18 12:54:49 | 00,000,844 | ---- | C] () -- C:\Users\Tony\Desktop\PlanSwift 8.lnk
[2009/12/18 12:54:49 | 00,000,756 | ---- | C] () -- C:\Users\Tony\Desktop\NTREGOPT.lnk
[2009/12/18 12:54:49 | 00,000,737 | ---- | C] () -- C:\Users\Tony\Desktop\ERUNT.lnk
[2009/12/18 12:54:47 | 03,578,965 | R--- | C] () -- C:\Users\Tony\Desktop\ComboFix.exe
[2009/12/18 12:54:45 | 00,292,352 | ---- | C] () -- C:\Users\Tony\Desktop\ydcjn60u.exe
[2009/12/18 12:48:11 | 00,004,608 | ---- | C] () -- C:\Users\Tony\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/18 11:00:18 | 00,080,079 | ---- | C] () -- C:\Users\Tony\Documents\DRAW PROPOSAL.pdf
[2009/12/18 11:00:18 | 00,000,070 | ---- | C] () -- C:\Users\Tony\Documents\DRAW PROPOSAL.xml
[2009/12/18 08:37:08 | 03,846,507 | -H-- | C] () -- C:\Users\Tony\AppData\Local\IconCache.db
[2009/12/18 07:48:59 | 00,174,232 | ---- | C] () -- C:\Users\Tony\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/12/18 07:46:01 | 00,000,020 | -HS- | C] () -- C:\Users\Tony\ntuser.ini
[2009/12/18 07:46:00 | 00,524,288 | -HS- | C] () -- C:\Users\Tony\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2009/12/18 07:46:00 | 00,524,288 | -HS- | C] () -- C:\Users\Tony\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2009/12/18 07:46:00 | 00,065,536 | -HS- | C] () -- C:\Users\Tony\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2009/12/18 07:45:49 | 01,048,576 | -HS- | C] () -- C:\Users\Tony\NTUSER.DAT
[2009/12/17 20:45:16 | 21,371,20768 | -HS- | C] () -- C:\hiberfil.sys
[2009/12/15 20:39:07 | 00,000,067 | -HS- | C] () -- C:\ProgramData\desktop.ini
[2009/12/02 18:39:49 | 00,011,264 | ---- | C] () -- C:\Windows\System32\drivers\uzkwmzmy.sys
[2009/10/06 16:07:49 | 00,002,212 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/09/11 08:33:36 | 00,000,952 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2009/09/11 07:25:21 | 00,000,025 | ---- | C] () -- C:\Windows\EP_SPR380.ini
[2009/09/10 12:21:57 | 00,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/09/06 18:56:12 | 00,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/09/06 18:56:12 | 00,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/09/06 00:16:33 | 00,368,640 | ---- | C] () -- C:\Windows\System32\msjetoledb40.dll
[2009/09/06 00:14:46 | 00,060,124 | ---- | C] () -- C:\Windows\System32\tcpmon.ini
[2009/03/05 06:54:58 | 00,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2008/12/22 17:14:50 | 01,279,704 | ---- | C] () -- C:\Windows\System32\RlShellExt.dll
[2008/12/22 17:14:36 | 00,428,832 | ---- | C] () -- C:\Windows\System32\Ole2Plgin.dll
[2008/12/22 17:14:14 | 00,179,928 | ---- | C] () -- C:\Windows\System32\AM.dll
[2008/02/11 18:55:18 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2007/05/09 18:25:14 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/05/09 15:24:17 | 00,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007/05/09 15:06:33 | 00,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{26e3dd02-fe70-11db-9767-0016d4904cfa}.TMContainer00000000000000000002.regtrans-ms
[2007/05/09 15:06:33 | 00,065,536 | -HS- | C] () -- C:\ProgramData\ntuser.dat{26e3dd02-fe70-11db-9767-0016d4904cfa}.TM.blf
[2007/05/09 15:06:32 | 00,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{26e3dcf2-fe70-11db-9767-0016d4904cfa}.TMContainer00000000000000000002.regtrans-ms
[2007/05/09 15:06:32 | 00,262,144 | ---- | C] () -- C:\ProgramData\ntuser.dat
[2007/05/09 15:06:32 | 00,065,536 | -HS- | C] () -- C:\ProgramData\ntuser.dat{26e3dcf2-fe70-11db-9767-0016d4904cfa}.TM.blf
[2007/05/09 15:06:32 | 00,005,120 | -H-- | C] () -- C:\ProgramData\ntuser.dat.LOG1
[2007/05/09 15:06:32 | 00,000,000 | -H-- | C] () -- C:\ProgramData\ntuser.dat.LOG2
[2007/05/09 14:58:17 | 00,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007/05/09 14:58:17 | 00,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007/05/09 14:58:17 | 00,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007/05/09 14:58:16 | 00,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007/05/09 14:58:16 | 00,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007/05/09 14:58:16 | 00,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007/05/09 14:30:52 | 00,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2007/05/09 14:30:51 | 00,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2007/05/09 14:30:51 | 00,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2007/05/09 14:30:51 | 00,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2007/03/06 12:49:42 | 00,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1227.dll
[2006/12/05 13:05:06 | 00,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/24 07:48:44 | 00,036,864 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll
[2006/11/10 08:17:52 | 00,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 05:50:50 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2006/11/02 05:37:35 | 00,030,808 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2006/11/02 05:37:35 | 00,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 05:37:35 | 00,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 05:37:35 | 00,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 05:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:33:01 | 00,756,644 | ---- | C] () -- C:\Windows\System32\PerfStringBackup.INI
[2006/11/02 03:24:31 | 00,001,405 | ---- | C] () -- C:\Windows\msdfmap.ini
[2006/11/02 03:23:31 | 00,000,254 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 03:23:31 | 00,000,215 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 00:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 00:09:45 | 00,027,097 | ---- | C] () -- C:\Windows\System32\country.sys
[2006/11/02 00:09:44 | 00,042,809 | ---- | C] () -- C:\Windows\System32\KEY01.SYS
[2006/11/02 00:09:44 | 00,042,537 | ---- | C] () -- C:\Windows\System32\KEYBOARD.SYS
[2006/11/02 00:09:42 | 00,009,029 | ---- | C] () -- C:\Windows\System32\ANSI.SYS
[2006/11/02 00:09:41 | 00,004,768 | ---- | C] () -- C:\Windows\System32\HIMEM.SYS
[2006/11/02 00:09:40 | 00,029,274 | ---- | C] () -- C:\Windows\System32\NTDOS412.SYS
[2006/11/02 00:09:38 | 00,029,370 | ---- | C] () -- C:\Windows\System32\NTDOS411.SYS
[2006/11/02 00:09:35 | 00,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS404.SYS
[2006/11/02 00:09:31 | 00,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS804.SYS
[2006/11/02 00:09:29 | 00,027,866 | ---- | C] () -- C:\Windows\System32\NTDOS.SYS
[2006/11/02 00:09:26 | 00,035,536 | ---- | C] () -- C:\Windows\System32\NTIO412.SYS
[2006/11/02 00:09:24 | 00,035,776 | ---- | C] () -- C:\Windows\System32\NTIO411.SYS
[2006/11/02 00:09:23 | 00,034,672 | ---- | C] () -- C:\Windows\System32\NTIO404.SYS
[2006/11/02 00:09:22 | 00,034,672 | ---- | C] () -- C:\Windows\System32\NTIO804.SYS
[2006/11/02 00:09:20 | 00,033,952 | ---- | C] () -- C:\Windows\System32\NTIO.SYS
[2006/11/01 23:25:08 | 00,013,312 | ---- | C] () -- C:\Windows\System32\win87em.dll
[2006/10/26 22:02:40 | 00,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/10/26 22:02:40 | 00,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2005/11/23 14:55:42 | 00,024,576 | ---- | C] () -- C:\Windows\System32\SPCtl.dll
[2005/07/22 21:30:20 | 00,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
[2005/07/15 11:35:56 | 00,831,488 | ---- | C] () -- C:\Windows\System32\libeay32.dll
[2005/07/15 11:35:56 | 00,159,744 | ---- | C] () -- C:\Windows\System32\ssleay32.dll
[2005/07/15 11:35:24 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[1999/01/20 05:01:00 | 00,210,032 | ---- | C] () -- C:\Windows\System32\dbclient.dll
[1996/12/06 13:15:20 | 00,131,584 | ---- | C] () -- C:\Windows\System32\wsiwin32.dll
[1996/12/06 13:14:24 | 00,375,296 | ---- | C] () -- C:\Windows\System32\wsihk32.dll
[1996/02/01 17:25:42 | 00,943,616 | ---- | C] () -- C:\Windows\System32\dfolder.dll

========== LOP Check ==========

[2009/12/18 17:23:51 | 00,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\Adobe
[2009/12/18 07:57:34 | 00,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\Autodesk
[2009/12/08 21:48:06 | 00,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\Chief Architect Full Version 11
[2009/12/08 21:55:26 | 00,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\Corel
[2009/12/08 20:07:30 | 00,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\DAEMON Tools
[2009/12/18 07:46:10 | 00,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\Identities
[2009/11/15 13:06:14 | 00,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\Macromedia
[2009/11/15 13:06:56 | 00,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\Malwarebytes
[2006/11/02 05:37:34 | 00,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\Media Center Programs
[2009/12/18 07:49:19 | 00,000,000 | --SD | M] -- C:\Users\Tony\AppData\Roaming\Microsoft
[2009/12/18 17:21:51 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/11/25 23:56:32 | 00,032,518 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\Tony\Documents\Tutorials:Roxio EMC Stream
@Alternate Data Stream - 16 bytes -> C:\Users\Tony\Documents\Shareaza Downloads:Shareaza.GUID
< End of report >

[noahdfear]

Looks like you've already moved Erunt and sysrestorepoint.exe
If you haven't done so already, please create both a system restore point and an erunt backup.

Next, see if you can uninstall BufferZone - let me know the results.

Open an elevated command window and type the following commands, hitting Enter after each line.

ipconfig /release
ipconfig /flushdns
ipconfig /renew
ipconfig /all >%userprofile%\desktop\ipconfig.txt


If you still have no internet connection, please post the contents of ipconfig.txt

[jllaz]

Noah, I deleted de values DesableCAD and DesableSystemTools in the registry and I still have the same problem with C/A/D only a green litle square on the task bar. I tried to do a systemRestore and the small screen came up and tells me is creating a Restore point but a see no activity at all. it's been a while. What should I do? try ERUNT? uninstall BufferZone? try the elevated command?