Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: computer sending spam


(!)

b33rman's Avatar
b33rman b33rman is offline
Junior Member with 7 posts.
THREAD STARTER
 
Join Date: Apr 2010
22-Apr-2010, 02:51 PM #1
computer sending spam
my sisters computer keeps sending spam emails out to people on her contact list, seems to send about every other day. its coming from her hotmail account. She is running win 7 home prem 64bit.
the emails say from her with a name of some one in the subject and just a link in the main body of the email sorta like this:
subject: maike henning Link: ryszka.wb.pl/home.php
Subject: bernd wolf link: moneyadvice.digitalime.com/homephp


i could continue but think you see what i mean. i have ran avg, malawarebytes, adaware and spybot search and destroy and all come back clean. i have had her change her pass word. any help would be great and thanks in advance.

here is the hijack log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:47:02 PM, on 4/22/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames.exe
F:\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\17.6.0.32\IPSBHO.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: TwcToolbarBhoApp Class - {AA1F9DDB-E605-4ba6-81D4-E427DEE012AD} - C:\Windows\SysWow64\TwcToolbarBho.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\Windows\SysWow64\TwcToolbarIe7.dll
O4 - HKLM\..\Run: [TUSBSleepChargeSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O13 - Gopher Prefix:
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...Uploader55.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate1caa48113406a37) (gupdate1caa48113406a37) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files (x86)\Norton AntiVirus\Engine\17.6.0.32\ccSvcHst.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: taisregispinger - Unknown owner - C:\Program Files (x86)\TOSHIBA\ToshibaRegistration\TaisRegistPinger.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - Unknown owner - C:\windows\system32\ThpSrv.exe (file missing)
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 12767 bytes
NeonFx's Avatar
Senior Member with 4,811 posts.
 
Join Date: Oct 2008
Location: California, USA
22-Apr-2010, 10:23 PM #2
Hello there Welcome to the TSG Forums.
My name is NeonFx. I'll be glad to help you with your computer problems. Logs can take some time to research, so please be patient with me.


Please note the following:
  • The fixes are specific to your problem and should only be used on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clean. Absence of symptoms does not necessarily mean that the system is completely clean.
  • It's often worth reading through these instructions and printing them for ease of reference. I may ask you to boot into Safe Mode where you will be unable to follow my instructions online.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.


Quick question, does your sister access her account using a different computer or even a cellphone at times? You did the right thing having her change the password.


Step 1

Download OTS to your Desktop
  • Close ALL OTHER PROGRAMS.
  • Double-click on OTS.exe to start the program.
  • Check the box that says Scan All Users
  • Make sure Include 64 Bit Scans is checked.
  • Under Basic Scans please change the radio button under Registry from Safe List to All.
  • Under Additional Scans check the following:
    • Reg - Desktop Components
    • Reg - Disabled MS Config Items
    • Reg - NetSvcs
    • Reg - Shell Spawning
    • Reg - Uninstall List
    • File - Lop Check
    • File - Purity Scan
    • Evnt - EvtViewer (last 10)
  • Please paste the contents of the following codebox into the Custom Scans box at the bottom
Code:
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Please attach the log in your next post. To do so click on the blue "Reply" button or "Go Advanced" and click on the "Manage Attachments" button
b33rman's Avatar
b33rman b33rman is offline
Junior Member with 7 posts.
THREAD STARTER
 
Join Date: Apr 2010
23-Apr-2010, 12:57 AM #3
she uses her computer

OTS Log

Code:
OTS logfile created on: 4/23/2010 1:11:50 AM - Run 1
OTS by OldTimer - Version 3.1.29.0     Folder = C:\Users\deborah\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.89 Gb Total Space | 407.33 Gb Free Space | 89.74% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 3.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 958.19 Mb Total Space | 252.70 Mb Free Space | 26.37% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: DEBORAH-PC
Current User Name: deborah
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
 
[Processes - Safe List]
ots.exe -> C:\Users\deborah\Desktop\OTS.exe -> [2010/04/23 00:58:52 | 000,638,976 | ---- | M] (OldTimer Tools)
aawservice.exe -> C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -> [2010/04/08 22:42:13 | 001,265,264 | ---- | M] (Lavasoft)
aawtray.exe -> C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe -> [2010/04/01 19:10:19 | 000,818,256 | ---- | M] (Lavasoft)
ccsvchst.exe -> C:\Program Files (x86)\Norton AntiVirus\Engine\17.6.0.32\ccsvchst.exe -> [2010/02/25 19:21:50 | 000,126,392 | R--- | M] (Symantec Corporation)
flashutil10e.exe -> C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10e.exe -> [2010/01/26 20:58:38 | 000,256,280 | R--- | M] (Adobe Systems, Inc.)
ssscheduler.exe -> C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe -> [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.)
googletoolbarnotifier.exe -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> [2009/12/12 02:27:59 | 000,039,408 | ---- | M] (Google Inc.)
twebcamera.exe -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe -> [2009/11/05 08:05:56 | 002,446,648 | ---- | M] (TOSHIBA CORPORATION.)
iastordatamgrsvc.exe -> C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -> [2009/10/02 17:26:12 | 000,013,336 | ---- | M] (Intel Corporation)
iastoricon.exe -> C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe -> [2009/10/02 17:26:10 | 000,284,696 | ---- | M] (Intel Corporation)
uns.exe -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -> [2009/09/30 23:34:22 | 002,314,240 | ---- | M] (Intel Corporation)
lms.exe -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -> [2009/09/30 23:33:08 | 000,262,144 | ---- | M] (Intel Corporation)
cfsvcs.exe -> C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -> [2009/03/10 22:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION)
 
[Modules - Safe List]
ots.exe -> C:\Users\deborah\Desktop\OTS.exe -> [2010/04/23 00:58:52 | 000,638,976 | ---- | M] (OldTimer Tools)
comdlg32.dll -> C:\Windows\SysWOW64\comdlg32.dll -> [2009/07/13 21:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation)
comctl32.dll -> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll -> [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation)
 
[Win32 Services - Safe List]
64bit-(WatAdminSvc)  [Unknown | Stopped] -> C:\Windows\SysNative\Wat\WatAdminSvc.exe -> [2010/03/01 14:52:05 | 001,255,736 | ---- | M] (Microsoft Corporation)
64bit-(TPCHSrv)  [On_Demand | Running] -> C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -> [2009/11/10 17:54:54 | 000,824,688 | ---- | M] (TOSHIBA Corporation)
64bit-(TOSHIBA HDD SSD Alert Service)  [On_Demand | Running] -> C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -> [2009/11/05 13:19:12 | 000,137,560 | ---- | M] (TOSHIBA Corporation)
64bit-(TosCoSrv)  [Auto | Running] -> C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -> [2009/10/29 18:14:02 | 000,489,312 | ---- | M] (TOSHIBA Corporation)
64bit-(Thpsrv)  [Auto | Running] -> C:\Windows\SysNative\ThpSrv.exe -> [2009/10/21 13:30:36 | 000,531,520 | ---- | M] (TOSHIBA Corporation)
64bit-(TOSHIBA eco Utility Service)  [Auto | Running] -> C:\Program Files\TOSHIBA\TECO\TecoService.exe -> [2009/09/28 18:46:02 | 000,251,760 | ---- | M] (TOSHIBA Corporation)
64bit-(wlidsvc)  [Auto | Running] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -> [2009/08/18 14:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation)
64bit-(TODDSrv)  [Auto | Running] -> C:\Windows\SysNative\TODDSrv.exe -> [2009/07/28 19:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation)
64bit-(WwanSvc)  [On_Demand | Stopped] -> C:\Windows\SysNative\wwansvc.dll -> [2009/07/13 21:41:59 | 000,229,888 | ---- | M] (Microsoft Corporation)
64bit-(WbioSrvc)  [On_Demand | Stopped] -> C:\Windows\SysNative\wbiosrvc.dll -> [2009/07/13 21:41:56 | 000,202,240 | ---- | M] (Microsoft Corporation)
64bit-(Power)  [Auto | Running] -> C:\Windows\SysNative\umpo.dll -> [2009/07/13 21:41:56 | 000,163,840 | ---- | M] (Microsoft Corporation)
64bit-(Themes)  [Auto | Running] -> C:\Windows\SysNative\themeservice.dll -> [2009/07/13 21:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation)
64bit-(sppuinotify)  [On_Demand | Stopped] -> C:\Windows\SysNative\sppuinotify.dll -> [2009/07/13 21:41:54 | 000,065,536 | ---- | M] (Microsoft Corporation)
64bit-(SensrSvc)  [On_Demand | Stopped] -> C:\Windows\SysNative\sensrsvc.dll -> [2009/07/13 21:41:54 | 000,029,184 | ---- | M] (Microsoft Corporation)
64bit-(PNRPsvc)  [On_Demand | Running] -> C:\Windows\SysNative\pnrpsvc.dll -> [2009/07/13 21:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation)
64bit-(p2pimsvc)  [On_Demand | Running] -> C:\Windows\SysNative\pnrpsvc.dll -> [2009/07/13 21:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation)
64bit-(HomeGroupProvider)  [On_Demand | Running] -> C:\Windows\SysNative\provsvc.dll -> [2009/07/13 21:41:53 | 000,187,904 | ---- | M] (Microsoft Corporation)
64bit-(RpcEptMapper)  [Unknown | Running] -> C:\Windows\SysNative\RpcEpMap.dll -> [2009/07/13 21:41:53 | 000,067,072 | ---- | M] (Microsoft Corporation)
64bit-(PNRPAutoReg)  [On_Demand | Stopped] -> C:\Windows\SysNative\pnrpauto.dll -> [2009/07/13 21:41:53 | 000,025,088 | ---- | M] (Microsoft Corporation)
64bit-(WinDefend)  [On_Demand | Stopped] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation)
64bit-(HomeGroupListener)  [On_Demand | Running] -> C:\Windows\SysNative\ListSvc.dll -> [2009/07/13 21:41:18 | 000,231,936 | ---- | M] (Microsoft Corporation)
64bit-(FontCache)  [On_Demand | Stopped] -> C:\Windows\SysNative\FntCache.dll -> [2009/07/13 21:40:54 | 001,127,936 | ---- | M] (Microsoft Corporation)
64bit-(Dhcp)  [Auto | Running] -> C:\Windows\SysNative\dhcpcore.dll -> [2009/07/13 21:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation)
64bit-(defragsvc)  [On_Demand | Stopped] -> C:\Windows\SysNative\defragsvc.dll -> [2009/07/13 21:40:28 | 000,291,328 | ---- | M] (Microsoft Corporation)
64bit-(bthserv)  [On_Demand | Stopped] -> C:\Windows\SysNative\bthserv.dll -> [2009/07/13 21:40:13 | 000,083,968 | ---- | M] (Microsoft Corporation)
64bit-(BDESVC)  [Unknown | Stopped] -> C:\Windows\SysNative\bdesvc.dll -> [2009/07/13 21:40:10 | 000,100,864 | ---- | M] (Microsoft Corporation)
64bit-(AxInstSV)  [On_Demand | Stopped] -> C:\Windows\SysNative\AxInstSv.dll -> [2009/07/13 21:40:05 | 000,114,688 | ---- | M] (Microsoft Corporation)
64bit-(AppIDSvc)  [On_Demand | Stopped] -> C:\Windows\SysNative\appidsvc.dll -> [2009/07/13 21:40:01 | 000,032,256 | ---- | M] (Microsoft Corporation)
64bit-(wbengine)  [On_Demand | Stopped] -> C:\windows\SysNative\wbengine.exe -> [2009/07/13 21:39:51 | 001,503,744 | ---- | M] (Microsoft Corporation)
64bit-(sppsvc)  [Auto | Stopped] -> C:\Windows\SysNative\sppsvc.exe -> [2009/07/13 21:39:28 | 003,524,608 | ---- | M] (Microsoft Corporation)
64bit-(Fax)  [On_Demand | Stopped] -> C:\Windows\SysNative\FXSSVC.exe -> [2009/07/13 21:39:11 | 000,689,152 | ---- | M] (Microsoft Corporation)
(Lavasoft Ad-Aware Service) Lavasoft Ad-Aware Service [Auto | Running] -> C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -> [2010/04/08 22:42:13 | 001,265,264 | ---- | M] (Lavasoft)
(NAV) Norton AntiVirus [Unknown | Running] -> C:\Program Files (x86)\Norton AntiVirus\Engine\17.6.0.32\ccSvcHst.exe -> [2010/02/25 19:21:50 | 000,126,392 | R--- | M] (Symantec Corporation)
(McComponentHostService) McAfee Security Scan Component Host Service [On_Demand | Stopped] -> C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -> [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.)
(cfWiMAXService) ConfigFree WiMAX Service [Auto | Running] -> C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -> [2009/10/28 00:12:14 | 000,252,784 | ---- | M] (TOSHIBA CORPORATION)
(TMachInfo) TMachInfo [On_Demand | Stopped] -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -> [2009/10/06 13:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation)
(IAStorDataMgrSvc) Intel(R) Rapid Storage Technology [Auto | Running] -> C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -> [2009/10/02 17:26:12 | 000,013,336 | ---- | M] (Intel Corporation)
(UNS) Intel(R) Management & Security Application User Notification Service [Auto | Running] -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -> [2009/09/30 23:34:22 | 002,314,240 | ---- | M] (Intel Corporation)
(LMS) Intel(R) Management and Security Application Local Management Service [Auto | Running] -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -> [2009/09/30 23:33:08 | 000,262,144 | ---- | M] (Intel Corporation)
(GameConsoleService) GameConsoleService [On_Demand | Stopped] -> C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -> [2009/08/27 14:28:00 | 000,238,328 | ---- | M] (WildTangent, Inc.)
(taisregispinger) taisregispinger [Auto | Running] -> C:\Program Files (x86)\TOSHIBA\ToshibaRegistration\TaisRegistPinger.exe -> [2009/08/13 15:09:08 | 000,297,344 | ---- | M] ()
(VSS) Volume Shadow Copy [On_Demand | Stopped] -> C:\Windows\Vss -> [2009/07/13 23:20:14 | 000,000,000 | ---D | M]
(MSDTC) Distributed Transaction Coordinator [Unknown | Stopped] -> C:\Windows\SysWOW64\Msdtc -> [2009/07/13 23:20:14 | 000,000,000 | ---D | M]
(HomeGroupProvider) HomeGroup Provider [On_Demand | Running] -> C:\Windows\SysWOW64\provsvc.dll -> [2009/07/13 21:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation)
(Dhcp) DHCP Client [Auto | Running] -> C:\Windows\SysWOW64\dhcpcore.dll -> [2009/07/13 21:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation)
(vds) Virtual Disk [On_Demand | Stopped] -> C:\Windows\SysWOW64\wbem\vds.mof -> [2009/07/13 16:30:11 | 000,061,056 | ---- | M] ()
(clr_optimization_v2.0.50727_64) Microsoft .NET Framework NGEN v2.0.50727_X64 [On_Demand | Stopped] -> C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -> [2009/06/10 16:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation)
(ConfigFree Service) ConfigFree Service [Auto | Running] -> C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -> [2009/03/10 22:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION)
 
[Driver Services - Safe List]
64bit-(SymEvent) SymEvent [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -> [2010/04/10 20:20:06 | 000,173,104 | ---- | M] (Symantec Corporation)
64bit-(SymIRON) Symantec Iron Driver [Kernel | System | Running] -> C:\Windows\SysNative\drivers\NAVx64\1106000.020\ironx64.sys -> [2010/02/26 22:23:54 | 000,149,552 | ---- | M] (Symantec Corporation)
64bit-(SRTSP) Symantec Real Time Storage Protection x64 [File_System | On_Demand | Running] -> C:\Windows\SysNative\drivers\NAVx64\1106000.020\srtsp64.sys -> [2010/02/26 22:23:21 | 000,505,392 | ---- | M] (Symantec Corporation)
64bit-(SRTSPX) Symantec Real Time Storage Protection (PEL) x64 [Kernel | System | Running] -> C:\Windows\SysNative\drivers\NAVx64\1106000.020\srtspx64.sys -> [2010/02/26 22:23:21 | 000,032,304 | ---- | M] (Symantec Corporation)
64bit-(ccHP) Symantec Hash Provider [Kernel | System | Running] -> C:\Windows\SysNative\drivers\NAVx64\1106000.020\cchpx64.sys -> [2010/02/25 19:22:52 | 000,615,040 | ---- | M] (Symantec Corporation)
64bit-(Lbd) Lbd [File_System | Boot | Running] -> C:\Windows\SysNative\drivers\Lbd.sys -> [2010/02/04 11:53:02 | 000,069,152 | ---- | M] (Lavasoft AB)
64bit-(SYMTDIv) Symantec Vista Network Dispatch Driver [Kernel | System | Running] -> C:\Windows\SysNative\drivers\NAVx64\1106000.020\symtdiv.sys -> [2010/02/03 21:40:52 | 000,451,120 | ---- | M] (Symantec Corporation)
64bit-(SymEFA) Symantec Extended File Attributes [File_System | Boot | Running] -> C:\Windows\SysNative\drivers\NAVx64\1106000.020\symefa64.sys -> [2010/02/03 21:40:50 | 000,221,232 | ---- | M] (Symantec Corporation)
64bit-(SymDS) Symantec Data Store [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\NAVx64\1106000.020\symds64.sys -> [2009/11/05 18:06:13 | 000,433,200 | R--- | M] (Symantec Corporation)
64bit-(igfx) igfx [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\igdkmd64.sys -> [2009/10/30 15:23:16 | 007,770,048 | ---- | M] (Intel Corporation)
64bit-(IntcDAud) Intel(R) Display Audio [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\IntcDAud.sys -> [2009/10/30 10:56:34 | 000,244,736 | ---- | M] (Intel(R) Corporation)
64bit-(Impcd) Impcd [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\Impcd.sys -> [2009/10/26 16:39:44 | 000,151,936 | ---- | M] (Intel Corporation)
64bit-(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\SynTP.sys -> [2009/10/16 00:11:26 | 000,307,760 | ---- | M] (Synaptics Incorporated)
64bit-(rtl8192se) Realtek Wireless LAN 802.11n PCI-E NIC NT Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\rtl8192se.sys -> [2009/10/02 17:33:48 | 000,946,688 | ---- | M] (Realtek Semiconductor Corporation                           )
64bit-(iaStor) Intel AHCI Controller [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\iaStor.sys -> [2009/10/02 16:58:58 | 000,537,112 | ---- | M] (Intel Corporation)
64bit-(HECIx64) Intel(R) Management Engine Interface [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\HECIx64.sys -> [2009/09/17 16:54:54 | 000,056,344 | ---- | M] (Intel Corporation)
64bit-(USBAAPL64) Apple Mobile USB Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\usbaapl64.sys -> [2009/08/28 21:42:52 | 000,049,152 | ---- | M] (Apple, Inc.)
64bit-(tdcmdpst) TOSHIBA Writing Engine Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\tdcmdpst.sys -> [2009/07/31 00:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.)
64bit-(RTL8167) Realtek 8167 NT Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\Rt64win7.sys -> [2009/07/30 23:58:42 | 000,236,544 | ---- | M] (Realtek                                            )
64bit-(risdpcie) risdpcie [Kernel | Auto | Running] -> C:\Windows\SysNative\drivers\risdpe64.sys -> [2009/07/28 22:24:12 | 000,081,408 | ---- | M] (REDC)
64bit-(tos_sps64) TOSHIBA tos_sps64 Service [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\tos_sps64.sys -> [2009/07/24 19:57:08 | 000,482,384 | ---- | M] (TOSHIBA Corporation)
64bit-(TVALZ) TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\TVALZ_O.SYS -> [2009/07/14 19:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation)
64bit-(amdsata) amdsata [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsata.sys -> [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices)
64bit-(amdxata) amdxata [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\amdxata.sys -> [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices)
64bit-(amdsbs) amdsbs [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsbs.sys -> [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.)
64bit-(KSecPkg) KSecPkg [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\ksecpkg.sys -> [2009/07/13 21:48:04 | 000,153,152 | ---- | M] (Microsoft Corporation)
64bit-(LSI_SAS2) LSI_SAS2 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\lsi_sas2.sys -> [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation)
64bit-(hwpolicy) Hardware Policy Driver [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\hwpolicy.sys -> [2009/07/13 21:48:04 | 000,014,416 | ---- | M] (Microsoft Corporation)
64bit-(FsDepends) File System Dependency Minifilter [File_System | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\fsdepends.sys -> [2009/07/13 21:47:49 | 000,055,376 | ---- | M] (Microsoft Corporation)
64bit-(HpSAMD) HpSAMD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\HpSAMD.sys -> [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company)
64bit-(WIMMount) WIMMount [File_System | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\wimmount.sys -> [2009/07/13 21:45:56 | 000,022,096 | ---- | M] (Microsoft Corporation)
64bit-(vhdmp) vhdmp [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\vhdmp.sys -> [2009/07/13 21:45:55 | 000,217,680 | ---- | M] (Microsoft Corporation)
64bit-(vdrvroot) Microsoft Virtual Drive Enumerator Driver [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\vdrvroot.sys -> [2009/07/13 21:45:55 | 000,036,432 | ---- | M] (Microsoft Corporation)
64bit-(stexstor) stexstor [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\stexstor.sys -> [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology)
64bit-(rdyboost) ReadyBoost [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\rdyboost.sys -> [2009/07/13 21:45:46 | 000,214,096 | ---- | M] (Microsoft Corporation)
64bit-(pcw) Performance Counters for Windows Driver [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\pcw.sys -> [2009/07/13 21:45:45 | 000,050,768 | ---- | M] (Microsoft Corporation)
64bit-(CNG) CNG [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\cng.sys -> [2009/07/13 21:43:14 | 000,460,504 | ---- | M] (Microsoft Corporation)
64bit-(fvevol) Bitlocker Drive Encryption Filter Driver [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\fvevol.sys -> [2009/07/13 21:43:13 | 000,223,448 | ---- | M] (Microsoft Corporation)
64bit-(rdpbus) Remote Desktop Device Redirector Bus Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\rdpbus.sys -> [2009/07/13 20:17:46 | 000,024,064 | ---- | M] (Microsoft Corporation)
64bit-(RDPREFMP) Reflector Display Driver used to gain access to graphics data [Kernel | System | Running] -> C:\Windows\SysNative\drivers\RDPREFMP.sys -> [2009/07/13 20:16:35 | 000,008,192 | ---- | M] (Microsoft Corporation)
64bit-(RasAgileVpn) WAN Miniport (IKEv2) [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\agilevpn.sys -> [2009/07/13 20:10:24 | 000,060,416 | ---- | M] (Microsoft Corporation)
64bit-(WfpLwf) WFP Lightweight Filter [Kernel | System | Running] -> C:\Windows\SysNative\drivers\wfplwf.sys -> [2009/07/13 20:09:26 | 000,012,800 | ---- | M] (Microsoft Corporation)
64bit-(NdisCap) NDIS Capture LightWeight Filter [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\ndiscap.sys -> [2009/07/13 20:08:13 | 000,035,328 | ---- | M] (Microsoft Corporation)
64bit-(vwififlt) Virtual WiFi Filter Driver [Kernel | System | Running] -> C:\Windows\SysNative\drivers\vwififlt.sys -> [2009/07/13 20:07:22 | 000,059,904 | ---- | M] (Microsoft Corporation)
64bit-(vwifibus) Virtual WiFi Bus Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\vwifibus.sys -> [2009/07/13 20:07:21 | 000,024,576 | ---- | M] (Microsoft Corporation)
64bit-(1394ohci) 1394 OHCI Compliant Host Controller [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\1394ohci.sys -> [2009/07/13 20:07:13 | 000,227,840 | ---- | M] (Microsoft Corporation)
64bit-(HdAudAddService) Microsoft 1.1 UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\HdAudio.sys -> [2009/07/13 20:07:00 | 000,350,208 | ---- | M] (Microsoft Corporation)
64bit-(usbvideo) USB Video Device (WDM) [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\usbvideo.sys -> [2009/07/13 20:07:00 | 000,184,576 | ---- | M] (Microsoft Corporation)
64bit-(UmPass) Microsoft UMPass Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\umpass.sys -> [2009/07/13 20:06:52 | 000,009,728 | ---- | M] (Microsoft Corporation)
64bit-(WinUsb) WinUsb [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\winusb.sys -> [2009/07/13 20:06:28 | 000,040,448 | ---- | M] (Microsoft Corporation)
64bit-(mshidkmdf) Pass-through HID to KMDF Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\mshidkmdf.sys -> [2009/07/13 20:06:24 | 000,008,192 | ---- | M] (Microsoft Corporation)
64bit-(WudfPf) User Mode Driver Frameworks Platform Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\WUDFPf.sys -> [2009/07/13 20:05:37 | 000,112,128 | ---- | M] (Microsoft Corporation)
64bit-(MTConfig) Microsoft Input Configuration Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\MTConfig.sys -> [2009/07/13 20:02:08 | 000,015,360 | ---- | M] (Microsoft Corporation)
64bit-(CompositeBus) Composite Bus Enumerator Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\CompositeBus.sys -> [2009/07/13 20:00:34 | 000,038,912 | ---- | M] (Microsoft Corporation)
64bit-(Beep) Beep [Kernel | System | Running] -> C:\Windows\SysNative\drivers\beep.sys -> [2009/07/13 20:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation)
64bit-(AppID) AppID Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\appid.sys -> [2009/07/13 19:52:39 | 000,061,440 | ---- | M] (Microsoft Corporation)
64bit-(scfilter) Smart card PnP Class Filter Driver [Kernel | Unknown | Stopped] -> C:\Windows\SysNative\drivers\scfilter.sys -> [2009/07/13 19:50:17 | 000,029,696 | ---- | M] (Microsoft Corporation)
64bit-(discache) System Attribute Cache [Kernel | System | Running] -> C:\Windows\SysNative\drivers\discache.sys -> [2009/07/13 19:37:18 | 000,040,448 | ---- | M] (Microsoft Corporation)
64bit-(sdbus) sdbus [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\sdbus.sys -> [2009/07/13 19:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation)
64bit-(HidBatt) HID UPS Battery Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\hidbatt.sys -> [2009/07/13 19:31:06 | 000,026,624 | ---- | M] (Microsoft Corporation)
64bit-(CmBatt) Microsoft ACPI Control Method Battery Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\CmBatt.sys -> [2009/07/13 19:31:03 | 000,017,664 | ---- | M] (Microsoft Corporation)
64bit-(AcpiPmi) ACPI Power Meter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\acpipmi.sys -> [2009/07/13 19:27:17 | 000,012,288 | ---- | M] (Microsoft Corporation)
64bit-(AmdPPM) AMD Processor Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdppm.sys -> [2009/07/13 19:19:25 | 000,060,928 | ---- | M] (Microsoft Corporation)
64bit-(FwLnk) FwLnk Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\FwLnk.sys -> [2009/07/07 12:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation)
64bit-(rixdpcie) rixdpcie [Kernel | Auto | Running] -> C:\Windows\SysNative\drivers\rixdpe64.sys -> [2009/07/04 23:27:02 | 000,055,808 | ---- | M] (REDC)
64bit-(rimspci) rimspci [Kernel | Auto | Running] -> C:\Windows\SysNative\drivers\rimspe64.sys -> [2009/07/02 12:54:52 | 000,060,416 | ---- | M] (REDC)
64bit-(Thpevm) TOSHIBA HDD Protection - Shock Sensor Driver [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\Thpevm.sys -> [2009/06/29 20:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation)
64bit-(Thpdrv) TOSHIBA HDD Protection Driver [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\thpdrv.sys -> [2009/06/29 14:25:22 | 000,034,880 | ---- | M] (TOSHIBA Corporation)
64bit-(PGEffect) Pangu effect driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\PGEffect.sys -> [2009/06/22 21:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation)
64bit-(TVALZFL) TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver [Kernel | Auto | Running] -> C:\Windows\SysNative\drivers\TVALZFL.sys -> [2009/06/19 23:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation)
64bit-(SrvHsfV92) SrvHsfV92 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\VSTDPV6.SYS -> [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.)
64bit-(SrvHsfWinac) SrvHsfWinac [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\VSTCNXT6.SYS -> [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.)
64bit-(SrvHsfHDA) SrvHsfHDA [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\VSTAZL6.SYS -> [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.)
64bit-(ebdrv) Broadcom NetXtreme II 10 GigE VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\evbda.sys -> [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation)
64bit-(b06bdrv) Broadcom NetXtreme II VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\bxvbda.sys -> [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation)
64bit-(b57nd60a) Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\b57nd60a.sys -> [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation)
64bit-(hcw85cir) Hauppauge Consumer Infrared Receiver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\hcw85cir.sys -> [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.)
64bit-(GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\GEARAspiWDM.sys -> [2009/05/18 16:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.)
(NAVEX15) NAVEX15 [Kernel | On_Demand | Running] -> C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.1.0.19\Definitions\VirusDefs\20100422.019\EX64.SYS -> [2010/04/10 20:45:37 | 001,742,896 | ---- | M] (Symantec Corporation)
(EraserUtilRebootDrv) EraserUtilRebootDrv [Kernel | On_Demand | Running] -> C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -> [2010/04/10 20:45:37 | 000,132,656 | ---- | M] (Symantec Corporation)
(NAVENG) NAVENG [Kernel | On_Demand | Running] -> C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.1.0.19\Definitions\VirusDefs\20100422.019\ENG64.SYS -> [2010/04/10 20:45:37 | 000,116,272 | ---- | M] (Symantec Corporation)
(BHDrvx64) BHDrvx64 [Kernel | System | Running] -> C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.1.0.19\Definitions\BASHDefs\20100324.001\BHDrvx64.sys -> [2010/03/24 16:38:07 | 000,678,960 | ---- | M] (Symantec Corporation)
(IDSVia64) IDSVia64 [Kernel | System | Running] -> C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.1.0.19\Definitions\IPSDefs\20100415.001\IDSviA64.sys -> [2009/10/28 18:37:21 | 000,466,992 | ---- | M] (Symantec Corporation)
(eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -> [2009/10/20 05:00:00 | 000,475,696 | ---- | M] (Symantec Corporation)
(WIMMount) WIMMount [File_System | On_Demand | Stopped] -> C:\Windows\SysWOW64\drivers\wimmount.sys -> [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation)
(WinUsb) WinUsb [Kernel | On_Demand | Stopped] -> C:\Windows\SysWOW64\winusb.dll -> [2009/07/13 21:16:19 | 000,016,896 | ---- | M] (Microsoft Corporation)
(NetBIOS) NetBIOS Interface [File_System | System | Running] -> C:\Windows\SysWOW64\netbios.dll -> [2009/07/13 21:16:02 | 000,014,336 | ---- | M] (Microsoft Corporation)
(mpsdrv) Windows Firewall Authorization Driver [Kernel | On_Demand | Running] -> C:\Windows\SysWOW64\wbem\mpsdrv.mof -> [2009/06/10 17:28:14 | 000,001,088 | ---- | M] ()
(Tcpip) TCP/IP Protocol Driver [Kernel | Boot | Running] -> C:\Windows\SysWOW64\wbem\tcpip.mof -> [2009/06/10 17:15:18 | 000,003,066 | ---- | M] ()
 
[Registry - All]
< 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" ->  [binary data] -> 
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\System32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" ->  [binary data] -> 
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\SysWOW64\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA -> 
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
64bit-HKEY_USERS\S-1-5-19\: URLSearchHooks\\"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" [HKLM] -> C:\Windows\SysNative\ieframe.dll [Microsoft Url Search Hook] -> [2010/02/23 04:18:42 | 012,359,680 | ---- | M] (Microsoft Corporation)
HKEY_USERS\S-1-5-19\: URLSearchHooks\\"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" [HKLM] -> C:\Windows\SysWOW64\ieframe.dll [Microsoft Url Search Hook] -> [2010/02/23 03:55:24 | 010,978,816 | ---- | M] (Microsoft Corporation)
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
64bit-HKEY_USERS\S-1-5-20\: URLSearchHooks\\"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" [HKLM] -> C:\Windows\SysNative\ieframe.dll [Microsoft Url Search Hook] -> [2010/02/23 04:18:42 | 012,359,680 | ---- | M] (Microsoft Corporation)
HKEY_USERS\S-1-5-20\: URLSearchHooks\\"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" [HKLM] -> C:\Windows\SysWOW64\ieframe.dll [Microsoft Url Search Hook] -> [2010/02/23 03:55:24 | 010,978,816 | ---- | M] (Microsoft Corporation)
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-2867791291-2184944468-3930518604-1001\] > -> -> 
HKEY_USERS\S-1-5-21-2867791291-2184944468-3930518604-1001\: Main\\"Default_Page_URL" -> http://www.google.com/ig?brand=TSNA&bmod=TSNA -> 
HKEY_USERS\S-1-5-21-2867791291-2184944468-3930518604-1001\: Main\\"Local Page" -> C:\windows\system32\blank.htm -> 
HKEY_USERS\S-1-5-21-2867791291-2184944468-3930518604-1001\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_USERS\S-1-5-21-2867791291-2184944468-3930518604-1001\: Main\\"SearchDefaultBranded" -> 1 -> 
HKEY_USERS\S-1-5-21-2867791291-2184944468-3930518604-1001\: Main\\"Start Page" -> http://my.msn.com/ -> 
64bit-HKEY_USERS\S-1-5-21-2867791291-2184944468-3930518604-1001\: URLSearchHooks\\"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" [HKLM] -> C:\Windows\SysNative\ieframe.dll [Microsoft Url Search Hook] -> [2010/02/23 04:18:42 | 012,359,680 | ---- | M] (Microsoft Corporation)
HKEY_USERS\S-1-5-21-2867791291-2184944468-3930518604-1001\: URLSearchHooks\\"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" [HKLM] -> C:\Windows\SysWOW64\ieframe.dll [Microsoft Url Search Hook] -> [2010/02/23 03:55:24 | 010,978,816 | ---- | M] (Microsoft Corporation)
HKEY_USERS\S-1-5-21-2867791291-2184944468-3930518604-1001\: "ProxyEnable" -> 0 -> 
< FireFox Settings [Prefs.js] > -> C:\Users\deborah\AppData\Roaming\Mozilla\FireFox\Profiles\sjqizbbo.default\prefs.js -> 
browser.startup.homepage -> "http://my.msn.com/" ->
extensions.enabledItems -> {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0 ->
extensions.enabledItems -> {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.5 ->
extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6 ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  -> 
HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB} -> C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.1.0.19\IPSFFPLGN\ [C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.1.0.19\IPSFFPLGN\] -> [2010/04/10 20:20:13 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.6\extensions ->  -> 
HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components -> C:\Program Files (x86)\Mozilla Firefox\components [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\COMPONENTS] -> [2010/03/04 02:33:26 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins -> C:\Program Files (x86)\Mozilla Firefox\plugins [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGINS] -> [2010/03/04 02:33:24 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > -> 
  -> C:\Users\deborah\AppData\Roaming\Mozilla\Extensions -> [2010/03/04 02:33:57 | 000,000,000 | ---D | M]
No name found   -> C:\Users\deborah\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} -> [2010/03/04 02:33:57 | 000,000,000 | ---D | M]
  -> C:\Users\deborah\AppData\Roaming\Mozilla\Firefox\Profiles\sjqizbbo.default\extensions -> [2010/03/04 02:33:57 | 000,000,000 | ---D | M]
< FireFox Extensions [Program Folders] > -> 
  -> C:\Program Files (x86)\Mozilla Firefox\extensions -> [2010/03/04 02:33:25 | 000,000,000 | ---D | M]
Default   -> C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} -> [2010/03/04 02:33:25 | 000,000,000 | ---D | M]
< HOSTS File > ([2009/06/10 17:00:26 | 000,000,824 | ---- | M] - 21 lines) -> C:\windows\SysNative\Drivers\etc\hosts -> 
Reset Hosts
< 64bit-BHO's [HKEY_LOCAL_MACHINE] > -> 64bit-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Windows Live ID Sign-in Helper] -> [2009/08/18 14:50:40 | 000,532,336 | ---- | M] (Microsoft Corporation)
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Toolbar Helper] -> [2010/02/01 20:04:03 | 000,373,872 | ---- | M] (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg64.dll [Google Toolbar Notifier BHO] -> [2010/02/03 01:00:53 | 000,319,984 | ---- | M] (Google Inc.)
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} [HKLM] -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe PDF Link Helper] -> [2009/02/27 16:07:26 | 000,075,128 | ---- | M] (Adobe Systems Incorporated)
{22BF413B-C6D2-4d91-82A9-A0F997BA588C} [HKLM] -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype add-on (mastermind)] -> [2009/08/04 17:47:42 | 001,586,472 | ---- | M] (Skype Technologies S.A.)
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2009/01/26 15:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited)
{5C255C8A-E604-49b4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{6D53EC84-6AAE-4787-AEEE-F4628F01010C} [HKLM] -> C:\Program Files (x86)\Norton AntiVirus\Engine\17.6.0.32\ipsbho.dll [Symantec Intrusion Prevention] -> [2010/02/03 21:40:02 | 000,079,224 | R--- | M] (Symantec Corporation)
{9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll [Windows Live ID Sign-in Helper] -> [2009/08/18 13:32:12 | 000,403,840 | ---- | M] (Microsoft Corporation)
{AA1F9DDB-E605-4ba6-81D4-E427DEE012AD} [HKLM] -> C:\Windows\SysWOW64\TwcToolbarBho.dll [TwcToolbarBhoApp Class] -> [2008/07/22 15:24:02 | 000,098,304 | ---- | M] ()
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar Helper] -> [2010/02/01 20:03:57 | 000,279,664 | ---- | M] (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [Google Toolbar Notifier BHO] -> [2010/02/03 01:00:53 | 000,812,528 | ---- | M] (Google Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2009/12/12 02:22:26 | 000,041,368 | ---- | M] (Sun Microsystems, Inc.)
< 64bit-Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Toolbar] -> [2010/02/01 20:04:03 | 000,373,872 | ---- | M] (Google Inc.)
"Locked" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"" [HKLM] -> Reg Error: Key error. [Reg Error: Value error.] -> File not found
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2010/02/01 20:03:57 | 000,279,664 | ---- | M] (Google Inc.)
"{2E5E800E-6AC0-411E-940A-369530A35E43}" [HKLM] -> C:\Windows\SysWOW64\TwcToolbarIe7.dll [The Weather Channel Toolbar] -> [2009/06/23 11:23:00 | 000,331,776 | ---- | M] ()
"Locked" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-2867791291-2184944468-3930518604-1001\] > -> HKEY_USERS\S-1-5-21-2867791291-2184944468-3930518604-1001\Software\Microsoft\Internet Explorer\Toolbar\ -> 
64bit-WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Toolbar] -> [2010/02/01 20:04:03 | 000,373,872 | ---- | M] (Google Inc.)
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2010/02/01 20:03:57 | 000,279,664 | ---- | M] (Google Inc.)
< 64bit-Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"" ->  [] -> File not found
"00TCrdMain" -> C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [%ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe] -> [2009/10/26 14:15:44 | 000,911,160 | ---- | M] (TOSHIBA Corporation)
"HotKeysCmds" -> C:\Windows\SysNative\hkcmd.exe [C:\windows\system32\hkcmd.exe] -> [2009/11/13 21:45:46 | 000,390,168 | ---- | M] (Intel Corporation)
"HSON" -> C:\Program Files\TOSHIBA\TBS\HSON.exe [%ProgramFiles%\TOSHIBA\TBS\HSON.exe] -> [2009/03/09 19:39:52 | 000,052,600 | ---- | M] (TOSHIBA Corporation)
"IgfxTray" -> C:\Windows\SysNative\igfxtray.exe [C:\windows\system32\igfxtray.exe] -> [2009/11/13 21:45:54 | 000,166,424 | ---- | M] (Intel Corporation)
"Persistence" -> C:\Windows\SysNative\igfxpers.exe [C:\windows\system32\igfxpers.exe] -> [2009/11/13 21:45:50 | 000,408,600 | ---- | M] (Intel Corporation)
"RtHDVCpl" -> C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s] -> [2009/11/02 22:51:30 | 008,312,352 | ---- | M] (Realtek Semiconductor)
"SmartFaceVWatcher" -> C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe [%ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe] -> [2009/10/19 22:24:50 | 000,238,080 | ---- | M] (TOSHIBA Corporation)
"SmoothView" -> C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe [%ProgramFiles%\Toshiba\SmoothView\SmoothView.exe] -> [2009/07/28 18:01:46 | 000,508,216 | ---- | M] (TOSHIBA Corporation)
"SynTPEnh" -> C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe] -> [2009/10/16 00:08:52 | 001,870,120 | ---- | M] (Synaptics Incorporated)
"Teco" -> C:\Program Files\TOSHIBA\TECO\Teco.exe ["%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r] -> [2009/09/28 18:45:44 | 001,482,592 | ---- | M] (TOSHIBA Corporation)
"ThpSrv" -> C:\windows\SysNative\thpsrv.exe [C:\windows\system32\thpsrv /logon] -> [2009/10/21 13:30:36 | 000,531,520 | ---- | M] (TOSHIBA Corporation)
"TosNC" -> C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe [%ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe] -> [2009/10/28 23:30:02 | 000,595,816 | ---- | M] (TOSHIBA Corporation)
"TosReelTimeMonitor" -> C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [%ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe] -> [2009/10/29 00:13:40 | 000,034,648 | ---- | M] (TOSHIBA Corporation)
"TosSENotify" -> C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe] -> [2009/11/05 13:19:30 | 000,709,976 | ---- | M] (TOSHIBA Corporation)
"TosWaitSrv" -> C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [%ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe] -> [2009/11/10 17:56:34 | 000,707,416 | ---- | M] (TOSHIBA Corporation)
"TPwrMain" -> C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe [%ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE] -> [2009/10/29 18:13:48 | 000,506,208 | ---- | M] (TOSHIBA Corporation)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"IAStorIcon" -> C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe] -> [2009/10/02 17:26:10 | 000,284,696 | ---- | M] (Intel Corporation)
"iTunesHelper" -> C:\Program Files (x86)\iTunes\iTunesHelper.exe ["C:\Program Files (x86)\iTunes\iTunesHelper.exe"] -> [2010/01/22 21:16:42 | 000,141,608 | ---- | M] (Apple Inc.)
"NortonOnlineBackupReminder" -> C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe ["C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED] -> [2009/08/10 02:30:54 | 000,529,256 | ---- | M] (Toshiba)
"QuickTime Task" -> C:\Program Files (x86)\QuickTime\QTTask.exe ["C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime] -> [2009/11/11 01:08:18 | 000,417,792 | ---- | M] (Apple Inc.)
"ToshibaServiceStation" -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe ["C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60] -> [2009/10/06 13:23:12 | 001,294,136 | ---- | M] (TOSHIBA Corporation)
"TUSBSleepChargeSrv" -> C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe [%ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe] -> [2009/10/26 15:29:56 | 000,253,312 | ---- | M] (TOSHIBA)
"TWebCamera" -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe ["C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun] -> [2009/11/05 08:05:56 | 002,446,648 | ---- | M] (TOSHIBA CORPORATION.)
< Run [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Sidebar" -> C:\Program Files (x86)\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun] -> [2009/07/13 21:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation)
< RunOnce [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> 
"mctadmin" -> C:\windows\SysWow64\mctadmin.exe [C:\Windows\System32\mctadmin.exe] -> File not found
< Run [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Sidebar" -> C:\Program Files (x86)\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun] -> [2009/07/13 21:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation)
< RunOnce [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> 
"mctadmin" -> C:\windows\SysWow64\mctadmin.exe [C:\Windows\System32\mctadmin.exe] -> File not found
< Run [HKEY_USERS\S-1-5-21-2867791291-2184944468-3930518604-1001\] > -> HKEY_USERS\S-1-5-21-2867791291-2184944468-3930518604-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"DW6" -> C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe ["C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"] -> [2009/12/21 16:15:04 | 000,818,288 | ---- | M] (The Weather Channel Interactive, Inc.)
"msnmsgr" -> C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe ["C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background] -> [2009/07/26 20:44:34 | 003,883,856 | ---- | M] (Microsoft Corporation)
"Skype" -> C:\Program Files (x86)\Skype\Phone\Skype.exe ["C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized] -> [2009/10/09 15:11:12 | 025,623,336 | R--- | M] (Skype Technologies S.A.)
"swg" -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe ["C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"] -> [2009/12/12 02:27:59 | 000,039,408 | ---- | M] (Google Inc.)
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoActiveDesktop" ->  [1] -> File not found
\\"NoActiveDesktopChanges" ->  [1] -> File not found
\\"ForceActiveDesktopOn" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"ConsentPromptBehaviorAdmin" ->  [5] -> File not found
\\"ConsentPromptBehaviorUser" ->  [3] -> File not found
\\"EnableInstallerDetection" ->  [1] -> File not found
\\"EnableLUA" ->  [1] -> File not found
\\"EnableSecureUIAPaths" ->  [1] -> File not found
\\"EnableUIADesktopToggle" ->  [0] -> File not found
\\"EnableVirtualization" ->  [1] -> File not found
\\"PromptOnSecureDesktop" ->  [1] -> File not found
\\"ValidateAdminCodeSignatures" ->  [0] -> File not found
\\"dontdisplaylastusername" ->  [0] -> File not found
\\"legalnoticecaption" ->  [] -> File not found
\\"legalnoticetext" ->  [] -> File not found
\\"scforceoption" ->  [0] -> File not found
\\"shutdownwithoutlogon" ->  [1] -> File not found
\\"undockwithoutlogon" ->  [1] -> File not found
\\"FilterAdministratorToken" ->  [0] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
\UIPI\Clipboard\ExceptionFormats\\"CF_TEXT" ->  [1] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_BITMAP" ->  [2] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_OEMTEXT" ->  [7] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_DIB" ->  [8] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_PALETTE" ->  [9] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_UNICODETEXT" ->  [13] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_DIBV5" ->  [17] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-2867791291-2184944468-3930518604-1001] > -> HKEY_USERS\S-1-5-21-2867791291-2184944468-3930518604-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_USERS\S-1-5-21-2867791291-2184944468-3930518604-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"DisableRegistryTools" ->  [0] -> File not found
< 64bit-Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-2867791291-2184944468-3930518604-1001\] > -> HKEY_USERS\S-1-5-21-2867791291-2184944468-3930518604-1001\Software\Microsoft\Internet Explorer\MenuExt\ -> 
E&xport to Microsoft Excel -> C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE [res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000] -> [2010/01/15 00:57:10 | 018,343,272 | ---- | M] (Microsoft Corporation)
Google Sidewiki... -> C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll [res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html] -> [2010/02/01 20:06:09 | 000,848,896 | ---- | M] (Google Inc.)
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-2867791291-2184944468-3930518604-1001\] > -> HKEY_USERS\S-1-5-21-2867791291-2184944468-3930518604-1001\Software\Microsoft\Internet Explorer\MenuExt\ -> 
E&xport to Microsoft Excel -> C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE [res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000] -> [2010/01/15 00:57:10 | 018,343,272 | ---- | M] (Microsoft Corporation)
Google Sidewiki... -> C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll [res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html] -> [2010/02/01 20:06:09 | 000,848,896 | ---- | M] (Google Inc.)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}:{5F7B1267-94A9-47F5-98DB-E99415F33AEC} [HKLM] -> C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll [Button: Blog This] -> [2009/07/27 00:17:14 | 000,186,192 | ---- | M] (Microsoft Corporation)
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}:{5F7B1267-94A9-47F5-98DB-E99415F33AEC} [HKLM] -> C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll [Menu: &Blog This in Windows Live Writer] -> [2009/07/27 00:17:14 | 000,186,192 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll [Button: Send to OneNote] -> [2009/02/26 19:45:52 | 000,603,040 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll [Menu: S&end to OneNote] -> [2009/02/26 19:45:52 | 000,603,040 | ---- | M] (Microsoft Corporation)
{5067A26B-1337-4436-8AFE-EE169C2DA79F}:{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKLM] -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Menu: Skype add-on for Internet Explorer] -> [2009/08/04 17:47:42 | 001,586,472 | ---- | M] (Skype Technologies S.A.)
{77BF5300-1474-4EC7-9980-D32B190E9B07}:{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKLM] -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Button: Skype] -> [2009/08/04 17:47:42 | 001,586,472 | ---- | M] (Skype Technologies S.A.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL [Button: Research] -> [2009/03/06 08:04:56 | 000,039,464 | ---- | M] (Microsoft Corporation)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search && Destroy Configuration] -> [2009/01/26 15:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited)
< 64bit-Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< 64bit-Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< 64bit-Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< 64bit-Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-2867791291-2184944468-3930518604-1001\] > -> HKEY_USERS\S-1-5-21-2867791291-2184944468-3930518604-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-21-2867791291-2184944468-3930518604-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6983 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-2867791291-2184944468-3930518604-1001\] > -> HKEY_USERS\S-1-5-21-2867791291-2184944468-3930518604-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-21-2867791291-2184944468-3930518604-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{8100D56A-5661-482C-BEE8-AFECE305D968} [HKLM] -> http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab [Facebook Photo Uploader 5 Control] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab [Java Plug-in 1.6.0_14] -> 
{9C23D886-43CB-43DE-B2DB-112A68D7E10A} [HKLM] -> http://lads.myspace.com/upload/MySpaceUploader2.cab [MySpace Uploader Control] -> 
{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab [Java Plug-in 1.6.0_14] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab [Java Plug-in 1.6.0_14] -> 
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [Reg Error: Key error.] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 63.148.157.2 63.148.157.3 205.171.3.65 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{3FF9F2B9-7C63-49D4-A9C5-72C2C9D48E53}\\DhcpNameServer -> 63.148.157.2 63.148.157.3 205.171.3.65   (Realtek RTL8191SE Wireless LAN 802.11n PCI-E NIC) -> 
< 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
64bit-*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
explorer.exe -> C:\windows\explorer.exe -> [2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
64bit-*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\Windows\system32\userinit.exe -> C:\Windows\SysNative\userinit.exe -> [2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
64bit-*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
SystemPropertiesPerformance.exe -> C:\windows\SysNative\SystemPropertiesPerformance.exe -> [2009/07/13 21:39:47 | 000,082,432 | ---- | M] (Microsoft Corporation)
/pagefile ->  -> File not found
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
explorer.exe -> C:\windows\SysWow64\explorer.exe -> [2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
userinit.exe -> C:\windows\SysWow64\userinit.exe -> [2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
SystemPropertiesPerformance.exe -> C:\windows\SysWow64\SystemPropertiesPerformance.exe -> [2009/07/13 21:14:42 | 000,081,920 | ---- | M] (Microsoft Corporation)
/pagefile ->  -> File not found
*MultiFile Done* -> -> 
< 64bit-Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
igfxcui -> C:\windows\SysNative\igfxdev.dll -> [2009/10/30 14:20:30 | 000,268,800 | ---- | M] (Intel Corporation)
< 64bit-SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> 
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> 
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
64bit-*SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
credssp.dll -> C:\windows\SysNative\credssp.dll -> [2009/07/13 21:40:23 | 000,020,480 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
*SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
credssp.dll -> C:\windows\SysWow64\credssp.dll -> [2009/07/13 21:15:07 | 000,016,896 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< LSA Authentication Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
64bit-*LSA Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
msv1_0 -> C:\windows\SysNative\msv1_0.dll -> [2009/09/10 02:28:22 | 000,311,808 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
*LSA Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
msv1_0 -> C:\windows\SysWow64\msv1_0.dll -> [2009/09/10 01:52:05 | 000,257,024 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< LSA Security Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
64bit-*LSA Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
kerberos -> C:\windows\SysNative\kerberos.dll -> [2009/07/13 21:41:13 | 000,714,240 | ---- | M] (Microsoft Corporation)
msv1_0 -> C:\windows\SysNative\msv1_0.dll -> [2009/09/10 02:28:22 | 000,311,808 | ---- | M] (Microsoft Corporation)
schannel -> C:\windows\SysNative\schannel.dll -> [2009/07/13 21:41:53 | 000,348,672 | ---- | M] (Microsoft Corporation)
wdigest -> C:\windows\SysNative\wdigest.dll -> [2009/07/13 21:41:56 | 000,210,432 | ---- | M] (Microsoft Corporation)
tspkg -> C:\windows\SysNative\tspkg.dll -> [2009/07/13 21:41:55 | 000,086,016 | ---- | M] (Microsoft Corporation)
pku2u -> C:\windows\SysNative\pku2u.dll -> [2009/07/13 21:41:53 | 000,240,640 | ---- | M] (Microsoft Corporation)
livessp -> C:\windows\SysNative\livessp.dll -> [2009/08/18 14:48:02 | 000,243,056 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
*LSA Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
kerberos -> C:\windows\SysWow64\kerberos.dll -> [2009/07/13 21:15:35 | 000,541,184 | ---- | M] (Microsoft Corporation)
msv1_0 -> C:\windows\SysWow64\msv1_0.dll -> [2009/09/10 01:52:05 | 000,257,024 | ---- | M] (Microsoft Corporation)
schannel -> C:\windows\SysWow64\schannel.dll -> [2009/07/13 21:16:13 | 000,220,160 | ---- | M] (Microsoft Corporation)
wdigest -> C:\windows\SysWow64\wdigest.dll -> [2009/07/13 21:16:18 | 000,171,520 | ---- | M] (Microsoft Corporation)
tspkg -> C:\windows\SysWow64\tspkg.dll -> [2009/07/13 21:16:16 | 000,065,024 | ---- | M] (Microsoft Corporation)
pku2u -> C:\windows\SysWow64\pku2u.dll -> [2009/07/13 21:16:12 | 000,186,880 | ---- | M] (Microsoft Corporation)
livessp -> C:\windows\SysWow64\livessp.dll -> [2009/08/18 13:29:22 | 000,195,456 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Vista Active Firewall Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> 
{0169823E-EAB0-4D38-89DB-04434FBD977C} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system | 
{13035D7C-780E-4422-9545-27A685F6F010} -> rport=2177 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31265 | app=%systemroot%\system32\svchost.exe | svc=qwave | 
{18026F08-1003-4A3A-B0CD-7C0224E6E36D} -> rport=10243 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31289 | app=system | 
{1890AE19-49C2-4C98-B297-A292F0C65E3C} -> lport=rpc-epmap | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28539 | svc=rpcss | 
{26EE80F5-6F91-4C41-BA60-0E16CC7E9DFE} -> lport=rpc | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28535 | app=%systemroot%\system32\spoolsv.exe | svc=spooler | 
{3687EC91-055D-452A-9313-A1F209BC0F4F} -> lport=1900 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31269 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | 
{3F871FA4-F99E-496A-A080-05E6B832AC39} -> lport=5355 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28548 | app=%systemroot%\system32\svchost.exe | svc=dnscache | 
{508F15E3-4326-47D3-87AA-B1C6F11315C8} -> lport=445 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28511 | app=system | 
{7EEA83B7-C83A-43D4-A918-A6A2E3AE72E2} -> lport=10243 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31285 | app=system | 
{926CB50C-A5ED-4879-B095-678CA17DEC22} -> rport=137 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28523 | app=system | 
{950285AC-8F88-4F6A-951F-5AEA5E5DCD62} -> lport=137 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28519 | app=system | 
{9E98CF0F-E696-47A6-BB5E-78537387F564} -> lport=2869 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31277 | app=system | 
{9F420145-F575-40F4-B897-405875E95C1C} -> rport=2177 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31257 | app=%systemroot%\system32\svchost.exe | svc=qwave | 
{A359DD9A-2631-40B8-ADB0-2902914391BD} -> rport=138 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28531 | app=system | 
{A5D52244-341C-42E5-B4DE-C685C371E77E} -> rport=445 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-28515 | app=system | 
{A9E1E651-D99D-4DD4-BDBB-B3F46A97BCF8} -> rport=5355 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28550 | app=%systemroot%\system32\svchost.exe | svc=dnscache | 
{C1B47F33-F079-4454-94CC-F5A2730D4CE9} -> lport=2177 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31253 | app=%systemroot%\system32\svchost.exe | svc=qwave | 
{D13A4164-AF88-46E7-93A3-6B35D16149DA} -> lport=139 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28503 | app=system | 
{DC3FBCFB-0433-4478-ABA1-64D6A18032F1} -> lport=138 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28527 | app=system | 
{EA0AAFE3-FF8D-4609-AA53-54D4A48CF336} -> lport=2177 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31261 | app=%systemroot%\system32\svchost.exe | svc=qwave | 
{F5660870-6B70-427F-8388-3E9B2A19871D} -> rport=139 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-28507 | app=system | 
{FAEDCEF1-8834-4878-92D9-AF10548DF941} -> rport=1900 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31273 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | 
{FD069DB3-8843-4EBD-9D37-F2677BBF535F} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv | 
< Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> 
{12DCB181-18EB-4C20-94DF-1E5A54AF77F4} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31281 | app=system | 
{1B940BD0-B306-4F7F-B750-5CDD65CDB2AD} -> profile=public | protocol=17 | dir=in | action=allow | name=microsoft office onenote | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
{29910482-E830-4123-A12E-2F0D723F88F6} -> dir=in | action=allow | name=windows live sync | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
{2C04C28E-DB26-442D-9192-BAEF1013A7BE} -> dir=in | action=allow | name=windows live call | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
{339711BC-5D6A-4C78-A640-8B6B8E042066} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31024 | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
{362B17ED-EC73-4CA8-A46F-4F80C7FDCE27} -> profile=private | protocol=6 | dir=in | action=allow | name=itunes | app=c:\program files (x86)\itunes\itunes.exe | 
{366AF9EB-3672-4F99-872A-F64DCC663FBA} -> profile=private | protocol=17 | dir=in | action=allow | name=bonjour | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
{39D9221E-440A-4889-A770-BEDD44BD4E7F} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31025 | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
{4CFA51E9-28C4-496B-9574-E2DA328D7B03} -> profile=private | protocol=1 | dir=in | action=allow | name=@firewallapi.dll,-28543 | 
{544D59AA-F31D-48C0-BEE4-26DA592AD421} -> profile=private | protocol=17 | dir=in | action=allow | name=itunes | app=c:\program files (x86)\itunes\itunes.exe | 
{5A9D6EF4-0A47-442A-B2D4-43B96EA42098} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31317 | app=%programfiles%\windows media player\wmpnetwk.exe | 
{6307D16C-22C0-440E-BBD9-6D6A5FBCB9A4} -> profile=private | protocol=1 | dir=out | action=allow | name=@firewallapi.dll,-28544 | 
{8136C397-39DF-44C1-A027-6D7E6ED100C7} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31003 | app=%programfiles%\windows media player\wmplayer.exe | 
{8D26EF95-AF15-408F-8F8B-704299EA99D3} -> profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31313 | app=%programfiles%\windows media player\wmpnetwk.exe | 
{90F91C1D-0CEA-41A8-903F-85B0272B983C} -> profile=private | protocol=6 | dir=in | action=allow | name=bonjour | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
{915C17F5-167F-4B83-B6F1-CAF4BA6BEB73} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31023 | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
{929083C1-82CC-4917-AF54-CCFF9566E502} -> dir=in | action=allow | name=skype | app=c:\program files (x86)\skype\phone\skype.exe | 
{990893FB-4A41-4C96-8AFB-6A9859405C27} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31293 | app=%programfiles%\windows media player\wmplayer.exe | 
{A5BA5C42-62AE-4574-9CF7-08695CBC52FB} -> profile=private | protocol=58 | dir=in | action=allow | name=@firewallapi.dll,-28545 | 
{A6A26858-3F1D-4E75-AC19-47713BD056ED} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31305 | app=%programfiles%\windows media player\wmpnetwk.exe | 
{A6C3DBEE-B366-4879-B5F5-C1732F6B83FB} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31007 | app=%programfiles%\windows media player\wmplayer.exe | 
{B3BDF8D9-52E3-4A5C-9E84-43FB2301575B} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31309 | app=%programfiles%\windows media player\wmpnetwk.exe | 
{B5DEF7AB-A80A-473D-B8FE-52465C41B310} -> profile=public | protocol=6 | dir=in | action=allow | name=microsoft office onenote | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
{BE703812-B5BB-438E-A79A-112115A84383} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31297 | app=%programfiles%\windows media player\wmplayer.exe | 
{C411D767-A4C3-4FD5-8022-1F918C23D789} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
{C8690596-D5F0-472A-8CD5-9B8B5151C57C} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31011 | app=%programfiles%\windows media player\wmplayer.exe | 
{CE93E9A6-B367-4D1D-92F2-1D0EA0A3112E} -> profile=private | protocol=58 | dir=out | action=allow | name=@firewallapi.dll,-28546 | 
{D21BC3BA-36A6-4C2E-A225-5310EF14FA93} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31301 | app=%programfiles%\windows media player\wmplayer.exe | 
{E9A9FEDD-048B-4C5C-9CD0-BA74B021CC8A} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31321 | app=%systemroot%\system32\svchost.exe | svc=upnphost | 
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
"AlternateShell" -> cmd.exe -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" -> C:\Windows\SysNative\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2009/07/13 19:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation)
< Drives with AutoRun files > ->  -> 
E:\autorun.inf [[AutoRun]  | open=LaunchU3.exe | icon=LaunchU3.exe,0  |  | [Definitions] | Launchpad=LaunchPad.exe |  | [CopyFiles] | FileNumber=1 | File1=LaunchPad.zip | ] -> E:\autorun.inf [ CDFS ] -> [2006/02/13 15:08:58 | 000,000,145 | R--- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
\{9d1ec11b-4bcf-11df-b612-0026b6b302e2}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9d1ec11b-4bcf-11df-b612-0026b6b302e2}\shell
\{9d1ec11b-4bcf-11df-b612-0026b6b302e2}\shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9d1ec11b-4bcf-11df-b612-0026b6b302e2}\shell\AutoRun\command
\{9d1ec11b-4bcf-11df-b612-0026b6b302e2}\shell\AutoRun\command\\"" -> E:\LaunchU3.exe [E:\LaunchU3.exe] -> [2006/02/13 15:09:04 | 000,921,600 | R--- | M] ()
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
64bit-comfile [open] -> "%1" %* -> File not found
64bit-exefile [open] -> "%1" %* -> File not found
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
< 64bit-File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = comfile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = comfile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
 
[Registry - Additional Scans - Safe List]
< 64bit-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> ->
*netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ->
Ias -> C:\Windows\SysNative\ias -> [2009/07/13 23:20:14 | 000,000,000 | ---D | M]
Irmon -> C:\Windows\SysNative\irmon.dll -> [2009/07/13 21:41:11 | 000,023,552 | ---- | M] (Microsoft Corporation)
Wmi -> C:\Windows\SysNative\wmi.dll -> [2009/07/13 21:33:56 | 000,005,120 | ---- | M] (Microsoft Corporation)
Themes -> C:\Windows\SysNative\themeservice.dll -> [2009/07/13 21:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation)
BDESVC -> C:\Windows\SysNative\bdesvc.dll -> [2009/07/13 21:40:10 | 000,100,864 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> ->
*netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ->
Ias -> C:\Windows\SysWOW64\ias.dll -> [2009/07/13 21:15:26 | 000,019,456 | ---- | M] (Microsoft Corporation)
Wmi -> C:\Windows\SysWOW64\wmi.dll -> [2009/07/13 21:11:09 | 000,005,120 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
64bit-batfile [open] -> "%1" %* -> File not found
64bit-cmdfile [open] -> "%1" %* -> File not found
64bit-comfile [open] -> "%1" %* -> File not found
64bit-exefile [open] -> "%1" %* -> File not found
64bit-htmlfile [edit] -> "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 -> [2008/11/10 14:50:30 | 000,068,472 | ---- | M] (Microsoft Corporation)
64bit-htmlfile [print] -> "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 -> [2008/11/10 14:50:30 | 000,068,472 | ---- | M] (Microsoft Corporation)
64bit-inffile [install] -> %SystemRoot%\System32\InfDefaultInstall.exe "%1" -> [2009/07/13 21:39:13 | 000,010,240 | ---- | M] (Microsoft Corporation)
64bit-InternetShortcut [print] -> "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" -> [2010/02/23 03:55:43 | 005,964,800 | ---- | M] (Microsoft Corporation)
64bit-piffile [open] -> "%1" %* -> File not found
64bit-scrfile [config] -> "%1" -> File not found
64bit-scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> [2009/07/13 21:38:51 | 000,130,048 | ---- | M] (Microsoft Corporation)
64bit-scrfile [open] -> "%1" /S -> File not found
64bit-Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 -> File not found
64bit-Directory [AddToPlaylistVLC] -> "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" -> [2010/01/30 18:27:38 | 000,141,061 | ---- | M] ()
64bit-Directory [cmd] -> cmd.exe /s /k pushd "%V" -> [2009/07/13 21:39:01 | 000,344,576 | ---- | M] (Microsoft Corporation)
64bit-Directory [find] -> %SystemRoot%\Explorer.exe -> [2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation)
64bit-Directory [OneNote.Open] -> C:\PROGRA~2\MIF5BA~1\Office12\ONENOTE.EXE "%L" -> [2009/02/26 15:24:50 | 001,001,840 | ---- | M] (Microsoft Corporation)
64bit-Directory [PlayWithVLC] -> "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" -> [2010/01/30 18:27:38 | 000,141,061 | ---- | M] ()
64bit-Folder [open] -> %SystemRoot%\Explorer.exe -> [2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation)
64bit-Drive [find] -> %SystemRoot%\Explorer.exe -> [2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation)
batfile [open] -> "%1" %* -> 
cmdfile [open] -> "%1" %* -> 
comfile [open] -> "%1" %* -> 
cplfile [cplopen] -> %SystemRoot%\System32\control.exe "%1",%* -> [2009/07/13 21:14:15 | 000,113,152 | ---- | M] (Microsoft Corporation)
exefile [open] -> "%1" %* -> 
htmlfile [edit] -> "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 -> [2008/11/10 14:50:30 | 000,068,472 | ---- | M] (Microsoft Corporation)
htmlfile [print] -> "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 -> [2008/11/10 14:50:30 | 000,068,472 | ---- | M] (Microsoft Corporation)
inffile [install] -> %SystemRoot%\System32\InfDefaultInstall.exe "%1" -> [2009/07/13 21:14:21 | 000,009,216 | ---- | M] (Microsoft Corporation)
InternetShortcut [print] -> "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" -> [2010/02/23 03:55:43 | 005,964,800 | ---- | M] (Microsoft Corporation)
piffile [open] -> "%1" %* -> 
scrfile [config] -> "%1" -> 
scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> [2009/07/13 21:14:08 | 000,128,000 | ---- | M] (Microsoft Corporation)
scrfile [open] -> "%1" /S -> 
Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 -> 
Directory [AddToPlaylistVLC] -> "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" -> [2010/01/30 18:27:38 | 000,141,061 | ---- | M] ()
Directory [cmd] -> cmd.exe /s /k pushd "%V" -> [2009/07/13 21:14:15 | 000,301,568 | ---- | M] (Microsoft Corporation)
Directory [find] -> %SystemRoot%\Explorer.exe -> [2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation)
Directory [OneNote.Open] -> C:\PROGRA~2\MIF5BA~1\Office12\ONENOTE.EXE "%L" -> [2009/02/26 15:24:50 | 001,001,840 | ---- | M] (Microsoft Corporation)
Directory [PlayWithVLC] -> "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" -> [2010/01/30 18:27:38 | 000,141,061 | ---- | M] ()
Folder [open] -> %SystemRoot%\Explorer.exe -> [2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation)
Drive [find] -> %SystemRoot%\Explorer.exe -> [2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation)
< 64bit-Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> 
{066CFFF8-12BF-4390-A673-75F95EFF188E} -> TOSHIBA Value Added Package
{20387B45-18A4-4D48-ABD9-A23D2CBE42B3} -> Dolby Control Center
{4B6C7001-C7D6-3710-913E-5BC23FCE91E6} -> Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
{5BCC94A1-DEF1-4AB4-8046-BC13048E929A} -> TOSHIBA ReelTime
{5DA0E02F-970B-424B-BF41-513A5018E4C0} -> TOSHIBA Disc Creator
{617C36FD-0CBE-4600-84B2-441CEB12FADF} -> TOSHIBA Extended Tiles for Windows Mobility Center
{8220EEFE-38CD-377E-8595-13398D740ACE} -> Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
{90120000-002A-0000-1000-0000000FF1CE} -> Microsoft Office Office 64-bit Components 2007
{90120000-002A-0409-1000-0000000FF1CE} -> Microsoft Office Shared 64-bit MUI (English) 2007
{90120000-0116-0409-1000-0000000FF1CE} -> Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
{94A90C69-71C1-470A-88F5-AA47ECC96B40} -> TOSHIBA HDD Protection
{95120000-00B9-0409-1000-0000000FF1CE} -> Microsoft Application Error Reporting
{9B48B0AC-C813-4174-9042-476A887592C7} -> Windows Live ID Sign-in Assistant
{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4} -> TOSHIBA PC Health Monitor
{9EFC40E3-5F31-4F75-8445-286273F74D8E} -> Apple Mobile Device Support
{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E} -> TOSHIBA eco Utility
{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF} -> TOSHIBA Recovery Media Creator
{B812FCC0-6192-4BFA-A9C6-1E8578F255DA} -> iTunes
{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04} -> PlayReady PC Runtime amd64
{D4322448-B6AF-4316-B859-D8A0E84DCB38} -> TOSHIBA HDD/SSD Alert
{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD} -> Bonjour
{F64684A0-754B-4637-B7F9-6E8DAA8CD5CD} -> TOSHIBA Bulletin Board
{F67FA545-D8E5-4209-86B1-AEE045D1003F} -> TOSHIBA Face Recognition
SynTPDeinstKey -> Synaptics Pointing Device Driver
< Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> 
{008D69EB-70FF-46AB-9C75-924620DF191A} -> TOSHIBA Speech System SR Engine(U.S.) Version1.0
{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE} -> RICOH R5U230 Media Driver ver.2.06.03.02
{066CFFF8-12BF-4390-A673-75F95EFF188E} -> TOSHIBA Value Added Package
{08234a0d-cf39-4dca-99f0-0c5cb496da81} -> MSN Toolbar
{0FB630AB-7BD8-40AE-B223-60397D57C3C9} -> Realtek WLAN Driver
{1451DE6B-ABE1-4F62-BE9A-B363A17588A2} -> QuickTime
{15BC8CD0-A65B-47D0-A2DD-90A824590FA8} -> Microsoft Works
{178832DE-9DE0-4C87-9F82-9315A9B03985} -> Windows Live Writer
{18455581-E099-4BA8-BC6B-F34B2F06600C} -> Google Toolbar for Internet Explorer
{1B87C40B-A60B-4EF3-9A68-706CF4B69978} -> TOSHIBA Assist
{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} -> Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
{205C6BDD-7B73-42DE-8505-9A093F35A238} -> Windows Live Upload Tool
{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} -> MSVCRT
{2318C2B1-4965-11d4-9B18-009027A5CD4F} -> Google Toolbar for Internet Explorer
{26A24AE4-039D-4CA4-87B4-2F83216014FF} -> Java(TM) 6 Update 14
{3135D885-9D9A-4B4D-8D45-9DB05DA115CA} -> Amazon Links
{338F08AB-C262-42C7-B000-34DE1A475273} -> Ad-Aware Email Scanner for Outlook
{3B4E636E-9D65-4D67-BA61-189800823F52} -> Windows Live Communications Platform
{3B843B38-04B1-4CE6-8888-586273E0F289} -> Quickbooks Financial Center
{3D5044A5-97B8-45C0-B956-BB2376569188} -> Windows Live Movie Maker
{3E29EE6C-963A-4aae-86C1-DC237C4A49FC} -> Intel(R) Rapid Storage Technology
{3FA365DF-2D68-45ED-8F83-8C8A33E65143} -> Apple Application Support
{3FBF6F99-8EC6-41B4-8527-0A32241B5496} -> TOSHIBA Speech System TTS Engine(U.S.) Version1.0
{50F68032-B5B7-4513-9116-C978DBD8F27A} -> DVD MovieFactory for TOSHIBA
{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748} -> Skype web features
{5AF550B4-BB67-4E7E-82F1-2C4300279050} -> ToshibaRegistration
{5E6F6CF3-BACC-4144-868C-E14622C658F3} -> TOSHIBA Web Camera Application
{6412CECE-8172-4BE5-935B-6CECACD2CA87} -> Windows Live Mail
{65153EA5-8B6E-43B6-857B-C6E4FC25798A} -> Intel(R) Management Engine Components
{6956856F-B6B3-4BE0-BA0B-8F495BE32033} -> Apple Software Update
{6C5F3BDC-0A1B-4436-A696-5939629D5C31} -> TOSHIBA DVD PLAYER
{7299052b-02a4-4627-81f2-1818da5d550d} -> Microsoft Visual C++ 2005 Redistributable
{770657D0-A123-3C07-8E44-1C83EC895118} -> Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71} -> Windows Live Essentials
{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1} -> Windows Live Sync
{8833FFB6-5B0C-4764-81AA-06DFEED9A476} -> Realtek Ethernet Controller  Driver
{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} -> Microsoft Silverlight
{90120000-0016-0409-0000-0000000FF1CE} -> Microsoft Office Excel MUI (English) 2007
{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-0018-0409-0000-0000000FF1CE} -> Microsoft Office PowerPoint MUI (English) 2007
{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-001B-0409-0000-0000000FF1CE} -> Microsoft Office Word MUI (English) 2007
{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-001F-0409-0000-0000000FF1CE} -> Microsoft Office Proof (English) 2007
{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045} -> Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
{90120000-001F-040C-0000-0000000FF1CE} -> Microsoft Office Proof (French) 2007
{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787} -> Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
{90120000-001F-0C0A-0000-0000000FF1CE} -> Microsoft Office Proof (Spanish) 2007
{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9} -> Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
{90120000-0020-0409-0000-0000000FF1CE} -> Compatibility Pack for the 2007 Office system
{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-002C-0409-0000-0000000FF1CE} -> Microsoft Office Proofing (English) 2007
{90120000-006E-0409-0000-0000000FF1CE} -> Microsoft Office Shared MUI (English) 2007
{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-00A1-0409-0000-0000000FF1CE} -> Microsoft Office OneNote MUI (English) 2007
{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-0115-0409-0000-0000000FF1CE} -> Microsoft Office Shared Setup Metadata MUI (English) 2007
{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{91120000-002F-0000-0000-0000000FF1CE} -> Microsoft Office Home and Student 2007
{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B} -> Microsoft Office 2007 Service Pack 2 (SP2)
{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF} -> Security Update for Microsoft Office system 2007 (972581)
{95120000-00AF-0409-0000-0000000FF1CE} -> Microsoft Office PowerPoint Viewer 2007 (English)
{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3} -> Toshiba Application Installer
{983CD6FE-8320-4B80-A8F6-0D0366E0AA22} -> TOSHIBA Media Controller
{9A25302D-30C0-39D9-BD6F-21E6EC160475} -> Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
{9AEAF9CC-390B-49C0-8F7F-14092BF163B6} -> NetZero Launcher
{A208044D-A88B-4ACF-AE95-E4F213E6EDC0} -> TOSHIBA Supervisor Password
{A49F249F-0C91-497F-86DF-B2585E8E76B7} -> Microsoft Visual C++ 2005 Redistributable
{A85FD55B-891B-4314-97A5-EA96C0BD80B5} -> Windows Live Messenger
{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} -> Google Update Helper
{AC6569FA-6919-442A-8552-073BE69E247A} -> TOSHIBA Service Station
{AC76BA86-7AD7-1033-7B44-A91000000001} -> Adobe Reader 9.1
{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E} -> TOSHIBA eco Utility
{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1 -> Spybot - Search & Destroy
{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1} -> Toshiba Online Backup
{D0387727-C89D-4774-B643-B9333EAA09DE} -> TOSHIBA Hardware Setup
{D103C4BA-F905-437A-8049-DB24763BBE36} -> Skype™ 4.1
{D4322448-B6AF-4316-B859-D8A0E84DCB38} -> TOSHIBA HDD/SSD Alert
{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA} -> Windows Live Photo Gallery
{DA84ECBF-4B79-47F2-B34C-95C38484C058} -> Skype Launcher
{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} -> Ad-Aware
{E2DFE069-083E-4631-9B6C-43C48E991DE5} -> Junk Mail filter update
{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F} -> TOSHIBA USB Sleep and Charge Utility
{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E} -> Microsoft Office Suite Activation Assistant
{E69992ED-A7F6-406C-9280-1C156417BC49} -> TOSHIBA Quality Application
{EE033C1F-443E-41EC-A0E2-559B539A4E4D} -> TOSHIBA Speech System Applications
{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} -> Microsoft SQL Server 2005 Compact Edition [ENU]
{F0E12BBA-AD66-4022-A453-A1C8A0C4D570} -> Microsoft Choice Guard
{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA} -> Intel(R) Graphics Media Accelerator Driver
{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} -> Realtek High Definition Audio Driver
{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81} -> Direct DiscRecorder
{F333A33D-125C-32A2-8DCE-5C5D14231E27} -> Visual C++ 2008 x86 Runtime - (v9.0.30729)
{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01 -> Visual C++ 2008 x86 Runtime - v9.0.30729.01
{F3529665-D75E-4D6D-98F0-745C78C68E9B} -> TOSHIBA ConfigFree
{F6BD194C-4190-4D73-B1B1-C48C99921BFE} -> Windows Live Call
{F8A9085D-4C7A-41a9-8A77-C8998A96C421} -> Intel(R) Control Center
Ad-Aware -> Ad-Aware
Adobe Flash Player ActiveX -> Adobe Flash Player 10 ActiveX
AstroPop Deluxe 1.1 -> AstroPop Deluxe 1.1
Google Chrome -> Google Chrome
HOMESTUDENTR -> Microsoft Office Home and Student 2007
InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E} -> TOSHIBA Value Added Package
InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A} -> DVD MovieFactory for TOSHIBA
InstallShield_{5BCC94A1-DEF1-4AB4-8046-BC13048E929A} -> TOSHIBA ReelTime
InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF} -> TOSHIBA Extended Tiles for Windows Mobility Center
InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E} -> TOSHIBA eco Utility
InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38} -> TOSHIBA HDD/SSD Alert
InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81} -> Direct DiscRecorder
InstallShield_{F64684A0-754B-4637-B7F9-6E8DAA8CD5CD} -> TOSHIBA Bulletin Board
InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F} -> TOSHIBA Face Recognition
Malwarebytes' Anti-Malware_is1 -> Malwarebytes' Anti-Malware
McAfee Security Scan -> McAfee Security Scan Plus
Mozilla Firefox (3.6) -> Mozilla Firefox (3.6)
NAV -> Norton AntiVirus
Peggle Nights -> Peggle Nights
Plants vs. Zombies -> Plants vs. Zombies
The Weather Channel Desktop 6 -> The Weather Channel Desktop 6
The Weather Channel Toolbar -> The Weather Channel Toolbar
TOSHIBA Game Console -> WildTangent ORB Game Console
VLC media player -> VLC media player 1.0.5
WildTangent toshiba Master Uninstall -> WildTangent Games
WinLiveSuite_Wave3 -> Windows Live Essentials
WT078087 -> Blackhawk Striker 2
WT078109 -> FATE Undiscovered Realms
WT078123 -> Monopoly
WT078129 -> Polar Bowler
WT078130 -> Virtual Families
WT078308 -> Bejeweled 2 Deluxe
WT078385 -> Virtual Villagers - The Secret City
WT078475 -> Scrabble Plus
WT078491 -> Faerie Solitaire
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 4/1/2010 8:24:46 PM Computer Name = deborah-PC | Source = Application Error | ID = 1000 -> Description = Faulting application name: iexplore.exe, version: 8.0.7600.16385, time stamp: 0x4a5bc69e  Faulting module name: SkypeIEPlugin.dll_unloaded, version: 0.0.0.0, time stamp: 0x4a77e4da  Exception code: 0xc0000005  Fault offset: 0x100a3f2b  Faulting process id: 0xa44  Faulting application start time: 0x01cad1fad811f2f0  Faulting application path: C:\Program Files (x86)\Internet Explorer\iexplore.exe  Faulting module path: SkypeIEPlugin.dll  Report Id: 23d88b54-3dee-11df-b07b-00266c3d908b
Application [ Error ] 4/1/2010 9:16:23 PM Computer Name = deborah-PC | Source = Application Error | ID = 1000 -> Description = Faulting application name: iexplore.exe, version: 8.0.7600.16385, time stamp: 0x4a5bc69e  Faulting module name: Flash10e.ocx, version: 10.0.45.2, time stamp: 0x4b5f8faa  Exception code: 0xc0000005  Fault offset: 0x00157d39  Faulting process id: 0x1654  Faulting application start time: 0x01cad1d3dfb1340f  Faulting application path: C:\Program Files (x86)\Internet Explorer\iexplore.exe  Faulting module path: C:\windows\SysWow64\Macromed\Flash\Flash10e.ocx  Report Id: 59ab7755-3df5-11df-b07b-00266c3d908b
Application [ Error ] 4/1/2010 9:16:44 PM Computer Name = deborah-PC | Source = Application Error | ID = 1000 -> Description = Faulting application name: iexplore.exe, version: 8.0.7600.16385, time stamp: 0x4a5bc69e  Faulting module name: ole32.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdac7  Exception code: 0xc0000005  Fault offset: 0x00095a45  Faulting process id: 0x1654  Faulting application start time: 0x01cad1d3dfb1340f  Faulting application path: C:\Program Files (x86)\Internet Explorer\iexplore.exe  Faulting module path: C:\windows\syswow64\ole32.dll  Report Id: 6606fc21-3df5-11df-b07b-00266c3d908b
Application [ Error ] 4/1/2010 9:16:49 PM Computer Name = deborah-PC | Source = Application Hang | ID = 1002 -> Description = The program iexplore.exe version 8.0.7600.16385 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.    Process ID: 1034    Start Time: 01cad1d1676d546a    Termination Time: 16    Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe    Report Id: 5da8a5ab-3df5-11df-b07b-00266c3d908b  
Application [ Error ] 4/2/2010 7:04:13 PM Computer Name = deborah-PC | Source = Application Error | ID = 1000 -> Description = Faulting application name: iexplore.exe, version: 8.0.7600.16385, time stamp: 0x4a5bc69e  Faulting module name: Flash10e.ocx, version: 10.0.45.2, time stamp: 0x4b5f8faa  Exception code: 0xc0000005  Fault offset: 0x001582b2  Faulting process id: 0x64c  Faulting application start time: 0x01cad299558f104e  Faulting application path: C:\Program Files (x86)\Internet Explorer\iexplore.exe  Faulting module path: C:\windows\SysWow64\Macromed\Flash\Flash10e.ocx  Report Id: 0d794b6d-3eac-11df-af76-00266c3d908b
Application [ Error ] 4/2/2010 8:31:45 PM Computer Name = deborah-PC | Source = Application Hang | ID = 1002 -> Description = The program iexplore.exe version 8.0.7600.16385 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.    Process ID: 1760    Start Time: 01cad29955323aa3    Termination Time: 31    Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe    Report Id: 3dc550f7-3eb8-11df-af76-00266c3d908b  
Application [ Error ] 4/2/2010 8:43:05 PM Computer Name = deborah-PC | Source = Application Error | ID = 1000 -> Description = Faulting application name: iexplore.exe, version: 8.0.7600.16385, time stamp: 0x4a5bc69e  Faulting module name: Flash10e.ocx, version: 10.0.45.2, time stamp: 0x4b5f8faa  Exception code: 0xc0000005  Fault offset: 0x001582b2  Faulting process id: 0x1a54  Faulting application start time: 0x01cad2c52e0a353f  Faulting application path: C:\Program Files (x86)\Internet Explorer\iexplore.exe  Faulting module path: C:\windows\SysWow64\Macromed\Flash\Flash10e.ocx  Report Id: dd309c61-3eb9-11df-af76-00266c3d908b
Application [ Error ] 4/3/2010 1:36:54 AM Computer Name = deborah-PC | Source = Application Error | ID = 1000 -> Description = Faulting application name: iexplore.exe, version: 8.0.7600.16385, time stamp: 0x4a5bc69e  Faulting module name: Flash10e.ocx, version: 10.0.45.2, time stamp: 0x4b5f8faa  Exception code: 0xc0000005  Fault offset: 0x001582b2  Faulting process id: 0x1368  Faulting application start time: 0x01cad2e4a02a7a13  Faulting application path: C:\Program Files (x86)\Internet Explorer\iexplore.exe  Faulting module path: C:\windows\SysWow64\Macromed\Flash\Flash10e.ocx  Report Id: e91b393b-3ee2-11df-b44d-00266c3d908b
Application [ Error ] 4/3/2010 2:39:17 AM Computer Name = deborah-PC | Source = Application Hang | ID = 1002 -> Description = The program iexplore.exe version 8.0.7600.16385 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.    Process ID: 10d8    Start Time: 01cad2e49e6171df    Termination Time: 0    Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe    Report Id: 9a2470c6-3eeb-11df-b44d-00266c3d908b  
Application [ Error ] 4/3/2010 3:28:41 AM Computer Name = deborah-PC | Source = SideBySide | ID = 16842787 -> Description = Activation context generation failed for "c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8.  Component identity found in manifest does not match the identity of the component requested.  Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".  Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Please use sxstrace.exe for detailed diagnosis.
Media Center [ Error ] 2/2/2010 5:14:34 PM Computer Name = deborah-PC | Source = MCUpdate | ID = 0 -> Description = 3:14:34 PM - Error connecting to the internet.  3:14:34 PM -     Unable to contact server..  
Media Center [ Error ] 2/2/2010 5:14:42 PM Computer Name = deborah-PC | Source = MCUpdate | ID = 0 -> Description = 3:14:39 PM - Error connecting to the internet.  3:14:39 PM -     Unable to contact server..  
Media Center [ Error ] 3/4/2010 4:31:44 PM Computer Name = deborah-PC | Source = MCUpdate | ID = 0 -> Description = 3:31:44 PM - Failed to retrieve Directory (Error: The underlying connection was closed: An unexpected error occurred on a receive.)  
Media Center [ Error ] 3/4/2010 4:33:59 PM Computer Name = deborah-PC | Source = MCUpdate | ID = 0 -> Description = 3:33:17 PM - Failed to retrieve NetTV (Error: The underlying connection was closed: An unexpected error occurred on a receive.)  
Media Center [ Error ] 3/4/2010 4:36:03 PM Computer Name = deborah-PC | Source = MCUpdate | ID = 0 -> Description = 3:35:33 PM - Failed to retrieve MCESpotlight (Error: The underlying connection was closed: An unexpected error occurred on a receive.)  
Media Center [ Error ] 3/4/2010 4:37:09 PM Computer Name = deborah-PC | Source = MCUpdate | ID = 0 -> Description = 3:36:33 PM - Failed to retrieve MCEClientUX (Error: The underlying connection was closed: An unexpected error occurred on a receive.)  
System [ Error ] 3/18/2010 4:05:53 PM Computer Name = deborah-PC | Source = bowser | ID = 8003 -> Description = 
System [ Error ] 3/19/2010 4:07:22 PM Computer Name = deborah-PC | Source = bowser | ID = 8003 -> Description = 
System [ Error ] 3/20/2010 3:02:05 AM Computer Name = deborah-PC | Source = Service Control Manager | ID = 7009 -> Description = A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
System [ Error ] 3/20/2010 3:02:05 AM Computer Name = deborah-PC | Source = Service Control Manager | ID = 7000 -> Description = The Windows Search service failed to start due to the following error:   %%1053
System [ Error ] 3/31/2010 3:31:18 PM Computer Name = deborah-PC | Source = bowser | ID = 8003 -> Description = 
System [ Error ] 3/31/2010 3:55:16 PM Computer Name = deborah-PC | Source = bowser | ID = 8003 -> Description = 
System [ Error ] 4/6/2010 10:01:31 PM Computer Name = deborah-PC | Source = Service Control Manager | ID = 7023 -> Description = The Computer Browser service terminated with the following error:   %%1115
System [ Error ] 4/6/2010 10:01:31 PM Computer Name = deborah-PC | Source = Service Control Manager | ID = 7023 -> Description = The Server service terminated with the following error:   %%13
System [ Error ] 4/6/2010 10:01:31 PM Computer Name = deborah-PC | Source = Microsoft-Windows-Bits-Client | ID = 16392 -> Description = The BITS service failed to start.  Error 2147942450.
System [ Error ] 4/6/2010 10:01:31 PM Computer Name = deborah-PC | Source = Service Control Manager | ID = 7024 -> Description = The Background Intelligent Transfer Service service terminated with service-specific error %%-2147024846.
 
[Files/Folders - Created Within 30 Days]
 OTS.exe -> C:\Users\deborah\Desktop\OTS.exe -> [2010/04/23 01:00:43 | 000,638,976 | ---- | C] (OldTimer Tools)
 ComboFix -> C:\ComboFix -> [2010/04/22 15:33:40 | 000,000,000 | ---D | C]
 CF30244.exe -> C:\windows\SysWow64\CF30244.exe -> [2010/04/22 15:33:39 | 000,301,568 | ---- | C] (Microsoft Corporation)
 Spybot - Search & Destroy -> C:\ProgramData\Spybot - Search & Destroy -> [2010/04/19 14:29:41 | 000,000,000 | ---D | C]
 Spybot - Search & Destroy -> C:\Program Files (x86)\Spybot - Search & Destroy -> [2010/04/19 14:29:41 | 000,000,000 | ---D | C]
 Malwarebytes -> C:\Users\deborah\AppData\Roaming\Malwarebytes -> [2010/04/19 13:14:03 | 000,000,000 | ---D | C]
 mbamswissarmy.sys -> C:\windows\SysWow64\drivers\mbamswissarmy.sys -> [2010/04/19 13:13:56 | 000,038,224 | ---- | C] (Malwarebytes Corporation)
 mbam.sys -> C:\windows\SysNative\drivers\mbam.sys -> [2010/04/19 13:13:55 | 000,024,664 | ---- | C] (Malwarebytes Corporation)
 Malwarebytes' Anti-Malware -> C:\Program Files (x86)\Malwarebytes' Anti-Malware -> [2010/04/19 13:13:55 | 000,000,000 | ---D | C]
 Malwarebytes -> C:\ProgramData\Malwarebytes -> [2010/04/19 13:13:55 | 000,000,000 | ---D | C]
 vbscript.dll -> C:\windows\SysNative\vbscript.dll -> [2010/04/14 13:57:12 | 000,612,352 | ---- | C] (Microsoft Corporation)
 vbscript.dll -> C:\windows\SysWow64\vbscript.dll -> [2010/04/14 13:57:12 | 000,427,520 | ---- | C] (Microsoft Corporation)
 ntoskrnl.exe -> C:\windows\SysNative\ntoskrnl.exe -> [2010/04/14 13:57:05 | 005,509,008 | ---- | C] (Microsoft Corporation)
 ntkrnlpa.exe -> C:\windows\SysWow64\ntkrnlpa.exe -> [2010/04/14 13:57:04 | 003,954,568 | ---- | C] (Microsoft Corporation)
 ntoskrnl.exe -> C:\windows\SysWow64\ntoskrnl.exe -> [2010/04/14 13:57:04 | 003,899,280 | ---- | C] (Microsoft Corporation)
 wintrust.dll -> C:\windows\SysNative\wintrust.dll -> [2010/04/14 13:55:14 | 000,220,672 | ---- | C] (Microsoft Corporation)
 wintrust.dll -> C:\windows\SysWow64\wintrust.dll -> [2010/04/14 13:55:14 | 000,172,032 | ---- | C] (Microsoft Corporation)
 cabview.dll -> C:\windows\SysNative\cabview.dll -> [2010/04/14 13:55:13 | 000,139,264 | ---- | C] (Microsoft Corporation)
 cabview.dll -> C:\windows\SysWow64\cabview.dll -> [2010/04/14 13:55:13 | 000,132,608 | ---- | C] (Microsoft Corporation)
 cchpx64.sys -> C:\windows\SysNative\drivers\NAVx64\1106000.020\cchpx64.sys -> [2010/04/11 15:18:11 | 000,615,040 | ---- | C] (Symantec Corporation)
 srtsp64.sys -> C:\windows\SysNative\drivers\NAVx64\1106000.020\srtsp64.sys -> [2010/04/11 15:18:11 | 000,505,392 | ---- | C] (Symantec Corporation)
 symtdiv.sys -> C:\windows\SysNative\drivers\NAVx64\1106000.020\symtdiv.sys -> [2010/04/11 15:18:11 | 000,451,120 | ---- | C] (Symantec Corporation)
 symds64.sys -> C:\windows\SysNative\drivers\NAVx64\1106000.020\symds64.sys -> [2010/04/11 15:18:11 | 000,433,200 | R--- | C] (Symantec Corporation)
 symefa64.sys -> C:\windows\SysNative\drivers\NAVx64\1106000.020\symefa64.sys -> [2010/04/11 15:18:11 | 000,221,232 | ---- | C] (Symantec Corporation)
 ironx64.sys -> C:\windows\SysNative\drivers\NAVx64\1106000.020\ironx64.sys -> [2010/04/11 15:18:11 | 000,149,552 | ---- | C] (Symantec Corporation)
 srtspx64.sys -> C:\windows\SysNative\drivers\NAVx64\1106000.020\srtspx64.sys -> [2010/04/11 15:18:11 | 000,032,304 | ---- | C] (Symantec Corporation)
 1106000.020 -> C:\windows\SysNative\drivers\NAVx64\1106000.020 -> [2010/04/11 15:17:53 | 000,000,000 | ---D | C]
 SYMEVENT64x86.SYS -> C:\windows\SysNative\drivers\SYMEVENT64x86.SYS -> [2010/04/10 20:20:09 | 000,173,104 | ---- | C] (Symantec Corporation)
 Symantec Shared -> C:\Program Files\Common Files\Symantec Shared -> [2010/04/10 20:20:06 | 000,000,000 | ---D | C]
 Symantec -> C:\Program Files\Symantec -> [2010/04/10 20:20:06 | 000,000,000 | ---D | C]
 NAVx64 -> C:\windows\SysNative\drivers\NAVx64 -> [2010/04/10 20:19:39 | 000,000,000 | ---D | C]
 Norton AntiVirus -> C:\Program Files (x86)\Norton AntiVirus -> [2010/04/10 20:19:37 | 000,000,000 | ---D | C]
 NortonInstaller -> C:\Program Files (x86)\NortonInstaller -> [2010/04/10 20:19:31 | 000,000,000 | ---D | C]
 wininet.dll -> C:\windows\SysNative\wininet.dll -> [2010/03/31 15:39:12 | 001,192,960 | ---- | C] (Microsoft Corporation)
 mstime.dll -> C:\windows\SysNative\mstime.dll -> [2010/03/31 15:39:12 | 001,026,048 | ---- | C] (Microsoft Corporation)
 mstime.dll -> C:\windows\SysWow64\mstime.dll -> [2010/03/31 15:39:12 | 000,606,208 | ---- | C] (Microsoft Corporation)
 wininet.dll -> C:\windows\SysWow64\wininet.dll -> [2010/03/31 15:39:11 | 000,977,920 | ---- | C] (Microsoft Corporation)
 iedkcs32.dll -> C:\windows\SysNative\iedkcs32.dll -> [2010/03/31 15:39:11 | 000,445,952 | ---- | C] (Microsoft Corporation)
 iedkcs32.dll -> C:\windows\SysWow64\iedkcs32.dll -> [2010/03/31 15:39:11 | 000,381,440 | ---- | C] (Microsoft Corporation)
 msfeedsbs.dll -> C:\windows\SysNative\msfeedsbs.dll -> [2010/03/31 15:39:11 | 000,082,944 | ---- | C] (Microsoft Corporation)
 msfeedsbs.dll -> C:\windows\SysWow64\msfeedsbs.dll -> [2010/03/31 15:39:11 | 000,064,512 | ---- | C] (Microsoft Corporation)
 1 C:\windows\*.tmp files -> C:\windows\*.tmp -> 
 
[Files/Folders - Modified Within 30 Days]
 ntuser.dat -> C:\Users\deborah\ntuser.dat -> [2010/04/23 01:14:15 | 005,505,024 | -HS- | M] ()
 OTS.exe -> C:\Users\deborah\Desktop\OTS.exe -> [2010/04/23 00:58:52 | 000,638,976 | ---- | M] (OldTimer Tools)
 GoogleUpdateTaskMachineUA.job -> C:\windows\tasks\GoogleUpdateTaskMachineUA.job -> [2010/04/23 00:57:00 | 000,000,898 | ---- | M] ()
 bootstat.dat -> C:\windows\bootstat.dat -> [2010/04/23 00:53:30 | 000,067,584 | --S- | M] ()
 7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> [2010/04/22 15:52:54 | 000,015,792 | -H-- | M] ()
 7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> [2010/04/22 15:52:54 | 000,015,792 | -H-- | M] ()
 Start_.cmd -> C:\Start_.cmd -> [2010/04/22 15:33:40 | 000,000,169 | ---- | M] ()
 Cat.DB -> C:\windows\SysNative\drivers\NAVx64\1106000.020\Cat.DB -> [2010/04/22 15:05:25 | 001,112,554 | ---- | M] ()
 GoogleUpdateTaskMachineCore.job -> C:\windows\tasks\GoogleUpdateTaskMachineCore.job -> [2010/04/22 14:45:21 | 000,000,894 | ---- | M] ()
 SA.DAT -> C:\windows\tasks\SA.DAT -> [2010/04/19 21:23:56 | 000,000,006 | -H-- | M] ()
 hiberfil.sys -> C:\hiberfil.sys -> [2010/04/19 21:23:54 | 3063,070,720 | -HS- | M] ()
 IconCache.db -> C:\Users\deborah\AppData\Local\IconCache.db -> [2010/04/19 15:10:48 | 003,700,606 | -H-- | M] ()
 Spybot - Search & Destroy.lnk -> C:\Users\deborah\Desktop\Spybot - Search & Destroy.lnk -> [2010/04/19 14:29:46 | 000,001,273 | ---- | M] ()
 Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/04/19 13:13:59 | 000,001,024 | ---- | M] ()
 PerfStringBackup.INI -> C:\windows\SysNative\PerfStringBackup.INI -> [2010/04/19 13:12:48 | 000,713,888 | ---- | M] ()
 perfh009.dat -> C:\windows\SysNative\perfh009.dat -> [2010/04/19 13:12:48 | 000,615,360 | ---- | M] ()
 perfc009.dat -> C:\windows\SysNative\perfc009.dat -> [2010/04/19 13:12:48 | 000,103,702 | ---- | M] ()
 Norton AntiVirus.lnk -> C:\Users\Public\Desktop\Norton AntiVirus.lnk -> [2010/04/12 00:04:04 | 000,002,396 | ---- | M] ()
 SYMEVENT64x86.SYS -> C:\windows\SysNative\drivers\SYMEVENT64x86.SYS -> [2010/04/10 20:20:06 | 000,173,104 | ---- | M] (Symantec Corporation)
 SYMEVENT64x86.CAT -> C:\windows\SysNative\drivers\SYMEVENT64x86.CAT -> [2010/04/10 20:20:06 | 000,007,440 | ---- | M] ()
 SYMEVENT64x86.INF -> C:\windows\SysNative\drivers\SYMEVENT64x86.INF -> [2010/04/10 20:20:06 | 000,000,854 | ---- | M] ()
 Google Chrome.lnk -> C:\Users\Public\Desktop\Google Chrome.lnk -> [2010/03/31 20:57:44 | 000,002,209 | ---- | M] ()
 mbamswissarmy.sys -> C:\windows\SysWow64\drivers\mbamswissarmy.sys -> [2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation)
 mbam.sys -> C:\windows\SysNative\drivers\mbam.sys -> [2010/03/30 00:45:56 | 000,024,664 | ---- | M] (Malwarebytes Corporation)
 isolate.ini -> C:\windows\SysNative\drivers\NAVx64\1106000.020\isolate.ini -> [2010/03/26 21:15:54 | 000,000,172 | ---- | M] ()
 4 C:\Users\deborah\AppData\Local\Temp\*.tmp files -> C:\Users\deborah\AppData\Local\Temp\*.tmp -> 
 29 C:\windows\Temp\*.tmp files -> C:\windows\Temp\*.tmp -> 
 1 C:\windows\*.tmp files -> C:\windows\*.tmp -> 
 
[Files - No Company Name]
 Start_.cmd -> C:\Start_.cmd -> [2010/04/22 15:33:40 | 000,000,169 | ---- | C] ()
 Spybot - Search & Destroy.lnk -> C:\Users\deborah\Desktop\Spybot - Search & Destroy.lnk -> [2010/04/19 14:29:46 | 000,001,273 | ---- | C] ()
 Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/04/19 13:13:59 | 000,001,024 | ---- | C] ()
 Cat.DB -> C:\windows\SysNative\drivers\NAVx64\1106000.020\Cat.DB -> [2010/04/12 00:03:44 | 001,112,554 | ---- | C] ()
 symnetv64.cat -> C:\windows\SysNative\drivers\NAVx64\1106000.020\symnetv64.cat -> [2010/04/11 15:18:11 | 000,007,787 | ---- | C] ()
 srtspx64.cat -> C:\windows\SysNative\drivers\NAVx64\1106000.020\srtspx64.cat -> [2010/04/11 15:18:11 | 000,007,414 | ---- | C] ()
 symefa64.cat -> C:\windows\SysNative\drivers\NAVx64\1106000.020\symefa64.cat -> [2010/04/11 15:18:11 | 000,007,412 | ---- | C] ()
 srtsp64.cat -> C:\windows\SysNative\drivers\NAVx64\1106000.020\srtsp64.cat -> [2010/04/11 15:18:11 | 000,007,410 | ---- | C] ()
 symds64.cat -> C:\windows\SysNative\drivers\NAVx64\1106000.020\symds64.cat -> [2010/04/11 15:18:11 | 000,007,406 | ---- | C] ()
 iron.cat -> C:\windows\SysNative\drivers\NAVx64\1106000.020\iron.cat -> [2010/04/11 15:18:11 | 000,007,402 | ---- | C] ()
 symnet64.cat -> C:\windows\SysNative\drivers\NAVx64\1106000.020\symnet64.cat -> [2010/04/11 15:18:11 | 000,007,368 | ---- | C] ()
 symefa.inf -> C:\windows\SysNative\drivers\NAVx64\1106000.020\symefa.inf -> [2010/04/11 15:18:11 | 000,003,374 | ---- | C] ()
 symds.inf -> C:\windows\SysNative\drivers\NAVx64\1106000.020\symds.inf -> [2010/04/11 15:18:11 | 000,002,793 | R--- | C] ()
 cchpx64.inf -> C:\windows\SysNative\drivers\NAVx64\1106000.020\cchpx64.inf -> [2010/04/11 15:18:11 | 000,001,838 | ---- | C] ()
 symnetv.inf -> C:\windows\SysNative\drivers\NAVx64\1106000.020\symnetv.inf -> [2010/04/11 15:18:11 | 000,001,473 | ---- | C] ()
 symnet.inf -> C:\windows\SysNative\drivers\NAVx64\1106000.020\symnet.inf -> [2010/04/11 15:18:11 | 000,001,445 | ---- | C] ()
 srtsp64.inf -> C:\windows\SysNative\drivers\NAVx64\1106000.020\srtsp64.inf -> [2010/04/11 15:18:11 | 000,001,437 | ---- | C] ()
 srtspx64.inf -> C:\windows\SysNative\drivers\NAVx64\1106000.020\srtspx64.inf -> [2010/04/11 15:18:11 | 000,001,421 | ---- | C] ()
 iron.inf -> C:\windows\SysNative\drivers\NAVx64\1106000.020\iron.inf -> [2010/04/11 15:18:11 | 000,000,771 | ---- | C] ()
 cchpx64.cat -> C:\windows\SysNative\drivers\NAVx64\1106000.020\cchpx64.cat -> [2010/04/11 15:18:10 | 000,007,358 | ---- | C] ()
 isolate.ini -> C:\windows\SysNative\drivers\NAVx64\1106000.020\isolate.ini -> [2010/04/11 15:17:53 | 000,000,172 | ---- | C] ()
 SYMEVENT64x86.CAT -> C:\windows\SysNative\drivers\SYMEVENT64x86.CAT -> [2010/04/10 20:20:09 | 000,007,440 | ---- | C] ()
 SYMEVENT64x86.INF -> C:\windows\SysNative\drivers\SYMEVENT64x86.INF -> [2010/04/10 20:20:09 | 000,000,854 | ---- | C] ()
 Norton AntiVirus.lnk -> C:\Users\Public\Desktop\Norton AntiVirus.lnk -> [2010/04/10 20:20:04 | 000,002,396 | ---- | C] ()
 TwcToolbarIe7.dll -> C:\windows\SysWow64\TwcToolbarIe7.dll -> [2010/02/10 21:45:09 | 000,331,776 | ---- | C] ()
 TwcToolbarBho.dll -> C:\windows\SysWow64\TwcToolbarBho.dll -> [2010/02/10 21:45:09 | 000,098,304 | ---- | C] ()
 NDSTray.INI -> C:\windows\NDSTray.INI -> [2009/12/29 02:44:29 | 000,000,000 | ---- | C] ()
 iglhsip32.dll -> C:\windows\SysWow64\iglhsip32.dll -> [2009/10/30 14:06:24 | 000,208,896 | ---- | C] ()
 iglhcp32.dll -> C:\windows\SysWow64\iglhcp32.dll -> [2009/10/30 14:06:24 | 000,147,456 | ---- | C] ()
 GlobalUserInterface.CompositeFont -> C:\windows\Fonts\GlobalUserInterface.CompositeFont -> [2009/07/14 01:32:39 | 000,043,318 | ---- | C] ()
 GlobalSerif.CompositeFont -> C:\windows\Fonts\GlobalSerif.CompositeFont -> [2009/07/14 01:32:39 | 000,029,779 | ---- | C] ()
 GlobalSansSerif.CompositeFont -> C:\windows\Fonts\GlobalSansSerif.CompositeFont -> [2009/07/14 01:32:39 | 000,026,489 | ---- | C] ()
 GlobalMonospace.CompositeFont -> C:\windows\Fonts\GlobalMonospace.CompositeFont -> [2009/07/14 01:32:39 | 000,026,040 | ---- | C] ()
 BWContextHandler.dll -> C:\windows\SysWow64\BWContextHandler.dll -> [2009/07/13 19:42:10 | 000,064,000 | ---- | C] ()
 msjetoledb40.dll -> C:\windows\SysWow64\msjetoledb40.dll -> [2009/07/13 17:03:59 | 000,364,544 | ---- | C] ()
 
[File - Lop Check]
 Tific -> C:\Users\deborah\AppData\Roaming\Tific -> [2010/02/01 20:58:56 | 000,000,000 | ---D | M]
 Toshiba -> C:\Users\deborah\AppData\Roaming\Toshiba -> [2010/02/01 21:29:34 | 000,000,000 | ---D | M]
 WildTangent -> C:\Users\deborah\AppData\Roaming\WildTangent -> [2010/02/23 16:34:32 | 000,000,000 | ---D | M]
 WinBatch -> C:\Users\deborah\AppData\Roaming\WinBatch -> [2010/02/01 19:57:46 | 000,000,000 | ---D | M]
 SCHEDLGU.TXT -> C:\Windows\Tasks\SCHEDLGU.TXT -> [2010/04/04 03:44:36 | 000,032,608 | ---- | M] ()
 
[File - Purity Scan]
 
[Custom Scans]
< %SYSTEMDRIVE%\*.exe >
< MD5 Scans Start>
< %systemdrive%\AGP440.SYS  /md5 /s >
 AGP440.sys : MD5=608C14DBA7299D8CB6ED035A68A15799 -> C:\windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys -> [2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation)
 AGP440.sys : MD5=608C14DBA7299D8CB6ED035A68A15799 -> C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys -> [2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation)
< %systemdrive%\ATAPI.SYS  /md5 /s >
 atapi.sys : MD5=02062C0B390B7729EDC9E69C680A6F3C -> C:\windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys -> [2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation)
 atapi.sys : MD5=02062C0B390B7729EDC9E69C680A6F3C -> C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys -> [2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation)
< %systemdrive%\CNGAUDIT.DLL  /md5 /s >
 cngaudit.dll : MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -> C:\Windows\SysWOW64\cngaudit.dll -> [2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation)
 cngaudit.dll : MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -> C:\Windows\SysWOW64\cngaudit.dll -> [2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation)
 cngaudit.dll : MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -> C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll -> [2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation)
 cngaudit.dll : MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -> C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll -> [2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation)
< %systemdrive%\IASTOR.SYS  /md5 /s >
 iaStor.sys : MD5=631FA8935163B01FC0C02966CB3ADB92 -> C:\windows\SysWow64\DriverStore\FileRepository\iaahci.inf_amd64_neutral_b03f80929ac23556\iaStor.sys -> [2009/10/02 16:58:58 | 000,537,112 | ---- | M] (Intel Corporation)
< %systemdrive%\IASTORV.SYS  /md5 /s >
 iaStorV.sys : MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -> C:\windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys -> [2009/07/13 21:48:04 | 000,410,688 | ---- | M] (Intel Corporation)
 iaStorV.sys : MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -> C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys -> [2009/07/13 21:48:04 | 000,410,688 | ---- | M] (Intel Corporation)
< %systemdrive%\NETLOGON.DLL  /md5 /s >
 netlogon.dll : MD5=956D030D375F207B22FB111E06EF9C35 -> C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll -> [2009/07/13 21:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation)
 netlogon.dll : MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -> C:\Windows\SysWOW64\netlogon.dll -> [2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation)
 netlogon.dll : MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -> C:\Windows\SysWOW64\netlogon.dll -> [2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation)
 netlogon.dll : MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -> C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll -> [2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation)
< %systemdrive%\NVSTOR.SYS  /md5 /s >
 nvstor.sys : MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -> C:\windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys -> [2009/07/13 21:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation)
 nvstor.sys : MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -> C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys -> [2009/07/13 21:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation)
< %systemdrive%\SCECLI.DLL  /md5 /s >
 scecli.dll : MD5=26073302DAEA83CC5B944C546D6B47D2 -> C:\Windows\SysWOW64\scecli.dll -> [2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation)
 scecli.dll : MD5=26073302DAEA83CC5B944C546D6B47D2 -> C:\Windows\SysWOW64\scecli.dll -> [2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation)
 scecli.dll : MD5=26073302DAEA83CC5B944C546D6B47D2 -> C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll -> [2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation)
 scecli.dll : MD5=398712DDDAEFB85EDF61DF6A07B65C79 -> C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll -> [2009/07/13 21:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation)
< MD5 Scans End>
< %systemroot%\*. /mp /s >
OTS cannot create restorepoints on Vista OSs!
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< End of report >
NeonFx's Avatar
Senior Member with 4,811 posts.
 
Join Date: Oct 2008
Location: California, USA
23-Apr-2010, 01:10 AM #4
There appears to be a DNS hijack in place which could explain all this. What it does is that every website that is visited on this computer is going through someone else's computer so they can log everything that happens. Make sure she changes passwords for everything, not just the email account as other things may have been compromised. If she does any banking, she'll need to make sure nothing nefarious is going on there and she should report anything out of the ordinary.

Let's remove it and scan the system.

Oh and ComboFix should never be used by anyone not trained it its use as per the developer's wishes. Don't run it again unless someone authorized to use it asks you to.



STEP 1

Run OTS
  • Under the Paste Fix Here box on the right, paste in the contents of following code box

Code:
[Unregister Dlls]
[Registry - All]
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\
YN -> DhcpNameServer -> 63.148.157.2 63.148.157.3 205.171.3.65
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
YN -> {3FF9F2B9-7C63-49D4-A9C5-72C2C9D48E53}\\DhcpNameServer -> 63.148.157.2 63.148.157.3 205.171.3.65   (Realtek RTL8191SE Wireless LAN 802.11n PCI-E NIC)
[Files/Folders - Modified Within 30 Days]
NY ->  4 C:\Users\deborah\AppData\Local\Temp\*.tmp files -> C:\Users\deborah\AppData\Local\Temp\*.tmp
NY ->  29 C:\windows\Temp\*.tmp files -> C:\windows\Temp\*.tmp
NY ->  1 C:\windows\*.tmp files -> C:\windows\*.tmp
[Empty Temp Folders]
[EmptyFlash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • This will create a log in C:\_OTS\MovedFiles\<date>_<time>.log where date and time are those of when the fix was run. Open it from there if it does not appear automatically on reboot. Please copy and paste or attach the contents of that file here.

Note: You may receive some errors while running the fix. Just press Ok and the fix should continue normally.
If it seems to get stuck, give it some time. It's probably still working.


STEP 2


Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.



2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.
3. Click Run at the Security prompt.


The program will then begin downloading and installing and will also update the database.


Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases
  • Click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View report... at the bottom.
  • Click the Save report... button.

  • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply
b33rman's Avatar
b33rman b33rman is offline
Junior Member with 7 posts.
THREAD STARTER
 
Join Date: Apr 2010
23-Apr-2010, 10:43 AM #5
ok ran the fix and kasperky scan came up clean. yea the combo was from last year when i clean her from a spyware and open it to see if it would scan the cpu. And i knew i would be busted when i posted the logs and it shows it haha. i do appreciate the help. Taking classes for computers now and would like to know if you could show me or tell me where in the logs was the dns hijack was . i know you guys do this alot and hope people do give you the thanks you deserve. Thanks

kaspersky report

KASPERSKY ONLINE SCANNER 7.0: scan report
Friday, April 23, 2010
Operating system: Microsoft (build 7600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, April 23, 2010 01:28:25
Records in database: 3969626
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
C:\
D:\
Scan statistics:
Objects scanned: 121374
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 01:31:46
No threats found. Scanned area is clean.
Selected area has been scanned.
NeonFx's Avatar
Senior Member with 4,811 posts.
 
Join Date: Oct 2008
Location: California, USA
23-Apr-2010, 12:02 PM #6
If you're interested in this kind of thing, see HERE. There are free internet schools where you can learn how to do all of this.

I saw this:

Quote:
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 63.148.157.2 63.148.157.3 205.171.3.65 ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapt ers\ ->
{3FF9F2B9-7C63-49D4-A9C5-72C2C9D48E53}\\DhcpNameServer -> 63.148.157.2 63.148.157.3 205.171.3.65 (Realtek RTL8191SE Wireless LAN 802.11n PCI-E NIC) ->

But it turns out that's not a DNS hijack after all. Those are legitimate name servers for FewPB.net. So I can't explain why her account information got stolen.

There are a lot of instances where passwords are brute forced. Make sure she chose a complicated password this time.





Do you have the results from the first step?


Also, do you notice any symptoms on the computer?
b33rman's Avatar
b33rman b33rman is offline
Junior Member with 7 posts.
THREAD STARTER
 
Join Date: Apr 2010
23-Apr-2010, 12:16 PM #7
i ran the fix and it did not produce a log or missed it was late hehe, but it went thru the fix and didnt see any error messages and did tell her to make a better password and havent notice any thing weird going on
NeonFx's Avatar
Senior Member with 4,811 posts.
 
Join Date: Oct 2008
Location: California, USA
23-Apr-2010, 12:17 PM #8
It should be saved like this:

C:\_OTS\MovedFiles\<date>_<time>.log


I just want to make sure it cleared out the restore points and emptied out the temp folders.
b33rman's Avatar
b33rman b33rman is offline
Junior Member with 7 posts.
THREAD STARTER
 
Join Date: Apr 2010
23-Apr-2010, 12:24 PM #9
oh yea i did see that log, you are correct sir hehe

All Processes Killed
[Registry - All]
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\\Dhcp NameServer updated successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Inter faces\{3FF9F2B9-7C63-49D4-A9C5-72C2C9D48E53}\\DhcpNameServer updated successfully.
[Files/Folders - Modified Within 30 Days]
C:\Users\deborah\AppData\Local\Temp\CR_3DF8.tmp folder deleted successfully.
C:\Users\deborah\AppData\Local\Temp\is-BCCN7.tmp folder deleted successfully.
C:\Users\deborah\AppData\Local\Temp\miaE773.tmp\data\mMSI.dll folder deleted successfully.
C:\Users\deborah\AppData\Local\Temp\miaE773.tmp\data\mIDEFunc.dll folder deleted successfully.
C:\Users\deborah\AppData\Local\Temp\miaE773.tmp\data\Microsoft Visual C++ Runtime 9.0 (includes ATL and MFC) Service Pack 1\mMSI.dll folder deleted successfully.
C:\Users\deborah\AppData\Local\Temp\miaE773.tmp\data\Microsoft Visual C++ Runtime 9.0 (includes ATL and MFC) Service Pack 1\mIDEFunc.dll folder deleted successfully.
C:\Users\deborah\AppData\Local\Temp\miaE773.tmp\data\Microsoft Visual C++ Runtime 9.0 (includes ATL and MFC) Service Pack 1\mFileBagIDE.dll\bag folder deleted successfully.
C:\Users\deborah\AppData\Local\Temp\miaE773.tmp\data\Microsoft Visual C++ Runtime 9.0 (includes ATL and MFC) Service Pack 1\mFileBagIDE.dll folder deleted successfully.
C:\Users\deborah\AppData\Local\Temp\miaE773.tmp\data\Microsoft Visual C++ Runtime 9.0 (includes ATL and MFC) Service Pack 1\mDown.dll folder deleted successfully.
C:\Users\deborah\AppData\Local\Temp\miaE773.tmp\data\Microsoft Visual C++ Runtime 9.0 (includes ATL and MFC) Service Pack 1\E7EE67AD\7F2C853E folder deleted successfully.
C:\Users\deborah\AppData\Local\Temp\miaE773.tmp\data\Microsoft Visual C++ Runtime 9.0 (includes ATL and MFC) Service Pack 1\E7EE67AD folder deleted successfully.
C:\Users\deborah\AppData\Local\Temp\miaE773.tmp\data\Microsoft Visual C++ Runtime 9.0 (includes ATL and MFC) Service Pack 1\E3088E88\43BE58CC folder deleted successfully.
C:\Users\deborah\AppData\Local\Temp\miaE773.tmp\data\Microsoft Visual C++ Runtime 9.0 (includes ATL and MFC) Service Pack 1\E3088E88 folder deleted successfully.
C:\Users\deborah\AppData\Local\Temp\miaE773.tmp\data\Microsoft Visual C++ Runtime 9.0 (includes ATL and MFC) Service Pack 1\C65ADEB\43BE58CC folder deleted successfully.
C:\Users\deborah\AppData\Local\Temp\miaE773.tmp\data\Microsoft Visual C++ Runtime 9.0 (includes ATL and MFC) Service Pack 1\C65ADEB folder deleted successfully.
C:\Users\deborah\AppData\Local\Temp\miaE773.tmp\data\Microsoft Visual C++ Runtime 9.0 (includes ATL and MFC) Service Pack 1\AEFB804C\DA20F286 folder deleted successfully.
C:\Users\deborah\AppData\Local\Temp\miaE773.tmp\data\Microsoft Visual C++ Runtime 9.0 (includes ATL and MFC) Service Pack 1\AEFB804C\7F5D295C folder deleted successfully.
C:\Users\deborah\AppData\Local\Temp\miaE773.tmp\data\Microsoft Visual C++ Runtime 9.0 (includes ATL and MFC) Service Pack 1\AEFB804C\762EFD72 folder deleted successfully.
C:\Users\deborah\AppData\Local\Temp\miaE773.tmp\data\Microsoft Visual C++ Runtime 9.0 (includes ATL and MFC) Service Pack 1\AEFB804C\75DE9269 folder deleted successfully.
C:\Users\deborah\AppData\Local\Temp\miaE773.tmp\data\Microsoft Visual C++ Runtime 9.0 (includes ATL and MFC) Service Pack 1\AEFB804C\6E4501E9 folder deleted successfully.
C:\Users\deborah\AppData\Local\Temp\miaE773.tmp\data\Microsoft Visual C++ Runtime 9.0 (includes ATL and MFC) Service Pack 1\AEFB804C\596E71E1 folder deleted successfully.
C:\Users\deborah\AppData\Local\Temp\miaE773.tmp\data\Microsoft Visual C++ Runtime 9.0 (includes ATL and MFC) Service Pack 1\AEFB804C\1886F5A5 folder deleted successfully.
C:\Users\deborah\AppData\Local\Temp\miaE773.tmp\data\Microsoft Visual C++ Runtime 9.0 (includes ATL and MFC) Service Pack 1\AEFB804C folder deleted successfully.
C:\Users\deborah\AppData\Local\Temp\miaE773.tmp\data\Microsoft Visual C++ Runtime 9.0 (includes ATL and MFC) Service Pack 1\9B3338A4\43BE58CC folder deleted successfully.
C:\Users\deborah\AppData\Local\Temp\miaE773.tmp\data\Microsoft Visual C++ Runtime 9.0 (includes ATL and MFC) Service Pack 1\9B3338A4 folder deleted successfully.
C:\Users\deborah\AppData\Local\Temp\miaE773.tmp\data\Microsoft Visual C++ Runtime 9.0 (includes ATL and MFC) Service Pack 1\8FFF62ED\6E4501E9 folder deleted successfully.
C:\Users\deborah\AppData\Local\Temp\miaE773.tmp\data\Microsoft Visual C++ Runtime 9.0 (includes ATL and MFC) Service Pack 1\8FFF62ED folder deleted successfully.
C:\Users\deborah\AppData\Local\Temp\miaE773.tmp\data\Microsoft Visual C++ Runtime 9.0 (includes ATL and MFC) Service Pack 1\89E1BD57\7F2C853E folder deleted successfully.
C:\Users\deborah\AppData\Local\Temp\miaE773.tmp\data\Microsoft Visual C++ Runtime 9.0 (includes ATL and MFC) Service Pack 1\89E1BD57 folder deleted successfully.
C:\Users\deborah\AppData\Local\Temp\miaE773.tmp\data\Microsoft Visual C++ Runtime 9.0 (includes ATL and MFC) Service Pack 1\4A37F04B\F2E0EF85 folder deleted successfully.
C:\Users\deborah\AppData\Local\Temp\miaE773.tmp\data\Microsoft Visual C++ Runtime 9.0 (includes ATL and MFC) Service Pack 1\4A37F04B\A443D009 folder deleted successfully.
C:\Users\deborah\AppData\Local\Temp\miaE773.tmp\data\Microsoft Visual C++ Runtime 9.0 (includes ATL and MFC) Service Pack 1\4A37F04B\A2A9C6FD folder deleted successfully.
C:\Users\deborah\AppData\Local\Temp\miaE773.tmp\data\Microsoft Visual C++ Runtime 9.0 (includes ATL and MFC) Service Pack 1\4A37F04B folder deleted successfully.
C:\Users\deborah\AppData\Local\Temp\miaE773.tmp\data\Microsoft Visual C++ Runtime 9.0 (includes ATL and MFC) Service Pack 1\469EA11E\373872A7 folder deleted successfully.
C:\Users\deborah\AppData\Local\Temp\miaE773.tmp\data\Microsoft Visual C++ Runtime 9.0 (includes ATL and MFC) Service Pack 1\469EA11E folder deleted successfully.
C:\Users\deborah\AppData\Local\Temp\miaE773.tmp\data\Microsoft Visual C++ Runtime 9.0 (includes ATL and MFC) Service Pack 1\2B0A5A8D\E9D763EF folder deleted successfully.
C:\Users\deborah\AppData\Local\Temp\miaE773.tmp\data\Microsoft Visual C++ Runtime 9.0 (includes ATL and MFC) Service Pack 1\2B0A5A8D\D7D50E5D folder deleted successfully.
C:\Users\deborah\AppData\Local\Temp\miaE773.tmp\data\Microsoft Visual C++ Runtime 9.0 (includes ATL and MFC) Service Pack 1\2B0A5A8D\AC74A713 folder deleted successfully.
C:\Users\deborah\AppData\Local\Temp\miaE773.tmp\data\Microsoft Visual C++ Runtime 9.0 (includes ATL and MFC) Service Pack 1\2B0A5A8D\8C625102 folder deleted successfully.
C:\Users\deborah\AppData\Local\Temp\miaE773.tmp\data\Microsoft Visual C++ Runtime 9.0 (includes ATL and MFC) Service Pack 1\2B0A5A8D\843E0CC1 folder deleted successfully.
C:\Users\deborah\AppData\Local\Temp\miaE773.tmp\data\Microsoft Visual C++ Runtime 9.0 (includes ATL and MFC) Service Pack 1\2B0A5A8D\7260BE80 folder deleted successfully.
C:\Users\deborah\AppData\Local\Temp\miaE773.tmp\data\Microsoft Visual C++ Runtime 9.0 (includes ATL and MFC) Service Pack 1\2B0A5A8D\36D61A47 folder deleted successfully.
C:\Users\deborah\AppData\Local\Temp\miaE773.tmp\data\Microsoft Visual C++ Runtime 9.0 (includes ATL and MFC) Service Pack 1\2B0A5A8D\1442CABE folder deleted successfully.
C:\Users\deborah\AppData\Local\Temp\miaE773.tmp\data\Microsoft Visual C++ Runtime 9.0 (includes ATL and MFC) Service Pack 1\2B0A5A8D folder deleted successfully.
C:\Users\deborah\AppData\Local\Temp\miaE773.tmp\data\Microsoft Visual C++ Runtime 9.0 (includes ATL and MFC) Service Pack 1\17BC26A1\A7C55609 folder deleted successfully.
C:\Users\deborah\AppData\Local\Temp\miaE773.tmp\data\Microsoft Visual C++ Runtime 9.0 (includes ATL and MFC) Service Pack 1\17BC26A1\97691E23 folder deleted successfully.
C:\Users\deborah\AppData\Local\Temp\miaE773.tmp\data\Microsoft Visual C++ Runtime 9.0 (includes ATL and MFC) Service Pack 1\17BC26A1\6F6C732A folder deleted successfully.
C:\Users\deborah\AppData\Local\Temp\miaE773.tmp\data\Microsoft Visual C++ Runtime 9.0 (includes ATL and MFC) Service Pack 1\17BC26A1\406C30D9 folder deleted successfully.
C:\Users\deborah\AppData\Local\Temp\miaE773.tmp\data\Microsoft Visual C++ Runtime 9.0 (includes ATL and MFC) Service Pack 1\17BC26A1 folder deleted successfully.
C:\Users\deborah\AppData\Local\Temp\miaE773.tmp\data\Microsoft Visual C++ Runtime 9.0 (includes ATL and MFC) Service Pack 1\148640A1\29F5DB39 folder deleted successfully.
C:\Users\deborah\AppData\Local\Temp\miaE773.tmp\data\Microsoft Visual C++ Runtime 9.0 (includes ATL and MFC) Service Pack 1\148640A1 folder deleted successfully.
C:\Users\deborah\AppData\Local\Temp\miaE773.tmp\data\Microsoft Visual C++ Runtime 9.0 (includes ATL and MFC) Service Pack 1 folder deleted successfully.
C:\Users\deborah\AppData\Local\Temp\miaE773.tmp\data folder deleted successfully.
C:\Users\deborah\AppData\Local\Temp\miaE773.tmp folder deleted successfully.
C:\Users\deborah\AppData\Local\Temp\~nsu.tmp folder deleted successfully.
C:\windows\Temp\coF5FDA.tmp deleted successfully.
C:\windows\Temp\coFBC6C.tmp deleted successfully.
C:\windows\Temp\CR_6F47.tmp\SETUP_PATCH.PACKED.7Z deleted successfully.
C:\windows\Temp\CR_6F47.tmp folder deleted successfully.
C:\windows\Temp\CR_7647.tmp\SETUP_PATCH.PACKED.7Z deleted successfully.
C:\windows\Temp\CR_7647.tmp folder deleted successfully.
C:\windows\Temp\CR_9D48.tmp\SETUP_PATCH.PACKED.7Z deleted successfully.
C:\windows\Temp\CR_9D48.tmp folder deleted successfully.
C:\windows\Temp\CR_BA22.tmp\SETUP_PATCH.PACKED.7Z deleted successfully.
C:\windows\Temp\CR_BA22.tmp folder deleted successfully.
C:\windows\Temp\DMI1CC3.tmp deleted successfully.
C:\windows\Temp\DMI1E2A.tmp deleted successfully.
C:\windows\Temp\DMI1F33.tmp deleted successfully.
C:\windows\Temp\DMI3957.tmp deleted successfully.
C:\windows\Temp\DMI848A.tmp deleted successfully.
C:\windows\Temp\DMI9462.tmp deleted successfully.
C:\windows\Temp\DMIC63B.tmp deleted successfully.
C:\windows\Temp\ds8165.tmp deleted successfully.
C:\windows\Temp\GUR559E.tmp deleted successfully.
C:\windows\Temp\GUR61AE.tmp deleted successfully.
C:\windows\Temp\GUR6CC6.tmp deleted successfully.
C:\windows\Temp\sub261A.tmp deleted successfully.
C:\windows\Temp\TS_D355.tmp deleted successfully.
C:\windows\Temp\UDD5F03.tmp deleted successfully.
C:\windows\Temp\UDDC90D.tmp deleted successfully.
C:\windows\Temp\UDDC90E.tmp deleted successfully.
C:\windows\Temp\UDDC90F.tmp deleted successfully.
C:\windows\Temp\UDDC910.tmp deleted successfully.
C:\windows\Temp\UDDC911.tmp deleted successfully.
C:\windows\Temp\UDDC912.tmp deleted successfully.
C:\windows\Temp\UDDC913.tmp deleted successfully.
C:\windows\Temp\UDDF1D4.tmp deleted successfully.
C:\windows\Temp\UDDF1D5.tmp deleted successfully.
C:\windows\msdownld.tmp folder deleted successfully.
[Empty Temp Folders]


User: All Users

User: deborah
->Temp folder emptied: 35341438 bytes
->Temporary Internet Files folder emptied: 38590484 bytes
->Java cache emptied: 11243 bytes
->FireFox cache emptied: 21570721 bytes
->Google Chrome cache emptied: 6138516 bytes
->Flash cache emptied: 55667 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3362669 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows \Temporary Internet Files folder emptied: 67630 bytes
RecycleBin emptied: 30031609 bytes

Total Files Cleaned = 129.00 mb


[EMPTYFLASH]

User: All Users

User: deborah
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb

< End of fix log >
OTS by OldTimer - Version 3.1.29.0 fix logfile created on 04232010_022434
Files\Folders moved on Reboot...
C:\Users\deborah\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
NeonFx's Avatar
Senior Member with 4,811 posts.
 
Join Date: Oct 2008
Location: California, USA
23-Apr-2010, 12:32 PM #10
Could you make sure the internet is working on that computer? I want to make sure I didn't break it by resetting the DNS servers.

Try visiting a website you've never visited before:

http://www.digg.com/
http://www.friv.com/
http://www.forospyware.com/
b33rman's Avatar
b33rman b33rman is offline
Junior Member with 7 posts.
THREAD STARTER
 
Join Date: Apr 2010
23-Apr-2010, 12:46 PM #11
yep the internet is working.
NeonFx's Avatar
Senior Member with 4,811 posts.
 
Join Date: Oct 2008
Location: California, USA
23-Apr-2010, 12:49 PM #12
Excellent. Let's cleanup.


STEP 1

To clean up OldTimer's tools, along with a few others, do the following:
  • Run OTS.exe by double clicking on it
  • Click on the "CleanUp" button on the top.
  • You will be asked if you wish to reboot your system, select "Yes"

STEP 2

Remove any other tools or files we used by right-clicking on them or any folders they created, hold down the Shift key, and select "Delete" by clicking on it. This will delete the files without sending them to the RecycleBin.

You can also uninstall the other programs (HijackThis or MalwareBytes if we used them) by going to Start > Control Panel > Add/Remove programs (The Control Panel is different in different versions of Windows. It will be Programs and Features in Vista and Programs > Uninstall a Program in 7)

You might want to keep MalwareBytes AntiMalware though and that's fine Make sure you update it before you run the scans in the future.

All Clean

Congratulations!, , your system is now clean. Now that your system is safe we would like you to keep it that way. Take the time to follow these instructions and it will greatly reduce the risk of further infections and greatly diminish the chances of you having to visit here again.

Microsoft Windows Update
Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Install the updates immediately if they are found.
To update Windows
Go to (Start) > (All) Programs > Windows Update
To update Office
Open up any Office program.
Go to Help > Check for Updates


Install WinPatrol
Download it HERE
You can find information about how WinPatrol works HERE and HERE

Note: This program will work alongside all other security programs without conflicts. It might ask you to allow certain actions that security programs perform often, but if you tell Scotty to remember the action by checking the option, the alerts will lessen.

Other Software Updates
It is very important to update the other software on your computer to patch up any security issues you may have. Go HERE to scan your computer for any out of date software. In particular make sure you download the updates for Java and Adobe as these are subject to many security vulnerabilities.

Setting up Automatic Updates
So that it is not necessary to have to remember to update your computer regularly (something very important to securing your system), automatic updates should be configured on your computer. Microsoft has guides for XP and Vista on how to do this. See HERE for Windows 7.

Read further information HERE, HERE, and HERE on how to prevent Malware infections and keep yourself clean.






Please mark this thread as Solved by clicking on the button at the top of this page. Let me know if you need anything else.
b33rman's Avatar
b33rman b33rman is offline
Junior Member with 7 posts.
THREAD STARTER
 
Join Date: Apr 2010
23-Apr-2010, 01:20 PM #13
Thanks for the help. You guys are a great help. will mark solved thanks again
NeonFx's Avatar
Senior Member with 4,811 posts.
 
Join Date: Oct 2008
Location: California, USA
23-Apr-2010, 02:50 PM #14
Sure thing
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


Similar Threads
Title Thread Starter Forum Replies Last Post
Friend's laptop is sending spam emails.. chrisfixit General Security 10 26-Mar-2010 03:16 AM
I think someone has hacked my mum's email and is sending spam, help please! Eddey Web & Email 5 03-Sep-2009 05:44 PM
Solved: My computer sending out spam?? arrgg2007 Virus & Other Malware Removal 10 01-Oct-2007 07:52 PM
My computer is sending spams rafi1968 Virus & Other Malware Removal 19 07-Jan-2007 10:29 PM
My Computer is Sending Spam by the Hundreds!!! Tollerguy Virus & Other Malware Removal 10 17-Dec-2005 09:55 AM

WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑

Content Relevant URLs by vBSEO 3.3.2