View Full Version : Storage devices attaching!
Hello, I've had a lot of problems with storage devices attaching themselves to my computer, so not knowing what else to do, I reset my laptop to factory settings and reinstalled an internet security program (this time, Norton).
Less than an hour after doing that, Norton logged a bunch of portscans and some unauthorized access to itself. The portscans looked like they originated from my own computer, so clearly I still have problems.:sad:
Please Help me!
Here is my HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:20:31 PM, on 3/11/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18385)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Toshiba Registration\Registration.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [cfFncEnabler.exe] cfFncEnabler.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [jswtrayutil] "C:\Program Files (x86)\Jumpstart\jswtrayutil.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [1600818151] C:\Program Files (x86)\Toshiba Registration\Registration.exe /r "C:\Program Files (x86)\Toshiba Registration\Registration.rpd"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:\Windows\system32\agr64svc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ConfigFree Gadget Service - TOSHIBA Corporation. - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files (x86)\Jumpstart\jswpsapi.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 8735 bytes
Dakeyras
2010-03-17, 16:00
Hi,
I apologise for the delay, the forum is very busy.
If you still require assistance please acknowledge this post.
I do not need to review a new HijackThis log however as it appears you are using a 64 bit Operating System.
Hi Dakeyras,
I still need help. Any assistance would be appreciated!
Dakeyras
2010-03-17, 23:37
Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.
If you think you have similar problems, please post a log in the HJT forum and wait for help.
Hi Wayne50 and welcome to Safer Networking. :)
I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:
I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for this issue on this machine!.
The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
If you don't know, stop and ask! Don't keep going on.
Please reply to this thread. Do not start a new topic.
Refrain from running self fixes as this will hinder the malware removal process.
It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Vista Advice:
All applications I ask to be used will require to be run in Administrator mode. IE: Right click on and select Run as Administrator.
The Operating System(Vista aka Windows 6) in use comes with a inbuilt utility called User Access Control(UAC) when prompted by this with anything I ask you to do carry out please select the option Allow.
64bit Operating System Advice:
Your log shows signs that this is a 64 bit machine. Most of the tools we use don't run on 64 bit machines, so the help I can offer is limited.
HijackThis was not made to run on a 64 bit system like yours and it's scan results can not be relied upon. I'm going to need you to run a different scan for me.
Scan with OTL:
Please download OTL (http://oldtimer.geekstogo.com/OTL.exe) and save it to your Desktop.
Right-click on OTL.exe and select Run as Administrator to start OTL.
Ensure Include 64bit Scans is selected.
Under Output, ensure that Minimal Output is selected.
Under Extra Registry section, select Use SafeList.
Click the Scan All Users checkbox.
Click on Run Scan at the top left hand corner.
When done, two Notepad files will open.
OTL.txt <-- Will be opened
Extra.txt <-- Will be minimized
Please post the contents of these 2 Notepad files in your next reply.
When completed the above, please post back the following in the order asked for:
How is you computer performing now, any further symptoms and or problems encountered?
Both OTL logs. <-- Post them individually please, IE: one Log per post/reply.
Thank you for your response!
I am still being port scanned.
Here are my logs:
OTL logfile created on: 3/18/2010 1:17:08 AM - Run 1
OTL by OldTimer - Version 3.1.37.2 Folder = c:\Users\PC\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 33.00% Memory free
8.00 Gb Paging File | 5.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288.55 Gb Total Space | 223.79 Gb Free Space | 77.56% Space Free | Partition Type: NTFS
Drive D: | 106.68 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: PC-PC
Current User Name: PC
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - c:\Users\PC\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Toshiba Registration\Registration.exe (DataLode, Inc.)
PRC - C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe ()
PRC - C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
PRC - C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe (TOSHIBA Corporation.)
PRC - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
========== Modules (SafeList) ==========
MOD - c:\Users\PC\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\asoehook.dll (Symantec Corporation)
MOD - C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\microsoft.vc90.crt\msvcr90.dll (Microsoft Corporation)
MOD - C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\microsoft.vc90.crt\msvcp90.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\GdiPlus.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\wpdshext.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\fontext.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV:[b]64bit: - (SmartFaceVWatchSrv) -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe (Toshiba)
SRV:64bit: - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AgereModemAudio) -- C:\Windows\SysNative\agr64svc.exe ()
SRV:64bit: - (TOSHIBA SMART Log Service) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe ()
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe (Symantec Corporation)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (TMachInfo) -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (TNaviSrv) -- C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (ConfigFree Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (jswpsapi) -- C:\Program Files (x86)\Jumpstart\jswpsapi.exe (Atheros Communications, Inc.)
SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (ConfigFree Gadget Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe (TOSHIBA Corporation.)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2006/11/02 05:34:14 | 000,000,000 | ---D | M]
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (VSS) -- C:\Windows\SysWOW64\wbem\vss.mof ()
SRV - (UleadBurningHelper) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (IDriverT) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS ()
DRV:64bit: - (ccHP) -- C:\Windows\SysNative\drivers\NISx64\1105000.07F\ccHPx64.sys ()
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\Drivers\NISx64\1105000.07F\SRTSP64.SYS ()
DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\NISx64\1105000.07F\SRTSPX64.SYS ()
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1105000.07F\SYMEFA64.SYS ()
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1105000.07F\Ironx64.SYS ()
DRV:64bit: - (SYMTDIv) -- C:\Windows\SysNative\Drivers\NISx64\1105000.07F\SYMTDIV.SYS ()
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1105000.07F\SYMDS64.SYS ()
DRV:64bit: - (athr) -- C:\Windows\SysNative\DRIVERS\athrx.sys ()
DRV:64bit: - (tos_sps64) -- C:\Windows\SysNative\DRIVERS\tos_sps64.sys ()
DRV:64bit: - (igfx) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys ()
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\DRIVERS\iaStor.sys ()
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys ()
DRV:64bit: - (RTSTOR) -- C:\Windows\SysNative\drivers\RTSTOR64.SYS ()
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\DRIVERS\agrsm64.sys ()
DRV:64bit: - (usbvideo) -- C:\Windows\SysNative\Drivers\usbvideo.sys ()
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\DRIVERS\usb8023x.sys ()
DRV:64bit: - (CmBatt) -- C:\Windows\SysNative\DRIVERS\CmBatt.sys ()
DRV:64bit: - (UVCFTR) -- C:\Windows\SysNative\Drivers\UVCFTR_S.SYS ()
DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\DRIVERS\tdcmdpst.sys ()
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys ()
DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\DRIVERS\TVALZ_O.SYS ()
DRV:64bit: - (FwLnk) -- C:\Windows\SysNative\DRIVERS\FwLnk.sys ()
DRV:64bit: - (KR10N64) -- C:\Windows\SysNative\drivers\kr10n64.sys ()
DRV:64bit: - (KR10I64) -- C:\Windows\SysNative\drivers\kr10i64.sys ()
DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys ()
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100317.021\EX64.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100317.021\ENG64.SYS (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100211.001\BHDrvx64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100312.001\IDSviA64.sys (Symantec Corporation)
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-692173446-2600856224-2905154775-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKU\S-1-5-21-692173446-2600856224-2905154775-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\S-1-5-21-692173446-2600856224-2905154775-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-692173446-2600856224-2905154775-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.5
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2010/03/01 17:52:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2010/03/01 20:49:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/03/01 19:37:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/03/03 05:40:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\SeaMonkey 2.0.3\extensions\\Components: C:\Program Files (x86)\SeaMonkey\components [2010/03/01 18:12:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\SeaMonkey 2.0.3\extensions\\Plugins: C:\Program Files (x86)\SeaMonkey\plugins [2010/03/01 18:12:16 | 000,000,000 | ---D | M]
[2010/03/01 19:37:52 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Mozilla\Extensions
[2010/03/01 18:15:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PC\AppData\Roaming\Mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
[2010/03/15 00:52:16 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\ufg2zfjx.default\extensions
[2010/03/04 11:37:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\ufg2zfjx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/01 18:15:11 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Mozilla\SeaMonkey\Profiles\ewyb2jz8.default\extensions
[2010/03/01 19:37:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
O1 HOSTS File: ([2006/09/18 13:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\ipsbho.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe ()
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [cfFncEnabler.exe] File not found
O4 - HKLM..\Run: [jswtrayutil] C:\Program Files (x86)\Jumpstart\jswtrayutil.exe File not found
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-692173446-2600856224-2905154775-1000..\Run: [1600818151] C:\Program Files (x86)\Toshiba Registration\Registration.exe (DataLode, Inc.)
O4 - HKU\S-1-5-21-692173446-2600856224-2905154775-1000..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 206.223.192.11 206.223.192.10 205.238.26.97
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll ()
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010/03/14 04:03:06 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshhttp.dll
[2010/03/14 04:02:59 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\httpapi.dll
[2010/03/13 22:49:55 | 001,954,640 | ---- | C] (PeerBlock, LLC ) -- C:\Users\PC\Desktop\PeerBlock-Setup_v1.0.0.r181.exe
[2010/03/13 21:36:24 | 000,000,000 | ---D | C] -- C:\Users\PC\Desktop\New Folder
[2010/03/13 03:29:05 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Tific
[2010/03/12 14:56:10 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/03/12 14:55:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/03/11 15:11:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/03/06 21:57:29 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\TOSHIBA
[2010/03/03 05:07:34 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mimefilt.dll
[2010/03/03 05:07:34 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msshooks.dll
[2010/03/03 05:07:33 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscb.dll
[2010/03/03 05:07:31 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\chsbrkr.dll
[2010/03/03 05:07:31 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssitlb.dll
[2010/03/03 05:07:31 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\propdefs.dll
[2010/03/03 05:07:31 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msstrc.dll
[2010/03/03 05:07:30 | 000,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\thawbrkr.dll
[2010/03/03 05:07:30 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msshsq.dll
[2010/03/03 05:07:30 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\offfilt.dll
[2010/03/03 05:07:30 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\korwbrkr.dll
[2010/03/03 05:07:30 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssprxy.dll
[2010/03/03 05:07:29 | 006,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\chtbrkr.dll
[2010/03/03 05:07:29 | 001,582,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2010/03/03 05:07:29 | 001,418,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2010/03/03 05:07:29 | 000,670,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2010/03/03 05:07:29 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2010/03/03 05:07:29 | 000,203,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssphtb.dll
[2010/03/03 05:07:29 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nlhtml.dll
[2010/03/03 05:07:29 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll
[2010/03/03 05:07:29 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xmlfilter.dll
[2010/03/03 05:07:29 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtffilt.dll
[2010/03/03 04:24:43 | 000,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\infocardcpl.cpl
[2010/03/03 04:24:37 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardres.dll
[2010/03/03 04:24:36 | 000,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationNative_v0300.dll
[2010/03/03 04:24:36 | 000,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll
[2010/03/03 04:24:35 | 000,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardagt.exe
[2010/03/03 04:24:35 | 000,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\infocardapi.dll
[2010/03/03 04:24:27 | 000,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2010/03/03 04:24:24 | 000,326,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe
[2010/03/03 04:16:48 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll
[2010/03/03 04:16:33 | 000,096,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2010/03/03 04:16:12 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscorier.dll
[2010/03/03 04:16:08 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscories.dll
[2010/03/02 11:06:29 | 012,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\NlsLexicons0007.dll
[2010/03/02 11:06:25 | 002,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\NlsLexicons0009.dll
[2010/03/02 11:06:11 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\NaturalLanguage6.dll
[2010/03/02 10:42:46 | 000,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMNetMgr.dll
[2010/03/02 10:42:45 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\logagent.exe
[2010/03/02 10:40:38 | 010,624,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010/03/02 10:40:37 | 000,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\unregmp2.exe
[2010/03/02 10:40:33 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010/03/02 10:39:48 | 001,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\connect.dll
[2010/03/02 10:39:46 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2010/03/02 10:39:45 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvfw32.dll
[2010/03/02 10:39:45 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll
[2010/03/02 10:39:45 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciavi32.dll
[2010/03/02 10:39:45 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avicap32.dll
[2010/03/02 10:39:38 | 000,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2010/03/02 10:39:37 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2010/03/02 10:39:36 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2010/03/02 10:39:33 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2010/03/02 10:39:33 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2010/03/02 10:38:35 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll
[2010/03/02 10:38:34 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
[2010/03/02 10:38:00 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010/03/02 10:38:00 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010/03/02 10:38:00 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2010/03/02 10:38:00 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dciman32.dll
[2010/03/02 10:37:53 | 000,636,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\localspl.dll
[2010/03/02 10:37:45 | 000,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMSPDMOD.DLL
[2010/03/02 10:37:44 | 000,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2010/03/02 10:37:11 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\raschap.dll
[2010/03/02 10:37:11 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rastls.dll
[2010/03/02 10:37:07 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\amxread.dll
[2010/03/02 10:37:07 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apilogen.dll
[2010/03/02 10:35:45 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceApi.dll
[2010/03/02 10:35:15 | 002,066,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2010/03/02 10:35:09 | 000,272,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\polstore.dll
[2010/03/02 10:35:09 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winipsec.dll
[2010/03/02 10:35:09 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FwRemoteSvr.dll
[2010/03/02 10:35:05 | 000,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2010/03/02 10:34:59 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sdohlp.dll
[2010/03/02 10:34:59 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iasrecst.dll
[2010/03/02 10:34:59 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iasads.dll
[2010/03/02 10:34:59 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iasdatastore.dll
[2010/03/02 10:34:59 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iashost.exe
[2010/03/02 10:33:50 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2010/03/02 10:33:50 | 000,511,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2010/03/02 10:33:50 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2010/03/02 10:33:50 | 000,472,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2010/03/02 10:33:50 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2010/03/02 10:33:50 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2010/03/02 10:33:49 | 000,329,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdrm.dll
[2010/03/02 10:33:49 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2010/03/02 10:33:49 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2010/03/02 10:30:46 | 002,452,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2010/03/02 10:30:37 | 000,833,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2010/03/02 10:30:37 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2010/03/02 10:30:35 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2010/03/02 10:30:34 | 000,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/03/02 10:30:34 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2010/03/02 10:30:33 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010/03/02 10:30:33 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2010/03/02 10:30:33 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/03/02 10:30:33 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2010/03/02 10:30:32 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstime.dll
[2010/03/02 10:30:32 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieencode.dll
[2010/03/02 10:30:32 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll
[2010/03/02 10:29:06 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2010/03/02 10:29:01 | 003,080,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010/03/02 10:29:00 | 002,927,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2010/03/02 10:28:42 | 002,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVCORE.DLL
[2010/03/02 10:28:41 | 002,868,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2010/03/02 10:28:15 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpeffects.dll
[2010/03/02 10:28:13 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbscript.dll
[2010/03/02 10:28:13 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrobj.dll
[2010/03/02 10:28:13 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrrun.dll
[2010/03/02 10:28:13 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshom.ocx
[2010/03/02 10:28:13 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cscript.exe
[2010/03/02 10:28:13 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshext.dll
[2010/03/02 10:28:05 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netiohlp.dll
[2010/03/02 10:28:05 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\NETSTAT.EXE
[2010/03/02 10:28:04 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ARP.EXE
[2010/03/02 10:28:04 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ROUTE.EXE
[2010/03/02 10:28:04 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2010/03/02 10:28:04 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRINFO.EXE
[2010/03/02 10:28:04 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\finger.exe
[2010/03/02 10:28:04 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TCPSVCS.EXE
[2010/03/02 10:28:04 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\HOSTNAME.EXE
[2010/03/02 10:26:25 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dataclen.dll
[2010/03/02 10:26:19 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\traffic.dll
[2010/03/02 10:26:19 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pacerprf.dll
[2010/03/02 10:26:19 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshqos.dll
[2010/03/02 10:26:16 | 000,562,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdtcprx.dll
[2010/03/02 10:26:15 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xolehlp.dll
[2010/03/02 10:26:06 | 000,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpdxm.dll
[2010/03/02 10:26:05 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spwmp.dll
[2010/03/02 10:26:05 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdxm.ocx
[2010/03/02 10:26:05 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxmasf.dll
[2010/03/02 10:26:04 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdxm.tlb
[2010/03/02 10:26:04 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\amcompat.tlb
[2010/03/02 10:24:45 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Faultrep.dll
[2010/03/02 10:24:43 | 000,712,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WindowsCodecs.dll
[2010/03/02 10:24:43 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PhotoMetadataHandler.dll
[2010/03/02 10:24:43 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WindowsCodecsExt.dll
[2010/03/02 10:24:39 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlansec.dll
[2010/03/02 10:24:39 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlanmsm.dll
[2010/03/02 10:24:39 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\L2SecHC.dll
[2010/03/02 10:02:38 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\Adobe
[2010/03/01 22:10:06 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2010/03/01 22:10:06 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010/03/01 22:10:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
[2010/03/01 22:09:37 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2010/03/01 20:42:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64\1105000.07F
[2010/03/01 20:35:04 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Apple Computer
[2010/03/01 20:35:04 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\Apple Computer
[2010/03/01 20:34:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safari
[2010/03/01 20:34:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/03/01 20:34:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2010/03/01 20:34:12 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\Apple
[2010/03/01 20:34:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2010/03/01 20:34:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010/03/01 19:37:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2010/03/01 18:27:02 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\skypePM
[2010/03/01 18:24:09 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Skype
[2010/03/01 18:24:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2010/03/01 18:23:59 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2010/03/01 18:23:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010/03/01 18:15:43 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/03/01 18:15:09 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\Mozilla
[2010/03/01 18:15:08 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Mozilla
[2010/03/01 18:12:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SeaMonkey
[2010/03/01 18:06:06 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Macromedia
[2010/03/01 18:06:06 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Adobe
[2010/03/01 18:05:52 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Google
[2010/03/01 17:57:36 | 000,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2010/03/01 17:57:36 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2010/03/01 17:57:36 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2010/03/01 17:57:25 | 000,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2010/03/01 17:57:25 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2010/03/01 17:52:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/03/01 17:52:45 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/03/01 17:51:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64
[2010/03/01 17:51:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security
[2010/03/01 17:46:48 | 000,000,000 | ---D | C] -- C:\ProgramData\PCSettings
[2010/03/01 17:46:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010/03/01 17:36:45 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010/03/01 17:36:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2010/03/01 17:33:30 | 000,000,000 | R--D | C] -- C:\Users\PC\Desktop\Extras
[2010/03/01 17:32:47 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Symantec
[2010/03/01 17:32:44 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\Toshiba
[2010/03/01 17:31:59 | 000,000,000 | R--D | C] -- C:\Users\PC\Searches
[2010/03/01 17:31:17 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Identities
[2010/03/01 17:31:13 | 000,000,000 | R--D | C] -- C:\Users\PC\Contacts
[2010/03/01 17:31:10 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\VirtualStore
[2010/03/01 17:31:01 | 000,000,000 | --SD | C] -- C:\Users\PC\AppData\Roaming\Microsoft
[2010/03/01 17:31:01 | 000,000,000 | R--D | C] -- C:\Users\PC\Videos
[2010/03/01 17:31:01 | 000,000,000 | R--D | C] -- C:\Users\PC\Saved Games
[2010/03/01 17:31:01 | 000,000,000 | R--D | C] -- C:\Users\PC\Pictures
[2010/03/01 17:31:01 | 000,000,000 | R--D | C] -- C:\Users\PC\Music
[2010/03/01 17:31:01 | 000,000,000 | R--D | C] -- C:\Users\PC\Links
[2010/03/01 17:31:01 | 000,000,000 | R--D | C] -- C:\Users\PC\Favorites
[2010/03/01 17:31:01 | 000,000,000 | R--D | C] -- C:\Users\PC\Downloads
[2010/03/01 17:31:01 | 000,000,000 | R--D | C] -- C:\Users\PC\Documents
[2010/03/01 17:31:01 | 000,000,000 | R--D | C] -- C:\Users\PC\Desktop
[2010/03/01 17:31:01 | 000,000,000 | -HSD | C] -- C:\Users\PC\AppData\Local\Temporary Internet Files
[2010/03/01 17:31:01 | 000,000,000 | -HSD | C] -- C:\Users\PC\Templates
[2010/03/01 17:31:01 | 000,000,000 | -HSD | C] -- C:\Users\PC\Start Menu
[2010/03/01 17:31:01 | 000,000,000 | -HSD | C] -- C:\Users\PC\SendTo
[2010/03/01 17:31:01 | 000,000,000 | -HSD | C] -- C:\Users\PC\Recent
[2010/03/01 17:31:01 | 000,000,000 | -HSD | C] -- C:\Users\PC\PrintHood
[2010/03/01 17:31:01 | 000,000,000 | -HSD | C] -- C:\Users\PC\NetHood
[2010/03/01 17:31:01 | 000,000,000 | -HSD | C] -- C:\Users\PC\Documents\My Videos
[2010/03/01 17:31:01 | 000,000,000 | -HSD | C] -- C:\Users\PC\Documents\My Pictures
[2010/03/01 17:31:01 | 000,000,000 | -HSD | C] -- C:\Users\PC\Documents\My Music
[2010/03/01 17:31:01 | 000,000,000 | -HSD | C] -- C:\Users\PC\My Documents
[2010/03/01 17:31:01 | 000,000,000 | -HSD | C] -- C:\Users\PC\Local Settings
[2010/03/01 17:31:01 | 000,000,000 | -HSD | C] -- C:\Users\PC\AppData\Local\History
[2010/03/01 17:31:01 | 000,000,000 | -HSD | C] -- C:\Users\PC\Cookies
[2010/03/01 17:31:01 | 000,000,000 | -HSD | C] -- C:\Users\PC\Application Data
[2010/03/01 17:31:01 | 000,000,000 | -HSD | C] -- C:\Users\PC\AppData\Local\Application Data
[2010/03/01 17:31:01 | 000,000,000 | -H-D | C] -- C:\Users\PC\AppData
[2010/03/01 17:31:01 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\Temp
[2010/03/01 17:31:01 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\Microsoft
[2010/03/01 17:31:01 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Media Center Programs
[2010/03/01 15:17:21 | 000,000,000 | ---D | C] -- C:\DOCS
[2010/03/01 15:12:40 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2010/03/01 15:12:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Toshiba Shared
[2010/03/01 15:08:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Jumpstart
[2010/03/01 15:06:34 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\nn-NO
[2010/03/01 15:06:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Atheros
[2010/03/01 15:06:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco
[2010/03/01 15:06:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros
[2010/03/01 15:03:37 | 000,000,000 | ---D | C] -- C:\Program Files\Camera Assistant Software for Toshiba
[2010/03/01 15:02:11 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2010/03/01 14:59:48 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ENU
[2010/03/01 14:59:46 | 001,034,776 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\imsmudlg.exe
[2010/03/01 14:56:38 | 000,491,520 | ---- | C] (Toshiba Corporation) -- C:\Windows\SysWow64\cselect.exe
[2010/03/01 14:56:38 | 000,000,000 | ---D | C] -- C:\Program Files\ltmoh
[2010/03/01 14:56:37 | 000,050,752 | ---- | C] (Agere Systems) -- C:\Windows\agrsmdel.exe
[2010/03/01 14:56:37 | 000,029,184 | ---- | C] (Agere Systems) -- C:\Windows\agrdel64.exe
[2010/03/01 14:56:09 | 000,000,000 | ---D | C] -- C:\Windows\Options
[2010/03/01 14:54:52 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2010/03/01 14:54:22 | 000,525,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll
[2010/03/01 14:54:21 | 006,156,288 | ---- | C] (Realtek Semiconductor) -- C:\Windows\RAVCpl64.exe
[2010/03/01 14:54:21 | 001,826,816 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SkyTel.exe
[2010/03/01 14:54:21 | 001,364,480 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlUpd64.exe
[2010/03/01 14:54:20 | 000,520,192 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2010/03/01 14:54:20 | 000,315,392 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\HideWin.exe
[2010/03/01 14:51:08 | 000,920,088 | ---- | C] (Intel® Corporation) -- C:\Windows\SysWow64\igxpun.exe
[2010/03/01 14:51:08 | 000,319,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\difxapi.dll
[2010/03/01 14:51:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\x64
[2010/03/01 14:51:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Lang
[2010/03/01 14:47:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office Suite Activation Assistant
[2010/03/01 14:44:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2010/03/01 14:44:01 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/03/01 14:44:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2010/03/01 14:42:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/03/01 14:42:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2010/03/01 14:39:44 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/03/01 14:39:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2010/03/01 14:38:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2010/03/01 14:31:34 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010/03/01 14:27:18 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010/03/18 01:17:08 | 002,097,152 | -HS- | M] () -- C:\Users\PC\NTUSER.DAT
[2010/03/18 00:29:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/17 08:33:47 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/17 08:33:47 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/17 03:00:37 | 002,329,646 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1105000.07F\Cat.DB
[2010/03/17 01:58:21 | 000,000,734 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.new
[2010/03/15 18:25:41 | 000,010,177 | ---- | M] () -- C:\Users\PC\Desktop\Budget cuts.docx
[2010/03/15 18:05:51 | 000,140,664 | ---- | M] () -- C:\Users\PC\Desktop\West, South, Final Four.jpg
[2010/03/15 18:03:01 | 000,151,351 | ---- | M] () -- C:\Users\PC\Desktop\Midwest, East, Championship.jpg
[2010/03/15 18:00:54 | 000,118,502 | ---- | M] () -- C:\Users\PC\Desktop\Final Four.jpg
[2010/03/15 17:58:35 | 000,118,929 | ---- | M] () -- C:\Users\PC\Desktop\South.jpg
[2010/03/15 17:54:52 | 000,118,235 | ---- | M] () -- C:\Users\PC\Desktop\East.jpg
[2010/03/15 17:50:01 | 000,117,642 | ---- | M] () -- C:\Users\PC\Desktop\West.jpg
[2010/03/15 17:44:42 | 000,118,576 | ---- | M] () -- C:\Users\PC\Desktop\Midwest.jpg
[2010/03/14 04:34:23 | 000,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/03/14 04:34:23 | 000,595,684 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/03/14 04:34:23 | 000,101,350 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/03/14 04:27:22 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/14 04:27:08 | 4156,551,168 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/14 04:25:52 | 000,524,288 | -HS- | M] () -- C:\Users\PC\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2010/03/14 04:25:52 | 000,065,536 | -HS- | M] () -- C:\Users\PC\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2010/03/14 04:25:50 | 001,951,193 | -H-- | M] () -- C:\Users\PC\AppData\Local\IconCache.db
[2010/03/13 22:52:26 | 001,954,640 | ---- | M] (PeerBlock, LLC ) -- C:\Users\PC\Desktop\PeerBlock-Setup_v1.0.0.r181.exe
[2010/03/13 21:46:51 | 000,047,408 | ---- | M] () -- C:\Users\PC\Desktop\img009 - Copy.jpg
[2010/03/13 21:35:29 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdRapi_01_00_00.Wdf
[2010/03/12 14:55:13 | 000,000,774 | ---- | M] () -- C:\Users\PC\Desktop\NTREGOPT.lnk
[2010/03/12 14:55:13 | 000,000,755 | ---- | M] () -- C:\Users\PC\Desktop\ERUNT.lnk
[2010/03/11 15:11:52 | 000,001,939 | ---- | M] () -- C:\Users\PC\Desktop\HijackThis.lnk
[2010/03/10 03:28:46 | 000,103,781 | ---- | M] () -- C:\Users\PC\Desktop\screen 4.jpg
[2010/03/10 03:28:06 | 000,003,584 | ---- | M] () -- C:\Users\PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/10 03:19:37 | 000,095,422 | ---- | M] () -- C:\Users\PC\Desktop\screen 3.jpg
[2010/03/08 12:40:40 | 000,068,703 | ---- | M] () -- C:\Users\PC\Desktop\img026.jpg
[2010/03/07 12:10:03 | 000,000,000 | -H-- | M] () -- C:\Users\PC\Documents\Default.rdp
[2010/03/05 19:48:28 | 000,036,004 | ---- | M] () -- C:\Users\PC\Desktop\img025.jpg
[2010/03/05 01:54:24 | 000,001,773 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2010/03/05 01:54:24 | 000,001,771 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/03/03 05:40:32 | 000,083,304 | ---- | M] () -- C:\Users\PC\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/03/03 05:37:02 | 000,322,936 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/03/02 10:52:13 | 000,156,220 | ---- | M] () -- C:\Users\PC\Desktop\screen pic2.jpg
[2010/03/02 10:49:48 | 000,102,365 | ---- | M] () -- C:\Users\PC\Desktop\screen pic.jpg
[2010/03/01 20:49:49 | 000,002,301 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2010/03/01 20:34:56 | 000,001,866 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2010/03/01 19:37:43 | 000,001,789 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/03/01 18:27:02 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2010/03/01 18:24:00 | 000,001,890 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/03/01 18:12:19 | 000,001,751 | ---- | M] () -- C:\Users\Public\Desktop\SeaMonkey.lnk
[2010/03/01 17:52:45 | 000,173,104 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2010/03/01 17:52:45 | 000,007,440 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2010/03/01 17:52:45 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2010/03/01 17:49:33 | 000,524,288 | -HS- | M] () -- C:\Users\PC\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000002.regtrans-ms
[2010/03/01 17:46:48 | 000,005,115 | ---- | M] () -- C:\ProgramData\N360BUOptions.ini
[2010/03/01 17:31:22 | 000,000,016 | RHS- | M] () -- C:\Windows\SysWow64\drivers\fbd.sys
[2010/03/01 17:31:13 | 000,000,006 | RHS- | M] () -- C:\Windows\SysNative\drivers\taishop.sys
[2010/03/01 17:31:01 | 000,000,020 | -HS- | M] () -- C:\Users\PC\ntuser.ini
[2010/03/01 15:25:07 | 000,047,092 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2010/03/01 15:02:31 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01000.Wdf
[2010/03/01 14:54:23 | 000,525,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll
[2010/03/01 14:54:20 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\HideWin.exe
[2010/02/28 03:29:46 | 000,043,292 | ---- | M] () -- C:\Users\PC\Desktop\img024.jpg
[2010/02/28 03:29:36 | 000,038,677 | ---- | M] () -- C:\Users\PC\Desktop\img023.jpg
[2010/02/28 03:15:20 | 000,036,565 | ---- | M] () -- C:\Users\PC\Desktop\img021.jpg
[2010/02/28 02:24:16 | 000,045,442 | ---- | M] () -- C:\Users\PC\Desktop\img020.jpg
[2010/02/28 00:57:50 | 000,068,076 | ---- | M] () -- C:\Users\PC\Desktop\img019.jpg
[2010/02/28 00:57:32 | 000,044,805 | ---- | M] () -- C:\Users\PC\Desktop\img018.jpg
[2010/02/28 00:37:58 | 000,057,131 | ---- | M] () -- C:\Users\PC\Desktop\img017.jpg
[2010/02/27 18:52:18 | 000,043,602 | ---- | M] () -- C:\Users\PC\Desktop\img016.jpg
[2010/02/27 16:22:20 | 000,037,912 | ---- | M] () -- C:\Users\PC\Desktop\img014.jpg
[2010/02/27 16:21:34 | 000,035,711 | ---- | M] () -- C:\Users\PC\Desktop\img013.jpg
[2010/02/27 01:37:52 | 000,055,793 | ---- | M] () -- C:\Users\PC\Desktop\img012.jpg
[2010/02/27 00:23:30 | 000,069,924 | ---- | M] () -- C:\Users\PC\Desktop\img011.jpg
[2010/02/27 00:03:24 | 000,075,256 | ---- | M] () -- C:\Users\PC\Desktop\img010.jpg
[2010/02/21 23:09:00 | 000,077,403 | ---- | M] () -- C:\Users\PC\Desktop\img009.jpg
[2010/02/21 23:08:24 | 000,105,148 | ---- | M] () -- C:\Users\PC\Desktop\img008.jpg
[2010/02/20 15:44:53 | 000,032,768 | ---- | M] () -- C:\Windows\SysNative\nshhttp.dll
[2010/02/20 15:42:16 | 000,033,792 | ---- | M] () -- C:\Windows\SysNative\httpapi.dll
[2010/02/20 15:39:35 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\nshhttp.dll
[2010/02/20 15:37:20 | 000,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\httpapi.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
OTL logfile created on: 3/18/2010 1:17:08 AM - Run 1
OTL by OldTimer - Version 3.1.37.2 Folder = c:\Users\PC\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 33.00% Memory free
8.00 Gb Paging File | 5.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288.55 Gb Total Space | 223.79 Gb Free Space | 77.56% Space Free | Partition Type: NTFS
Drive D: | 106.68 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: PC-PC
Current User Name: PC
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - c:\Users\PC\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Toshiba Registration\Registration.exe (DataLode, Inc.)
PRC - C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe ()
PRC - C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
PRC - C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe (TOSHIBA Corporation.)
PRC - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
========== Modules (SafeList) ==========
MOD - c:\Users\PC\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\asoehook.dll (Symantec Corporation)
MOD - C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\microsoft.vc90.crt\msvcr90.dll (Microsoft Corporation)
MOD - C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\microsoft.vc90.crt\msvcp90.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\GdiPlus.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\wpdshext.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\fontext.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV:[b]64bit: - (SmartFaceVWatchSrv) -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe (Toshiba)
SRV:64bit: - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AgereModemAudio) -- C:\Windows\SysNative\agr64svc.exe ()
SRV:64bit: - (TOSHIBA SMART Log Service) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe ()
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe (Symantec Corporation)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (TMachInfo) -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (TNaviSrv) -- C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (ConfigFree Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (jswpsapi) -- C:\Program Files (x86)\Jumpstart\jswpsapi.exe (Atheros Communications, Inc.)
SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (ConfigFree Gadget Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe (TOSHIBA Corporation.)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2006/11/02 05:34:14 | 000,000,000 | ---D | M]
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (VSS) -- C:\Windows\SysWOW64\wbem\vss.mof ()
SRV - (UleadBurningHelper) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (IDriverT) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS ()
DRV:64bit: - (ccHP) -- C:\Windows\SysNative\drivers\NISx64\1105000.07F\ccHPx64.sys ()
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\Drivers\NISx64\1105000.07F\SRTSP64.SYS ()
DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\NISx64\1105000.07F\SRTSPX64.SYS ()
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1105000.07F\SYMEFA64.SYS ()
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1105000.07F\Ironx64.SYS ()
DRV:64bit: - (SYMTDIv) -- C:\Windows\SysNative\Drivers\NISx64\1105000.07F\SYMTDIV.SYS ()
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1105000.07F\SYMDS64.SYS ()
DRV:64bit: - (athr) -- C:\Windows\SysNative\DRIVERS\athrx.sys ()
DRV:64bit: - (tos_sps64) -- C:\Windows\SysNative\DRIVERS\tos_sps64.sys ()
DRV:64bit: - (igfx) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys ()
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\DRIVERS\iaStor.sys ()
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys ()
DRV:64bit: - (RTSTOR) -- C:\Windows\SysNative\drivers\RTSTOR64.SYS ()
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\DRIVERS\agrsm64.sys ()
DRV:64bit: - (usbvideo) -- C:\Windows\SysNative\Drivers\usbvideo.sys ()
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\DRIVERS\usb8023x.sys ()
DRV:64bit: - (CmBatt) -- C:\Windows\SysNative\DRIVERS\CmBatt.sys ()
DRV:64bit: - (UVCFTR) -- C:\Windows\SysNative\Drivers\UVCFTR_S.SYS ()
DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\DRIVERS\tdcmdpst.sys ()
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys ()
DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\DRIVERS\TVALZ_O.SYS ()
DRV:64bit: - (FwLnk) -- C:\Windows\SysNative\DRIVERS\FwLnk.sys ()
DRV:64bit: - (KR10N64) -- C:\Windows\SysNative\drivers\kr10n64.sys ()
DRV:64bit: - (KR10I64) -- C:\Windows\SysNative\drivers\kr10i64.sys ()
DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys ()
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100317.021\EX64.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100317.021\ENG64.SYS (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100211.001\BHDrvx64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100312.001\IDSviA64.sys (Symantec Corporation)
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-692173446-2600856224-2905154775-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKU\S-1-5-21-692173446-2600856224-2905154775-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\S-1-5-21-692173446-2600856224-2905154775-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-692173446-2600856224-2905154775-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.5
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2010/03/01 17:52:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2010/03/01 20:49:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/03/01 19:37:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/03/03 05:40:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\SeaMonkey 2.0.3\extensions\\Components: C:\Program Files (x86)\SeaMonkey\components [2010/03/01 18:12:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\SeaMonkey 2.0.3\extensions\\Plugins: C:\Program Files (x86)\SeaMonkey\plugins [2010/03/01 18:12:16 | 000,000,000 | ---D | M]
[2010/03/01 19:37:52 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Mozilla\Extensions
[2010/03/01 18:15:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PC\AppData\Roaming\Mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
[2010/03/15 00:52:16 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\ufg2zfjx.default\extensions
[2010/03/04 11:37:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\ufg2zfjx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/01 18:15:11 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Mozilla\SeaMonkey\Profiles\ewyb2jz8.default\extensions
[2010/03/01 19:37:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
O1 HOSTS File: ([2006/09/18 13:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\ipsbho.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe ()
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [cfFncEnabler.exe] File not found
O4 - HKLM..\Run: [jswtrayutil] C:\Program Files (x86)\Jumpstart\jswtrayutil.exe File not found
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-692173446-2600856224-2905154775-1000..\Run: [1600818151] C:\Program Files (x86)\Toshiba Registration\Registration.exe (DataLode, Inc.)
O4 - HKU\S-1-5-21-692173446-2600856224-2905154775-1000..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 206.223.192.11 206.223.192.10 205.238.26.97
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll ()
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010/03/14 04:03:06 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshhttp.dll
[2010/03/14 04:02:59 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\httpapi.dll
[2010/03/13 22:49:55 | 001,954,640 | ---- | C] (PeerBlock, LLC ) -- C:\Users\PC\Desktop\PeerBlock-Setup_v1.0.0.r181.exe
[2010/03/13 21:36:24 | 000,000,000 | ---D | C] -- C:\Users\PC\Desktop\New Folder
[2010/03/13 03:29:05 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Tific
[2010/03/12 14:56:10 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/03/12 14:55:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/03/11 15:11:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/03/06 21:57:29 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\TOSHIBA
[2010/03/03 05:07:34 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mimefilt.dll
[2010/03/03 05:07:34 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msshooks.dll
[2010/03/03 05:07:33 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscb.dll
[2010/03/03 05:07:31 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\chsbrkr.dll
[2010/03/03 05:07:31 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssitlb.dll
[2010/03/03 05:07:31 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\propdefs.dll
[2010/03/03 05:07:31 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msstrc.dll
[2010/03/03 05:07:30 | 000,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\thawbrkr.dll
[2010/03/03 05:07:30 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msshsq.dll
[2010/03/03 05:07:30 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\offfilt.dll
[2010/03/03 05:07:30 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\korwbrkr.dll
[2010/03/03 05:07:30 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssprxy.dll
[2010/03/03 05:07:29 | 006,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\chtbrkr.dll
[2010/03/03 05:07:29 | 001,582,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2010/03/03 05:07:29 | 001,418,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2010/03/03 05:07:29 | 000,670,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2010/03/03 05:07:29 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2010/03/03 05:07:29 | 000,203,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssphtb.dll
[2010/03/03 05:07:29 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nlhtml.dll
[2010/03/03 05:07:29 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll
[2010/03/03 05:07:29 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xmlfilter.dll
[2010/03/03 05:07:29 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtffilt.dll
[2010/03/03 04:24:43 | 000,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\infocardcpl.cpl
[2010/03/03 04:24:37 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardres.dll
[2010/03/03 04:24:36 | 000,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationNative_v0300.dll
[2010/03/03 04:24:36 | 000,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll
[2010/03/03 04:24:35 | 000,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardagt.exe
[2010/03/03 04:24:35 | 000,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\infocardapi.dll
[2010/03/03 04:24:27 | 000,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2010/03/03 04:24:24 | 000,326,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe
[2010/03/03 04:16:48 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll
[2010/03/03 04:16:33 | 000,096,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2010/03/03 04:16:12 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscorier.dll
[2010/03/03 04:16:08 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscories.dll
[2010/03/02 11:06:29 | 012,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\NlsLexicons0007.dll
[2010/03/02 11:06:25 | 002,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\NlsLexicons0009.dll
[2010/03/02 11:06:11 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\NaturalLanguage6.dll
[2010/03/02 10:42:46 | 000,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMNetMgr.dll
[2010/03/02 10:42:45 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\logagent.exe
[2010/03/02 10:40:38 | 010,624,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010/03/02 10:40:37 | 000,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\unregmp2.exe
[2010/03/02 10:40:33 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010/03/02 10:39:48 | 001,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\connect.dll
[2010/03/02 10:39:46 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2010/03/02 10:39:45 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvfw32.dll
[2010/03/02 10:39:45 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll
[2010/03/02 10:39:45 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciavi32.dll
[2010/03/02 10:39:45 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avicap32.dll
[2010/03/02 10:39:38 | 000,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2010/03/02 10:39:37 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2010/03/02 10:39:36 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2010/03/02 10:39:33 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2010/03/02 10:39:33 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2010/03/02 10:38:35 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll
[2010/03/02 10:38:34 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
[2010/03/02 10:38:00 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010/03/02 10:38:00 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010/03/02 10:38:00 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2010/03/02 10:38:00 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dciman32.dll
[2010/03/02 10:37:53 | 000,636,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\localspl.dll
[2010/03/02 10:37:45 | 000,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMSPDMOD.DLL
[2010/03/02 10:37:44 | 000,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2010/03/02 10:37:11 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\raschap.dll
[2010/03/02 10:37:11 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rastls.dll
[2010/03/02 10:37:07 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\amxread.dll
[2010/03/02 10:37:07 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apilogen.dll
[2010/03/02 10:35:45 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceApi.dll
[2010/03/02 10:35:15 | 002,066,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2010/03/02 10:35:09 | 000,272,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\polstore.dll
[2010/03/02 10:35:09 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winipsec.dll
[2010/03/02 10:35:09 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FwRemoteSvr.dll
[2010/03/02 10:35:05 | 000,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2010/03/02 10:34:59 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sdohlp.dll
[2010/03/02 10:34:59 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iasrecst.dll
[2010/03/02 10:34:59 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iasads.dll
[2010/03/02 10:34:59 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iasdatastore.dll
[2010/03/02 10:34:59 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iashost.exe
[2010/03/02 10:33:50 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2010/03/02 10:33:50 | 000,511,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2010/03/02 10:33:50 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2010/03/02 10:33:50 | 000,472,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2010/03/02 10:33:50 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2010/03/02 10:33:50 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2010/03/02 10:33:49 | 000,329,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdrm.dll
[2010/03/02 10:33:49 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2010/03/02 10:33:49 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2010/03/02 10:30:46 | 002,452,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2010/03/02 10:30:37 | 000,833,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2010/03/02 10:30:37 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2010/03/02 10:30:35 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2010/03/02 10:30:34 | 000,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/03/02 10:30:34 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2010/03/02 10:30:33 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010/03/02 10:30:33 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2010/03/02 10:30:33 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/03/02 10:30:33 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2010/03/02 10:30:32 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstime.dll
[2010/03/02 10:30:32 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieencode.dll
[2010/03/02 10:30:32 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll
[2010/03/02 10:29:06 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2010/03/02 10:29:01 | 003,080,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010/03/02 10:29:00 | 002,927,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2010/03/02 10:28:42 | 002,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVCORE.DLL
[2010/03/02 10:28:41 | 002,868,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2010/03/02 10:28:15 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpeffects.dll
[2010/03/02 10:28:13 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbscript.dll
[2010/03/02 10:28:13 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrobj.dll
[2010/03/02 10:28:13 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrrun.dll
[2010/03/02 10:28:13 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshom.ocx
[2010/03/02 10:28:13 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cscript.exe
[2010/03/02 10:28:13 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshext.dll
[2010/03/02 10:28:05 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netiohlp.dll
[2010/03/02 10:28:05 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\NETSTAT.EXE
[2010/03/02 10:28:04 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ARP.EXE
[2010/03/02 10:28:04 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ROUTE.EXE
[2010/03/02 10:28:04 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2010/03/02 10:28:04 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRINFO.EXE
[2010/03/02 10:28:04 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\finger.exe
[2010/03/02 10:28:04 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TCPSVCS.EXE
[2010/03/02 10:28:04 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\HOSTNAME.EXE
[2010/03/02 10:26:25 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dataclen.dll
[2010/03/02 10:26:19 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\traffic.dll
[2010/03/02 10:26:19 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pacerprf.dll
[2010/03/02 10:26:19 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshqos.dll
[2010/03/02 10:26:16 | 000,562,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdtcprx.dll
[2010/03/02 10:26:15 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xolehlp.dll
[2010/03/02 10:26:06 | 000,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpdxm.dll
[2010/03/02 10:26:05 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spwmp.dll
[2010/03/02 10:26:05 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdxm.ocx
[2010/03/02 10:26:05 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxmasf.dll
[2010/03/02 10:26:04 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdxm.tlb
[2010/03/02 10:26:04 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\amcompat.tlb
[2010/03/02 10:24:45 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Faultrep.dll
[2010/03/02 10:24:43 | 000,712,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WindowsCodecs.dll
[2010/03/02 10:24:43 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PhotoMetadataHandler.dll
[2010/03/02 10:24:43 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WindowsCodecsExt.dll
[2010/03/02 10:24:39 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlansec.dll
[2010/03/02 10:24:39 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlanmsm.dll
[2010/03/02 10:24:39 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\L2SecHC.dll
[2010/03/02 10:02:38 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\Adobe
[2010/03/01 22:10:06 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2010/03/01 22:10:06 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010/03/01 22:10:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
[2010/03/01 22:09:37 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2010/03/01 20:42:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64\1105000.07F
[2010/03/01 20:35:04 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Apple Computer
[2010/03/01 20:35:04 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\Apple Computer
[2010/03/01 20:34:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safari
[2010/03/01 20:34:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/03/01 20:34:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2010/03/01 20:34:12 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\Apple
[2010/03/01 20:34:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2010/03/01 20:34:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010/03/01 19:37:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2010/03/01 18:27:02 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\skypePM
[2010/03/01 18:24:09 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Skype
[2010/03/01 18:24:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2010/03/01 18:23:59 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2010/03/01 18:23:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010/03/01 18:15:43 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/03/01 18:15:09 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\Mozilla
[2010/03/01 18:15:08 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Mozilla
[2010/03/01 18:12:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SeaMonkey
[2010/03/01 18:06:06 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Macromedia
[2010/03/01 18:06:06 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Adobe
[2010/03/01 18:05:52 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Google
[2010/03/01 17:57:36 | 000,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2010/03/01 17:57:36 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2010/03/01 17:57:36 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2010/03/01 17:57:25 | 000,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2010/03/01 17:57:25 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2010/03/01 17:52:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/03/01 17:52:45 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/03/01 17:51:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64
[2010/03/01 17:51:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security
[2010/03/01 17:46:48 | 000,000,000 | ---D | C] -- C:\ProgramData\PCSettings
[2010/03/01 17:46:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010/03/01 17:36:45 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010/03/01 17:36:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2010/03/01 17:33:30 | 000,000,000 | R--D | C] -- C:\Users\PC\Desktop\Extras
[2010/03/01 17:32:47 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Symantec
[2010/03/01 17:32:44 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\Toshiba
[2010/03/01 17:31:59 | 000,000,000 | R--D | C] -- C:\Users\PC\Searches
[2010/03/01 17:31:17 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Identities
[2010/03/01 17:31:13 | 000,000,000 | R--D | C] -- C:\Users\PC\Contacts
[2010/03/01 17:31:10 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\VirtualStore
[2010/03/01 17:31:01 | 000,000,000 | --SD | C] -- C:\Users\PC\AppData\Roaming\Microsoft
[2010/03/01 17:31:01 | 000,000,000 | R--D | C] -- C:\Users\PC\Videos
[2010/03/01 17:31:01 | 000,000,000 | R--D | C] -- C:\Users\PC\Saved Games
[2010/03/01 17:31:01 | 000,000,000 | R--D | C] -- C:\Users\PC\Pictures
[2010/03/01 17:31:01 | 000,000,000 | R--D | C] -- C:\Users\PC\Music
[2010/03/01 17:31:01 | 000,000,000 | R--D | C] -- C:\Users\PC\Links
[2010/03/01 17:31:01 | 000,000,000 | R--D | C] -- C:\Users\PC\Favorites
[2010/03/01 17:31:01 | 000,000,000 | R--D | C] -- C:\Users\PC\Downloads
[2010/03/01 17:31:01 | 000,000,000 | R--D | C] -- C:\Users\PC\Documents
[2010/03/01 17:31:01 | 000,000,000 | R--D | C] -- C:\Users\PC\Desktop
[2010/03/01 17:31:01 | 000,000,000 | -HSD | C] -- C:\Users\PC\AppData\Local\Temporary Internet Files
[2010/03/01 17:31:01 | 000,000,000 | -HSD | C] -- C:\Users\PC\Templates
[2010/03/01 17:31:01 | 000,000,000 | -HSD | C] -- C:\Users\PC\Start Menu
[2010/03/01 17:31:01 | 000,000,000 | -HSD | C] -- C:\Users\PC\SendTo
[2010/03/01 17:31:01 | 000,000,000 | -HSD | C] -- C:\Users\PC\Recent
[2010/03/01 17:31:01 | 000,000,000 | -HSD | C] -- C:\Users\PC\PrintHood
[2010/03/01 17:31:01 | 000,000,000 | -HSD | C] -- C:\Users\PC\NetHood
[2010/03/01 17:31:01 | 000,000,000 | -HSD | C] -- C:\Users\PC\Documents\My Videos
[2010/03/01 17:31:01 | 000,000,000 | -HSD | C] -- C:\Users\PC\Documents\My Pictures
[2010/03/01 17:31:01 | 000,000,000 | -HSD | C] -- C:\Users\PC\Documents\My Music
[2010/03/01 17:31:01 | 000,000,000 | -HSD | C] -- C:\Users\PC\My Documents
[2010/03/01 17:31:01 | 000,000,000 | -HSD | C] -- C:\Users\PC\Local Settings
[2010/03/01 17:31:01 | 000,000,000 | -HSD | C] -- C:\Users\PC\AppData\Local\History
[2010/03/01 17:31:01 | 000,000,000 | -HSD | C] -- C:\Users\PC\Cookies
[2010/03/01 17:31:01 | 000,000,000 | -HSD | C] -- C:\Users\PC\Application Data
[2010/03/01 17:31:01 | 000,000,000 | -HSD | C] -- C:\Users\PC\AppData\Local\Application Data
[2010/03/01 17:31:01 | 000,000,000 | -H-D | C] -- C:\Users\PC\AppData
[2010/03/01 17:31:01 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\Temp
[2010/03/01 17:31:01 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\Microsoft
[2010/03/01 17:31:01 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Media Center Programs
[2010/03/01 15:17:21 | 000,000,000 | ---D | C] -- C:\DOCS
[2010/03/01 15:12:40 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2010/03/01 15:12:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Toshiba Shared
[2010/03/01 15:08:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Jumpstart
[2010/03/01 15:06:34 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\nn-NO
[2010/03/01 15:06:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Atheros
[2010/03/01 15:06:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco
[2010/03/01 15:06:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros
[2010/03/01 15:03:37 | 000,000,000 | ---D | C] -- C:\Program Files\Camera Assistant Software for Toshiba
[2010/03/01 15:02:11 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2010/03/01 14:59:48 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ENU
[2010/03/01 14:59:46 | 001,034,776 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\imsmudlg.exe
[2010/03/01 14:56:38 | 000,491,520 | ---- | C] (Toshiba Corporation) -- C:\Windows\SysWow64\cselect.exe
[2010/03/01 14:56:38 | 000,000,000 | ---D | C] -- C:\Program Files\ltmoh
[2010/03/01 14:56:37 | 000,050,752 | ---- | C] (Agere Systems) -- C:\Windows\agrsmdel.exe
[2010/03/01 14:56:37 | 000,029,184 | ---- | C] (Agere Systems) -- C:\Windows\agrdel64.exe
[2010/03/01 14:56:09 | 000,000,000 | ---D | C] -- C:\Windows\Options
[2010/03/01 14:54:52 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2010/03/01 14:54:22 | 000,525,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll
[2010/03/01 14:54:21 | 006,156,288 | ---- | C] (Realtek Semiconductor) -- C:\Windows\RAVCpl64.exe
[2010/03/01 14:54:21 | 001,826,816 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SkyTel.exe
[2010/03/01 14:54:21 | 001,364,480 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlUpd64.exe
[2010/03/01 14:54:20 | 000,520,192 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2010/03/01 14:54:20 | 000,315,392 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\HideWin.exe
[2010/03/01 14:51:08 | 000,920,088 | ---- | C] (Intel® Corporation) -- C:\Windows\SysWow64\igxpun.exe
[2010/03/01 14:51:08 | 000,319,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\difxapi.dll
[2010/03/01 14:51:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\x64
[2010/03/01 14:51:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Lang
[2010/03/01 14:47:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office Suite Activation Assistant
[2010/03/01 14:44:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2010/03/01 14:44:01 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/03/01 14:44:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2010/03/01 14:42:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/03/01 14:42:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2010/03/01 14:39:44 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/03/01 14:39:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2010/03/01 14:38:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2010/03/01 14:31:34 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010/03/01 14:27:18 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010/03/18 01:17:08 | 002,097,152 | -HS- | M] () -- C:\Users\PC\NTUSER.DAT
[2010/03/18 00:29:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/17 08:33:47 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/17 08:33:47 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/17 03:00:37 | 002,329,646 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1105000.07F\Cat.DB
[2010/03/17 01:58:21 | 000,000,734 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.new
[2010/03/15 18:25:41 | 000,010,177 | ---- | M] () -- C:\Users\PC\Desktop\Budget cuts.docx
[2010/03/15 18:05:51 | 000,140,664 | ---- | M] () -- C:\Users\PC\Desktop\West, South, Final Four.jpg
[2010/03/15 18:03:01 | 000,151,351 | ---- | M] () -- C:\Users\PC\Desktop\Midwest, East, Championship.jpg
[2010/03/15 18:00:54 | 000,118,502 | ---- | M] () -- C:\Users\PC\Desktop\Final Four.jpg
[2010/03/15 17:58:35 | 000,118,929 | ---- | M] () -- C:\Users\PC\Desktop\South.jpg
[2010/03/15 17:54:52 | 000,118,235 | ---- | M] () -- C:\Users\PC\Desktop\East.jpg
[2010/03/15 17:50:01 | 000,117,642 | ---- | M] () -- C:\Users\PC\Desktop\West.jpg
[2010/03/15 17:44:42 | 000,118,576 | ---- | M] () -- C:\Users\PC\Desktop\Midwest.jpg
[2010/03/14 04:34:23 | 000,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/03/14 04:34:23 | 000,595,684 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/03/14 04:34:23 | 000,101,350 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/03/14 04:27:22 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/14 04:27:08 | 4156,551,168 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/14 04:25:52 | 000,524,288 | -HS- | M] () -- C:\Users\PC\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2010/03/14 04:25:52 | 000,065,536 | -HS- | M] () -- C:\Users\PC\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2010/03/14 04:25:50 | 001,951,193 | -H-- | M] () -- C:\Users\PC\AppData\Local\IconCache.db
[2010/03/13 22:52:26 | 001,954,640 | ---- | M] (PeerBlock, LLC ) -- C:\Users\PC\Desktop\PeerBlock-Setup_v1.0.0.r181.exe
[2010/03/13 21:46:51 | 000,047,408 | ---- | M] () -- C:\Users\PC\Desktop\img009 - Copy.jpg
[2010/03/13 21:35:29 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdRapi_01_00_00.Wdf
[2010/03/12 14:55:13 | 000,000,774 | ---- | M] () -- C:\Users\PC\Desktop\NTREGOPT.lnk
[2010/03/12 14:55:13 | 000,000,755 | ---- | M] () -- C:\Users\PC\Desktop\ERUNT.lnk
[2010/03/11 15:11:52 | 000,001,939 | ---- | M] () -- C:\Users\PC\Desktop\HijackThis.lnk
[2010/03/10 03:28:46 | 000,103,781 | ---- | M] () -- C:\Users\PC\Desktop\screen 4.jpg
[2010/03/10 03:28:06 | 000,003,584 | ---- | M] () -- C:\Users\PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/10 03:19:37 | 000,095,422 | ---- | M] () -- C:\Users\PC\Desktop\screen 3.jpg
[2010/03/08 12:40:40 | 000,068,703 | ---- | M] () -- C:\Users\PC\Desktop\img026.jpg
[2010/03/07 12:10:03 | 000,000,000 | -H-- | M] () -- C:\Users\PC\Documents\Default.rdp
[2010/03/05 19:48:28 | 000,036,004 | ---- | M] () -- C:\Users\PC\Desktop\img025.jpg
[2010/03/05 01:54:24 | 000,001,773 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2010/03/05 01:54:24 | 000,001,771 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/03/03 05:40:32 | 000,083,304 | ---- | M] () -- C:\Users\PC\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/03/03 05:37:02 | 000,322,936 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/03/02 10:52:13 | 000,156,220 | ---- | M] () -- C:\Users\PC\Desktop\screen pic2.jpg
[2010/03/02 10:49:48 | 000,102,365 | ---- | M] () -- C:\Users\PC\Desktop\screen pic.jpg
[2010/03/01 20:49:49 | 000,002,301 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2010/03/01 20:34:56 | 000,001,866 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2010/03/01 19:37:43 | 000,001,789 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/03/01 18:27:02 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2010/03/01 18:24:00 | 000,001,890 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/03/01 18:12:19 | 000,001,751 | ---- | M] () -- C:\Users\Public\Desktop\SeaMonkey.lnk
[2010/03/01 17:52:45 | 000,173,104 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2010/03/01 17:52:45 | 000,007,440 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2010/03/01 17:52:45 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2010/03/01 17:49:33 | 000,524,288 | -HS- | M] () -- C:\Users\PC\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000002.regtrans-ms
[2010/03/01 17:46:48 | 000,005,115 | ---- | M] () -- C:\ProgramData\N360BUOptions.ini
[2010/03/01 17:31:22 | 000,000,016 | RHS- | M] () -- C:\Windows\SysWow64\drivers\fbd.sys
[2010/03/01 17:31:13 | 000,000,006 | RHS- | M] () -- C:\Windows\SysNative\drivers\taishop.sys
[2010/03/01 17:31:01 | 000,000,020 | -HS- | M] () -- C:\Users\PC\ntuser.ini
[2010/03/01 15:25:07 | 000,047,092 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2010/03/01 15:02:31 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01000.Wdf
[2010/03/01 14:54:23 | 000,525,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll
[2010/03/01 14:54:20 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\HideWin.exe
[2010/02/28 03:29:46 | 000,043,292 | ---- | M] () -- C:\Users\PC\Desktop\img024.jpg
[2010/02/28 03:29:36 | 000,038,677 | ---- | M] () -- C:\Users\PC\Desktop\img023.jpg
[2010/02/28 03:15:20 | 000,036,565 | ---- | M] () -- C:\Users\PC\Desktop\img021.jpg
[2010/02/28 02:24:16 | 000,045,442 | ---- | M] () -- C:\Users\PC\Desktop\img020.jpg
[2010/02/28 00:57:50 | 000,068,076 | ---- | M] () -- C:\Users\PC\Desktop\img019.jpg
[2010/02/28 00:57:32 | 000,044,805 | ---- | M] () -- C:\Users\PC\Desktop\img018.jpg
[2010/02/28 00:37:58 | 000,057,131 | ---- | M] () -- C:\Users\PC\Desktop\img017.jpg
[2010/02/27 18:52:18 | 000,043,602 | ---- | M] () -- C:\Users\PC\Desktop\img016.jpg
[2010/02/27 16:22:20 | 000,037,912 | ---- | M] () -- C:\Users\PC\Desktop\img014.jpg
[2010/02/27 16:21:34 | 000,035,711 | ---- | M] () -- C:\Users\PC\Desktop\img013.jpg
[2010/02/27 01:37:52 | 000,055,793 | ---- | M] () -- C:\Users\PC\Desktop\img012.jpg
[2010/02/27 00:23:30 | 000,069,924 | ---- | M] () -- C:\Users\PC\Desktop\img011.jpg
[2010/02/27 00:03:24 | 000,075,256 | ---- | M] () -- C:\Users\PC\Desktop\img010.jpg
[2010/02/21 23:09:00 | 000,077,403 | ---- | M] () -- C:\Users\PC\Desktop\img009.jpg
[2010/02/21 23:08:24 | 000,105,148 | ---- | M] () -- C:\Users\PC\Desktop\img008.jpg
[2010/02/20 15:44:53 | 000,032,768 | ---- | M] () -- C:\Windows\SysNative\nshhttp.dll
[2010/02/20 15:42:16 | 000,033,792 | ---- | M] () -- C:\Windows\SysNative\httpapi.dll
[2010/02/20 15:39:35 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\nshhttp.dll
[2010/02/20 15:37:20 | 000,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\httpapi.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/03/15 18:05:51 | 000,140,664 | ---- | C] () -- C:\Users\PC\Desktop\West, South, Final Four.jpg
[2010/03/15 18:03:01 | 000,151,351 | ---- | C] () -- C:\Users\PC\Desktop\Midwest, East, Championship.jpg
[2010/03/15 18:00:53 | 000,118,502 | ---- | C] () -- C:\Users\PC\Desktop\Final Four.jpg
[2010/03/15 17:58:34 | 000,118,929 | ---- | C] () -- C:\Users\PC\Desktop\South.jpg
[2010/03/15 17:54:52 | 000,118,235 | ---- | C] () -- C:\Users\PC\Desktop\East.jpg
[2010/03/15 17:50:01 | 000,117,642 | ---- | C] () -- C:\Users\PC\Desktop\West.jpg
[2010/03/15 17:44:42 | 000,118,576 | ---- | C] () -- C:\Users\PC\Desktop\Midwest.jpg
[2010/03/14 04:03:06 | 000,032,768 | ---- | C] () -- C:\Windows\SysNative\nshhttp.dll
[2010/03/14 04:03:01 | 000,610,304 | ---- | C] () -- C:\Windows\SysNative\drivers\http.sys
[2010/03/14 04:03:00 | 000,033,792 | ---- | C] () -- C:\Windows\SysNative\httpapi.dll
[2010/03/13 21:43:05 | 000,047,408 | ---- | C] () -- C:\Users\PC\Desktop\img009 - Copy.jpg
[2010/03/13 21:36:42 | 000,039,911 | ---- | C] () -- C:\Users\PC\Desktop\img003.jpg
[2010/03/13 21:36:42 | 000,036,300 | ---- | C] () -- C:\Users\PC\Desktop\img002.jpg
[2010/03/13 21:36:41 | 000,068,666 | ---- | C] () -- C:\Users\PC\Desktop\img001.jpg
[2010/03/13 21:36:38 | 000,068,703 | ---- | C] () -- C:\Users\PC\Desktop\img026.jpg
[2010/03/13 21:36:38 | 000,043,292 | ---- | C] () -- C:\Users\PC\Desktop\img024.jpg
[2010/03/13 21:36:38 | 000,036,004 | ---- | C] () -- C:\Users\PC\Desktop\img025.jpg
[2010/03/13 21:36:37 | 000,045,442 | ---- | C] () -- C:\Users\PC\Desktop\img020.jpg
[2010/03/13 21:36:37 | 000,038,677 | ---- | C] () -- C:\Users\PC\Desktop\img023.jpg
[2010/03/13 21:36:37 | 000,036,565 | ---- | C] () -- C:\Users\PC\Desktop\img021.jpg
[2010/03/13 21:36:36 | 000,068,076 | ---- | C] () -- C:\Users\PC\Desktop\img019.jpg
[2010/03/13 21:36:36 | 000,057,131 | ---- | C] () -- C:\Users\PC\Desktop\img017.jpg
[2010/03/13 21:36:36 | 000,044,805 | ---- | C] () -- C:\Users\PC\Desktop\img018.jpg
[2010/03/13 21:36:36 | 000,043,602 | ---- | C] () -- C:\Users\PC\Desktop\img016.jpg
[2010/03/13 21:36:35 | 000,037,912 | ---- | C] () -- C:\Users\PC\Desktop\img014.jpg
[2010/03/13 21:36:35 | 000,035,711 | ---- | C] () -- C:\Users\PC\Desktop\img013.jpg
[2010/03/13 21:36:34 | 000,075,256 | ---- | C] () -- C:\Users\PC\Desktop\img010.jpg
[2010/03/13 21:36:34 | 000,069,924 | ---- | C] () -- C:\Users\PC\Desktop\img011.jpg
[2010/03/13 21:36:34 | 000,055,793 | ---- | C] () -- C:\Users\PC\Desktop\img012.jpg
[2010/03/13 21:36:33 | 000,105,148 | ---- | C] () -- C:\Users\PC\Desktop\img008.jpg
[2010/03/13 21:36:33 | 000,077,403 | ---- | C] () -- C:\Users\PC\Desktop\img009.jpg
[2010/03/13 21:36:32 | 000,038,616 | ---- | C] () -- C:\Users\PC\Desktop\img006.jpg
[2010/03/13 21:36:31 | 000,034,076 | ---- | C] () -- C:\Users\PC\Desktop\img004.jpg
[2010/03/13 21:35:29 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdRapi_01_00_00.Wdf
[2010/03/13 02:32:38 | 000,010,177 | ---- | C] () -- C:\Users\PC\Desktop\Budget cuts.docx
[2010/03/12 15:12:55 | 000,442,368 | ---- | C] () -- C:\Windows\SysNative\winhttp.dll
[2010/03/12 14:55:13 | 000,000,774 | ---- | C] () -- C:\Users\PC\Desktop\NTREGOPT.lnk
[2010/03/12 14:55:13 | 000,000,755 | ---- | C] () -- C:\Users\PC\Desktop\ERUNT.lnk
[2010/03/11 15:11:52 | 000,001,939 | ---- | C] () -- C:\Users\PC\Desktop\HijackThis.lnk
[2010/03/11 11:08:12 | 000,656,384 | ---- | C] () -- C:\Windows\SysNative\kerberos.dll
[2010/03/11 11:08:11 | 000,338,944 | ---- | C] () -- C:\Windows\SysNative\schannel.dll
[2010/03/10 03:28:46 | 000,103,781 | ---- | C] () -- C:\Users\PC\Desktop\screen 4.jpg
[2010/03/10 03:28:06 | 000,003,584 | ---- | C] () -- C:\Users\PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/10 03:19:37 | 000,095,422 | ---- | C] () -- C:\Users\PC\Desktop\screen 3.jpg
[2010/03/07 12:10:03 | 000,000,000 | -H-- | C] () -- C:\Users\PC\Documents\Default.rdp
[2010/03/03 05:45:16 | 004,691,032 | ---- | C] () -- C:\Windows\SysNative\ntoskrnl.exe
[2010/03/03 05:07:39 | 000,024,064 | ---- | C] () -- C:\Windows\SysNative\wsepno.dll
[2010/03/03 05:07:36 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\msshooks.dll
[2010/03/03 05:07:35 | 000,044,544 | ---- | C] () -- C:\Windows\SysNative\msscb.dll
[2010/03/03 05:07:34 | 000,106,605 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2010/03/03 05:07:34 | 000,106,605 | ---- | C] () -- C:\Windows\SysNative\StructuredQuerySchema.bin
[2010/03/03 05:07:34 | 000,043,008 | ---- | C] () -- C:\Windows\SysNative\rtffilt.dll
[2010/03/03 05:07:34 | 000,037,376 | ---- | C] () -- C:\Windows\SysNative\mimefilt.dll
[2010/03/03 05:07:34 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2010/03/03 05:07:34 | 000,018,904 | ---- | C] () -- C:\Windows\SysNative\StructuredQuerySchemaTrivial.bin
[2010/03/03 05:07:33 | 000,080,896 | ---- | C] () -- C:\Windows\SysNative\propdefs.dll
[2010/03/03 05:07:33 | 000,067,072 | ---- | C] () -- C:\Windows\SysNative\xmlfilter.dll
[2010/03/03 05:07:31 | 000,087,552 | ---- | C] () -- C:\Windows\SysNative\mssitlb.dll
[2010/03/03 05:07:30 | 001,676,800 | ---- | C] () -- C:\Windows\SysNative\chsbrkr.dll
[2010/03/03 05:07:30 | 000,921,088 | ---- | C] () -- C:\Windows\SysNative\propsys.dll
[2010/03/03 05:07:30 | 000,347,648 | ---- | C] () -- C:\Windows\SysNative\srchadmin.dll
[2010/03/03 05:07:30 | 000,317,440 | ---- | C] () -- C:\Windows\SysNative\thawbrkr.dll
[2010/03/03 05:07:30 | 000,316,928 | ---- | C] () -- C:\Windows\SysNative\msshsq.dll
[2010/03/03 05:07:30 | 000,280,064 | ---- | C] () -- C:\Windows\SysNative\offfilt.dll
[2010/03/03 05:07:30 | 000,181,248 | ---- | C] () -- C:\Windows\SysNative\nlhtml.dll
[2010/03/03 05:07:30 | 000,180,736 | ---- | C] () -- C:\Windows\SysNative\korwbrkr.dll
[2010/03/03 05:07:30 | 000,040,448 | ---- | C] () -- C:\Windows\SysNative\mssprxy.dll
[2010/03/03 05:07:29 | 011,967,524 | ---- | C] () -- C:\Windows\SysWow64\korwbrkr.lex
[2010/03/03 05:07:29 | 011,967,524 | ---- | C] () -- C:\Windows\SysNative\korwbrkr.lex
[2010/03/03 05:07:29 | 006,100,480 | ---- | C] () -- C:\Windows\SysNative\chtbrkr.dll
[2010/03/03 05:07:29 | 000,796,672 | ---- | C] () -- C:\Windows\SysNative\mssvp.dll
[2010/03/03 05:07:29 | 000,498,176 | ---- | C] () -- C:\Windows\SysNative\mssph.dll
[2010/03/03 05:07:29 | 000,312,832 | ---- | C] () -- C:\Windows\SysNative\mssphtb.dll
[2010/03/03 05:07:29 | 000,258,560 | ---- | C] () -- C:\Windows\SysNative\SearchProtocolHost.exe
[2010/03/03 05:07:29 | 000,112,128 | ---- | C] () -- C:\Windows\SysNative\SearchFilterHost.exe
[2010/03/03 05:07:29 | 000,078,848 | ---- | C] () -- C:\Windows\SysNative\msstrc.dll
[2010/03/03 05:07:29 | 000,073,728 | ---- | C] () -- C:\Windows\SysNative\msscntrs.dll
[2010/03/03 05:07:28 | 002,209,792 | ---- | C] () -- C:\Windows\SysNative\tquery.dll
[2010/03/03 05:07:28 | 002,176,512 | ---- | C] () -- C:\Windows\SysNative\mssrch.dll
[2010/03/03 05:07:28 | 000,598,016 | ---- | C] () -- C:\Windows\SysNative\SearchIndexer.exe
[2010/03/03 04:24:43 | 000,049,160 | ---- | C] () -- C:\Windows\SysNative\infocardcpl.cpl
[2010/03/03 04:24:38 | 000,011,264 | ---- | C] () -- C:\Windows\SysNative\icardres.dll
[2010/03/03 04:24:36 | 000,052,760 | ---- | C] () -- C:\Windows\SysNative\PresentationHostProxy.dll
[2010/03/03 04:24:35 | 001,383,936 | ---- | C] () -- C:\Windows\SysNative\icardagt.exe
[2010/03/03 04:24:35 | 001,168,928 | ---- | C] () -- C:\Windows\SysNative\PresentationNative_v0300.dll
[2010/03/03 04:24:35 | 000,167,432 | ---- | C] () -- C:\Windows\SysNative\infocardapi.dll
[2010/03/03 04:24:27 | 000,126,520 | ---- | C] () -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2010/03/03 04:24:24 | 000,357,904 | ---- | C] () -- C:\Windows\SysNative\PresentationHost.exe
[2010/03/03 04:16:48 | 000,013,824 | ---- | C] () -- C:\Windows\SysNative\netfxperf.dll
[2010/03/03 04:16:33 | 000,112,120 | ---- | C] () -- C:\Windows\SysNative\dfshim.dll
[2010/03/03 04:16:21 | 000,406,528 | ---- | C] () -- C:\Windows\SysNative\mscoree.dll
[2010/03/03 04:16:12 | 000,158,208 | ---- | C] () -- C:\Windows\SysNative\mscorier.dll
[2010/03/03 04:16:09 | 000,076,288 | ---- | C] () -- C:\Windows\SysNative\mscories.dll
[2010/03/02 11:06:29 | 012,240,896 | ---- | C] () -- C:\Windows\SysNative\NlsLexicons0007.dll
[2010/03/02 11:06:26 | 002,644,480 | ---- | C] () -- C:\Windows\SysNative\NlsLexicons0009.dll
[2010/03/02 11:06:11 | 001,361,920 | ---- | C] () -- C:\Windows\SysNative\NaturalLanguage6.dll
[2010/03/02 10:52:13 | 000,156,220 | ---- | C] () -- C:\Users\PC\Desktop\screen pic2.jpg
[2010/03/02 10:49:48 | 000,102,365 | ---- | C] () -- C:\Users\PC\Desktop\screen pic.jpg
[2010/03/02 10:42:46 | 001,245,184 | ---- | C] () -- C:\Windows\SysNative\WMNetMgr.dll
[2010/03/02 10:42:45 | 000,112,640 | ---- | C] () -- C:\Windows\SysNative\logagent.exe
[2010/03/02 10:40:42 | 013,426,176 | ---- | C] () -- C:\Windows\SysNative\wmp.dll
[2010/03/02 10:40:37 | 000,372,736 | ---- | C] () -- C:\Windows\SysNative\unregmp2.exe
[2010/03/02 10:40:32 | 008,147,968 | ---- | C] () -- C:\Windows\SysNative\wmploc.DLL
[2010/03/02 10:39:48 | 001,691,648 | ---- | C] () -- C:\Windows\SysNative\connect.dll
[2010/03/02 10:39:46 | 001,570,816 | ---- | C] () -- C:\Windows\SysNative\quartz.dll
[2010/03/02 10:39:46 | 000,093,184 | ---- | C] () -- C:\Windows\SysNative\mciavi32.dll
[2010/03/02 10:39:46 | 000,054,272 | ---- | C] () -- C:\Windows\SysNative\iyuv_32.dll
[2010/03/02 10:39:46 | 000,038,400 | ---- | C] () -- C:\Windows\SysNative\msvidc32.dll
[2010/03/02 10:39:46 | 000,025,600 | ---- | C] () -- C:\Windows\SysNative\msyuv.dll
[2010/03/02 10:39:46 | 000,013,824 | ---- | C] () -- C:\Windows\SysNative\tsbyuv.dll
[2010/03/02 10:39:45 | 000,143,360 | ---- | C] () -- C:\Windows\SysNative\msvfw32.dll
[2010/03/02 10:39:45 | 000,108,544 | ---- | C] () -- C:\Windows\SysNative\avifil32.dll
[2010/03/02 10:39:45 | 000,076,800 | ---- | C] () -- C:\Windows\SysNative\avicap32.dll
[2010/03/02 10:39:45 | 000,015,872 | ---- | C] () -- C:\Windows\SysNative\msrle32.dll
[2010/03/02 10:39:38 | 000,558,592 | ---- | C] () -- C:\Windows\SysNative\EncDec.dll
[2010/03/02 10:39:38 | 000,289,792 | ---- | C] () -- C:\Windows\SysNative\psisrndr.ax
[2010/03/02 10:39:37 | 000,375,808 | ---- | C] () -- C:\Windows\SysNative\psisdecd.dll
[2010/03/02 10:39:35 | 000,101,376 | ---- | C] () -- C:\Windows\SysNative\MSNP.ax
[2010/03/02 10:39:33 | 000,227,328 | ---- | C] () -- C:\Windows\SysNative\mpg2splt.ax
[2010/03/02 10:38:35 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\Apphlpdm.dll
[2010/03/02 10:38:33 | 004,240,384 | ---- | C] () -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2010/03/02 10:38:00 | 000,366,080 | ---- | C] () -- C:\Windows\SysNative\atmfd.dll
[2010/03/02 10:38:00 | 000,189,440 | ---- | C] () -- C:\Windows\SysNative\t2embed.dll
[2010/03/02 10:38:00 | 000,096,256 | ---- | C] () -- C:\Windows\SysNative\fontsub.dll
[2010/03/02 10:38:00 | 000,048,128 | ---- | C] () -- C:\Windows\SysNative\atmlib.dll
[2010/03/02 10:37:54 | 000,791,552 | ---- | C] () -- C:\Windows\SysNative\localspl.dll
[2010/03/02 10:37:51 | 001,280,512 | ---- | C] () -- C:\Windows\SysNative\rpcrt4.dll
[2010/03/02 10:37:46 | 000,437,248 | ---- | C] () -- C:\Windows\SysNative\WSDApi.dll
[2010/03/02 10:37:45 | 000,818,688 | ---- | C] () -- C:\Windows\SysNative\WMSPDMOD.DLL
[2010/03/02 10:37:44 | 000,660,480 | ---- | C] () -- C:\Windows\SysNative\win32spl.dll
[2010/03/02 10:37:40 | 002,749,952 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2010/03/02 10:37:11 | 000,295,936 | ---- | C] () -- C:\Windows\SysNative\raschap.dll
[2010/03/02 10:37:11 | 000,280,576 | ---- | C] () -- C:\Windows\SysNative\rastls.dll
[2010/03/02 10:37:09 | 001,208,832 | ---- | C] () -- C:\Windows\SysNative\kernel32.dll
[2010/03/02 10:37:07 | 000,025,600 | ---- | C] () -- C:\Windows\SysNative\amxread.dll
[2010/03/02 10:37:07 | 000,015,872 | ---- | C] () -- C:\Windows\SysNative\apilogen.dll
[2010/03/02 10:36:24 | 000,388,608 | ---- | C] () -- C:\Windows\SysNative\gdi32.dll
[2010/03/02 10:36:14 | 000,002,048 | ---- | C] () -- C:\Windows\SysNative\tzres.dll
[2010/03/02 10:35:48 | 000,464,384 | ---- | C] () -- C:\Windows\SysNative\drivers\srv.sys
[2010/03/02 10:35:48 | 000,141,824 | ---- | C] () -- C:\Windows\SysNative\drivers\srvnet.sys
[2010/03/02 10:35:45 | 000,324,608 | ---- | C] () -- C:\Windows\SysNative\PortableDeviceApi.dll
[2010/03/02 10:35:44 | 000,974,848 | ---- | C] () -- C:\Windows\SysNative\inetcomm.dll
[2010/03/02 10:35:42 | 000,361,984 | ---- | C] () -- C:\Windows\SysNative\es.dll
[2010/03/02 10:35:40 | 001,875,456 | ---- | C] () -- C:\Windows\SysNative\msxml3.dll
[2010/03/02 10:35:39 | 001,794,560 | ---- | C] () -- C:\Windows\SysNative\msxml6.dll
[2010/03/02 10:35:15 | 002,423,296 | ---- | C] () -- C:\Windows\SysNative\mstscax.dll
[2010/03/02 10:35:09 | 000,531,456 | ---- | C] () -- C:\Windows\SysNative\IPSECSVC.DLL
[2010/03/02 10:35:07 | 000,273,408 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb10.sys
[2010/03/02 10:35:07 | 000,134,656 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb.sys
[2010/03/02 10:35:05 | 000,880,640 | ---- | C] () -- C:\Windows\SysNative\timedate.cpl
[2010/03/02 10:35:01 | 001,030,656 | ---- | C] () -- C:\Windows\SysNative\printfilterpipelinesvc.exe
[2010/03/02 10:35:00 | 000,718,336 | ---- | C] () -- C:\Windows\SysNative\rpcss.dll
[2010/03/02 10:34:59 | 000,231,424 | ---- | C] () -- C:\Windows\SysNative\sdohlp.dll
[2010/03/02 10:34:59 | 000,163,840 | ---- | C] () -- C:\Windows\SysNative\iasrecst.dll
[2010/03/02 10:34:59 | 000,075,776 | ---- | C] () -- C:\Windows\SysNative\iasads.dll
[2010/03/02 10:34:59 | 000,061,440 | ---- | C] () -- C:\Windows\SysNative\iasdatastore.dll
[2010/03/02 10:34:59 | 000,036,352 | ---- | C] () -- C:\Windows\SysNative\printfilterpipelineprxy.dll
[2010/03/02 10:34:59 | 000,024,576 | ---- | C] () -- C:\Windows\SysNative\iashost.exe
[2010/03/02 10:33:51 | 000,594,944 | ---- | C] () -- C:\Windows\SysNative\RMActivate_isv.exe
[2010/03/02 10:33:51 | 000,594,432 | ---- | C] () -- C:\Windows\SysNative\RMActivate.exe
[2010/03/02 10:33:50 | 000,535,040 | ---- | C] () -- C:\Windows\SysNative\secproc.dll
[2010/03/02 10:33:50 | 000,534,016 | ---- | C] () -- C:\Windows\SysNative\secproc_isv.dll
[2010/03/02 10:33:50 | 000,413,696 | ---- | C] () -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2010/03/02 10:33:50 | 000,409,600 | ---- | C] () -- C:\Windows\SysNative\RMActivate_ssp.exe
[2010/03/02 10:33:49 | 000,457,216 | ---- | C] () -- C:\Windows\SysNative\msdrm.dll
[2010/03/02 10:33:49 | 000,159,232 | ---- | C] () -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2010/03/02 10:33:49 | 000,158,720 | ---- | C] () -- C:\Windows\SysNative\secproc_ssp.dll
[2010/03/02 10:30:46 | 002,452,872 | ---- | C] () -- C:\Windows\SysNative\ieapfltr.dat
[2010/03/02 10:30:42 | 005,686,784 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2010/03/02 10:30:39 | 007,005,696 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2010/03/02 10:30:39 | 001,032,704 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2010/03/02 10:30:38 | 001,426,432 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2010/03/02 10:30:37 | 000,208,896 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2010/03/02 10:30:36 | 000,422,400 | ---- | C] () -- C:\Windows\SysNative\ieapfltr.dll
[2010/03/02 10:30:35 | 000,580,608 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2010/03/02 10:30:35 | 000,375,296 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2010/03/02 10:30:34 | 000,480,256 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2010/03/02 10:30:34 | 000,249,856 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2010/03/02 10:30:33 | 000,485,376 | ---- | C] () -- C:\Windows\SysNative\html.iec
[2010/03/02 10:30:33 | 000,267,776 | ---- | C] () -- C:\Windows\SysNative\ieaksie.dll
[2010/03/02 10:30:33 | 000,032,768 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
[2010/03/02 10:30:32 | 001,129,984 | ---- | C] () -- C:\Windows\SysNative\mstime.dll
[2010/03/02 10:30:32 | 000,086,528 | ---- | C] () -- C:\Windows\SysNative\ieencode.dll
[2010/03/02 10:30:32 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2010/03/02 10:30:30 | 001,383,424 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2010/03/02 10:29:06 | 000,753,152 | ---- | C] () -- C:\Windows\SysNative\jscript.dll
[2010/03/02 10:28:59 | 001,418,840 | ---- | C] () -- C:\Windows\SysNative\drivers\tcpip.sys
[2010/03/02 10:28:42 | 003,547,136 | ---- | C] () -- C:\Windows\SysNative\mf.dll
[2010/03/02 10:28:42 | 002,900,480 | ---- | C] () -- C:\Windows\SysNative\WMVCORE.DLL
[2010/03/02 10:28:31 | 001,692,160 | ---- | C] () -- C:\Windows\SysNative\lsasrv.dll
[2010/03/02 10:28:31 | 000,268,800 | ---- | C] () -- C:\Windows\SysNative\msv1_0.dll
[2010/03/02 10:28:31 | 000,205,312 | ---- | C] () -- C:\Windows\SysNative\wdigest.dll
[2010/03/02 10:28:30 | 000,515,656 | ---- | C] () -- C:\Windows\SysNative\drivers\ksecdd.sys
[2010/03/02 10:28:30 | 000,094,720 | ---- | C] () -- C:\Windows\SysNative\secur32.dll
[2010/03/02 10:28:30 | 000,011,264 | ---- | C] () -- C:\Windows\SysNative\lsass.exe
[2010/03/02 10:28:17 | 000,088,576 | ---- | C] () -- C:\Windows\SysNative\atl.dll
[2010/03/02 10:28:15 | 000,557,056 | ---- | C] () -- C:\Windows\SysNative\wmpeffects.dll
[2010/03/02 10:28:13 | 000,603,648 | ---- | C] () -- C:\Windows\SysNative\vbscript.dll
[2010/03/02 10:28:13 | 000,227,328 | ---- | C] () -- C:\Windows\SysNative\scrobj.dll
[2010/03/02 10:28:13 | 000,197,632 | ---- | C] () -- C:\Windows\SysNative\scrrun.dll
[2010/03/02 10:28:13 | 000,166,912 | ---- | C] () -- C:\Windows\SysNative\wscript.exe
[2010/03/02 10:28:13 | 000,147,968 | ---- | C] () -- C:\Windows\SysNative\cscript.exe
[2010/03/02 10:28:13 | 000,144,384 | ---- | C] () -- C:\Windows\SysNative\wshom.ocx
[2010/03/02 10:28:13 | 000,101,888 | ---- | C] () -- C:\Windows\SysNative\wshext.dll
[2010/03/02 10:28:05 | 000,141,312 | ---- | C] () -- C:\Windows\SysNative\netiohlp.dll
[2010/03/02 10:28:05 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\NETSTAT.EXE
[2010/03/02 10:28:05 | 000,023,040 | ---- | C] () -- C:\Windows\SysNative\ARP.EXE
[2010/03/02 10:28:04 | 000,021,504 | ---- | C] () -- C:\Windows\SysNative\ROUTE.EXE
[2010/03/02 10:28:04 | 000,012,800 | ---- | C] () -- C:\Windows\SysNative\MRINFO.EXE
[2010/03/02 10:28:04 | 000,011,264 | ---- | C] () -- C:\Windows\SysNative\finger.exe
[2010/03/02 10:28:04 | 000,010,752 | ---- | C] () -- C:\Windows\SysNative\TCPSVCS.EXE
[2010/03/02 10:28:04 | 000,010,240 | ---- | C] () -- C:\Windows\SysNative\HOSTNAME.EXE
[2010/03/02 10:28:03 | 000,017,920 | ---- | C] () -- C:\Windows\SysNative\netevent.dll
[2010/03/02 10:27:27 | 000,174,592 | ---- | C] () -- C:\Windows\SysNative\drivers\srv2.sys
[2010/03/02 10:26:26 | 000,883,200 | ---- | C] () -- C:\Windows\SysNative\drivers\dxgkrnl.sys
[2010/03/02 10:26:26 | 000,399,872 | ---- | C] () -- C:\Windows\SysNative\emdmgmt.dll
[2010/03/02 10:26:25 | 000,187,392 | ---- | C] () -- C:\Windows\SysNative\drivers\nwifi.sys
[2010/03/02 10:26:25 | 000,048,640 | ---- | C] () -- C:\Windows\SysNative\dataclen.dll
[2010/03/02 10:26:25 | 000,047,104 | ---- | C] () -- C:\Windows\SysNative\cdd.dll
[2010/03/02 10:26:24 | 000,082,944 | ---- | C] () -- C:\Windows\SysNative\msasn1.dll
[2010/03/02 10:26:19 | 000,094,208 | ---- | C] () -- C:\Windows\SysNative\drivers\pacer.sys
[2010/03/02 10:26:19 | 000,039,424 | ---- | C] () -- C:\Windows\SysNative\traffic.dll
[2010/03/02 10:26:19 | 000,017,920 | ---- | C] () -- C:\Windows\SysNative\pacerprf.dll
[2010/03/02 10:26:19 | 000,016,896 | ---- | C] () -- C:\Windows\SysNative\wshqos.dll
[2010/03/02 10:26:17 | 000,202,752 | ---- | C] () -- C:\Windows\SysNative\wkssvc.dll
[2010/03/02 10:26:16 | 000,730,112 | ---- | C] () -- C:\Windows\SysNative\msdtcprx.dll
[2010/03/02 10:26:15 | 000,048,640 | ---- | C] () -- C:\Windows\SysNative\xolehlp.dll
[2010/03/02 10:26:06 | 000,368,128 | ---- | C] () -- C:\Windows\SysNative\wmpdxm.dll
[2010/03/02 10:26:05 | 000,009,216 | ---- | C] () -- C:\Windows\SysNative\spwmp.dll
[2010/03/02 10:26:05 | 000,005,120 | ---- | C] () -- C:\Windows\SysNative\msdxm.ocx
[2010/03/02 10:26:05 | 000,005,120 | ---- | C] () -- C:\Windows\SysNative\dxmasf.dll
[2010/03/02 10:26:04 | 000,043,520 | ---- | C] () -- C:\Windows\SysNative\msdxm.tlb
[2010/03/02 10:26:04 | 000,018,432 | ---- | C] () -- C:\Windows\SysNative\amcompat.tlb
[2010/03/02 10:25:14 | 012,897,792 | ---- | C] () -- C:\Windows\SysNative\shell32.dll
[2010/03/02 10:24:45 | 000,176,640 | ---- | C] () -- C:\Windows\SysNative\Faultrep.dll
[2010/03/02 10:24:45 | 000,120,832 | ---- | C] () -- C:\Windows\SysNative\wersvc.dll
[2010/03/02 10:24:43 | 000,841,216 | ---- | C] () -- C:\Windows\SysNative\WindowsCodecs.dll
[2010/03/02 10:24:43 | 000,470,016 | ---- | C] () -- C:\Windows\SysNative\PhotoMetadataHandler.dll
[2010/03/02 10:24:43 | 000,386,560 | ---- | C] () -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2010/03/02 10:24:40 | 002,608,803 | ---- | C] () -- C:\Windows\SysNative\wlan.tmf
[2010/03/02 10:24:39 | 000,615,936 | ---- | C] () -- C:\Windows\SysNative\wlansvc.dll
[2010/03/02 10:24:39 | 000,376,832 | ---- | C] () -- C:\Windows\SysNative\wlansec.dll
[2010/03/02 10:24:39 | 000,353,280 | ---- | C] () -- C:\Windows\SysNative\wlanmsm.dll
[2010/03/02 10:24:39 | 000,157,184 | ---- | C] () -- C:\Windows\SysNative\L2SecHC.dll
[2010/03/02 10:24:39 | 000,097,792 | ---- | C] () -- C:\Windows\SysNative\wlanhlp.dll
[2010/03/02 10:24:39 | 000,086,528 | ---- | C] () -- C:\Windows\SysNative\wlanapi.dll
[2010/03/02 10:24:32 | 000,648,704 | ---- | C] () -- C:\Windows\SysNative\netapi32.dll
[2010/03/01 22:10:05 | 000,001,773 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2010/03/01 22:10:05 | 000,001,771 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/03/01 20:49:08 | 002,329,646 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1105000.07F\Cat.DB
[2010/03/01 20:42:39 | 000,451,120 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1105000.07F\symtdiv.sys
[2010/03/01 20:42:39 | 000,221,232 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1105000.07F\symefa64.sys
[2010/03/01 20:42:39 | 000,007,787 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1105000.07F\symnetv64.cat
[2010/03/01 20:42:39 | 000,007,412 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1105000.07F\symefa64.cat
[2010/03/01 20:42:39 | 000,007,368 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1105000.07F\symnet64.cat
[2010/03/01 20:42:39 | 000,003,374 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1105000.07F\symefa.inf
[2010/03/01 20:42:39 | 000,001,473 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1105000.07F\symnetv.inf
[2010/03/01 20:42:39 | 000,001,445 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1105000.07F\symnet.inf
[2010/03/01 20:42:38 | 000,615,040 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1105000.07F\cchpx64.sys
[2010/03/01 20:42:38 | 000,504,880 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1105000.07F\srtsp64.sys
[2010/03/01 20:42:38 | 000,433,200 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1105000.07F\symds64.sys
[2010/03/01 20:42:38 | 000,148,528 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1105000.07F\ironx64.sys
[2010/03/01 20:42:38 | 000,032,304 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1105000.07F\srtspx64.sys
[2010/03/01 20:42:38 | 000,007,414 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1105000.07F\srtspx64.cat
[2010/03/01 20:42:38 | 000,007,410 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1105000.07F\srtsp64.cat
[2010/03/01 20:42:38 | 000,007,406 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1105000.07F\symds64.cat
[2010/03/01 20:42:38 | 000,007,402 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1105000.07F\iron.cat
[2010/03/01 20:42:38 | 000,007,345 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1105000.07F\cchpx64.cat
[2010/03/01 20:42:38 | 000,002,793 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1105000.07F\symds.inf
[2010/03/01 20:42:38 | 000,001,840 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1105000.07F\cchpx64.inf
[2010/03/01 20:42:38 | 000,001,437 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1105000.07F\srtsp64.inf
[2010/03/01 20:42:38 | 000,001,421 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1105000.07F\srtspx64.inf
[2010/03/01 20:42:38 | 000,000,772 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1105000.07F\iron.inf
[2010/03/01 20:42:27 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1105000.07F\isolate.ini
[2010/03/01 20:34:56 | 000,001,866 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2010/03/01 19:37:43 | 000,001,789 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/03/01 18:27:02 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/03/01 18:24:00 | 000,001,890 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/03/01 18:12:19 | 000,001,751 | ---- | C] () -- C:\Users\Public\Desktop\SeaMonkey.lnk
[2010/03/01 17:57:44 | 002,621,440 | ---- | C] () -- C:\Windows\SysNative\wucltux.dll
[2010/03/01 17:57:44 | 002,424,024 | ---- | C] () -- C:\Windows\SysNative\wuaueng.dll
[2010/03/01 17:57:44 | 000,057,560 | ---- | C] () -- C:\Windows\SysNative\wuauclt.exe
[2010/03/01 17:57:44 | 000,043,744 | ---- | C] () -- C:\Windows\SysNative\wups2.dll
[2010/03/01 17:57:36 | 000,700,640 | ---- | C] () -- C:\Windows\SysNative\wuapi.dll
[2010/03/01 17:57:36 | 000,098,816 | ---- | C] () -- C:\Windows\SysNative\wudriver.dll
[2010/03/01 17:57:36 | 000,038,112 | ---- | C] () -- C:\Windows\SysNative\wups.dll
[2010/03/01 17:57:25 | 000,185,416 | ---- | C] () -- C:\Windows\SysNative\wuwebv.dll
[2010/03/01 17:57:25 | 000,036,864 | ---- | C] () -- C:\Windows\SysNative\wuapp.exe
[2010/03/01 17:52:48 | 000,173,104 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2010/03/01 17:52:48 | 000,007,440 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2010/03/01 17:52:48 | 000,000,854 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2010/03/01 17:52:44 | 000,002,301 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2010/03/01 17:46:48 | 000,005,115 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2010/03/01 17:31:22 | 000,000,016 | RHS- | C] () -- C:\Windows\SysWow64\drivers\fbd.sys
[2010/03/01 17:31:13 | 000,000,006 | RHS- | C] () -- C:\Windows\SysNative\drivers\taishop.sys
[2010/03/01 17:31:01 | 002,097,152 | -HS- | C] () -- C:\Users\PC\NTUSER.DAT
[2010/03/01 17:31:01 | 000,524,288 | -HS- | C] () -- C:\Users\PC\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000002.regtrans-ms
[2010/03/01 17:31:01 | 000,524,288 | -HS- | C] () -- C:\Users\PC\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2010/03/01 17:31:01 | 000,065,536 | -HS- | C] () -- C:\Users\PC\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2010/03/01 17:31:01 | 000,000,020 | -HS- | C] () -- C:\Users\PC\ntuser.ini
[2010/03/01 15:17:00 | 4156,551,168 | -HS- | C] () -- C:\hiberfil.sys
[2010/03/01 15:12:42 | 000,504,912 | ---- | C] () -- C:\Windows\SysNative\drivers\tos_sps64.sys
[2010/03/01 15:06:34 | 001,146,368 | ---- | C] () -- C:\Windows\SysNative\drivers\athrx.sys
[2010/03/01 15:06:34 | 000,768,512 | ---- | C] () -- C:\Windows\SysNative\S64CPA.exe
[2010/03/01 15:06:34 | 000,432,128 | ---- | C] () -- C:\Windows\SysNative\athihvs.dll
[2010/03/01 15:06:34 | 000,054,784 | ---- | C] () -- C:\Windows\SysNative\athihvui.dll
[2010/03/01 15:03:39 | 000,028,200 | ---- | C] () -- C:\Windows\SysNative\drivers\UVCFTR_S.SYS
[2010/03/01 15:02:31 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01000.Wdf
[2010/03/01 14:59:41 | 000,388,120 | ---- | C] () -- C:\Windows\SysNative\drivers\iaStor.sys
[2010/03/01 14:56:38 | 000,128,512 | ---- | C] () -- C:\Windows\SysNative\tosmreg.exe
[2010/03/01 14:56:38 | 000,128,113 | ---- | C] () -- C:\Windows\SysWow64\csellang.ini
[2010/03/01 14:56:38 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\csellang.dll
[2010/03/01 14:56:38 | 000,011,035 | ---- | C] () -- C:\Windows\SysNative\tosmreg.ini
[2010/03/01 14:56:38 | 000,007,671 | ---- | C] () -- C:\Windows\SysWow64\cseltbl.ini
[2010/03/01 14:55:29 | 000,000,553 | ---- | C] () -- C:\Windows\USetup.iss
[2010/03/01 14:54:21 | 001,396,888 | ---- | C] () -- C:\Windows\SysNative\drivers\RTKVHD64.sys
[2010/03/01 14:54:21 | 001,260,032 | ---- | C] () -- C:\Windows\SysNative\RtkAPO64.dll
[2010/03/01 14:54:21 | 000,763,904 | ---- | C] () -- C:\Windows\SysNative\RtPgEx64.dll
[2010/03/01 14:54:21 | 000,660,480 | ---- | C] () -- C:\Windows\SysNative\RTCOM64.dll
[2010/03/01 14:54:21 | 000,583,680 | ---- | C] () -- C:\Windows\SysNative\RTSnMg64.cpl
[2010/03/01 14:54:21 | 000,513,536 | ---- | C] () -- C:\Windows\SysNative\SRSTSX64.dll
[2010/03/01 14:54:21 | 000,368,672 | ---- | C] () -- C:\Windows\SysNative\RtkApi64.dll
[2010/03/01 14:54:21 | 000,211,376 | ---- | C] () -- C:\Windows\SysNative\SRSTSH64.dll
[2010/03/01 14:54:21 | 000,193,536 | ---- | C] () -- C:\Windows\SysNative\SRSHP64.dll
[2010/03/01 14:54:21 | 000,156,160 | ---- | C] () -- C:\Windows\SysNative\FMAPO64.dll
[2010/03/01 14:54:21 | 000,150,528 | ---- | C] () -- C:\Windows\SysNative\SRSWOW64.dll
[2010/03/01 14:54:21 | 000,039,424 | ---- | C] () -- C:\Windows\SysNative\RCoInst64.dll
[2008/08/18 10:37:34 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/08/18 10:23:51 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll
[2008/08/18 10:23:51 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll
[2008/08/18 10:23:51 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll
[2008/08/18 10:23:51 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll
[2008/08/18 10:23:51 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll
[2008/08/18 10:23:51 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll
[2008/01/20 18:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 18:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
< End of report >
OTL Extras logfile created on: 3/18/2010 1:17:08 AM - Run 1
OTL by OldTimer - Version 3.1.37.2 Folder = c:\Users\PC\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 33.00% Memory free
8.00 Gb Paging File | 5.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288.55 Gb Total Space | 223.79 Gb Free Space | 77.56% Space Free | Partition Type: NTFS
Drive D: | 106.68 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: PC-PC
Current User Name: PC
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-692173446-2600856224-2905154775-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l ()
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C103E21-FD89-4163-96D3-CBD0E8F8BACE}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{86071DF3-33CE-4C61-A6A9-3250A5796F29}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{52D4D7C7-1C6A-4406-BFD7-9D1DD9E622E7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{97FBFB04-D74E-4064-81AE-A7D004BE4147}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{A45D2DF4-5B76-433A-A444-61500203193C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"D27D7E9318CFA89EDDE8D448B507A8EB725F5A52" = Windows Driver Package - TOSHIBA (FwLnk) System (11/19/2006 1.0.0.3)
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = TOSHIBA Assist
"{224821ED-CADA-4A8A-AC8D-3734CC0F0931}" = Amazon Links
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{4C3F3228-13BE-41D0-A782-3DDE7CB2479A}" = CD/DVD Drive Acoustic Silencer
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{890EF3F8-742F-46BD-9E8E-084B3A1F4364}" = QuickBooks Financial Center
"{8E9DB7EF-5DD3-499E-BA2A-A1F3153A4DF8}" = Adobe Flash Player 9 ActiveX
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{99D518AB-77F2-405B-B52A-18FC22394CF8}" = NetZero Internet Access Installer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E1E56B8A-1AAF-422A-91DB-625059FB9863}" = TOSHIBA Desktop Links
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ERUNT_is1" = ERUNT 1.1j
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"NIS" = Norton Internet Security
"SeaMonkey (2.0.3)" = SeaMonkey (2.0.3)
"WildTangent toshiba Master Uninstall" = WildTangent Games
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 3/1/2010 7:26:13 PM | Computer Name = PC-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 3/1/2010 9:58:28 PM | Computer Name = PC-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 3/1/2010 9:58:28 PM | Computer Name = PC-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 3/1/2010 9:58:28 PM | Computer Name = PC-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =
Error - 3/1/2010 9:58:28 PM | Computer Name = PC-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 3/1/2010 9:58:28 PM | Computer Name = PC-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =
Error - 3/1/2010 9:58:28 PM | Computer Name = PC-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 3/1/2010 9:58:28 PM | Computer Name = PC-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =
Error - 3/1/2010 9:58:28 PM | Computer Name = PC-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =
Error - 3/2/2010 12:49:30 AM | Computer Name = PC-PC | Source = HTTP | ID = 15016
Description =
Error - 3/3/2010 9:37:24 AM | Computer Name = PC-PC | Source = HTTP | ID = 15016
Description =
< End of report >
The OTL was too long for one post. Thanks!
Dakeyras
2010-03-18, 11:32
Hi. :)
Thank you for your response!You're welcome!
I am still being port scanned.This may be related to the below and or some Toshiba related software. These types of probes occur quite often when a machine is connected online and for the most part Port scanning has legitimate uses in managing networks for example. Also port scanning also can be malicious in nature if someone is looking for a open/vulnerable port to gain access your computer.
By all means we can determine if your machine is infected during the course of the malware removal process and when I give the all clear it would be prudent to download and install all relevant critical security updates and consider upgrading the current service pack.
Note: Do not download/install any updates yet as this will actually hinder the malware removal process.
The OTL was too long for one post. Thanks! Not a problem.
If I may ask what do you use this computer for. Personal use only and or business related?
Reason asking is it appears you may be using two different ISP's:-
KPU Telecommunications and NTT America, the latter do you use with the Cisco EAP-FAST Module?
Please be patient with me as I don't have extensive technological knowledge:red:
This laptop is personal - the only work I do on my computer is in word documents. I should not be connected to any work networks.
My internet provider is KPU. I have used wifi at a hotel in the past month. This might explain NTT?
Dakeyras
2010-03-19, 00:13
H. :)
Please be patient with me as I don't have extensive technological knowledge:red:Not a problem I assure you and actually you are doing very well so far. :bigthumb:
Thank you for the clarification also and nothing to cause concern.
Next:
It appears OTL is not on the desktop:-
c:\Users\PC\Downloads\OTL.exe (OldTimer Tools)Please check if it is still in the location above:-
Click on Start(Vista orb) >> PC >> Downloads >> If OTL is still in this folder then move it to the desktop as follows:-
Click once on OTL.exe to highlight >> Edit >> Move To Folder... >> In the Move Items window that appears
Select/click on Desktop >> Move
Reason it is best moved is so nothing unforeseen occurs with the custom script below.
Next:
Out of date Adobe and Java installations pose a security risk. They can be used by malware as a means to infect a computer and or re-infect. We will update both in due course.
Now please go to Start >> Control Panel >> Programs and Features and remove the following (if present):
Adobe Reader 8.1.2
HijackThis <-- Not compatible with your 64 bit operating system.
Java(TM) 6 Update 6
To do so click once on each of the above to highlight then click on Uninstall/Change and follow the prompts.
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.
Please navigate to Start(Vista Orb) >> All Programs >>ERUNT >> ERUNT <-- Right click on this and select Run as Administrator.
Click on OK within the pop-up menu.
In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
System registry
Current user registry
Next click on OK
When the Question pop-up appears click on Yes
After a short duration the Registry backup is complete! popup will appear
Now click on OK. A backup has been created.
Note: If you have uninstalled ERUNT, please inform myself before proceeding any further.
If it is necessary to restore the registry, open the backup folder and start ERDNT.exe
Custom OTL Script:
Double-click OTL.exe and select Run as Administrator to start the program.
Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
:OTL
O4 - HKLM..\Run: [cfFncEnabler.exe] File not found
O4 - HKLM..\Run: [jswtrayutil] C:\Program Files (x86)\Jumpstart\jswtrayutil.exe File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_06)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
:Commands
[Purity]
[ResetHosts]
[EmptyTemp]
[Reboot]
Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
Then click the red Run Fix button.
Let the program run unhindered.
If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.
Next:
Please download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php) to your desktop.
Right-click mbam-setup.exe and select Run as Administrator, then follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please post that log in your next reply.
The log can also be found here:
Launch Malwarebytes' Anti-Malware
Click on the Logs radio tab.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
When completed the above, please post back the following:
Inform myself how your computer is running. Any problems encountered and or further symtoms?
OTL Log.
Malwarebytes Anti-Malware Log.
I uninstalled adobe, hijackthis and javaupdate -- Hijackthis said I would have to manually delete the exe. file bit I was not able to find it.
There are no new changes with the computer but Norton is still registering port scans.
Here are my OTL and malware logs:
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\cfFncEnabler.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\jswtrayutil deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{314111c7-a502-11d2-bbca-00c04f8ec294}\ deleted successfully.
File {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-itss\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A9007C0-4076-11D3-8789-0000F8105754}\ deleted successfully.
File {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}\ deleted successfully.
File {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found not found.
========== COMMANDS ==========
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: PC
->Temp folder emptied: 37291196 bytes
->Temporary Internet Files folder emptied: 13935202 bytes
->FireFox cache emptied: 77169209 bytes
->Apple Safari cache emptied: 47863384 bytes
->Flash cache emptied: 6297 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 24787711 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 32745245 bytes
Total Files Cleaned = 223.00 mb
OTL by OldTimer - Version 3.1.37.2 log created on 03192010_014516
Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PKGLGMXW\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MJSQAQLW\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4BSGYH0V\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3JZ4MMD2\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot.
Registry entries deleted on Reboot...
Malwarebytes' Anti-Malware 1.44
Database version: 3884
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000
3/19/2010 2:27:06 AM
mbam-log-2010-03-19 (02-27-06).txt
Scan type: Quick Scan
Objects scanned: 100089
Time elapsed: 3 minute(s), 34 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Dakeyras
2010-03-19, 14:12
Hi. :)
Hijackthis said I would have to manually delete the exe. file bit I was not able to find it.Not a problem. It may be on the actual desktop, if so delete it and then empty the Recycle Bin.
If its not there merely means it was probably removed during the uninstall process and the warning given because it is not 64 bit compatible.
There are no new changes with the computer but Norton is still registering port scans.
This is most likely due to the reasons I explained in my prior post here (http://forums.spybot.info/showpost.php?p=364188&postcount=11). Though I am going to ask your good self to run another scan shortly to rule out malware as the culprit.
New Adobe Reader Installation:
Go here (ftp://ftp.adobe.com/pub/adobe/reader/win/9.x/9.3/enu/) and click on AdbeRdr930_en_US.exe to download the latest version of Adobe Reader.
Save this file to your desktop, then right-click on AdbeRdr930_en_US.exe and select Run as Administrator to install the latest version of Adobe Reader.
New Java Installation:
Click here (http://java.sun.com/javase/downloads/index.jsp) to visit Java's website.
Scroll down to JDK 6 Update 18 (JDK or JRE). Click on Download JRE.
Select Windows from the drop-down list for Platform.
Select Multi-language from the drop-down list for Language.
Check (tick) Java SE Runtime Environment 6u18 with JavaFX 1 License Agreement box and click on Continue.
Click on jre-6u18-windows-i586.exe link to download it and save this to the desktop.
Right-click on jre-6u18-windows-i586.exe and select Run as Administrator to install Java.
Reset Vista SP1 Firewall:
Click on Start(Vista Orb) >> Run... and cut/paste in the following and click on OK
firewall.cplOr Start(Vista Orb) >> Control Panel >> Windows Firewall
Click on the Change Settings >> Advanced >> Restore Defaults >> At the prompt click on Yes >> OK
Now click back on Change Settings again >> General >> and select Off(not recommended) >> Apply >> OK.
Note: No need for it to be active after the reset because you have the Norton Internet Security Firewall active.
Run Kaspersky Online AV Scanner:
Right click on your favourite web browser (Internet Explorer, Firefox, etc) and select Run As Administrator to run it.
Go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases Click on My Computer under Scan and then put the kettle on!
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
This online tuturial (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif) will help explain how to use the aforementioned online scan.
When completed the above, please post back the following:
Inform myself how your computer is running. Any problems encountered and or further symptoms?
Kaspersky results.
Sorry for the delay. I haven't been able to connect my laptop to the internet the last few days and am still experiencing problems.
I keep getting the 'limited connectivity' sign. Resetting the ip address or clicking repair has not worked.
I will continue to fool around with it to see if I can get back online!
Dakeyras
2010-03-22, 11:34
Hi. :)
I keep getting the 'limited connectivity' sign. Resetting the ip address or clicking repair has not worked.
Most unfortunate.
OK if you use a Modem, power it down and switch back on 30-45 seconds later. If you are using a Router do the same and it may need a reset, usually a small recessed button somewhere on the router with Reset written underneath.
Also try the following:-
Click on Start(Vista Orb) >> In the white line (Start Search) area, type cmd
Press CTRL+SHIFT+ENTER >> Click on Continue in the UAC prompt
Now in the black command window that appears type the following exactly at the prompt:-
cd c:\
Then hit the Enter key.
At the next prompt type in:-
ipconfig /flushdns
Then hit the Enter key.
Once the above command has completed type in at the prompt:-
exit
Then hit the Enter key.
If still no working Internet Connection:-
Right click on the NCIS taskbar icon and select >> Diagnose And Repair >> Follow the prompts.
Finally if still not working temporarily deactivate the Norton Internet Security Firewall:-
Start Norton Personal Firewall >> In the left pane, click Status & Settings.
Click Security >> Turn off <-- If this restored your connection we will have to reconfigure the firewall.
Let myself know the outcome please, thank you.
I am back online.
I will post results as soon as I do them.
Thanks!
Dakeyras
2010-03-26, 01:29
OK no problem. I would be interested to know what was causing the connectivity problem though. :)
I am not sure what the problem was. I tried repairing, I flushed the dns, I tried restoring my computer, and I even exchanged modems. None of that worked. My internet service provider finally reset my connection even though they didn't see any problems and for whatever reason that worked.:2thumb:
I installed new adobe and java and reset the firewall. I also ran Kaspersky online. The scan found no threats.
Kaspersky did give me a pop up window that said I needed to run my browser as an administrator even after I had done this. Is this normal?
Dakeyras
2010-03-29, 12:16
Hi. :)
I am not sure what the problem was. I tried repairing, I flushed the dns, I tried restoring my computer, and I even exchanged modems. None of that worked. My internet service provider finally reset my connection even though they didn't see any problems and for whatever reason that worked.:2thumb:
Well a good result but obviously something was wrong the connection regardless the fact your ISP claims otherwise. But a favourable result non the less.
I installed new adobe and java and reset the firewall. I also ran Kaspersky online. The scan found no threats.
Did you save the report? As I would prefer to review it if possible.
Kaspersky did give me a pop up window that said I needed to run my browser as an administrator even after I had done this. Is this normal? Not heard of that one and never experienced this myself when ran the scan on my own Vista 64bit machine.......but it is possible your actual connection dropped momentarily and this was the cause.
Hi Dakeyras,
Here are my scan results. Just fyi, the same window popped up about needing to be an administrator this time as well. This has happened every time I have used the Kaspsersky 7.0 online scanner.
I appreciate you taking time out of your day to do this...
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, March 31, 2010
Operating system: Microsoft Windows Vista Home Premium Edition, 64-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, March 31, 2010 05:44:08
Records in database: 3905466
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
C:\
D:\
Scan statistics:
Objects scanned: 158530
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 02:18:24
No threats found. Scanned area is clean.
Selected area has been scanned.
Dakeyras
2010-04-01, 01:29
Hi. :)
Here are my scan results. Just fyi, the same window popped up about needing to be an administrator this time as well. This has happened every time I have used the Kaspsersky 7.0 online scanner.Most intriguing and I checked this out on my own Vista 64 bit machine and it appears a new feature added to the online scan to warn about this I was unaware of. This is absolutely fine I will add and merely the online scanner's double check if you will.
Either way the scan results are good!
I appreciate you taking time out of your day to do this...You're welcome.
Any other issues remaining? Before we clean up the tools used and I provide some online safety advice.
If you don't mind, I have a few questions for my peace of mind, and a problem with my gmail that hasn't gone away.
1. For port scanning, I understand what you are saying that it can happen and it doesn't always mean the sky is falling. It still seems weird to me that the IP address of the attacking computer is so similar to my own. A typical Norton report (which happens 3-4 times an hour) is:
Attacking computer: xxx.xxx.192.11, 53
Destination : xxx.xxx.205.128, 56307 (my computer and a port)
Traffic description: UDP, 53
Is it normal to have the IP address be so similar?
2. If I try to change my password on facebook (I use firefox) or visit a lot of other sites that require typing in info I get:
"You have requested an encrypted page that contains some unencrypted information. Information that you see or enter on this page could easily be read by a third party"
This sounds bad. How much should I be worried about this? I have read that this might refer to graphics on the page and that the password part is still safe.
3. I am having a weird thing occur with my gmail account. About 1 in 10 times after signing out I get a pop up window that says:
"You have been signed out of this account. This may have happened because another user signed in from the same browser. To continue using this account you will need to sign in again."
I have had this problem for a while. It has happened at multiple computers, so it is not specific to my laptop. I was hoping this problem would go away like the storage devices appear to but it hasn't. I have no clue how to fix it or what the problem might be.
Thank you in advance for your ideas. Happy Saturday!
Dakeyras
2010-04-04, 21:09
Hi. :)
If you don't mind, I have a few questions for my peace of mind, and a problem with my gmail that hasn't gone away.I do not mind at all.
1. For port scanning, I understand what you are saying that it can happen and it doesn't always mean the sky is falling. It still seems weird to me that the IP address of the attacking computer is so similar to my own. A typical Norton report (which happens 3-4 times an hour) is:
Attacking computer: xxx.xxx.192.11, 53
Destination : xxx.xxx.205.128, 56307 (my computer and a port)
Traffic description: UDP, 53
Is it normal to have the IP address be so similar? Port UDP 53 is the default port for DNS(Domain Name Service). This is basically a distributed internet directory type service. DNS is used mostly to translate between domain names and IP addresses, and to control email delivery. The vast majority of ISP's rely on DNS to work. If DNS fails or is too slow, web sites cannot be located and email delivery stalls. Now as to why Norton is flagging this may be due to how your actual ISP operates and the DNS in use. The firewall I use on this computer regularly blocks unknown incoming connections also and this proves it is doing its job like you computer's firewall is. Also you have to remember actual IP address may be similar but this does not mean it is your computer.
2. If I try to change my password on facebook (I use firefox) or visit a lot of other sites that require typing in info I get:
"You have requested an encrypted page that contains some unencrypted information. Information that you see or enter on this page could easily be read by a third party"
This sounds bad. How much should I be worried about this? I have read that this might refer to graphics on the page and that the password part is still safe.
I am far from familiar with these types of social networking sites basically because I do not use them myself. OK from what you described it sounds that the actual site may not be up to date compared with the browser you are using. Similar occurs with my ISP's actual login page and not a lot I can do about that. Off course try using the site with Internet Explorer instead but the same warning could very well occur.
3. I am having a weird thing occur with my gmail account. About 1 in 10 times after signing out I get a pop up window that says:
"You have been signed out of this account. This may have happened because another user signed in from the same browser. To continue using this account you will need to sign in again."
I have had this problem for a while. It has happened at multiple computers, so it is not specific to my laptop. I was hoping this problem would go away like the storage devices appear to but it hasn't. I have no clue how to fix it or what the problem might be. This may be due to the browser you are using blocking cookies for Gmail and not allowing them to be updated. As it stand though this appears to be a normal feature of GMail and it is merely informing you that you have signed out and not a cause for concern. One way around this would be to use a Email client such as Outlook Express or Mozillia Thunderbird to access your Gmail. There are several related articles on this page (http://mail.google.com/support/bin/topic.py?hl=en&topic=12912)that explain how to set this feature up.
Next:
Congratulations your computer appears to be malware free!
Now I have some tasks for your good self to carry out as part of a clean up process and some advice about online safety.
Importance of Regular System Maintenance:
I advice you read both of the below listed topics as this will go a long way to keeping your Computer performing well.
Help! My computer is slow! (http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html)
Also so is this:
What to do if your Computer is running slowly (http://www.malwareremoval.com/tutorials/runningslowly.php)
Clean up with OTL:
Right-click OTL and select Run as Administrator to start the program.
Close all other programs apart from OTL as this step will require a reboot.
On the OTL main screen, depress the CleanUp button.
Say Yes to the prompt and then allow the program to reboot your computer.
The above process should clean up and remove the vast majority of scanners used and logs created etc.
Any left over merely delete yourself and empty the Recycle Bin.
Reset the System Restore points:
Create a new, clean System Restore point:-
Right click on Computer and select Properties >> System protection >> Create.
Give this restore point a descriptive name and click Create.
When done, click Apply >> OK.
Note: Do not clear infected/old System Restore points before creating a new System Restore point first!
Flush Old System Restore points:-
Right click on Computer and select Properties >> System protection.
(untick) Vista C system box an click Turn off system restore then Apply >> OK.
Restart your computer.
Navigate back to System protection >> (tick) Vista C system box >> Apply >> OK
Now some advice for on-line safety:
Malwarebyte's Anti-Malware:
This is a excellent application and I advise you keep this installed. Check for updates and run a scan once a week.
Other installed security software:
Your presently installed security application, Norton Internet Security automatically checks for updates and downloads/installs them with every system reboot and or periodically if the machine is left running providing a internet connection is active.
I advise you also run a complete scan with this also once per week.
Erunt:
Emergency Recovery Utility NT, I advice you keep this installed as a means to keep a complete backup of your registry and restore it when needed.
Myself I would actually create a new back up once per week as this along with System Restore may prove to be invaluable if something unforeseen occurs!
Keep your system updated:
Microsoft releases patches for Windows and other products regularly:
Click on Start(Vista Orb) >> All Programs >> Windows Update.
In the navigation pane, click Check for updates.
After Windows Update has finished checking for updates, click View available updates.
Click to select the check box for any found, then click Install.
When completed Reboot(restart) your computer if not prompted to do so.
Be careful when opening attachments and downloading files:
Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.
Never open emails from unknown senders.
Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These email addresses can be easily spoofed. Check the antivirus vendor websites to be sure.
Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on Sourceforge (http://sourceforge.net/) or Pricelessware (http://www.pricelesswarehome.org/).
Stop malicious scripts:
Windows by default allow scripts (which is VBScript and JavaScript) to run and some of these scripts are malicious. Use Noscript (http://www.symantec.com/avcenter/noscript.exe) by Symantec or Script Defender (http://www.analogx.com/contents/download/system/sdefend.htm) by AnalogX to handle these scripts.
Avoid Peer to Peer software:
P2P may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. My advice is avoid these types of software applications.
Hosts File:
A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your computer will look up the website's IP address before you can view the website.
Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.
Here are some Hosts files:
MVPS Hosts File (http://www.mvps.org/winhelp2002/hosts.htm)
Bluetack's Hosts File (http://www.bluetack.co.uk/forums/index.php?showtopic=8406)
Bluetack's Host Manager (http://www.bluetack.co.uk/forums/index.php?autocom=faq&CODE=02&qid=16)
hpHosts (http://hosts-file.net/?s=Download)
Only use one of the above.
Install WinPatrol:
WinPatrol alerts you about possible system hijacks, malware attacks and critical changes made to your computer without your permission.
Download it from here (http://www.winpatrol.com/download.html).
You can find information about how WinPatrol works here (http://www.winpatrol.com/features.html).
Next:
Any questions? Feel free to ask, if not stay safe!
Dakeyras
2010-04-06, 00:45
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.
Note: If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than four days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.