Somethings up

View previous topic View next topic Go down

Somethings up

Post by Slica on 8th November 2010, 8:00 am

Hi a friend of mine wanted some help with her computer. When I get online, I have been getting 'this page is potentially harmful' messages instead of the webpage (google, for example). Its random, and doesnt always happen, but it has been. Also, I cant access my task bar...and have also gotten messages for Windows Explorer. The taskbar error has been constant, and and the Explorer error was a one time only thing tonight. Nonetheless, this all started occurring after some anti virus fae popped up and started 'scanning'. I didnt click anything and instead tried to get into the taskbar to close whatever it was. Obviously, I couldnt get into the taskbar.

Here are the OTL Files, starting with OTL.Txt:

OTL logfile created on: 11/8/2010 2:06:55 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\shejan\Desktop\Download
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 296.62 Gb Total Space | 202.21 Gb Free Space | 68.17% Space Free | Partition Type: NTFS

Computer Name: MUSICBOX | User Name: shejan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/08 00:58:09 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\shejan\Desktop\Download\OTL.com
PRC - [2010/10/12 14:38:54 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/05/25 07:47:48 | 000,137,560 | ---- | M] (WeFi) -- C:\Program Files\WeFi\WefiEngSvc.exe
PRC - [2010/05/25 07:47:46 | 000,541,528 | ---- | M] (WeFi) -- C:\Program Files\WeFi\WeFi.exe
PRC - [2010/05/14 17:06:30 | 000,406,848 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
PRC - [2010/04/30 15:47:30 | 000,136,448 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
PRC - [2009/08/05 11:49:44 | 000,284,016 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
PRC - [2009/08/03 08:33:06 | 001,626,112 | ---- | M] (Eastman Kodak Company) -- C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/02/14 14:08:30 | 000,184,320 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe
PRC - [2008/02/12 21:51:41 | 001,862,144 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2008/02/01 20:24:44 | 003,150,848 | ---- | M] (Arachnoid Biometrics Identification Group) -- C:\Program Files\TrueSuite Access Manager\PwdBank.exe
PRC - [2008/01/29 20:51:52 | 004,911,104 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/01/29 19:00:40 | 000,430,080 | ---- | M] () -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2008/01/24 13:21:34 | 000,671,744 | ---- | M] (AuthenTec, Inc) -- C:\Program Files\TrueSuite Access Manager\FpNotifier.exe
PRC - [2008/01/22 16:25:26 | 000,712,704 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
PRC - [2008/01/21 18:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/01/20 21:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/17 18:27:52 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
PRC - [2008/01/17 18:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2008/01/09 17:02:08 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2007/12/25 16:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2007/12/25 16:06:52 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2007/12/13 22:52:00 | 000,143,360 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
PRC - [2007/12/03 19:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe
PRC - [2007/11/21 20:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2007/10/25 19:41:18 | 000,413,696 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
PRC - [2007/10/23 19:27:16 | 000,066,928 | ---- | M] () -- c:\Toshiba\IVP\swupdate\swupdtmr.exe
PRC - [2007/10/15 11:01:22 | 000,049,152 | ---- | M] (AuthenTec Inc.) -- C:\Windows\System32\TAMSvr.exe
PRC - [2007/10/08 16:27:02 | 000,794,624 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2007/10/08 16:01:54 | 000,483,328 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2007/09/28 19:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2007/06/15 23:01:58 | 000,448,080 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SmoothView\SmoothView.exe
PRC - [2007/06/05 18:42:12 | 000,094,208 | ---- | M] () -- C:\Program Files\TrueSuite Access Manager\usbnotify.exe
PRC - [2007/06/05 15:31:48 | 000,163,840 | ---- | M] (Arachnoid Biometrics Identification Group Corp.) -- C:\Program Files\TrueSuite Access Manager\CssSvr.exe
PRC - [2007/01/25 21:47:50 | 000,136,816 | ---- | M] () -- C:\Toshiba\IVP\ISM\pinger.exe
PRC - [2007/01/25 21:45:42 | 000,468,600 | ---- | M] (TOSHIBA Corporation) -- C:\Toshiba\IVP\ISM\Ivpsvmgr.exe
PRC - [2007/01/10 00:59:52 | 000,115,816 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2007/01/10 00:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2006/10/05 14:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/08/23 19:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2000/05/08 04:20:00 | 000,020,480 | ---- | M] () -- C:\Windows\sointgr.exe


========== Modules (SafeList) ==========

MOD - [2010/11/08 00:58:09 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\shejan\Desktop\Download\OTL.com
MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2000/05/08 04:20:00 | 000,045,056 | ---- | M] () -- C:\Windows\trayhook.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/06/18 20:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/05/25 07:47:48 | 000,137,560 | ---- | M] (WeFi) [On_Demand | Running] -- C:\Program Files\WeFi\WefiEngSvc.exe -- (WefiEngSvc)
SRV - [2010/04/30 15:47:30 | 000,136,448 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe -- (NanoServiceMain)
SRV - [2009/08/05 11:49:44 | 000,284,016 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe -- (Kodak AiO Network Discovery Service)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/02/12 21:51:41 | 001,862,144 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager)
SRV - [2008/02/12 21:33:48 | 001,174,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/01/21 18:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/17 18:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/12/25 16:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2007/12/03 19:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/21 20:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2007/10/23 19:27:16 | 000,066,928 | ---- | M] () [Auto | Running] -- c:\Toshiba\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2007/10/15 11:01:22 | 000,049,152 | ---- | M] (AuthenTec Inc.) [Auto | Running] -- C:\Windows\System32\TAMSvr.exe -- (Authentec memory manager)
SRV - [2007/10/08 16:27:02 | 000,794,624 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2007/10/08 16:01:54 | 000,483,328 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2007/09/28 19:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007/01/31 16:11:42 | 002,975,352 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/01/25 21:47:50 | 000,136,816 | ---- | M] () [Auto | Running] -- C:\Toshiba\IVP\ISM\pinger.exe -- (pinger)
SRV - [2007/01/12 22:40:58 | 000,049,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2007/01/10 00:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2007/01/10 00:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2007/01/10 00:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2006/10/05 14:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 19:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2005/11/14 04:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\shejan\AppData\Local\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - [2010/05/27 20:39:34 | 000,141,384 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSINAflt.sys -- (PSINAflt)
DRV - [2010/05/12 12:57:46 | 000,111,176 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSINProt.sys -- (PSINProt)
DRV - [2010/05/04 10:36:06 | 000,125,960 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\PSINKNC.sys -- (PSINKNC)
DRV - [2010/04/30 15:46:12 | 000,111,112 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\PSINProc.sys -- (PSINProc)
DRV - [2010/04/30 15:46:10 | 000,099,336 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\PSINFile.sys -- (PSINFile)
DRV - [2009/04/10 23:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) RMCAST (Pgm)
DRV - [2008/02/12 21:34:33 | 000,115,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/02/03 01:04:02 | 000,043,440 | ---- | M] (Alfa Corporation) [File_System | Boot | Running] -- C:\Windows\system32\Drivers\AlfaFF.sys -- (AlfaFF)
DRV - [2008/01/30 13:34:20 | 002,058,528 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/01/21 17:42:24 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2008/01/20 21:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 21:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 21:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 21:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 21:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 21:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 21:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 21:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 21:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 21:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/20 21:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 21:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 21:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 21:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 21:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 21:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 21:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 21:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2008/01/20 21:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 21:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 21:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 21:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/12/28 22:21:54 | 000,104,448 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/12/17 13:45:20 | 000,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007/12/06 21:12:48 | 000,196,400 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/11/09 16:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/09/30 01:03:12 | 000,308,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2007/09/26 08:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007/09/13 16:23:50 | 001,925,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2007/09/06 18:28:44 | 000,146,560 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2007/05/15 04:00:00 | 000,852,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20070515.033\NAVEX15.SYS -- (NAVEX15)
DRV - [2007/05/15 04:00:00 | 000,077,688 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20070515.033\NAVENG.SYS -- (NAVENG)
DRV - [2007/03/22 01:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/02/24 17:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/02/01 05:21:02 | 000,417,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2007/01/23 19:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/01/11 21:22:20 | 000,276,792 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2007/01/11 21:22:18 | 000,025,400 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2007/01/11 21:22:14 | 000,247,608 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2007/01/09 17:32:14 | 000,191,544 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2007/01/09 17:32:14 | 000,145,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2007/01/09 17:32:14 | 000,040,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2007/01/09 17:32:14 | 000,038,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2007/01/09 17:32:14 | 000,027,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2007/01/09 17:32:14 | 000,012,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2006/12/28 01:48:26 | 000,212,280 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20070108.003\IDSvix86.sys -- (IDSvix86)
DRV - [2006/11/28 17:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 17:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/09 01:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
DRV - [2006/11/09 01:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/10/23 19:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2006/10/18 14:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/10/04 21:42:42 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2006/10/04 21:42:42 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll ()
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [Conime] C:\Windows\System32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [FingerPrintNotifer] C:\Program Files\TrueSuite Access Manager\FpNotifier.exe (AuthenTec, Inc)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [PCMAgent] C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PSUNMain] C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe (Panda Security, S.L.)
O4 - HKLM..\Run: [PwdBank] C:\Program Files\TrueSuite Access Manager\PwdBank.exe (Arachnoid Biometrics Identification Group)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SO5 Integrator Pass Two] C:\Windows\sointgr.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [UsbMonitor] C:\Program Files\TrueSuite Access Manager\usbnotify.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [RegistryBooster] C:\Program Files\Uniblue\RegistryBooster\launcher.exe File not found
O4 - HKCU..\Run: [SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC\launcher.exe File not found
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe ()
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10h_ActiveX.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_03)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} [You must be registered and logged in to see this link.] (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll ()
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {00F0EE7F-2C61-4EBD-A209-00281BDC869C} - Yahoo! Toolbar
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - C:\Windows\system32\rundll32.exe C:\Windows\system32\advpack.dll,LaunchINFSectionEx C:\Program Files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Reg Error: Value error.
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EE330FEC-4206-4FD0-891C-7216477A74B3} - NoIE8Tour
ActiveX: {F390FCA4-7CCF-4A1A-A849-C381E489A3CA} - Yahoo! Search Settings Update
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} -
ActiveX: >{BACE1B6A-59FC-4B3A-92B9-8C2D21755165} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/10/27 14:29:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2010/10/23 21:04:05 | 000,000,000 | ---D | C] -- C:\Users\shejan\AppData\Roaming\Ulead Systems
[2010/10/23 21:03:57 | 000,000,000 | ---D | C] -- C:\Users\shejan\Documents\Ulead DVD MovieFactory
[2010/10/17 19:33:04 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2010/10/17 13:47:53 | 000,000,000 | ---D | C] -- C:\Program Files\vShare
[2010/10/17 08:23:50 | 000,000,000 | ---D | C] -- C:\Program Files\Staroffice
[2010/10/16 17:14:55 | 000,000,000 | ---D | C] -- C:\ProgramData\kds_kodak
[2010/10/16 03:11:09 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2010/10/15 13:41:47 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/10/15 12:57:52 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/10/15 12:57:52 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/10/15 12:57:52 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/10/15 12:57:52 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/10/15 12:57:52 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/10/15 12:57:51 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/10/15 12:57:50 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/10/15 12:57:50 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/10/15 12:57:49 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/10/15 12:57:42 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/10/15 12:57:42 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/10/15 12:57:42 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/10/15 12:57:41 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/10/15 12:57:38 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/10/15 12:57:38 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/10/15 12:57:38 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/10/15 12:57:38 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010/10/15 10:49:12 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/10/15 10:48:38 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010/10/15 10:47:38 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
[2010/10/14 22:49:30 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2010/10/14 22:34:27 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2010/10/14 22:34:27 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2010/10/14 21:50:46 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/10/14 21:45:16 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2010/10/14 21:37:26 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010/10/14 21:23:14 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/10/14 20:58:46 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2010/10/14 20:48:04 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/10/14 20:48:03 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/10/14 19:44:06 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010/10/13 05:38:36 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\MCE Logs
[2010/10/12 17:15:29 | 000,000,000 | ---D | C] -- C:\Users\shejan\AppData\Roaming\vlc
[2010/10/12 17:13:05 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/10/12 17:12:48 | 000,000,000 | ---D | C] -- C:\Users\shejan\AppData\Local\WeatherBug
[2010/10/12 17:12:43 | 000,000,000 | ---D | C] -- C:\Users\shejan\AppData\Roaming\WeatherBug
[2010/10/12 17:12:40 | 000,000,000 | ---D | C] -- C:\Program Files\AWS
[2010/10/12 17:12:12 | 000,000,000 | ---D | C] -- C:\Program Files\Free Offers from Freeze.com
[2010/10/12 17:02:33 | 000,000,000 | ---D | C] -- C:\ProgramData\PopCap Games
[2010/10/12 16:48:46 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp
[2010/10/12 16:14:07 | 000,000,000 | ---D | C] -- C:\Users\shejan\Desktop\Download
[2010/10/12 16:10:55 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2010/10/12 16:10:22 | 000,000,000 | ---D | C] -- C:\Users\shejan\AppData\Roaming\uTorrent
[2010/10/12 15:35:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Eastman Kodak Company
[2010/10/12 15:34:16 | 000,000,000 | ---D | C] -- C:\Users\shejan\AppData\Local\Eastman_Kodak_Company
[2010/10/12 15:29:20 | 000,000,000 | ---D | C] -- C:\Users\shejan\AppData\Local\KODAK
[2010/10/12 15:29:08 | 000,000,000 | ---D | C] -- C:\Users\shejan\AppData\Local\Eastman Kodak Company
[2010/10/12 15:27:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\kodak
[2010/10/12 15:26:39 | 000,000,000 | ---D | C] -- C:\Users\shejan\{da96a020-1c15-4201-85be-5725081c5693}
[2010/10/12 15:25:40 | 000,000,000 | ---D | C] -- C:\Program Files\Kodak
[2010/10/12 15:25:16 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/10/12 15:25:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010/10/12 15:23:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Kodak
[2010/10/12 15:21:41 | 000,000,000 | ---D | C] -- C:\Users\shejan\AppData\Roaming\Temp
[2010/10/12 15:14:41 | 000,000,000 | ---D | C] -- C:\Users\shejan\AppData\Roaming\Toshiba
[2010/10/12 14:55:55 | 000,000,000 | ---D | C] -- C:\MITCHELL
[2010/10/12 14:45:27 | 000,000,000 | ---D | C] -- C:\Users\shejan\AppData\Roaming\Malwarebytes
[2010/10/12 14:45:22 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/10/12 14:45:20 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/10/12 14:45:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/12 14:45:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/10/12 14:44:09 | 000,000,000 | ---D | C] -- C:\Users\shejan\Desktop\Music
[2010/10/12 14:43:58 | 000,000,000 | ---D | C] -- C:\Users\shejan\Desktop\Videos
[2010/10/12 14:39:30 | 000,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2010/10/12 14:39:24 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2010/10/12 14:39:24 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2010/10/12 14:39:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2010/10/12 14:38:56 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2010/10/12 14:38:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Real
[2010/10/12 14:38:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2010/10/12 14:38:52 | 000,000,000 | ---D | C] -- C:\Program Files\Real
[2010/10/12 14:37:45 | 000,000,000 | ---D | C] -- C:\Users\shejan\AppData\Roaming\Real
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/08 00:54:31 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/11/08 00:54:31 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/11/08 00:49:31 | 000,000,374 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2010/11/08 00:49:07 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/08 00:49:01 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/08 00:49:01 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/08 00:48:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/08 00:48:36 | 3210,694,656 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/01 23:45:30 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/20 14:25:56 | 000,000,416 | ---- | M] () -- C:\Users\shejan\Application Data\Microsoft\Internet Explorer\Quick Launch\Download - Shortcut.lnk
[2010/10/20 02:14:38 | 000,000,084 | ---- | M] () -- C:\Windows\winamp.ini
[2010/10/19 19:11:22 | 000,026,624 | ---- | M] () -- C:\Users\shejan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/18 09:26:31 | 000,000,050 | ---- | M] () -- C:\Windows\cdplayer.ini
[2010/10/17 10:45:27 | 000,001,645 | ---- | M] () -- C:\Users\shejan\Application Data\Microsoft\Internet Explorer\Quick Launch\winamp - Shortcut.lnk
[2010/10/17 08:48:06 | 000,008,704 | ---- | M] () -- C:\Users\shejan\Desktop\Lyrics.sdw
[2010/10/17 08:40:50 | 000,001,645 | ---- | M] () -- C:\Users\shejan\Desktop\Winamp.lnk
[2010/10/17 08:26:20 | 000,008,192 | ---- | M] () -- C:\Users\shejan\AppData\Roaming\user52.rdb
[2010/10/17 08:19:55 | 000,345,936 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/10/17 08:12:55 | 000,000,047 | ---- | M] () -- C:\Users\shejan\AppData\Roaming\sversion.ini
[2010/10/17 08:10:46 | 000,036,864 | ---- | M] () -- C:\Windows\uinst001.exe
[2010/10/15 11:58:19 | 000,000,890 | ---- | M] () -- C:\Users\shejan\Desktop\Peggle Nights.lnk
[2010/10/15 11:58:10 | 000,000,647 | ---- | M] () -- C:\Users\shejan\Desktop\Peggle.lnk
[2010/10/12 17:13:18 | 000,000,870 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/10/12 17:12:41 | 000,001,850 | ---- | M] () -- C:\Users\shejan\Desktop\WeatherBug.lnk
[2010/10/12 16:10:55 | 000,000,787 | ---- | M] () -- C:\Users\shejan\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2010/10/12 16:10:55 | 000,000,763 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2010/10/12 15:41:29 | 000,001,048 | ---- | M] () -- C:\Users\shejan\Application Data\Microsoft\Internet Explorer\Quick Launch\RealPlayer SP.lnk
[2010/10/12 15:39:31 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010/10/12 15:28:33 | 000,000,944 | ---- | M] () -- C:\Users\Public\Desktop\KODAK AiO Home Center.lnk
[2010/10/12 15:16:55 | 000,000,317 | ---- | M] () -- C:\Windows\PICKLIST.INI
[2010/10/12 15:16:42 | 000,003,380 | ---- | M] () -- C:\Windows\ODWIN.INI
[2010/10/12 15:16:20 | 000,000,000 | ---- | M] () -- C:\Windows\MKDE.TRN
[2010/10/12 15:16:17 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/10/12 15:16:17 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/10/12 15:12:36 | 000,000,751 | ---- | M] () -- C:\Users\shejan\Desktop\Service Manual.lnk
[2010/10/12 14:45:25 | 000,000,829 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes.lnk
[2010/10/12 14:39:36 | 000,001,048 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer SP.lnk
[2010/10/12 14:39:30 | 000,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2010/10/12 14:39:24 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2010/10/12 14:39:24 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2010/10/12 14:38:56 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2010/10/12 12:25:27 | 000,001,356 | ---- | M] () -- C:\Users\shejan\AppData\Local\d3d9caps.dat
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/08 00:48:36 | 3210,694,656 | -HS- | C] () -- C:\hiberfil.sys
[2010/10/20 14:25:56 | 000,000,416 | ---- | C] () -- C:\Users\shejan\Application Data\Microsoft\Internet Explorer\Quick Launch\Download - Shortcut.lnk
[2010/10/17 10:45:27 | 000,001,645 | ---- | C] () -- C:\Users\shejan\Application Data\Microsoft\Internet Explorer\Quick Launch\winamp - Shortcut.lnk
[2010/10/17 08:40:42 | 000,001,645 | ---- | C] () -- C:\Users\shejan\Desktop\Winamp.lnk
[2010/10/17 08:28:31 | 000,008,704 | ---- | C] () -- C:\Users\shejan\Desktop\Lyrics.sdw
[2010/10/17 08:22:37 | 000,008,192 | ---- | C] () -- C:\Users\shejan\AppData\Roaming\user52.rdb
[2010/10/17 08:12:55 | 000,000,047 | ---- | C] () -- C:\Users\shejan\AppData\Roaming\sversion.ini
[2010/10/17 08:09:22 | 000,036,864 | ---- | C] () -- C:\Windows\uinst001.exe
[2010/10/15 11:58:19 | 000,000,890 | ---- | C] () -- C:\Users\shejan\Desktop\Peggle Nights.lnk
[2010/10/15 11:58:10 | 000,000,647 | ---- | C] () -- C:\Users\shejan\Desktop\Peggle.lnk
[2010/10/12 17:13:18 | 000,000,870 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/10/12 17:12:41 | 000,001,850 | ---- | C] () -- C:\Users\shejan\Desktop\WeatherBug.lnk
[2010/10/12 16:57:33 | 000,000,084 | ---- | C] () -- C:\Windows\winamp.ini
[2010/10/12 16:10:55 | 000,000,787 | ---- | C] () -- C:\Users\shejan\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2010/10/12 16:10:55 | 000,000,763 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2010/10/12 15:41:29 | 000,001,048 | ---- | C] () -- C:\Users\shejan\Application Data\Microsoft\Internet Explorer\Quick Launch\RealPlayer SP.lnk
[2010/10/12 15:39:31 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010/10/12 15:34:12 | 000,000,177 | ---- | C] () -- C:\Users\shejan\AppData\Local\LaunchHomeCenter.log
[2010/10/12 15:28:33 | 000,000,944 | ---- | C] () -- C:\Users\Public\Desktop\KODAK AiO Home Center.lnk
[2010/10/12 15:21:36 | 000,167,724 | ---- | C] () -- C:\Users\shejan\AppData\Local\installer.log
[2010/10/12 15:16:20 | 000,000,000 | ---- | C] () -- C:\Windows\MKDE.TRN
[2010/10/12 15:16:17 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/10/12 15:16:17 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010/10/12 15:12:36 | 000,000,751 | ---- | C] () -- C:\Users\shejan\Desktop\Service Manual.lnk
[2010/10/12 14:45:25 | 000,000,829 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes.lnk
[2010/10/12 14:40:42 | 000,000,050 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010/10/12 14:39:36 | 000,001,048 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer SP.lnk
[2010/10/12 14:34:52 | 000,026,624 | ---- | C] () -- C:\Users\shejan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/08 00:43:34 | 000,001,356 | ---- | C] () -- C:\Users\shejan\AppData\Local\d3d9caps.dat
[2010/07/10 01:23:50 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/07/02 05:02:49 | 000,000,016 | RHS- | C] () -- C:\Windows\System32\drivers\fbd.sys
[2010/07/02 04:22:52 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2010/07/02 04:22:52 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2010/07/02 04:22:52 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2010/07/02 04:22:52 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2009/10/14 18:01:47 | 000,003,380 | ---- | C] () -- C:\Windows\ODWIN.INI
[2009/10/14 18:01:47 | 000,000,317 | ---- | C] () -- C:\Windows\PICKLIST.INI
[2009/10/14 18:01:47 | 000,000,302 | ---- | C] () -- C:\Windows\MIREPAIR.INI
[2009/10/14 18:01:47 | 000,000,058 | ---- | C] () -- C:\Windows\MITCHELL.INI
[2009/10/14 18:01:47 | 000,000,002 | ---- | C] () -- C:\Windows\INFO.INI
[2008/03/17 22:36:21 | 000,000,006 | RHS- | C] () -- C:\Windows\System32\drivers\taishop.sys
[2008/02/12 22:07:53 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/02/12 21:43:52 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008/02/12 21:43:52 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008/02/12 21:43:52 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008/02/12 21:43:52 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008/02/12 21:43:52 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008/02/12 21:43:52 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008/02/12 21:09:34 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/01/28 20:01:42 | 000,057,344 | ---- | C] () -- C:\Windows\System32\SmartFaceVCapt.dll
[2008/01/28 20:01:06 | 000,471,040 | ---- | C] () -- C:\Windows\System32\SmartFaceVCP.dll
[2008/01/28 19:53:02 | 006,701,056 | ---- | C] () -- C:\Windows\System32\FaceHI.dll
[2008/01/28 19:53:02 | 000,995,328 | ---- | C] () -- C:\Windows\System32\FaceRec.dll
[2008/01/28 19:53:02 | 000,126,976 | ---- | C] () -- C:\Windows\System32\SmartFaceVCtrl.dll
[2008/01/28 19:52:28 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IppLib.dll
[2007/12/21 19:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2007/10/08 16:21:46 | 000,958,464 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2007/09/13 16:31:06 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll
[2007/09/13 16:22:46 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/09/13 16:22:46 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/09/13 16:11:18 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 12:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/07/23 00:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
[2000/05/08 04:20:00 | 000,045,056 | ---- | C] () -- C:\Windows\trayhook.dll


Slica
Novice
Novice

Posts Posts : 44
Joined Joined : 2008-12-07
OS OS : Windows XP
Points Points : 29681
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Somethings up

Post by Slica on 8th November 2010, 8:01 am

========== Custom Scans ==========


< %systemroot%\Fonts\*.com >
[2006/11/02 07:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 07:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 07:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2010/07/12 22:54:59 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 16:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2009/08/03 08:33:06 | 000,192,512 | ---- | M] (Eastman Kodak Company) -- C:\Windows\System32\spool\prtprocs\w32x86\EKIJ5000PPR.dll
[2006/11/02 07:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 21:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/20 21:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %PROGRAMFILES%\bak. /s >
[2010/10/12 16:05:11 | 000,000,000 | ---D | M] -- C:\Program Files\Winamp\bak

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/07/15 00:12:40 | 000,000,286 | -HS- | M] () -- C:\Users\shejan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2010/07/12 23:31:16 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
[2010/07/12 23:30:46 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
[2010/07/12 23:30:45 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
[2010/07/12 23:30:45 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
[2010/07/12 23:30:45 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbtmp.log
[2010/07/12 23:30:46 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/07/02 05:03:02 | 000,000,402 | -HS- | M] () -- C:\Users\shejan\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/04/11 01:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 01:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/02/12 20:37:43 | 012,820,480 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/02/12 20:37:38 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/02/12 20:37:43 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2008/02/12 20:37:50 | 017,186,816 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2008/02/12 20:37:52 | 006,635,520 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\*.sys >
[2006/11/02 02:09:42 | 000,009,029 | ---- | M] () -- C:\Windows\System32\ANSI.SYS
[2009/04/11 01:32:46 | 000,245,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys
[2006/11/02 02:09:45 | 000,027,097 | ---- | M] () -- C:\Windows\System32\country.sys
[2006/11/02 02:09:41 | 000,004,768 | ---- | M] () -- C:\Windows\System32\HIMEM.SYS
[2006/11/02 02:09:44 | 000,042,809 | ---- | M] () -- C:\Windows\System32\KEY01.SYS
[2006/11/02 02:09:44 | 000,042,537 | ---- | M] () -- C:\Windows\System32\KEYBOARD.SYS
[2006/11/02 02:09:29 | 000,027,866 | ---- | M] () -- C:\Windows\System32\NTDOS.SYS
[2006/11/02 02:09:35 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS404.SYS
[2006/11/02 02:09:38 | 000,029,370 | ---- | M] () -- C:\Windows\System32\NTDOS411.SYS
[2006/11/02 02:09:40 | 000,029,274 | ---- | M] () -- C:\Windows\System32\NTDOS412.SYS
[2006/11/02 02:09:31 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS804.SYS
[2006/11/02 02:09:20 | 000,033,952 | ---- | M] () -- C:\Windows\System32\NTIO.SYS
[2006/11/02 02:09:23 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO404.SYS
[2006/11/02 02:09:24 | 000,035,776 | ---- | M] () -- C:\Windows\System32\NTIO411.SYS
[2006/11/02 02:09:26 | 000,035,536 | ---- | M] () -- C:\Windows\System32\NTIO412.SYS
[2006/11/02 02:09:22 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO804.SYS
[2010/08/31 08:27:38 | 002,038,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

< %systemroot%\system32\drivers\*.dll >

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2009/08/03 08:33:06 | 000,192,512 | ---- | M] (Eastman Kodak Company) -- C:\Windows\System32\spool\prtprocs\w32x86\EKIJ5000PPR.dll
[2006/11/02 07:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 21:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

< %SYSTEMDRIVE%\*.* >
[2006/09/18 16:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/02/12 20:37:54 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/11/08 00:48:36 | 3210,694,656 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/12 15:16:17 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/10/12 15:16:17 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/11/08 00:48:33 | 3524,489,216 | -HS- | M] () -- C:\pagefile.sys

< %PROGRAMFILES%\*. >
[2010/07/02 03:00:08 | 000,000,000 | ---D | M] -- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[2008/02/12 21:45:10 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010/10/12 17:12:40 | 000,000,000 | ---D | M] -- C:\Program Files\AWS
[2010/10/12 15:25:16 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2010/07/02 03:51:43 | 000,000,000 | ---D | M] -- C:\Program Files\Camera Assistant Software for Toshiba
[2010/07/02 04:32:16 | 000,000,000 | ---D | M] -- C:\Program Files\Cisco
[2010/10/20 20:18:41 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2010/07/17 02:10:37 | 000,000,000 | ---D | M] -- C:\Program Files\Conduit
[2008/02/21 17:20:06 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2010/07/11 00:19:26 | 000,000,000 | ---D | M] -- C:\Program Files\Driver Whiz
[2010/10/12 17:12:12 | 000,000,000 | ---D | M] -- C:\Program Files\Free Offers from Freeze.com
[2010/07/02 02:22:29 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2010/07/02 04:35:01 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/07/02 04:32:23 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2010/10/16 00:40:29 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2008/02/12 21:43:51 | 000,000,000 | ---D | M] -- C:\Program Files\InterVideo
[2008/02/12 21:27:40 | 000,000,000 | ---D | M] -- C:\Program Files\Intuit
[2008/02/12 21:37:01 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/10/12 15:28:33 | 000,000,000 | ---D | M] -- C:\Program Files\Kodak
[2010/07/02 04:22:52 | 000,000,000 | ---D | M] -- C:\Program Files\ltmoh
[2010/10/12 14:45:26 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/02/12 21:28:40 | 000,000,000 | ---D | M] -- C:\Program Files\Memeo
[2010/07/19 05:08:55 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2006/11/02 07:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2010/07/02 02:56:43 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010/10/15 00:28:37 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2010/10/12 13:00:35 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2010/07/02 02:56:26 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/10/15 19:11:10 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2006/11/02 07:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2010/07/11 00:20:37 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Toolbar Installer
[2008/02/12 20:57:47 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2008/02/12 21:30:30 | 000,000,000 | ---D | M] -- C:\Program Files\Napster
[2010/10/12 13:38:49 | 000,000,000 | ---D | M] -- C:\Program Files\Norton 360
[2010/07/09 23:52:37 | 000,000,000 | ---D | M] -- C:\Program Files\Panda Security
[2010/07/10 22:50:28 | 000,000,000 | ---D | M] -- C:\Program Files\PC Drivers HeadQuarters
[2008/02/12 21:53:11 | 000,000,000 | ---D | M] -- C:\Program Files\Picasa2
[2010/10/12 14:43:41 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2010/07/02 03:32:06 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2006/11/02 07:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010/10/17 08:25:29 | 000,000,000 | ---D | M] -- C:\Program Files\Staroffice
[2008/02/12 21:34:33 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec
[2008/02/12 21:12:06 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2010/10/16 03:11:09 | 000,000,000 | ---D | M] -- C:\Program Files\SystemRequirementsLab
[2010/07/02 04:37:43 | 000,000,000 | ---D | M] -- C:\Program Files\Toshiba
[2008/02/12 21:50:55 | 000,000,000 | ---D | M] -- C:\Program Files\TOSHIBA Games
[2008/02/12 21:20:31 | 000,000,000 | ---D | M] -- C:\Program Files\Toshiba Registration
[2010/07/02 04:21:18 | 000,000,000 | ---D | M] -- C:\Program Files\TrueSuite Access Manager
[2008/02/12 21:39:27 | 000,000,000 | ---D | M] -- C:\Program Files\Ulead Systems
[2006/11/02 08:01:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/10/12 16:10:55 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent
[2010/10/12 17:13:05 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2010/10/17 13:47:58 | 000,000,000 | ---D | M] -- C:\Program Files\vShare
[2010/07/17 02:10:31 | 000,000,000 | ---D | M] -- C:\Program Files\WeFi
[2010/10/17 18:57:44 | 000,000,000 | ---D | M] -- C:\Program Files\WeFiBar
[2010/10/28 16:33:45 | 000,000,000 | ---D | M] -- C:\Program Files\Winamp
[2010/07/12 23:24:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2010/07/12 23:24:46 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2010/07/12 23:24:38 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2010/07/12 23:24:46 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2010/07/12 23:24:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2008/02/12 21:43:12 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Components
[2010/10/15 10:40:15 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2006/11/02 07:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2010/07/12 23:24:43 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2010/07/12 23:24:47 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2010/10/21 16:39:27 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!

< %appdata%\*.* >
[2010/10/17 08:12:55 | 000,000,047 | ---- | M] () -- C:\Users\shejan\AppData\Roaming\sversion.ini
[2010/10/17 08:26:20 | 000,008,192 | ---- | M] () -- C:\Users\shejan\AppData\Roaming\user52.rdb


< MD5 for: AGP440.SYS >
[2008/01/20 21:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/20 21:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/20 21:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/20 21:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/20 21:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 21:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 21:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 04:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: DISK.SYS >
[2009/04/11 01:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\drivers\disk.sys
[2009/04/11 01:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_5c850fad\disk.sys
[2009/04/11 01:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6002.18005_none_fbb1faf0714e4ea6\disk.sys
[2008/01/20 21:23:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_90722180\disk.sys
[2008/01/20 21:23:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_f9c681e4742c835a\disk.sys
[2006/11/02 04:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) MD5=841AF4C4D41D3E3B2F244E976B0F7963 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_e0b0b355\disk.sys

< MD5 for: IASTOR.SYS >
[2007/09/30 01:03:32 | 000,384,024 | ---- | M] (Intel Corporation) MD5=16A4671255CFB842225F0FDB6DBDB414 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2007/09/30 01:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2007/09/30 01:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\drivers\iaStor.sys
[2007/09/30 01:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_7baf6192\iaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: KR10N.SYS >
[2006/11/09 01:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) MD5=6A4ADB9186DD0E114E623DAF57E42B31 -- C:\Windows\System32\drivers\KR10N.sys
[2006/11/09 01:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) MD5=6A4ADB9186DD0E114E623DAF57E42B31 -- C:\Windows\System32\DriverStore\FileRepository\kr10.inf_c681c175\KR10N.sys
[2005/09/27 03:57:00 | 000,207,104 | ---- | M] (TOSHIBA CORPORATION) MD5=A1963360E74931222A67356C8AD48378 -- C:\Windows\System32\DriverStore\FileRepository\kr10n.inf_f8c77270\KR10N.sys

< MD5 for: NETLOGON.DLL >
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/20 21:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 21:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< MD5 for: USBSTOR.SYS >
[2008/01/20 21:23:24 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=87BA6B83C5D19B69160968D07D6E2982 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_b9f18584\USBSTOR.SYS
[2008/01/20 21:23:24 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=87BA6B83C5D19B69160968D07D6E2982 -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6001.18000_none_48864eb697d31b43\USBSTOR.SYS
[2009/04/10 23:42:55 | 000,065,536 | ---- | M] (Microsoft Corporation) MD5=BE3DA31C191BC222D9AD503C5224F2AD -- C:\Windows\System32\drivers\USBSTOR.SYS
[2009/04/10 23:42:55 | 000,065,536 | ---- | M] (Microsoft Corporation) MD5=BE3DA31C191BC222D9AD503C5224F2AD -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_72a6a3e5\USBSTOR.SYS
[2009/04/10 23:42:55 | 000,065,536 | ---- | M] (Microsoft Corporation) MD5=BE3DA31C191BC222D9AD503C5224F2AD -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6002.18005_none_4a71c7c294f4e68f\USBSTOR.SYS
[2006/11/02 03:55:05 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=FDBAABF07244C60B0F4E0A6E71A107C6 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_bb2778a0\USBSTOR.SYS

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-11-08 07:14:18

< End of report >

Slica
Novice
Novice

Posts Posts : 44
Joined Joined : 2008-12-07
OS OS : Windows XP
Points Points : 29681
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Somethings up

Post by Slica on 8th November 2010, 8:01 am

Finally, here is the EXTRAS.Txt:

OTL Extras logfile created on: 11/8/2010 2:06:55 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\shejan\Desktop\Download
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 296.62 Gb Total Space | 202.21 Gb Free Space | 68.17% Space Free | Partition Type: NTFS

Computer Name: MUSICBOX | User Name: shejan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- ()


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03E54C0D-A9AC-40C3-91EA-93D38FF39658}" = lport=137 | protocol=17 | dir=in | app=system |
"{0A1F908D-45D5-4107-9478-5AA0E836F472}" = lport=445 | protocol=6 | dir=in | app=system |
"{0D913223-4112-49C4-8254-413F20571640}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1AF1A540-6DFB-4124-944C-4149B0598331}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{3AECAB71-BFC5-4248-878A-E8B54A6AEE61}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{50818BA5-4FDE-4789-B3B7-A2051C83C182}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{56E35B31-0DD0-4348-92F9-47ECA8294ED9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{65F019D8-C96C-4440-93CF-B31460C4E406}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6E7EC9B7-BC24-4403-B5BC-78E60FA554F0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{75CDF894-1A07-4A78-9AFA-44DD3020EACD}" = rport=138 | protocol=17 | dir=out | app=system |
"{7E96A775-2227-4AD9-AF75-53989F271BEE}" = rport=2869 | protocol=6 | dir=out | app=system |
"{9B5C52DD-B616-49DF-9F1F-2E287D431EBF}" = lport=138 | protocol=17 | dir=in | app=system |
"{B999C2ED-38B5-459F-B734-E361E4C2727C}" = lport=139 | protocol=6 | dir=in | app=system |
"{BB544C97-9874-42D0-9350-91895A4E8B44}" = rport=139 | protocol=6 | dir=out | app=system |
"{C147F4BB-021B-4EFD-B66A-669FEB533D99}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C4ABCB6A-9E3D-4835-95C3-136E44AA1413}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{C6195A9A-9720-483F-854A-6F298B000583}" = rport=137 | protocol=17 | dir=out | app=system |
"{D3DDDE43-92C8-46F9-9D07-EC69293FBA94}" = rport=445 | protocol=6 | dir=out | app=system |
"{E6B328D2-CD0B-4BC9-B8C1-07BA6634C3B3}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F9E52C2-EB32-4C95-850C-B0430491FD5D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{10D9B9B5-931C-46AD-A5D0-645F31E3694F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{17053735-F49A-464F-8714-24CCB74DBAC1}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{192C55F5-5589-45A9-AC0E-81B17A543223}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{425CC13A-92C0-40C2-907A-1A4478FA7A90}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4E4E1545-348C-4603-9D75-690DB6DB8EFE}" = dir=in | app=c:\program files\cyberlink\powercinema for toshiba\powercinema.exe |
"{544E88E0-B505-43DA-A5E7-7BB81BF9DD8A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{5AB23768-937F-4C9C-884E-1FEDBA0460D3}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{6164124A-4378-4E0C-9DB5-2329CDBC3238}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{656657B2-3137-465C-873F-D17F1B08D32C}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{703A0B95-07D2-428D-A97F-56976E039978}" = dir=in | app=c:\program files\cyberlink\powercinema for toshiba\kernel\dmp\clbrowserengine.exe |
"{A81148EB-DB58-4818-AE98-7B3E1F042BD4}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{AA17CED4-F542-4343-A5BC-7AF034D36BE2}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{AA2179CD-7CD0-4CE6-8913-D28CCAEB424C}" = dir=in | app=c:\program files\cyberlink\powercinema for toshiba\pcmservice.exe |
"{B37A7380-9EE3-45AD-AFC9-9898DC4561D8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CE2B500A-9D57-48A2-8445-6AC6986D38C8}" = dir=in | app=c:\program files\cyberlink\powercinema for toshiba\kernel\dms\clmsservice.exe |
"{E205FD82-3C1C-4EA4-8D15-EB84EC013FBF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"TCP Query User{DC9D317F-EF69-4DAA-8B96-6686C7E41CE8}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{3E226D72-2958-4370-B052-B18AAB56A687}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{022DA2C3-81C7-4003-A6BC-1BB147B20097}" = SuppSoft
"{03240EBA-04F2-4652-BC7F-B055902BDCD3}" = Memeo AutoBackup
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{10934A28-0CC6-4B98-A14F-76B3546003AF}" = ksDIP
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1CA941F1-5006-487E-9FD4-09F812A7D6B8}" = Norton 360 Help
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{21829177-4DED-4209-AD08-490B3AC9C01A}" = Norton 360
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema for TOSHIBA
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{3074EB89-1BCA-4AEF-AFF4-EFB4634C1923}" = Norton Confidential Web Authentification Component
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{40DA9A54-48CA-4A2C-AEAF-F67715BB046E}" = Norton 360
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{4843B611-8FCB-4428-8C23-31D0A5EAE164}" = Norton Confidential Browser Component
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{890EF3F8-742F-46BD-9E8E-084B3A1F4364}" = QuickBooks Financial Center
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{8F018A9E-56DE-4A79-A5EF-25F413F1D538}" = WeatherBug
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92B1B3CC-EC78-45B8-96D0-8B3F11495864}" = Symantec Technical Support Controls
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF}" = Driver Whiz
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A2075A09-28AA-4D30-9BCC-82EAD9FA51BD}" = TrueSuite Access Manager
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A945BD16-4774-4A1F-96A7-118BEC004881}" = mCorev32.ism_new
"{AB49B509-8FCA-45E6-9FB9-9E4AEEB8F148}" = System Requirements Lab CYRI
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D353CC51-430D-4C6F-9B7E-52003DA1E05A}" = Norton Confidential Web Protection Component
"{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}" = Symantec Real Time Storage Protection Component
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DE6B7599-D3EF-4436-8836-BAA0B0D7768D}" = aiofw
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Home Center
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1" = Uniblue SpeedUpMyPC
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F32ED8B1-2442-4B0E-8DEC-3F3BFC1C2B7F}" = mCPlug
"{F4DB525F-A986-4249-B98B-42A8066251CA}" = AV
"{FE24086F-3B0C-4C47-A874-97A7B8E2FBBE}" = aioscnnr
"{FEB2D0CA-9912-4AA1-8FBE-CFD852F9F1FC}" = Panda Cloud Antivirus
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Google Desktop" = Google Desktop
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{03240EBA-04F2-4652-BC7F-B055902BDCD3}" = Memeo AutoBackup
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema for TOSHIBA
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Panda Cloud Antivirus" = Panda Cloud Antivirus
"pandasecuritytb" = Panda Security Toolbar
"Picasa2" = Picasa 2
"ProInst" = Intel(R) PROSet/Wireless Software
"RealPlayer 12.0" = RealPlayer
"StarOffice 5.0" = StarOffice 5.2
"SymSetup.{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360 (Symantec Corporation)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"uTorrent" = µTorrent
"VLC media player" = VLC media player 0.9.2
"vShare" = vShare Plugin
"WeFi" = WeFi 3.10.0.11
"WeFiBar Toolbar" = WeFiBar Toolbar
"WildTangent toshiba Master Uninstall" = TOSHIBA Games
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Service Manual" = Service Manual

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/24/2010 8:35:05 PM | Computer Name = Musicbox | Source = Application Error | ID = 1000
Description = Faulting application RacAgent.exe, version 6.0.6001.18000, time stamp
0x47918c14, faulting module kernel32.dll, version 6.0.6002.18005, time stamp 0x49e03821,
exception code 0xc0000142, fault offset 0x00009eed, process id 0xe7c, application
start time 0x01cb73dc77c7b070.

Error - 10/24/2010 8:43:16 PM | Computer Name = Musicbox | Source = Application Error | ID = 1000
Description = Faulting application Taskmgr.exe, version 6.0.6001.18000, time stamp
0x47918e94, faulting module Taskmgr.exe, version 6.0.6001.18000, time stamp 0x47918e94,
exception code 0xc0000005, fault offset 0x00001636, process id 0x9cc, application
start time 0x01cb73dd9c7d9690.

Error - 10/24/2010 8:46:22 PM | Computer Name = Musicbox | Source = WinMgmt | ID = 10
Description =

Error - 10/24/2010 9:12:03 PM | Computer Name = Musicbox | Source = Application Error | ID = 1000
Description = Faulting application Taskmgr.exe, version 6.0.6001.18000, time stamp
0x47918e94, faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03821,
exception code 0xc0000005, fault offset 0x0004a4d2, process id 0x16b8, application
start time 0x01cb73e1a1f9220d.

Error - 10/24/2010 9:15:44 PM | Computer Name = Musicbox | Source = WinMgmt | ID = 10
Description =

Error - 10/25/2010 5:51:29 PM | Computer Name = Musicbox | Source = WinMgmt | ID = 10
Description =

Error - 10/26/2010 12:21:02 PM | Computer Name = Musicbox | Source = WinMgmt | ID = 10
Description =

Error - 10/27/2010 3:00:35 PM | Computer Name = Musicbox | Source = WinMgmt | ID = 10
Description =

Error - 10/27/2010 3:29:57 PM | Computer Name = Musicbox | Source = WinMgmt | ID = 10
Description =

Error - 10/27/2010 8:00:00 PM | Computer Name = Musicbox | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 10/15/2010 1:33:08 AM | Computer Name = shejan-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 10/15/2010 1:33:08 AM | Computer Name = shejan-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 10/15/2010 1:33:08 AM | Computer Name = shejan-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 10/15/2010 1:11:35 PM | Computer Name = Musicbox | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.4 for the Network Card with network
address 001F3C40C139 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 10/15/2010 1:37:06 PM | Computer Name = Musicbox | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.4 for the Network Card with network
address 001F3C40C139 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 10/15/2010 8:05:26 PM | Computer Name = Musicbox | Source = DCOM | ID = 10010
Description =

Error - 10/15/2010 8:10:28 PM | Computer Name = Musicbox | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 10/15/2010 8:11:05 PM | Computer Name = Musicbox | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 10/15/2010 8:11:53 PM | Computer Name = Musicbox | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 10/15/2010 8:12:23 PM | Computer Name = Musicbox | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =


< End of report >

Slica
Novice
Novice

Posts Posts : 44
Joined Joined : 2008-12-07
OS OS : Windows XP
Points Points : 29681
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Somethings up

Post by Dr Jay on 8th November 2010, 11:15 am

Hello, and welcome to GeekPolice.

Please note the following information about the malware forum:
  • Only Tech Officers, Global Moderators, Administrators, and Malware Advisors are allowed to give advice on removing malware from your computer.
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by the staff I noted above.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, do one of two things:

    Reply to this topic with the word BUMP, or
    see [You must be registered and logged in to see this link.].

  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.





Registry Cleaners

Registry cleaners are extremely powerful programs, in which can greatly harm your OS, versus giving a little performance boost.

There are too many Registry cleaners, and each vendor has a different set of classifications of what is a bad entry. For those not familiar with the Registry, save your Operating System, and do not use Registry cleaners.

Further reading: [You must be registered and logged in to see this link.]


Too many security programs?

I suspect that you may be running too much realtime protection of security programs. Keep in mind that running too much realtime protection can cause more problems rather than prevent them. Also, can cause system crashes, and even false positives.

Please do the following so we can fix it:

Download Security Check by screen317 from [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.].
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Scan for malware

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].
Alternate link: [You must be registered and logged in to see this link.].
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Copy and paste the entire report in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Somethings up

Post by Slica on 8th November 2010, 10:49 pm

Hi, here is the Checkup.txt that came from Security Check:

Results of screen317's Security Check version 0.99.5
Windows Vista Service Pack 2 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
Norton 360
Panda Cloud Antivirus
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java(TM) 6 Update 3
Out of date Java installed!
Adobe Flash Player
Adobe Reader 8.1.0
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
Windows Defender MSASCui.exe
Panda Security Panda Cloud Antivirus PSANHost.exe
Panda Security Panda Cloud Antivirus PSUNMain.exe
Windows Defender MSASCui.exe
````````````````````````````````
DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

Slica
Novice
Novice

Posts Posts : 44
Joined Joined : 2008-12-07
OS OS : Windows XP
Points Points : 29681
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Somethings up

Post by Slica on 8th November 2010, 11:15 pm

Hmm, as for Malwarebytes (I had to update mine)...it didnt find anything to check...heres the log:

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 5076

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

11/8/2010 6:14:38 PM
mbam-log-2010-11-08 (18-14-38).txt

Scan type: Quick scan
Objects scanned: 144960
Time elapsed: 10 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Slica
Novice
Novice

Posts Posts : 44
Joined Joined : 2008-12-07
OS OS : Windows XP
Points Points : 29681
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Somethings up

Post by Dr Jay on 9th November 2010, 10:55 am

ESET Online Scan

Please run a free online scan with the [You must be registered and logged in to see this link.]
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Somethings up

Post by Slica on 9th November 2010, 12:51 pm

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=a629f04a5428b3488249b7815a6c410f
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-11-09 12:49:49
# local_time=2010-11-09 07:49:49 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1538 16774142 20 3 9643066 117732889 0 0
# compatibility_mode=5892 16776573 100 100 0 125909729 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=180666
# found=0
# cleaned=0
# scan_time=4787

Slica
Novice
Novice

Posts Posts : 44
Joined Joined : 2008-12-07
OS OS : Windows XP
Points Points : 29681
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Somethings up

Post by Dr Jay on 10th November 2010, 6:10 am

Investigate the MBR

Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.

  • Double-click on MBRCheck.exe to run it.
  • It will open a black window...please do not fix anything (if it gives you an option).
  • When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
  • A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
  • Please copy and paste the contents of that log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Somethings up

Post by Slica on 10th November 2010, 10:09 am

Here you go man, I appreciate the help!

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Intel Corp.
BIOS Manufacturer: INSYDE
System Manufacturer: TOSHIBA
System Product Name: Satellite A305
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 166):
0x81E16000 \SystemRoot\system32\ntkrnlpa.exe
0x821CF000 \SystemRoot\system32\hal.dll
0x8040F000 \SystemRoot\system32\kdcom.dll
0x80416000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80486000 \SystemRoot\system32\PSHED.dll
0x80497000 \SystemRoot\system32\BOOTVID.dll
0x8049F000 \SystemRoot\system32\CLFS.SYS
0x804E0000 \SystemRoot\system32\CI.dll
0x80601000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8067D000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8068A000 \SystemRoot\system32\drivers\acpi.sys
0x806D0000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806D9000 \SystemRoot\system32\drivers\msisadrv.sys
0x806E1000 \SystemRoot\system32\drivers\pci.sys
0x80708000 \SystemRoot\System32\drivers\partmgr.sys
0x80717000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8071A000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x80724000 \SystemRoot\system32\drivers\volmgr.sys
0x80733000 \SystemRoot\System32\drivers\volmgrx.sys
0x8077D000 \SystemRoot\system32\drivers\intelide.sys
0x80784000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x80792000 \SystemRoot\System32\drivers\mountmgr.sys
0x8A000000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x8A0C8000 \SystemRoot\system32\drivers\atapi.sys
0x8A0D0000 \SystemRoot\system32\drivers\ataport.SYS
0x8A0EE000 \SystemRoot\system32\drivers\msahci.sys
0x8A0F8000 \SystemRoot\system32\drivers\fltmgr.sys
0x8A12A000 \SystemRoot\system32\drivers\fileinfo.sys
0x8A13A000 \SystemRoot\system32\Drivers\AlfaFF.sys
0x8A143000 \SystemRoot\system32\Drivers\ksecdd.sys
0x8A1B4000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8A206000 \SystemRoot\system32\drivers\ndis.sys
0x8A311000 \SystemRoot\system32\drivers\msrpc.sys
0x8A33C000 \SystemRoot\system32\drivers\NETIO.SYS
0x8A406000 \SystemRoot\System32\drivers\tcpip.sys
0x8A4F0000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8A602000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8A712000 \SystemRoot\system32\drivers\volsnap.sys
0x8A74B000 \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
0x8A750000 \SystemRoot\system32\DRIVERS\tos_sps32.sys
0x8A79B000 \SystemRoot\System32\Drivers\spldr.sys
0x8A7A3000 \SystemRoot\System32\Drivers\mup.sys
0x8A7B2000 \SystemRoot\System32\drivers\ecache.sys
0x8A7D9000 \SystemRoot\system32\drivers\disk.sys
0x8A50B000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8A7EA000 \SystemRoot\system32\drivers\crcdisk.sys
0x8A5F4000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8A377000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8A380000 \SystemRoot\system32\DRIVERS\FwLnk.sys
0x8A388000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8A400000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8E20E000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8E845000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8E8E4000 \SystemRoot\System32\drivers\watchdog.sys
0x8E8F0000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8E8FB000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8E939000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8E948000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8E9D5000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x8EA04000 \SystemRoot\system32\DRIVERS\NETw4v32.sys
0x8EC33000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8EC43000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8EC51000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8EC6B000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x8EC7A000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x8EC8E000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x8ECDF000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8ECF2000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8ECFD000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8ED2C000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8ED2E000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8ED39000 \SystemRoot\system32\DRIVERS\tdcmdpst.sys
0x8ED3E000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8ED57000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x8ED5E000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8ED8D000 \SystemRoot\system32\DRIVERS\storport.sys
0x8EDCE000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8EDD9000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8EDF0000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8A397000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8A3BA000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8A3C9000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8A3DD000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8A1BD000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8EDFB000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8A1CD000 \SystemRoot\system32\DRIVERS\ks.sys
0x8E9F2000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8E200000 \SystemRoot\system32\DRIVERS\umbus.sys
0x807A2000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x807D7000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8F400000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x805C0000 \SystemRoot\system32\drivers\portcls.sys
0x8F60F000 \SystemRoot\system32\drivers\drmk.sys
0x8F634000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x8F750000 \SystemRoot\system32\drivers\modem.sys
0x8F75D000 \SystemRoot\System32\Drivers\Cdr4_xp.SYS
0x8F75E000 \SystemRoot\System32\Drivers\Cdralw2k.SYS
0x8F75F000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8F768000 \SystemRoot\System32\Drivers\Null.SYS
0x8F76F000 \SystemRoot\System32\Drivers\Beep.SYS
0x8F776000 \SystemRoot\System32\drivers\vga.sys
0x8F782000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8F7A3000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8F7AB000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8F7B3000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8F7BE000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8F7CC000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8F7D5000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8F809000 \SystemRoot\System32\Drivers\SYMTDI.SYS
0x8F837000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
0x8F85A000 \SystemRoot\system32\DRIVERS\smb.sys
0x8F86E000 \SystemRoot\system32\drivers\afd.sys
0x8F8B6000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8F8E8000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8F8FE000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8F90C000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8F91F000 \SystemRoot\System32\Drivers\SRTSPX.SYS
0x8F930000 \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
0x8F999000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8F9D5000 \SystemRoot\system32\DRIVERS\psinknc.sys
0x8F7EB000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8FE0A000 \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20070108.003\IDSvix86.sys
0x8FE40000 \SystemRoot\System32\Drivers\dfsc.sys
0x8FE57000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8FE64000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x8FF2C000 \SystemRoot\system32\DRIVERS\ATSwpDrv.sys
0x8FF4F000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8FF58000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8FF68000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8FF6F000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x96E50000 \SystemRoot\System32\win32k.sys
0x8FF77000 \SystemRoot\System32\drivers\Dxapi.sys
0x8FF81000 \SystemRoot\system32\DRIVERS\monitor.sys
0x97070000 \SystemRoot\System32\TSDDD.dll
0x97090000 \SystemRoot\System32\cdd.dll
0x8FF90000 \SystemRoot\system32\drivers\luafv.sys
0x8FFAB000 \SystemRoot\system32\DRIVERS\PSINAflt.sys
0x8FFD2000 \SystemRoot\system32\DRIVERS\PSINProt.sys
0x8A52C000 \SystemRoot\system32\DRIVERS\PSINFile.sys
0x8A548000 \SystemRoot\system32\DRIVERS\PSINProc.sys
0xA9A08000 \SystemRoot\system32\drivers\spsys.sys
0xA9AB8000 \SystemRoot\system32\DRIVERS\RMCAST.sys
0xA9AE8000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xA9AF8000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xA9B22000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA9B2C000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA9B3F000 \SystemRoot\System32\Drivers\SYMREDRV.SYS
0xA9B45000 \SystemRoot\System32\Drivers\SYMDNS.SYS
0xA9B47000 \SystemRoot\System32\Drivers\SYMNDISV.SYS
0xA9B52000 \SystemRoot\System32\Drivers\SYMFW.SYS
0xA9B74000 \SystemRoot\System32\Drivers\SYMIDS.SYS
0xA9B7D000 \SystemRoot\system32\drivers\HTTP.sys
0x8A566000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x8A583000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA9BEA000 \SystemRoot\System32\drivers\mpsdrv.sys
0x8A59C000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x8A5BB000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x807E8000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xABE0A000 \SystemRoot\System32\DRIVERS\srv2.sys
0xABE32000 \SystemRoot\System32\DRIVERS\srv.sys
0xABE80000 \SystemRoot\system32\drivers\peauth.sys
0xABF5E000 \SystemRoot\System32\Drivers\secdrv.SYS
0xABF68000 \SystemRoot\System32\drivers\tcpipreg.sys
0xABF74000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xABF9A000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x77560000 \Windows\System32\ntdll.dll

Processes (total 95):
0 System Idle Process
4 System
604 C:\Windows\System32\smss.exe
740 csrss.exe
784 C:\Windows\System32\wininit.exe
792 csrss.exe
828 C:\Windows\System32\services.exe
840 C:\Windows\System32\lsass.exe
848 C:\Windows\System32\lsm.exe
960 C:\Windows\System32\winlogon.exe
1036 C:\Windows\System32\svchost.exe
1080 C:\Windows\System32\TAMSvr.exe
1092 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
1140 C:\Windows\System32\svchost.exe
1176 C:\Windows\System32\svchost.exe
1272 C:\Windows\System32\svchost.exe
1336 C:\Windows\System32\svchost.exe
1348 C:\Windows\System32\svchost.exe
1444 C:\Windows\System32\audiodg.exe
1468 C:\Windows\System32\svchost.exe
1492 C:\Windows\System32\SLsvc.exe
1528 C:\Windows\System32\svchost.exe
1696 C:\Windows\System32\svchost.exe
1864 C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
1872 C:\Windows\System32\wlanext.exe
360 C:\Windows\System32\spoolsv.exe
624 C:\Windows\System32\svchost.exe
1684 C:\Windows\System32\agrsmsvc.exe
1708 C:\Program Files\Bonjour\mDNSResponder.exe
1992 C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
2080 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
2212 C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
2268 C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
2352 C:\Toshiba\IVP\ISM\pinger.exe
2384 C:\Windows\System32\svchost.exe
2404 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
2428 C:\Windows\System32\svchost.exe
2472 C:\Toshiba\IVP\swupdate\swupdtmr.exe
2548 C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
2656 C:\Windows\System32\TODDSrv.exe
2888 C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
2936 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
3012 C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe
3048 C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
3080 C:\Windows\System32\svchost.exe
3128 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
3176 C:\Windows\System32\taskeng.exe
3276 C:\Windows\System32\dwm.exe
3348 C:\Windows\explorer.exe
3412 C:\Windows\System32\taskeng.exe
3508 C:\Windows\System32\igfxtray.exe
3552 C:\Windows\System32\hkcmd.exe
3608 C:\Windows\System32\mobsync.exe
3680 C:\Windows\System32\igfxpers.exe
3728 C:\Windows\RtHDVCpl.exe
3764 C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
3784 C:\Program Files\TrueSuite Access Manager\FpNotifier.exe
3828 C:\Program Files\TrueSuite Access Manager\usbnotify.exe
3840 C:\Program Files\TrueSuite Access Manager\PwdBank.exe
3848 C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
3884 C:\Windows\System32\igfxsrvc.exe
3912 C:\Program Files\Toshiba\SmoothView\SmoothView.exe
3936 C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
3952 C:\Program Files\Windows Defender\MSASCui.exe
3988 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2060 C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
2340 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
2676 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
2632 C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
2012 C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe
612 C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
2948 C:\Program Files\TrueSuite Access Manager\CssSvr.exe
3100 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
1308 C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
1504 C:\Windows\sointgr.exe
1228 C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
3700 C:\Program Files\Windows Media Player\wmpnscfg.exe
3652 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
4556 C:\Program Files\WeFi\WeFi.exe
4604 C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
4836 C:\Windows\System32\alg.exe
4900 C:\Windows\System32\SearchIndexer.exe
4992 C:\Program Files\Windows Media Player\wmpnetwk.exe
5096 C:\Program Files\WeFi\WefiEngSvc.exe
5204 C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
5076 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
5056 C:\Toshiba\IVP\ISM\Ivpsvmgr.exe
2812 C:\Program Files\Winamp\winamp.exe
5868 C:\Program Files\Internet Explorer\iexplore.exe
2028 C:\Program Files\Internet Explorer\iexplore.exe
2776 C:\Program Files\Internet Explorer\iexplore.exe
2612 C:\Program Files\Internet Explorer\iexplore.exe
1212 C:\Windows\System32\SearchProtocolHost.exe
5496 C:\Windows\System32\SearchFilterHost.exe
4612 C:\Users\shejan\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK3252GSX, Rev: LV010M

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: BBAD517F7EAC529451E4B9586C847AE190574F61


Done!

Slica
Novice
Novice

Posts Posts : 44
Joined Joined : 2008-12-07
OS OS : Windows XP
Points Points : 29681
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Somethings up

Post by Dr Jay on 11th November 2010, 3:27 am

Rootkit scan to investigate hidden malware

Please download [You must be registered and logged in to see this link.] and install it. If you already have it, no need to reinstall.

Then, download [You must be registered and logged in to see this link.] and save the setup to your Desktop.

  • Right-click on the RootkitUnhooker setup and mouse-over 7-Zip then click Extract to "RKU***"
  • Once that is done, enter the folder, and double-click on the setup file. Navigate through setup and finish.
  • Once that is done, you will see another folder that was created inside the RKU folder. Enter that folder, and double-click on the randomly named file. (It will be alpha-numeric and have an EXE extension on it.)
  • It will initialize itself and load the scanner. It will also install its driver. Please wait for the interface to begin.
  • Once inside the interface, do not fix anything. Click on the Report tab.
  • Next, click on the Scan button and a popup will show. Make sure all are checked, then click on OK. It will begin scanning. When it gets to the Files tab, it will ask you what drives to scan. Just select C:\ and hit OK.
  • It will finish in about 5 minutes or a little longer depending on how badly infected the system is, or if your security software is enabled.
  • When finished, it will show the report in the Report tab. Please copy all of it, and post it in your next reply. Depending on how large the log is, you may have to use two or three posts to get all the information in.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Somethings up

Post by Slica on 11th November 2010, 7:38 am

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #2
==============================================
>SSDT State
==============================================
ntkrnlpa.exe-->NtAlertResumeThread, Type: Address change 0x820E507D-->88E46230 [Unknown module filename]
ntkrnlpa.exe-->NtAlertThread, Type: Address change 0x8205DEB5-->88E46310 [Unknown module filename]
ntkrnlpa.exe-->NtAllocateVirtualMemory, Type: Address change 0x8209A01B-->88E47B00 [Unknown module filename]
ntkrnlpa.exe-->NtConnectPort, Type: Address change 0x8201FAA7-->88D5E1A0 [Unknown module filename]
ntkrnlpa.exe-->NtCreateMutant, Type: Address change 0x8207246C-->88E4BEE8 [Unknown module filename]
ntkrnlpa.exe-->NtCreateThread, Type: Address change 0x820E36F4-->88E4A0F0 [Unknown module filename]
ntkrnlpa.exe-->NtFreeVirtualMemory, Type: Address change 0x81ED6F5F-->88E47970 [Unknown module filename]
ntkrnlpa.exe-->NtImpersonateAnonymousToken, Type: Address change 0x8200CEBE-->88E460B0 [Unknown module filename]
ntkrnlpa.exe-->NtImpersonateThread, Type: Address change 0x820224C0-->88E46150 [Unknown module filename]
ntkrnlpa.exe-->NtMapViewOfSection, Type: Address change 0x820624FA-->88E47870 [Unknown module filename]
ntkrnlpa.exe-->NtOpenEvent, Type: Address change 0x8204BA2F-->88E4BE08 [Unknown module filename]
ntkrnlpa.exe-->NtOpenProcessToken, Type: Address change 0x8205368E-->88E4A378 [Unknown module filename]
ntkrnlpa.exe-->NtOpenThreadToken, Type: Address change 0x8206DF08-->88E467D8 [Unknown module filename]
ntkrnlpa.exe-->NtResumeThread, Type: Address change 0x8206D7A5-->88E4E058 [Unknown module filename]
ntkrnlpa.exe-->NtSetContextThread, Type: Address change 0x820E43C7-->88E466F8 [Unknown module filename]
ntkrnlpa.exe-->NtSetInformationProcess, Type: Address change 0x82066528-->88E46898 [Unknown module filename]
ntkrnlpa.exe-->NtSetInformationThread, Type: Address change 0x8204AF0D-->88E46618 [Unknown module filename]
ntkrnlpa.exe-->NtSuspendProcess, Type: Address change 0x820E4FB7-->88E4BD28 [Unknown module filename]
ntkrnlpa.exe-->NtSuspendThread, Type: Address change 0x81FEC929-->88E46458 [Unknown module filename]
ntkrnlpa.exe-->NtTerminateProcess, Type: Address change 0x82042DA3-->88E4A1C0 [Unknown module filename]
ntkrnlpa.exe-->NtTerminateThread, Type: Address change 0x8206E18F-->88E46538 [Unknown module filename]
ntkrnlpa.exe-->NtUnmapViewOfSection, Type: Address change 0x820627BD-->88E47790 [Unknown module filename]
ntkrnlpa.exe-->NtWriteVirtualMemory, Type: Address change 0x8205F58D-->88E47A30 [Unknown module filename]
==============================================
>Shadow
==============================================
==============================================
>Processes
==============================================
0xAB815608 [216] C:\Windows\System32\spoolsv.exe (Microsoft Corporation, Spooler SubSystem App)
0xAB745428 [336] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0xAB8E3A38 [344] C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc., Bonjour Service)
0x89388518 [616] C:\Windows\System32\smss.exe (Microsoft Corporation, Windows Session Manager)
0xAB8E4D90 [624] C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION, Service of ConfigFree.)
0x88A9FD90 [704] C:\Windows\System32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0xB3CDA8D8 [712] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation, Windows Media Player Network Sharing Service Configuration Application)
0x88DC4118 [748] C:\Windows\System32\wininit.exe (Microsoft Corporation, Windows Start-Up Application)
0x87290AD8 [756] C:\Windows\System32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x89FE2A18 [792] C:\Windows\System32\services.exe (Microsoft Corporation, Services and Controller app)
0x89FE5020 [804] C:\Windows\System32\lsass.exe (Microsoft Corporation, Local Security Authority Process)
0x89FF88D0 [812] C:\Windows\System32\lsm.exe (Microsoft Corporation, Local Session Manager Service)
0x891DA880 [936] C:\Windows\System32\winlogon.exe (Microsoft Corporation, Windows Logon Application)
0x89FE5D08 [1016] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0xA97C5C48 [1060] C:\Windows\System32\TAMSvr.exe (AuthenTec Inc., Fingerprint system initialization service)
0xA97E8CA8 [1072] C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation, PresentationFontCache.exe)
0xA97D44E0 [1116] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0xA9F98650 [1152] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0xA9FBCD90 [1224] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0xAB682020 [1276] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0xAB6B8CA8 [1308] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0xAB6A2D90 [1444] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0xAB6A65C8 [1464] C:\Windows\System32\SLsvc.exe (Microsoft Corporation, Microsoft Software Licensing Service)
0xAB6BF5F8 [1532] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0xB3DFCD90 [1600] C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe (CyberLink, CyberLink MediaLibray Service)
0xB3DB6020 [1668] C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe (CyberLink Corp., CyberLink PowerCinema Resident Program)
0xAB739228 [1696] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0xB3DF0020 [1716] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (-, En-us)
0xAB9368B0 [1820] C:\Windows\System32\agrsmsvc.exe (Agere Systems, Agere Soft Modem Call Progress Service)
0xAB75A330 [1840] C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation, Symantec Service Framework)
0xAB752570 [1880] C:\Windows\System32\wlanext.exe (Microsoft Corporation, Windows Wireless LAN 802.11 Extensibility Framework)
0x84EBDD90 [1892] C:\Windows\System32\wuauclt.exe (Microsoft Corporation, Windows Update)
0x8500A468 [1912] C:\Users\shejan\Desktop\RkU3.8.388.590\MustBeRandomlyNamed\Ws6G2Loufnrj.exe (UG North, RKULE, SR2 Normandy)
0xB3DA88E0 [2052] C:\Windows\sointgr.exe
0xB3D26020 [2056] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation, TOSHIBA Power Saver)
0xAB94A020 [2080] C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation, Intel(R) PROSet/Wireless Event Log)
0xAB964D90 [2128] C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe (Eastman Kodak Company, EKDiscovery Module for Kodak AiO Printers)
0xAB994D90 [2192] C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe (Panda Security, S.L., Application Host Service)
0xB3CD7D90 [2216] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation, SmoothView)
0xB3D98020 [2248] C:\Windows\System32\igfxsrvc.exe (Intel Corporation, igfxsrvc Module)
0xB3DA2020 [2364] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation, TOSHIBA Flash Cards)
0xAB9C4428 [2380] C:\Toshiba\IVP\ISM\pinger.exe
0xAB9CA3D0 [2396] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0xAB66D020 [2404] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation, Windows Defender User Interface)
0xAEC62B20 [2416] C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation, Intel(R) PROSet/Wireless Registry Service)
0xAEC6C2F8 [2476] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x8522B3A0 [2532] C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation, Internet Explorer)
0xAB855600 [2572] C:\Toshiba\IVP\swupdate\swupdtmr.exe
0xB3DBF020 [2596] C:\Program Files\Toshiba\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION, ConfigFree(TM) Task tray menu)
0xAEC79D90 [2604] C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation, TOSHIBA Navi Support Service)
0xB3DBD020 [2636] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc., Synaptics TouchPad Enhancements)
0xAEC96388 [2692] C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation, TDCSrv Application)
0xAECAF020 [2712] C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation, TOSHIBA Power Saver)
0xAECE1020 [2744] C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION, TOSHIBA Bluetooth Service)
0xAECE9020 [2820] C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation, TosIPCSrv.exe)
0xB3DB2B20 [2860] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation, Symantec User Session)
0xAB726D90 [2864] C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc., ULCDRSvr)
0xAED23020 [2920] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0xB3DC8B40 [2940] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google, Google Desktop)
0xAED25D90 [2948] C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc., AutoUpater Service Module)
0xAED9C708 [3160] C:\Windows\System32\taskeng.exe (Microsoft Corporation, Task Scheduler Engine)
0xB4605D90 [3248] C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe (Panda Security, S.L., Panda Cloud Antivirus)
0xB3DBB020 [3256] C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company, Status Monitor for KODAK AiO Printer (32-Bit Intel® Pentium™ 4 Optimized Build))
0xB4604368 [3272] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc., RealNetworks Scheduler)
0xB460A020 [3456] C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation, Microsoft Office OneNote Quick Launcher)
0xB4641B30 [3564] C:\Program Files\TrueSuite Access Manager\CssSvr.exe (Arachnoid Biometrics Identification Group Corp., -)
0xB3DF6020 [3576] C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe (-, -)
0x86F3EC70 [3652] C:\Windows\System32\dwm.exe (Microsoft Corporation, Desktop Window Manager)
0xAEDC18C8 [3676] C:\Windows\System32\taskeng.exe (Microsoft Corporation, Task Scheduler Engine)
0xAEDD88E0 [3688] C:\Windows\explorer.exe (Microsoft Corporation, Windows Explorer)
0xB3C81C08 [3844] C:\Windows\System32\igfxtray.exe (Intel Corporation, igfxTray Module)
0xB3C6E9B0 [3860] C:\Windows\System32\hkcmd.exe (Intel Corporation, hkcmd Module)
0xB3CB3AD8 [3940] C:\Windows\System32\igfxpers.exe (Intel Corporation, persistence Module)
0xB3CCE020 [3972] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor, HD Audio Control Panel)
0xB3D06360 [3996] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony, traybar)
0xB3D08020 [4016] C:\Program Files\TrueSuite Access Manager\FpNotifier.exe (AuthenTec, Inc, Fingerprint Suite Notifier Application)
0xB3C87D90 [4024] C:\Program Files\TrueSuite Access Manager\usbnotify.exe
0xB3D0D3F0 [4056] C:\Program Files\TrueSuite Access Manager\PwdBank.exe (Arachnoid Biometrics Identification Group, -)
0x84E14AD8 [4632] C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation, Internet Explorer)
0x84FBF828 [4712] C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation, Internet Explorer)
0xB477D940 [4876] C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION, ConfigFree Switch Manager)
0xAB840A00 [4924] C:\Windows\System32\alg.exe (Microsoft Corporation, Application Layer Gateway Service)
0x872F9AB0 [5016] C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation, Windows Media Player Network Sharing Service)
0x91DDE1B8 [5120] C:\Windows\System32\SearchIndexer.exe (Microsoft Corporation, Microsoft Windows Search Indexer)
0x86C8E6E8 [5836] C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Synaptics, Inc., Synaptics Pointing Device Helper)
0x84B98D90 [5876] C:\Program Files\WeFi\WeFi.exe (WeFi, WeFi Application)
0x84D6B020 [5916] C:\Program Files\WeFi\WefiEngSvc.exe (WeFi, WefiEngSvc.exe)
0x84536A38 [4] System
0xAB6A1548 [1420] C:\Windows\System32\audiodg.exe (Microsoft Corporation, Windows Audio Device Graph Isolation )
==============================================
>Drivers
==============================================
0x8E207000 C:\Windows\system32\DRIVERS\igdkmd32.sys 6516736 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)
0x81E52000 C:\Windows\system32\ntkrnlpa.exe 3903488 bytes (Microsoft Corporation, NT Kernel & System)
0x81E52000 PnpManager 3903488 bytes
0x81E52000 RAW 3903488 bytes
0x81E52000 WMIxWDM 3903488 bytes
0x8EC0C000 C:\Windows\system32\DRIVERS\NETw4v32.sys 2289664 bytes (Intel Corporation, Intel® Wireless WiFi Link Driver)
0x986B0000 Win32k 2109440 bytes
0x986B0000 C:\Windows\System32\win32k.sys 2109440 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8F200000 C:\Windows\system32\drivers\RTKVHDA.sys 2052096 bytes (Realtek Semiconductor Corp., Realtek(r) High Definition Audio Function Driver)
0x8F433000 C:\Windows\system32\DRIVERS\AGRSM.sys 1163264 bytes (Agere Systems, SoftModem Device Driver)
0x8A60D000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
0x8A208000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x8A405000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)
0x804D8000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0xADECC000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x8FCEA000 C:\Windows\System32\Drivers\dump_iaStor.sys 819200 bytes
0x8A00B000 C:\Windows\system32\DRIVERS\iaStor.sys 819200 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0xAC60C000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x8E83E000 C:\Windows\System32\drivers\dxgkrnl.sys 651264 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8E941000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x8060A000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x8A14E000 C:\Windows\system32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x8040E000 C:\Windows\system32\mcupdate_GenuineIntel.dll 458752 bytes (Microsoft Corporation, Intel Microcode Update Library)
0xAC781000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x8F736000 C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys 430080 bytes (Symantec Corporation, SPBBC Driver)
0x8EE96000 C:\Windows\system32\DRIVERS\rixdptsk.sys 331776 bytes (REDC, RICOH XD SM Driver)
0xADE7E000 C:\Windows\System32\DRIVERS\srv.sys 319488 bytes (Microsoft Corporation, Server driver)
0x8A75B000 C:\Windows\system32\DRIVERS\tos_sps32.sys 307200 bytes (TOSHIBA Corporation, tos_sps2)
0x8073C000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8F674000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x80693000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x80497000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x8EF95000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x8E8F4000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8F79F000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x8A33E000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0xADE05000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8A71D000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8FC04000 C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20070108.003\IDSvix86.sys 221184 bytes (Symantec Corporation, IDS Core Driver)
0x807AB000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x81E1F000 ACPI_HAL 208896 bytes
0x81E1F000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x8A103000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8F6BC000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0xAC6BC000 C:\Windows\system32\DRIVERS\RMCAST.sys 196608 bytes (Microsoft Corporation, Reliable Multicast Transport)
0x8EF66000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x8EF05000 C:\Windows\system32\DRIVERS\SynTP.sys 192512 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0x8F60F000 C:\Windows\System32\Drivers\SYMTDI.SYS 188416 bytes (Symantec Corporation, Network Dispatch Driver)
0x805B8000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x8A313000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8A1C8000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0xAC6FC000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0xADE56000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x8A7BD000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x806EA000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x8A52B000 C:\Windows\system32\DRIVERS\PSINAflt.sys 159744 bytes (Panda Security, S.L., PSINAflt Filter Driver for Vista32)
0xADFC0000 C:\Windows\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0x8F40E000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x8FC92000 C:\Windows\system32\DRIVERS\ATSwpDrv.sys 143360 bytes (AuthenTec, Inc., Slide Fingerprint USB Driver)
0x8A399000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x8F63D000 C:\Windows\system32\Drivers\SYMEVENT.SYS 143360 bytes (Symantec Corporation, Symantec Event Library)
0x8F7DB000 C:\Windows\system32\DRIVERS\psinknc.sys 139264 bytes (Panda Security, S.L., PSINKNC Kernel Controller for Vista32)
0xAC756000 C:\Windows\System32\Drivers\SYMFW.SYS 139264 bytes (Symantec Corporation, Firewall Filter Driver)
0x8A50A000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x8F581000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x8A5C7000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x8A0DB000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x8A58C000 C:\Windows\system32\DRIVERS\PSINProc.sys 122880 bytes (Panda Security, S.L., PSINProc Filter Driver for Vista32)
0x8A552000 C:\Windows\system32\DRIVERS\PSINProt.sys 122880 bytes (Panda Security, S.L., PSINProt for Vista32)
0x8E9CE000 C:\Windows\system32\DRIVERS\Rtlh86.sys 118784 bytes (Realtek Corporation , Realtek 8101E/8168/8169 NDIS6 32-bit Driver )
0x8A5AA000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x8A570000 C:\Windows\system32\DRIVERS\PSINFile.sys 114688 bytes (Panda Security, S.L., PSINFile Filter Driver for Vista32)
0x8A4EF000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x8FDCB000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x8EE59000 C:\Windows\system32\DRIVERS\sdbus.sys 106496 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0x8FDE6000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x8EF46000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xADE3E000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8FC5A000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8EFE1000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xADFE6000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x8F6EE000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x8F5D4000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0x8F5EA000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8A3D0000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8A3BC000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8EE82000 C:\Windows\system32\DRIVERS\rimsptsk.sys 81920 bytes (REDC, RICOH MS Driver)
0x8F660000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x8EEE7000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0xAC730000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8F712000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x8A7E4000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x807E0000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x8047E000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x8F725000 C:\Windows\System32\Drivers\SRTSPX.SYS 69632 bytes (Symantec Corporation, Symantec AutoProtect)
0x8A135000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x8FCBE000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0xAC6EC000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x8079B000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x8EE3B000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x8A3E5000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x8A38A000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x8FDBC000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x8A7AE000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x80711000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x8E9EB000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8EE73000 C:\Windows\system32\DRIVERS\rimmptsk.sys 61440 bytes (REDC, RICOH SD Driver)
0x8E932000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)

Slica
Novice
Novice

Posts Posts : 44
Joined Joined : 2008-12-07
OS OS : Windows XP
Points Points : 29681
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Somethings up

Post by Slica on 11th November 2010, 7:39 am

0x8072D000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x8EE4B000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0x988F0000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x8F704000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8F5BD000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x8078D000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x8FCDD000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8F54F000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x8A1F2000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x80686000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xADFB4000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8F575000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8E8DD000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0x8EEFA000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8EF36000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x8F5B2000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8EC00000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xAC74B000 C:\Windows\System32\Drivers\SYMNDISV.SYS 45056 bytes (Symantec Corporation, NDIS Filter Driver)
0x8EFD6000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x8A5F3000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8E8E9000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x80723000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
0x8FDB2000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8A0F9000 C:\Windows\system32\drivers\msahci.sys 40960 bytes (Microsoft Corporation, MS AHCI 1.0 Standard Driver)
0x8A3F5000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0xAC726000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x8F600000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0xADFAA000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8A145000 C:\Windows\system32\Drivers\AlfaFF.sys 36864 bytes (Alfa Corporation, Windows 2000 Mini-Filter Monitor Network Edition)
0x8A7F5000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x8F55E000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x8FCB5000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xAC7EE000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x8A1BF000 C:\Windows\System32\Drivers\PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0x8F5CB000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xAC778000 C:\Windows\System32\Drivers\SYMIDS.SYS 36864 bytes (Symantec Corporation, IDS Filter Driver)
0x988D0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8A379000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x806D9000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x8A0D3000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x8048F000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8A382000 C:\Windows\system32\DRIVERS\FwLnk.sys 32768 bytes (TOSHIBA Corporation, TOSHIBA Firmware Linkage 32-bit Driver)
0x8FCD5000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x806E2000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8F5A2000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8F5AA000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8A7A6000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x8F56E000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x8EF5F000 C:\Windows\System32\Drivers\GEARAspiWDM.sys 28672 bytes (GEAR Software Inc., CD/DVD Class Filter Driver)
0x8FCCE000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x80786000 C:\Windows\system32\drivers\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0x80407000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x8F567000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0xAC743000 C:\Windows\System32\Drivers\SYMREDRV.SYS 24576 bytes (Symantec Corporation, Redirector Filter Driver)
0x8A756000 C:\Windows\system32\DRIVERS\TVALZ_O.SYS 20480 bytes (TOSHIBA Corporation, TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver)
0x8A400000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x8EF41000 C:\Windows\system32\DRIVERS\tdcmdpst.sys 16384 bytes (TOSHIBA Corporation., Toshiba ODD Writing Driver For x86.)
0x80720000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0x8EFF8000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xAC749000 C:\Windows\System32\Drivers\SYMDNS.SYS 8192 bytes (Symantec Corporation, DNS Filter Driver)
0x8EF34000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0x8F55C000 C:\Windows\System32\Drivers\Cdr4_xp.SYS 4096 bytes (Sonic Solutions, CDR4 CD and DVD Place Holder Driver (see PxHelp))
0x8F55D000 C:\Windows\System32\Drivers\Cdralw2k.SYS 4096 bytes (Sonic Solutions, CDRAL Place Holder Driver (see PxHelp))
==============================================
>Stealth
==============================================
0x01260000 Hidden Image-->Inkjet.Automation.dll [ EPROCESS 0xAB964D90 ] PID: 2128, 36864 bytes
0x01240000 Hidden Image-->Inkjet.AutomationImplementation.dll [ EPROCESS 0xAB964D90 ] PID: 2128, 45056 bytes
0x015E0000 Hidden Image-->Inkjet.Utilities.dll [ EPROCESS 0xAB964D90 ] PID: 2128, 53248 bytes
0x8FC52130 Unknown thread object [ ETHREAD 0x89389D78 ] , 600 bytes
0x01370000 Hidden Image-->Inkjet.Diagnostics.dll [ EPROCESS 0xAB964D90 ] PID: 2128, 61440 bytes
==============================================
>Files
==============================================
!-->[Hidden] C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00A22.log
!-->[Hidden] C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010019.ci
!-->[Hidden] C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010019.dir
!-->[Hidden] C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010019.wid
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{00D5DDAF-ED4D-11DF-838F-001E333C7856}.dat
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0D84A18F-ED4D-11DF-838F-001E333C7856}.dat
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{26F27CFF-ED4D-11DF-838F-001E333C7856}.dat
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{345ACCDF-ED4D-11DF-838F-001E333C7856}.dat
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4CC8012F-ED4D-11DF-838F-001E333C7856}.dat
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{77E042FF-ED4D-11DF-838F-001E333C7856}.dat
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{CFD3539F-ED4C-11DF-838F-001E333C7856}.dat
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E81929CE-ED4C-11DF-838F-001E333C7856}.dat
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F64CDFFF-ED4C-11DF-838F-001E333C7856}.dat
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{89E8A7DE-ED4D-11DF-838F-001E333C7856}.dat
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0HFAE5L3\0710_auto_CRE_scoreboard_300x250[1].swf
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0HFAE5L3\2409_tn[1].png
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0HFAE5L3\2412_tn[1].png
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0HFAE5L3\2413_tn[1].png
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0HFAE5L3\2414_tn[1].png
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0HFAE5L3\acctid=82;plidl=2816979;rsid=5;lcid=a0770000003t94XAAQ;aid=22792740[1].xml
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0HFAE5L3\ajs[1].php
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0HFAE5L3\bclick[1].htm
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0HFAE5L3\bloodyelbowatf[1].htm
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0HFAE5L3\count[5].json
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0HFAE5L3\dref=http%253A%252F%252Fwww.bloodyelbow[1].com%252F
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0HFAE5L3\film_strip-40[1].gif
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0HFAE5L3\flawlessButton-trans[1].png
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0HFAE5L3\HessianService[2]
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0HFAE5L3\inCA6MI3LQ.php
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0HFAE5L3\inCA7KKMA8.php
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0HFAE5L3\inCA7VHABO.php
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0HFAE5L3\inCAAS3DUC.php
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0HFAE5L3\inCAL1V1LC.php
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0HFAE5L3\inCAZ65EGP.php
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0HFAE5L3\meter[3].gif
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0HFAE5L3\News-trans[1].jpg
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0HFAE5L3\pops;outputformat=mrss;id=22792740;cb=986757938;lmsoverride=1;rd=sports.yahoo.com-offsite;datacontext=mdb;lg=tEWAZO[1].xml
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0HFAE5L3\rss[1].png
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0HFAE5L3\search[5]
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0HFAE5L3\search[6]
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0HFAE5L3\sectionShadowDark[1].png
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0HFAE5L3\sideBackT[1].png
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0HFAE5L3\sideFooter[1].png
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0HFAE5L3\s[1]
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0HFAE5L3\s[2]
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0HFAE5L3\userBoxsolid[1].png
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9J7Y3XER\arrow[1].gif
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9J7Y3XER\blank[1].gif
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9J7Y3XER\bloodyelbowatf[1].htm
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9J7Y3XER\btnSignIn-trans[1].png
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9J7Y3XER\counter[2].asp
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9J7Y3XER\count[3].json
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9J7Y3XER\count[4].json
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9J7Y3XER\get[1].media
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9J7Y3XER\headerback[1].png
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9J7Y3XER\inCAK3X7IY.php
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9J7Y3XER\loginBack[1].png
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9J7Y3XER\logo-trans[1].png
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9J7Y3XER\scribe_endpoint[6].png
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9J7Y3XER\search[6]
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9J7Y3XER\search[7]
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9J7Y3XER\sideBorder[1].gif
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9J7Y3XER\sideCurve[1].png
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9J7Y3XER\s[1]
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9J7Y3XER\s[2]
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9J7Y3XER\the-ultimate-fighter-12-team-gsp-vs-team-koscheck-live-discussion[1].htm
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9J7Y3XER\tweet_button[10].htm
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9J7Y3XER\tweet_button[9].htm
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C3YBO29V\2415_tn[1].png
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C3YBO29V\2416_tn[1].png
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C3YBO29V\41482_100000008494358_2215009_q[1].jpg
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C3YBO29V\ajs[1].php
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C3YBO29V\bBar-left[1].png
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C3YBO29V\bloodyelbow_com[1].htm
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C3YBO29V\fedor-and-alek_small[1].jpg
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C3YBO29V\get[1].media
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C3YBO29V\joinbtn[1].png
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C3YBO29V\like[1].htm
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C3YBO29V\like[2].htm
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C3YBO29V\menuSide[1].png
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C3YBO29V\nf[1].htm
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C3YBO29V\scribe_endpoint[6].png
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C3YBO29V\scribe_endpoint[7].png
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C3YBO29V\scribe_endpoint[8].png
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C3YBO29V\scribe_endpoint[9].png
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C3YBO29V\search[4]
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C3YBO29V\search[5]
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C3YBO29V\search[6]
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C3YBO29V\sideHeader-trans[1].png
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C3YBO29V\s[1]
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C3YBO29V\s[2]
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C3YBO29V\xbox-trans[1].png
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C3YBO29V\xNjk3OQRjYXQDbWRiBGNkbgMEcGcDBHBsX3MDBHBscl9zA3RFV0FaTy5aWjZoY0l5d2hoNW1pb2sEcmQDc3BvcnRzLnlhaG9vLmNvbS1vZmZzaXRlBHNlYwNwYgRzaWQDBHNsawNsZAR2aWQDMjI3OTI3NDA-[1].gif
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ED3RD39P\2_small[1].jpg
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ED3RD39P\bclick[1].htm
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ED3RD39P\bloodyelbowatf[1].htm
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ED3RD39P\capella_prebrand_repcred_v2_468x60[1].swf
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ED3RD39P\cds[1].jpg
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ED3RD39P\click[2].here
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ED3RD39P\crossdomain[1].xml
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ED3RD39P\gamesSelect[1].png
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ED3RD39P\getMoz[1].png
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ED3RD39P\google_com[1].htm
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ED3RD39P\Maia_punch_small[1].jpg
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ED3RD39P\mainback-made[1].png
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ED3RD39P\mnuBar-trans[1].png
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ED3RD39P\newsHeaderBack[1].png
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ED3RD39P\optn=64[1].htm
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ED3RD39P\scribe_endpoint[6].png
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ED3RD39P\search[2]
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ED3RD39P\search[3]
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ED3RD39P\sectionBack-trans[1].png
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ED3RD39P\sectionShadow[1].png
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ED3RD39P\s[1]
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ED3RD39P\s[2]
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ED3RD39P\tweet_button[6].htm
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EQ3ALYYQ\acctid=82;plidl=2816979;lcid=a0770000003t94XAAQ;aid=22792740[2].xml
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EQ3ALYYQ\ajs[1].php
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EQ3ALYYQ\cds[1].jpg
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EQ3ALYYQ\cds[2].jpg
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EQ3ALYYQ\community_728x90[1].swf
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EQ3ALYYQ\config[1].xml
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EQ3ALYYQ\count[1].json
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EQ3ALYYQ\crumbBack[1].png
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EQ3ALYYQ\email-trans[1].png
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EQ3ALYYQ\favicon[3].ico
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EQ3ALYYQ\HessianService[2]
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EQ3ALYYQ\hqdefault[2].jpg
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EQ3ALYYQ\inCA9D9CNY.php
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EQ3ALYYQ\inCADO3CVE.php
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EQ3ALYYQ\inCAS874XU.php
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EQ3ALYYQ\ps2-trans[1].png
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EQ3ALYYQ\rightSide[1].png
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EQ3ALYYQ\search[4]
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EQ3ALYYQ\search[5]
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EQ3ALYYQ\s[2]
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EQ3ALYYQ\s[3]
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EQ3ALYYQ\s[4]
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EQ3ALYYQ\twinone[1].png
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G4Y6AZ77\2_small[6].jpg
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G4Y6AZ77\ads[1].htm
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G4Y6AZ77\ajs[1].php
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G4Y6AZ77\cds[1].jpg
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G4Y6AZ77\cds[2].jpg
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G4Y6AZ77\dg_specificclick_net[1].htm
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G4Y6AZ77\dot[1].gif
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G4Y6AZ77\DSG_Outerwear_Snowy_300x250[1].jpg
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G4Y6AZ77\dt;sz=1x1;ord=7092493[1].htm
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G4Y6AZ77\get[1].media
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G4Y6AZ77\mko_raiden01[1].gif
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G4Y6AZ77\mortalkombatonline_com[1].htm
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G4Y6AZ77\pollBar[1].png
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G4Y6AZ77\restserver[1].php
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G4Y6AZ77\scribe_endpoint[6].png
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G4Y6AZ77\scribe_endpoint[7].png
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G4Y6AZ77\search[5]
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G4Y6AZ77\search[6]
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G4Y6AZ77\shadowBar-news[1].png
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G4Y6AZ77\s[1]
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G4Y6AZ77\s[2]
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G4Y6AZ77\userbox-news[1].png
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S41VTH22\2418_tn[1].png
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S41VTH22\2419_tn[1].png
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S41VTH22\bBar-center[1].png
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S41VTH22\cds[1].jpg
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S41VTH22\comment-trans[1].png
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S41VTH22\count[1].json
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S41VTH22\dt;sz=1x1;ord=1503589[1].htm
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S41VTH22\lineBack[1].png
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S41VTH22\meter[3].gif
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S41VTH22\meter[4].gif
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S41VTH22\newsTextBack[1].png
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S41VTH22\postcomment-trans[1].png
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S41VTH22\scribe_endpoint[10].png
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S41VTH22\scribe_endpoint[11].png
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S41VTH22\search[5]
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S41VTH22\search[6]
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S41VTH22\STND_M7HPGN_MSN14Launch_local01MSN_CPC_728x90[1].swf
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S41VTH22\s[1]
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S41VTH22\s[2]
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S41VTH22\tweet_button[11].htm
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VWG6LU9J\bBar-right[1].png
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VWG6LU9J\btnArchive-trans[1].png
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VWG6LU9J\btnSearch-trans[1].png
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VWG6LU9J\cds[1].jpg
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VWG6LU9J\cds[2].jpg
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VWG6LU9J\favicon[6].ico
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VWG6LU9J\gLineBack[1].png
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VWG6LU9J\inCA8ZRE93.php
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VWG6LU9J\search[5]
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VWG6LU9J\search[6]
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VWG6LU9J\s[2]
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VWG6LU9J\s[3]
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VWG6LU9J\tweet_buttonCA0KZ4KI.htm
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VWG6LU9J\tweet_buttonCAM0ZFWG.htm
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VWG6LU9J\tweet_button[10].htm
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VWG6LU9J\tweet_button[11].htm
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VWG6LU9J\tweet_button[7].htm
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VWG6LU9J\tweet_button[8].htm
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VWG6LU9J\tweet_button[9].htm
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VWG6LU9J\twintwo[1].png
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VWG6LU9J\United_States[1].gif
!-->[Hidden] C:\Users\shejan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VWG6LU9J\V-QMh3ztdfo[1].swf
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\Low\hsperfdata_shejan\5672::$DATA
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\WASAC57.tmp\Avs.bmp
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\WASAC57.tmp\Balance.bmp
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\WASAC57.tmp\cbuttons.bmp
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\WASAC57.tmp\close.cur
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\WASAC57.tmp\eqclose.cur
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\WASAC57.tmp\Eqmain.bmp
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\WASAC57.tmp\eqnormal.cur
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\WASAC57.tmp\eqslid.cur
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\WASAC57.tmp\eqtitle.cur
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\WASAC57.tmp\eq_ex.bmp
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\WASAC57.tmp\FONT.bmp
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\WASAC57.tmp\main.bmp
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\WASAC57.tmp\mainmenu.cur
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\WASAC57.tmp\mb.bmp
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\WASAC57.tmp\min.cur
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\WASAC57.tmp\monoster.bmp
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\WASAC57.tmp\normal.cur
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\WASAC57.tmp\nums_ex.bmp
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\WASAC57.tmp\pclose.cur
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\WASAC57.tmp\Playpaus.bmp
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\WASAC57.tmp\Pledit.bmp
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\WASAC57.tmp\PLEDIT.TXT
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\WASAC57.tmp\pnormal.cur
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\WASAC57.tmp\posbar.bmp
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\WASAC57.tmp\posbar.cur
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\WASAC57.tmp\psize.cur
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\WASAC57.tmp\ptbar.cur
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\WASAC57.tmp\pvscroll.cur
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\WASAC57.tmp\pwinbut.cur
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\WASAC57.tmp\pwsnorm.cur
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\WASAC57.tmp\pwssize.cur
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\WASAC57.tmp\Readme.txt
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\WASAC57.tmp\shufrep.bmp
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\WASAC57.tmp\songname.cur
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\WASAC57.tmp\Text.bmp
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\WASAC57.tmp\titlebar.bmp
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\WASAC57.tmp\titlebar.cur
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\WASAC57.tmp\VISCOLOR.TXT
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\WASAC57.tmp\volbal.cur
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\WASAC57.tmp\volbar.cur
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\WASAC57.tmp\volume.bmp
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\WASAC57.tmp\winbut.cur
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\WASAC57.tmp\wsclose.cur
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\WASAC57.tmp\wsmin.cur
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\WASAC57.tmp\wsnormal.cur
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\WASAC57.tmp\wsposbar.cur
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\WASAC57.tmp\wswinbut.cur
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\~DF15EB.tmp::$DATA
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\~DF165B.tmp::$DATA
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\~DF18F3.tmp::$DATA
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\~DF1E7B.tmp::$DATA
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\~DF22EA.tmp::$DATA
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\~DF231B.tmp::$DATA
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\~DF233D.tmp::$DATA
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\~DF234A.tmp::$DATA
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\~DF23CB.tmp::$DATA
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\~DF23D8.tmp::$DATA
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\~DF2426.tmp::$DATA
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\~DF2433.tmp::$DATA
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\~DF247F.tmp::$DATA
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\~DF248C.tmp::$DATA
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\~DF26C3.tmp::$DATA
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\~DF2834.tmp::$DATA
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\~DF29BD.tmp::$DATA
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\~DF2A3C.tmp::$DATA
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\~DF2A8E.tmp::$DATA
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\~DF2B60.tmp::$DATA
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\~DF2B84.tmp::$DATA
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\~DF3087.tmp::$DATA
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\~DF30B4.tmp::$DATA
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\~DF3108.tmp::$DATA
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\~DF3495.tmp::$DATA
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\~DF3503.tmp::$DATA
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\~DF3523.tmp::$DATA
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\~DF35C6.tmp::$DATA
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\~DF35DB.tmp::$DATA
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\~DF363A.tmp::$DATA
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\~DF3674.tmp::$DATA
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\~DF36CB.tmp::$DATA
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\~DF3718.tmp::$DATA
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\~DF3AC3.tmp::$DATA
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\~DF4693.tmp
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\~DF4C8D.tmp::$DATA
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\~DF68A6.tmp::$DATA
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\~DF6C53.tmp::$DATA
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\~DF8E33.tmp::$DATA
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\~DF8E45.tmp::$DATA
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\~DF8ECB.tmp::$DATA
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\~DF8EDD.tmp::$DATA
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\~DF8F35.tmp::$DATA
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\~DF8F4D.tmp::$DATA
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\~DF8F9C.tmp::$DATA
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\~DF8FAE.tmp::$DATA
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\~DF9F2.tmp::$DATA
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\~DFA7F8.tmp::$DATA
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\~DFA815.tmp::$DATA
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\~DFA827.tmp::$DATA
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\~DFA8A7.tmp::$DATA
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\~DFA8B4.tmp::$DATA
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\~DFA96B.tmp::$DATA
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\~DFA978.tmp::$DATA
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\~DFA9FB.tmp::$DATA
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\~DFAA10.tmp::$DATA
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\~DFAA17.tmp::$DATA
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\~DFAA24.tmp::$DATA
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\~DFAA76.tmp::$DATA
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\~DFAA83.tmp::$DATA
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\~DFAA93.tmp::$DATA
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\~DFAAA0.tmp::$DATA
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\~DFAB15.tmp::$DATA
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\~DFAB22.tmp::$DATA
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\~DFAC24.tmp::$DATA
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\~DFAF19.tmp::$DATA
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\~DFB3A4.tmp::$DATA
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\~DFB4B2.tmp::$DATA
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\~DFB4B6.tmp::$DATA
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\~DFBCE5.tmp::$DATA
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\~DFBCF2.tmp::$DATA
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\~DFBD79.tmp::$DATA
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\~DFBD86.tmp::$DATA
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\~DFBDD5.tmp::$DATA
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\~DFBDE2.tmp::$DATA
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\~DFBE2C.tmp::$DATA
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\~DFBE39.tmp::$DATA
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\~DFC2B0.tmp::$DATA
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\~DFC389.tmp::$DATA
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\~DFC39D.tmp::$DATA
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\~DFC46F.tmp::$DATA
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\~DFC93F.tmp::$DATA
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\~DFCAD7.tmp::$DATA
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\~DFD0A0.tmp::$DATA
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\~DFD5FD.tmp::$DATA
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\~DFDD92.tmp::$DATA
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\~DFE3EB.tmp::$DATA
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\~DFE78C.tmp::$DATA
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\~DFED04.tmp::$DATA
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\~DFF5.tmp::$DATA
!-->[Hidden] C:\Users\shejan\AppData\Local\Temp\~DFF7EC.tmp::$DATA
!-->[Hidden] C:\Users\shejan\AppData\Roaming\Microsoft\Windows\Cookies\shejan@bloodyelbow[1].txt
!-->[Hidden] C:\Users\shejan\AppData\Roaming\Microsoft\Windows\Cookies\shejan@fastclick[2].txt
!-->[Hidden] C:\Users\shejan\AppData\Roaming\Microsoft\Windows\Cookies\shejan@GeekPolice[2].txt
!-->[Hidden] C:\Users\shejan\AppData\Roaming\Microsoft\Windows\Cookies\shejan@lookoutlanding[1].txt
!-->[Hidden] C:\Users\shejan\AppData\Roaming\Microsoft\Windows\Cookies\shejan@ru4[2].txt
!-->[Hidden] C:\Users\shejan\AppData\Roaming\Microsoft\Windows\Cookies\shejan@sourceforge[2].txt
!-->[Hidden] C:\Users\shejan\AppData\Roaming\Microsoft\Windows\Cookies\shejan@[You must be registered and logged in to see this link.]
!-->[Hidden] C:\Users\shejan\AppData\Roaming\Microsoft\Windows\Cookies\shejan@[You must be registered and logged in to see this link.]
!-->[Hidden] C:\Windows\System32\WDI\{a7a5847a-7511-4e4e-90b1-45ad2a002f51}\{03b8636e-c61c-4d15-a84f-ca51fb0a857d}\krundown.etl
!-->[Hidden] C:\Windows\System32\WDI\{a7a5847a-7511-4e4e-90b1-45ad2a002f51}\{03b8636e-c61c-4d15-a84f-ca51fb0a857d}\ksnapshot.etl
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x000A87AA, Type: Inline - RelativeJump 0x81EFA7AA-->81EFA7B1 [ntkrnlpa.exe]
ntkrnlpa.exe+0x000ACA98, Type: Inline - RelativeJump 0x81EFEA98-->81EFEB17 [ntkrnlpa.exe]
ntkrnlpa.exe+0x000ACB10, Type: Inline - RelativeJump 0x81EFEB10-->81EFEB8E [ntkrnlpa.exe]
ntkrnlpa.exe+0x000ACB58, Type: Inline - RelativeJump 0x81EFEB58-->81EFEB01 [ntkrnlpa.exe]
ntkrnlpa.exe+0x000ACDBC, Type: Inline - RelativeJump 0x81EFEDBC-->81EFEDA7 [ntkrnlpa.exe]
ntkrnlpa.exe-->KeFindConfigurationNextEntry, Type: Inline - RelativeJump 0x821A62F6-->821A630C [ntkrnlpa.exe]
[1508]iexplore.exe-->user32.dll-->CallNextHookEx, Type: Inline - RelativeJump 0x776B8E3B-->00000000 [ieframe.dll]
[1508]iexplore.exe-->user32.dll-->CreateWindowExW, Type: Inline - RelativeJump 0x776C1305-->00000000 [ieframe.dll]
[1508]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x776F847D-->00000000 [ieframe.dll]
[1508]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x776E2EF5-->00000000 [ieframe.dll]
[1508]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x776F8152-->00000000 [ieframe.dll]
[1508]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x776E10B0-->00000000 [ieframe.dll]
[1508]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x7770D639-->00000000 [ieframe.dll]
[1508]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x7770D65D-->00000000 [ieframe.dll]
[1508]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x7770D4D9-->00000000 [ieframe.dll]
[1508]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x7770D5D3-->00000000 [ieframe.dll]
[1508]iexplore.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x776B87AD-->00000000 [ieframe.dll]
[1508]iexplore.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x776B98DB-->00000000 [ieframe.dll]
[1668]PCMAgent.exe-->shell32.dll-->Shell_NotifyIconA, Type: IAT modification 0x00412568-->00000000 [trayhook.dll]
[1716]TOSCDSPD.exe-->shell32.dll-->Shell_NotifyIconW, Type: IAT modification 0x00409150-->00000000 [trayhook.dll]
[2056]TPwrMain.exe-->shell32.dll-->Shell_NotifyIconW, Type: IAT modification 0x00406150-->00000000 [trayhook.dll]
[2216]SmoothView.exe-->shell32.dll-->Shell_NotifyIconA, Type: IAT modification 0x00405130-->00000000 [trayhook.dll]
[2596]NDSTray.exe-->shell32.dll-->Shell_NotifyIconA, Type: IAT modification 0x0044A998-->00000000 [trayhook.dll]
[2636]SynTPEnh.exe-->shell32.dll-->Shell_NotifyIconW, Type: IAT modification 0x0045C298-->00000000 [trayhook.dll]
[2948]YahooAUService.exe-->advapi32.dll-->CreateServiceW, Type: IAT modification 0x00467054-->00000000 [AcGenral.dll]
[2948]YahooAUService.exe-->advapi32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x77C8151C-->00000000 [AcGenral.dll]
[2948]YahooAUService.exe-->advapi32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x77C816D0-->00000000 [AcGenral.dll]
[2948]YahooAUService.exe-->advapi32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x77C81664-->00000000 [AcGenral.dll]
[2948]YahooAUService.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C814BC-->00000000 [shimeng.dll]
[2948]YahooAUService.exe-->advapi32.dll-->kernel32.dll-->MoveFileW, Type: IAT modification 0x77C81668-->00000000 [AcGenral.dll]
[2948]YahooAUService.exe-->advapi32.dll-->kernel32.dll-->OpenFile, Type: IAT modification 0x77C81514-->00000000 [AcGenral.dll]
[2948]YahooAUService.exe-->advapi32.dll-->RegCreateKeyExW, Type: IAT modification 0x00467088-->00000000 [AcGenral.dll]
[2948]YahooAUService.exe-->advapi32.dll-->RegDeleteValueW, Type: IAT modification 0x00467090-->00000000 [AcGenral.dll]
[2948]YahooAUService.exe-->advapi32.dll-->RegOpenKeyExA, Type: IAT modification 0x00467004-->00000000 [AcGenral.dll]
[2948]YahooAUService.exe-->advapi32.dll-->RegOpenKeyExW, Type: IAT modification 0x00467084-->00000000 [AcGenral.dll]
[2948]YahooAUService.exe-->advapi32.dll-->RegSetValueExW, Type: IAT modification 0x0046707C-->00000000 [AcGenral.dll]
[2948]YahooAUService.exe-->gdi32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x77B61130-->00000000 [AcGenral.dll]
[2948]YahooAUService.exe-->gdi32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x77B6119C-->00000000 [AcGenral.dll]
[2948]YahooAUService.exe-->gdi32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x77B611BC-->00000000 [AcGenral.dll]
[2948]YahooAUService.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B61170-->00000000 [shimeng.dll]
[2948]YahooAUService.exe-->kernel32.dll-->CreateFileA, Type: IAT modification 0x00467138-->00000000 [AcGenral.dll]
[2948]YahooAUService.exe-->kernel32.dll-->CreateFileW, Type: IAT modification 0x004670C8-->00000000 [AcGenral.dll]
[2948]YahooAUService.exe-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x004670D8-->00000000 [AcGenral.dll]
[2948]YahooAUService.exe-->kernel32.dll-->DeleteFileA, Type: IAT modification 0x00467250-->00000000 [AcGenral.dll]
[2948]YahooAUService.exe-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x004670AC-->00000000 [AcGenral.dll]
[2948]YahooAUService.exe-->kernel32.dll-->GetFileAttributesW, Type: IAT modification 0x00467108-->00000000 [AcGenral.dll]
[2948]YahooAUService.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x004670F0-->00000000 [shimeng.dll]
[2948]YahooAUService.exe-->kernel32.dll-->MoveFileA, Type: IAT modification 0x00467254-->00000000 [AcGenral.dll]
[2948]YahooAUService.exe-->shell32.dll-->advapi32.dll-->AccessCheck, Type: IAT modification 0x768E1C04-->00000000 [AcGenral.dll]
[2948]YahooAUService.exe-->shell32.dll-->advapi32.dll-->RegCreateKeyExW, Type: IAT modification 0x768E1B34-->00000000 [AcGenral.dll]
[2948]YahooAUService.exe-->shell32.dll-->advapi32.dll-->RegCreateKeyW, Type: IAT modification 0x768E1CB8-->00000000 [AcGenral.dll]
[2948]YahooAUService.exe-->shell32.dll-->advapi32.dll-->RegDeleteValueW, Type: IAT modification 0x768E1B54-->00000000 [AcGenral.dll]
[2948]YahooAUService.exe-->shell32.dll-->advapi32.dll-->RegOpenKeyExA, Type: IAT modification 0x768E1CFC-->00000000 [AcGenral.dll]
[2948]YahooAUService.exe-->shell32.dll-->advapi32.dll-->RegOpenKeyExW, Type: IAT modification 0x768E1B2C-->00000000 [AcGenral.dll]
[2948]YahooAUService.exe-->shell32.dll-->advapi32.dll-->RegSetValueExW, Type: IAT modification 0x768E1B30-->00000000 [AcGenral.dll]
[2948]YahooAUService.exe-->shell32.dll-->advapi32.dll-->RegSetValueW, Type: IAT modification 0x768E1B74-->00000000 [AcGenral.dll]
[2948]YahooAUService.exe-->shell32.dll-->advapi32.dll-->SetFileSecurityW, Type: IAT modification 0x768E1CC8-->00000000 [AcGenral.dll]
[2948]YahooAUService.exe-->shell32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x768E125C-->00000000 [AcGenral.dll]
[2948]YahooAUService.exe-->shell32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x768E1460-->00000000 [AcGenral.dll]
[2948]YahooAUService.exe-->shell32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x768E13B4-->00000000 [AcGenral.dll]
[2948]YahooAUService.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x768E1414-->00000000 [shimeng.dll]
[2948]YahooAUService.exe-->shell32.dll-->kernel32.dll-->MoveFileExW, Type: IAT modification 0x768E13C0-->00000000 [AcGenral.dll]
[2948]YahooAUService.exe-->shell32.dll-->kernel32.dll-->MoveFileW, Type: IAT modification 0x768E130C-->00000000 [AcGenral.dll]
[2948]YahooAUService.exe-->shell32.dll-->kernel32.dll-->SetFileAttributesW, Type: IAT modification 0x768E13B8-->00000000 [AcGenral.dll]
[2948]YahooAUService.exe-->user32.dll-->advapi32.dll-->RegCreateKeyExW, Type: IAT modification 0x77D51548-->00000000 [AcGenral.dll]
[2948]YahooAUService.exe-->user32.dll-->advapi32.dll-->RegOpenKeyExW, Type: IAT modification 0x77D51528-->00000000 [AcGenral.dll]
[2948]YahooAUService.exe-->user32.dll-->advapi32.dll-->RegSetValueExW, Type: IAT modification 0x77D51550-->00000000 [AcGenral.dll]
[2948]YahooAUService.exe-->user32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x77D511A8-->00000000 [AcGenral.dll]
[2948]YahooAUService.exe-->user32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x77D512B8-->00000000 [AcGenral.dll]
[2948]YahooAUService.exe-->user32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x77D511B0-->00000000 [AcGenral.dll]
[2948]YahooAUService.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D51300-->00000000 [shimeng.dll]
[2948]YahooAUService.exe-->user32.dll-->kernel32.dll-->MoveFileW, Type: IAT modification 0x77D511AC-->00000000 [AcGenral.dll]
[2948]YahooAUService.exe-->ws2_32.dll-->advapi32.dll-->RegCreateKeyExA, Type: IAT modification 0x4B0D1104-->00000000 [AcGenral.dll]
[2948]YahooAUService.exe-->ws2_32.dll-->advapi32.dll-->RegOpenKeyExA, Type: IAT modification 0x4B0D110C-->00000000 [AcGenral.dll]
[2948]YahooAUService.exe-->ws2_32.dll-->advapi32.dll-->RegSetValueExA, Type: IAT modification 0x4B0D1114-->00000000 [AcGenral.dll]
[2948]YahooAUService.exe-->ws2_32.dll-->advapi32.dll-->RegSetValueExW, Type: IAT modification 0x4B0D1110-->00000000 [AcGenral.dll]
[2948]YahooAUService.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x4B0D11E8-->00000000 [shimeng.dll]
[3256]EKIJ5000MUI.exe-->shell32.dll-->Shell_NotifyIconW, Type: IAT modification 0x0047E47C-->00000000 [trayhook.dll]
[3576]CEC_MAIN.exe-->shell32.dll-->Shell_NotifyIconA, Type: IAT modification 0x005FAB2C-->00000000 [trayhook.dll]
[3844]igfxtray.exe-->shell32.dll-->Shell_NotifyIconA, Type: IAT modification 0x004181DC-->00000000 [trayhook.dll]
[3972]RtHDVCpl.exe-->shell32.dll-->Shell_NotifyIconW, Type: IAT modification 0x004A9460-->00000000 [trayhook.dll]
[3996]traybar.exe-->shell32.dll-->Shell_NotifyIconA, Type: IAT modification 0x0040C138-->00000000 [trayhook.dll]
[4016]FpNotifier.exe-->shell32.dll-->Shell_NotifyIconW, Type: IAT modification 0x00437334-->00000000 [trayhook.dll]
[4376]winamp.exe-->shell32.dll-->Shell_NotifyIconA, Type: IAT modification 0x0043E300-->00000000 [trayhook.dll]
[4632]iexplore.exe-->user32.dll-->CreateWindowExW, Type: Inline - RelativeJump 0x776C1305-->00000000 [ieframe.dll]
[4632]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x776F847D-->00000000 [ieframe.dll]
[4632]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x776E2EF5-->00000000 [ieframe.dll]
[4632]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x776F8152-->00000000 [ieframe.dll]
[4632]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x776E10B0-->00000000 [ieframe.dll]
[4632]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x7770D639-->00000000 [ieframe.dll]
[4632]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x7770D65D-->00000000 [ieframe.dll]
[4632]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x7770D4D9-->00000000 [ieframe.dll]
[4632]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x7770D5D3-->00000000 [ieframe.dll]
[4712]iexplore.exe-->user32.dll-->CallNextHookEx, Type: Inline - RelativeJump 0x776B8E3B-->00000000 [ieframe.dll]
[4712]iexplore.exe-->user32.dll-->CreateWindowExW, Type: Inline - RelativeJump 0x776C1305-->00000000 [ieframe.dll]
[4712]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x776F847D-->00000000 [ieframe.dll]
[4712]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x776E2EF5-->00000000 [ieframe.dll]
[4712]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x776F8152-->00000000 [ieframe.dll]
[4712]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x776E10B0-->00000000 [ieframe.dll]
[4712]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x7770D639-->00000000 [ieframe.dll]
[4712]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x7770D65D-->00000000 [ieframe.dll]
[4712]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x7770D4D9-->00000000 [ieframe.dll]
[4712]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x7770D5D3-->00000000 [ieframe.dll]
[4712]iexplore.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x776B87AD-->00000000 [ieframe.dll]
[4712]iexplore.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x776B98DB-->00000000 [ieframe.dll]
[5876]WeFi.exe-->shell32.dll-->Shell_NotifyIconW, Type: IAT modification 0x00454B50-->00000000 [trayhook.dll]


!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

Slica
Novice
Novice

Posts Posts : 44
Joined Joined : 2008-12-07
OS OS : Windows XP
Points Points : 29681
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Somethings up

Post by Dr Jay on 12th November 2010, 11:25 am

Please do a scan with [You must be registered and logged in to see this link.]

Click on the Accept button and install any components it needs.

  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer.
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Note: If the scan freezes for more than 30 minutes, stop the scan, and report back to me.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Somethings up

Post by Dr Jay on 22nd November 2010, 5:43 am

Are you still with us?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

  • Slow computer
  • Error messages
  • Fake antivirus alerts or the icon in the system tray
  • svchost.exe running at 100%
  • System crashes or blue screen of death


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Somethings up

Post by Slica on 25th November 2010, 5:22 am

Hi, im sorry...the charger port on here needed to be repaired so I was unable to get on here in awhile.

As for problems, first let me say the Kaspersky Online Scanner would not start. I am logged on as administrator, so im not sure why it wouldnt. I tried it once before the laptop charger port was repaired and it didnt work then, either.

Problemns I am experiencing include:
-Not being able to use CON ALT DEL to open task manager (tells me it needs to be closed). This is my biggest worry. This is my first laptop, so I dont know if this is normal for laptops. I know with PCs its supposed to pop up.
-Webcam wont work (nearly every startup I get an error popping up about the built-in webcam)
-Cant put anything (song or video) on a disc. The dvd drive reads cds and movies from dvds, but I cant just drag anything onto a blank disc and burn it and take it to my PC and place the files on there. I have the right discs, as I do it with PCs all the time with the same disc.

I dont have some of the original errors I came here for...example being the anti virus scanner fake popping up or my webpages having 'this can be harmful' replacing them. Those are GONE.

I would imagine now maybe not virus related at this point. Im just unsure of what happened to the computer before I got it from a friend. I know there were a ton of registry cleaners on here, but I got rid of them (the downloadable ones).

If you can help me further, that would be great. If not, then I really appreciate your help. You guys are pretty awesome.

Slica
Novice
Novice

Posts Posts : 44
Joined Joined : 2008-12-07
OS OS : Windows XP
Points Points : 29681
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Somethings up

Post by Dr Jay on 27th November 2010, 4:09 am

1. Click Start, click Run, type sigverif, and then click OK.

2. Click Advanced, click Look for other files that are not digitally signed, navigate to the Winnt\System32\Drivers folder, and then click OK.

3. Click Start.

4. After it has finished running, navigate to C:\Windows\Sigverify.txt, open it and post the contents of the log here.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Somethings up

Post by Slica on 27th November 2010, 11:35 am

Hmm, I dont get the options you describe under 'advanced'.

Take a look:



Pretty frustrating stuff.

Slica
Novice
Novice

Posts Posts : 44
Joined Joined : 2008-12-07
OS OS : Windows XP
Points Points : 29681
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum