DDS does not support my operating system (Trojan removal help)

vibrantverse · 06-09-2009, 07:21 PM

Hello,

I am a new member seeking help removing a Trojan virus on my computer. The virus pops-up through Windows Defender and is called "TrojanDownloader:Win32/Renos.IO". I visited the post "New Instructions for Trojan/Spyware Removal Help" to begin the process of posting my logs to get help removing the virus. However, when I downloaded the tool "DDS" and ran the application, I received an error message saying the DDS tool is not compatible with my operating system. Obviously, I cannot continue the process listed in the aforementioned thread (which is now closed)...could someone help me in finding another tool besides DDS which I can run to post my logs in this forum?

Thanks for your help!

PS: My operating system is Windows Vista Home Premium, Service Pack 1

CatByte · 06-11-2009, 08:54 AM

Hi,

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread.
Make sure it is set to Instant Notification, then click Subscribe.

NOTE:

Malware removal is NOT instantaneous.
Most infections require more than one round to properly eradicate.
Absence of symptoms does not always mean the job is complete.
You can be certain that I will advise you when the computer is clean.
Kindly follow my instructions in the order posted.
Please resist the urge to run further scans or fix items on your own without my direction.

Please do the following:

Download OTS to your Desktop

Close ALL OTHER PROGRAMS.
Double-click on OTS.exe to start the program.
Check the box that says Scan All Users
Check the box that says 64 bit
Under Additional Scans check the following:
- File - Lop Check
- File - Purity Scan
- Evnt - EvtViewer (last 10)
Now click the Run Scan button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Please attach the log in your next post.

vibrantverse · 06-12-2009, 10:39 AM

Code:

OTS logfile created on: 6/12/2009 11:27:23 AM - Run 1
OTS by OldTimer - Version 3.0.5.1     Folder = C:\Users\Shontia\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.87 Gb Total Physical Memory | 2.33 Gb Available Physical Memory | 60.23% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 231.42 Gb Total Space | 146.88 Gb Free Space | 63.47% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: SHONTIA-PC
Current User Name: Shontia
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days
 
[Processes - Safe List]
applemobiledeviceservice.exe -> C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.)
avgtray.exe -> C:\Program Files (x86)\AVG\AVG8\avgtray.exe -> [2009/05/03 22:38:53 | 01,947,928 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgwdsvc.exe -> C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe -> [2009/05/03 22:38:52 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.)
cec_main.exe -> C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe -> [2008/01/22 13:00:30 | 04,624,384 | ---- | M] ()
cfsvcs.exe -> C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -> [2007/12/25 15:07:14 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION)
cfswmgr.exe -> C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe -> [2007/12/25 15:06:52 | 00,405,504 | ---- | M] (TOSHIBA CORPORATION)
flashutil10b.exe -> C:\Windows\SysWow64\Macromed\Flash\FlashUtil10b.exe -> [2009/02/02 21:07:18 | 00,240,544 | R--- | M] (Adobe Systems, Inc.)
googletoolbarnotifier.exe -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> [2008/08/20 14:39:59 | 00,068,856 | ---- | M] (Google Inc.)
googleupdate.exe -> C:\Users\Shontia\AppData\Local\Google\Update\GoogleUpdate.exe -> [2009/05/10 18:58:03 | 00,133,104 | ---- | M] (Google Inc.)
ieuser.exe -> C:\Program Files (x86)\Internet Explorer\ieuser.exe -> [2008/01/20 21:50:38 | 00,299,520 | ---- | M] (Microsoft Corporation)
ipodservice.exe -> C:\Program Files (x86)\iPod\bin\iPodService.exe -> [2009/01/06 13:06:24 | 00,536,872 | ---- | M] (Apple Inc.)
ituneshelper.exe -> C:\Program Files (x86)\iTunes\iTunesHelper.exe -> [2009/01/06 13:06:36 | 00,290,088 | ---- | M] (Apple Inc.)
mdnsresponder.exe -> C:\Program Files (x86)\Bonjour\mDNSResponder.exe -> [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.)
ndstray.exe -> C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe -> [2008/01/09 16:02:08 | 01,056,768 | ---- | M] (TOSHIBA CORPORATION)
ots.exe -> C:\Users\Shontia\Desktop\OTS.exe -> [2009/06/12 09:53:58 | 00,507,392 | ---- | M] (OldTimer Tools)
tnavisrv.exe -> C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -> [2008/01/21 18:54:46 | 00,083,312 | ---- | M] (TOSHIBA Corporation)
traybar.exe -> C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe -> [2007/10/25 19:41:18 | 00,413,696 | ---- | M] (Chicony)
ulcdrsvr.exe -> C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -> [2006/08/23 18:39:48 | 00,049,152 | ---- | M] (Ulead Systems, Inc.)
 
[Win32 Services - Safe List]
64bit-(AgereModemAudio) Agere Modem Call Progress Audio [Win32_Own | Auto | Running] -> C:\Windows\SysNative\agr64svc.exe -> [2007/12/11 13:11:30 | 00,015,872 | ---- | M] ()
64bit-(Ati External Event Utility) Ati External Event Utility [Win32_Own | Auto | Running] -> C:\Windows\SysNative\Ati2evxx.exe -> [2007/07/28 00:25:44 | 00,787,968 | ---- | M] ()
64bit-(clr_optimization_v2.0.50727_32) Microsoft .NET Framework NGEN v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2008/07/27 13:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation)
64bit-(clr_optimization_v2.0.50727_64) Microsoft .NET Framework NGEN v2.0.50727_X64 [Win32_Own | On_Demand | Stopped] -> C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -> [2008/07/27 13:01:49 | 00,093,184 | ---- | M] (Microsoft Corporation)
64bit-(ehRecvr) Windows Media Center Receiver Service [Win32_Own | On_Demand | Stopped] -> C:\Windows\ehome\ehRecvr.exe -> [2008/01/20 21:51:36 | 00,344,064 | ---- | M] (Microsoft Corporation)
64bit-(ehSched) Windows Media Center Scheduler Service [Win32_Own | On_Demand | Stopped] -> C:\Windows\ehome\ehsched.exe -> [2008/01/20 21:51:36 | 00,153,600 | ---- | M] (Microsoft Corporation)
64bit-(ehstart) Windows Media Center Service Launcher [Win32_Shared | Auto | Stopped] -> C:\Windows\ehome\ehstart.dll -> [2006/11/02 10:03:48 | 00,015,360 | ---- | M] (Microsoft Corporation)
64bit-(FontCache3.0.0.0) Windows Presentation Foundation Font Cache 3.0.0.0 [Win32_Own | Auto | Running] -> C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe -> [2008/06/19 20:17:12 | 00,046,104 | ---- | M] (Microsoft Corporation)
64bit-(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -> [2008/06/19 20:16:53 | 00,859,648 | ---- | M] (Microsoft Corporation)
64bit-(NetTcpPortSharing) Net.Tcp Port Sharing Service [Win32_Shared | Disabled | Stopped] -> C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe -> [2008/06/19 20:16:54 | 00,119,808 | ---- | M] (Microsoft Corporation)
64bit-(RapiMgr) Windows Mobile-based device connectivity [Win32_Shared | Auto | Running] -> C:\Windows\WindowsMobile\rapimgr.dll -> [2008/01/20 21:47:00 | 00,211,968 | ---- | M] (Microsoft Corporation)
64bit-(SmartFaceVWatchSrv) SmartFaceVWatchSrv [Win32_Own | On_Demand | Running] -> C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -> [2008/04/24 20:57:40 | 00,084,992 | ---- | M] (Toshiba)
64bit-(TODDSrv) TOSHIBA Optical Disc Drive Service [Win32_Own | Auto | Running] -> C:\Windows\SysNative\TODDSrv.exe -> [2007/11/21 18:53:16 | 00,135,168 | ---- | M] ()
64bit-(TosCoSrv) TOSHIBA Power Saver [Win32_Own | Auto | Running] -> C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -> [2008/02/06 15:50:18 | 00,434,016 | ---- | M] (TOSHIBA Corporation)
64bit-(TOSHIBA SMART Log Service) TOSHIBA SMART Log Service [Win32_Own | Auto | Running] -> C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -> [2007/12/03 19:04:48 | 00,175,104 | ---- | M] (TOSHIBA Corporation)
64bit-(WcesComm) Windows Mobile 2003-based device connectivity [Win32_Shared | Auto | Running] -> C:\Windows\WindowsMobile\wcescomm.dll -> [2008/01/20 21:47:00 | 00,428,544 | ---- | M] (Microsoft Corporation)
64bit-(WinDefend) Windows Defender [Win32_Shared | Auto | Running] -> C:\Program Files\Windows Defender\mpsvc.dll -> [2008/01/20 21:47:32 | 00,383,544 | ---- | M] (Microsoft Corporation)
64bit-(WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Windows Media Player\wmpnetwk.exe -> [2008/01/20 21:52:15 | 01,216,000 | ---- | M] (Microsoft Corporation)
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.)
(avg8wd) AVG Free8 WatchDog [Win32_Own | Auto | Running] -> C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe -> [2009/05/03 22:38:52 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.)
(Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> C:\Program Files (x86)\Bonjour\mDNSResponder.exe -> [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.)
(CASprint) Sprint Con App Svc [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\Sprint\Sprint SmartView\ConAppsSvc.exe -> [2008/10/15 12:02:02 | 00,124,160 | ---- | M] (PCTEL)
(clr_optimization_v2.0.50727_32) Microsoft .NET Framework NGEN v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2008/07/27 13:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation)
(clr_optimization_v2.0.50727_64) Microsoft .NET Framework NGEN v2.0.50727_X64 [Win32_Own | On_Demand | Stopped] -> C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -> [2008/07/27 13:01:49 | 00,093,184 | ---- | M] (Microsoft Corporation)
(ConfigFree Service) ConfigFree Service [Win32_Own | Auto | Running] -> C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -> [2007/12/25 15:07:14 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION)
(ehRecvr) Windows Media Center Receiver Service [Win32_Own | On_Demand | Stopped] -> C:\Windows\ehome\ehRecvr.exe -> [2008/01/20 21:51:36 | 00,344,064 | ---- | M] (Microsoft Corporation)
(ehSched) Windows Media Center Scheduler Service [Win32_Own | On_Demand | Stopped] -> C:\Windows\ehome\ehsched.exe -> [2008/01/20 21:51:36 | 00,153,600 | ---- | M] (Microsoft Corporation)
(ehstart) Windows Media Center Service Launcher [Win32_Shared | Auto | Stopped] -> C:\Windows\ehome\ehstart.dll -> [2006/11/02 10:03:48 | 00,015,360 | ---- | M] (Microsoft Corporation)
(FontCache3.0.0.0) Windows Presentation Foundation Font Cache 3.0.0.0 [Win32_Own | Auto | Running] -> C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe -> [2008/06/19 20:17:12 | 00,046,104 | ---- | M] (Microsoft Corporation)
(GameConsoleService) GameConsoleService [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -> [2008/05/28 18:20:16 | 00,164,600 | ---- | M] (WildTangent, Inc.)
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe -> [2009/03/04 20:24:04 | 00,137,200 | ---- | M] (Google)
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -> [2005/11/14 03:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation)
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -> [2008/06/19 20:16:53 | 00,859,648 | ---- | M] (Microsoft Corporation)
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> C:\Program Files (x86)\iPod\bin\iPodService.exe -> [2009/01/06 13:06:24 | 00,536,872 | ---- | M] (Apple Inc.)
(jswpsapi) Jumpstart Wifi Protected Setup [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\Jumpstart\jswpsapi.exe -> [2007/10/30 02:35:40 | 00,937,984 | ---- | M] (Atheros Communications, Inc.)
(KeyIso) CNG Key Isolation [Win32_Shared | On_Demand | Running] -> C:\Windows\SysWow64\keyiso.dll -> [2006/11/02 04:46:05 | 00,018,944 | ---- | M] (Microsoft Corporation)
(MSDTC) Distributed Transaction Coordinator [Win32_Own | Unknown | Stopped] -> C:\Windows\SysWow64\Msdtc -> [2006/11/02 08:34:14 | 00,000,000 | ---D | M]
(Netlogon) Netlogon [Win32_Shared | On_Demand | Stopped] -> C:\Windows\SysWow64\netlogon.dll -> [2008/01/20 21:48:28 | 00,592,384 | ---- | M] (Microsoft Corporation)
(odserv) Microsoft Office Diagnostics Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -> [2007/08/24 02:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation)
(ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE -> [2006/10/26 16:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation)
(RapiMgr) Windows Mobile-based device connectivity [Win32_Shared | Auto | Running] -> C:\Windows\WindowsMobile\rapimgr.dll -> [2008/01/20 21:47:00 | 00,211,968 | ---- | M] (Microsoft Corporation)
(SprintRcAppSvc) Sprint RcAppSvc [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\Sprint\Sprint SmartView\RcAppSvc.exe -> [2008/10/15 12:02:34 | 00,111,872 | ---- | M] (PCTEL)
(TMachInfo) TMachInfo [Win32_Own | Auto | Running] -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -> [2008/08/04 16:46:22 | 00,046,392 | ---- | M] (TOSHIBA Corporation)
(TNaviSrv) TOSHIBA Navi Support Service [Win32_Own | Auto | Running] -> C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -> [2008/01/21 18:54:46 | 00,083,312 | ---- | M] (TOSHIBA Corporation)
(UleadBurningHelper) Ulead Burning Helper [Win32_Own | Auto | Running] -> C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -> [2006/08/23 18:39:48 | 00,049,152 | ---- | M] (Ulead Systems, Inc.)
(vds) Virtual Disk [Win32_Own | On_Demand | Stopped] -> C:\Windows\SysWow64\Wbem\vds.mof -> [2006/11/02 01:35:15 | 00,060,994 | ---- | M] ()
(VSS) Volume Shadow Copy [Win32_Own | On_Demand | Stopped] -> C:\Windows\SysWow64\Wbem\vss.mof -> [2006/11/02 01:35:15 | 00,055,846 | ---- | M] ()
(WcesComm) Windows Mobile 2003-based device connectivity [Win32_Shared | Auto | Running] -> C:\Windows\WindowsMobile\wcescomm.dll -> [2008/01/20 21:47:00 | 00,428,544 | ---- | M] (Microsoft Corporation)
 
[Driver Services - Safe List]
64bit-(AgereSoftModem) TOSHIBA Software Modem [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\agrsm64.sys -> [2008/02/29 16:59:32 | 01,252,352 | ---- | M] ()
64bit-(athr) Atheros Extensible Wireless LAN device driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\athrx.sys -> [2008/01/25 18:25:50 | 00,957,440 | ---- | M] ()
64bit-(atikmdag) atikmdag [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\atikmdag.sys -> [2007/07/28 00:38:32 | 03,544,576 | ---- | M] ()
64bit-(AtiPcie) ATI PCI Express (3GIO) Filter [Kernel | Boot | Running] -> C:\Windows\SysNative\DRIVERS\AtiPcie.sys -> [2006/11/07 12:30:56 | 00,016,656 | ---- | M] ()
64bit-(AvgLdx64) AVG Free AVI Loader Driver x64 [Kernel | System | Running] -> C:\Windows\SysNative\Drivers\avgldx64.sys -> [2009/05/03 22:39:56 | 00,414,216 | ---- | M] ()
64bit-(AvgMfx64) AVG Free On-access Scanner Minifilter Driver x64 [File_System | System | Running] -> C:\Windows\SysNative\Drivers\avgmfx64.sys -> [2009/05/03 22:39:55 | 00,033,352 | ---- | M] ()
64bit-(AvgTdiA) AVG Free8 Network Redirector x64 [Kernel | System | Running] -> C:\Windows\SysNative\Drivers\avgtdia.sys -> [2009/05/03 22:40:03 | 00,133,640 | ---- | M] ()
64bit-(CmBatt) Microsoft ACPI Control Method Battery Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\CmBatt.sys -> [2008/01/20 21:46:51 | 00,017,792 | ---- | M] ()
64bit-(FwLnk) FwLnk Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\FwLnk.sys -> [2006/11/20 00:11:06 | 00,008,704 | ---- | M] ()
64bit-(GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -> [2008/04/17 13:12:54 | 00,019,304 | ---- | M] ()
64bit-(HdAudAddService) Microsoft 1.1 UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\HdAudio.sys -> [2006/11/02 00:28:10 | 00,273,920 | ---- | M] ()
64bit-(JSWPSLWF) JumpStart Wireless Filter Driver [Kernel | System | Running] -> C:\Windows\SysNative\DRIVERS\jswpslwfx.sys -> [2007/08/31 19:43:38 | 00,026,624 | ---- | M] ()
64bit-(KR10I64) KR10I64 [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\kr10i64.sys -> [2006/11/09 01:33:00 | 00,248,320 | ---- | M] ()
64bit-(KR10N64) KR10N64 [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\kr10n64.sys -> [2006/11/09 01:34:00 | 00,237,568 | ---- | M] ()
64bit-(NWADI) NWADI Bus Enumerator [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\NWADIenum.sys -> [2008/10/15 11:58:26 | 00,247,808 | ---- | M] ()
64bit-(PCASp50a64) PCASp50a64 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\PCASp50a64.sys -> [2008/10/15 11:58:32 | 00,041,280 | ---- | M] ()
64bit-(PCTINDIS5X64) PCTINDIS5X64 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\PCTINDIS5X64.SYS -> [2008/10/15 11:56:10 | 00,043,032 | ---- | M] ()
64bit-(RimVSerPort) RIM Virtual Serial Port v2 [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys -> [2007/01/18 15:10:22 | 00,030,336 | ---- | M] ()
64bit-(ROOTMODEM) Microsoft Legacy Modem Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\Drivers\RootMdm.sys -> [2008/01/20 21:49:47 | 00,011,264 | ---- | M] ()
64bit-(RTL8169) Realtek 8169 NT Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\Rtlh64.sys -> [2008/04/15 12:05:42 | 00,161,792 | ---- | M] ()
64bit-(RTSTOR) Realtek USB 2.0 Card Reader [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\RTSTOR64.SYS -> [2008/02/21 00:01:24 | 00,063,488 | ---- | M] ()
64bit-(sscdbus) SAMSUNG USB Composite Device driver (WDM) [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\sscdbus.sys -> [2007/07/03 18:02:12 | 00,105,128 | ---- | M] ()
64bit-(sscdmdfl) SAMSUNG Mobile Modem Filter [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\sscdmdfl.sys -> [2007/07/03 18:04:16 | 00,016,040 | ---- | M] ()
64bit-(sscdmdm) SAMSUNG Mobile Modem Drivers [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\sscdmdm.sys -> [2007/07/03 18:04:44 | 00,142,504 | ---- | M] ()
64bit-(swmsflt) swmsflt [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\swmsflt.sys -> [2008/10/15 11:58:34 | 00,028,808 | ---- | M] ()
64bit-(swmx00) Sierra Wireless USB MUX Driver (#00) [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\swmx00.sys -> [2008/10/15 11:58:34 | 00,198,408 | ---- | M] ()
64bit-(SWNC5E00) Sierra Wireless MUX NDIS Driver (#00) [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\SWNC5E00.sys -> [2008/10/15 11:58:34 | 00,202,248 | ---- | M] ()
64bit-(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\SynTP.sys -> [2007/12/06 20:12:56 | 00,320,048 | ---- | M] ()
64bit-(tdcmdpst) TOSHIBA Writing Engine Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\tdcmdpst.sys -> [2007/12/11 16:03:36 | 00,027,272 | ---- | M] ()
64bit-(tos_sps64) TOSHIBA tos_sps64 Service [Kernel | Boot | Running] -> C:\Windows\SysNative\DRIVERS\tos_sps64.sys -> [2008/01/21 17:42:26 | 00,531,968 | ---- | M] ()
64bit-(TVALZ) TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver [Kernel | Boot | Running] -> C:\Windows\SysNative\DRIVERS\TVALZ_O.SYS -> [2007/11/09 16:00:30 | 00,026,968 | ---- | M] ()
64bit-(USBAAPL64) Apple Mobile USB Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\usbaapl64.sys -> [2008/11/07 14:23:30 | 00,040,448 | ---- | M] ()
64bit-(usbvideo) Chicony USB 2.0 Camera [Kernel | On_Demand | Running] -> C:\Windows\SysNative\Drivers\usbvideo.sys -> [2008/01/20 21:47:27 | 00,168,704 | ---- | M] ()
64bit-(usb_rndisx) USB RNDIS Adapter [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\usb8023x.sys -> [2008/01/20 21:46:52 | 00,019,456 | ---- | M] ()
64bit-(UVCFTR) UVCFTR [Kernel | On_Demand | Running] -> C:\Windows\SysNative\Drivers\UVCFTR_S.SYS -> [2007/12/20 18:10:50 | 00,028,200 | ---- | M] ()
64bit-(winusb) WinUSB Service [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\winusb.sys -> [2008/01/20 21:47:02 | 00,036,864 | ---- | M] ()
(mpsdrv) Windows Firewall Authorization Driver [Kernel | On_Demand | Running] -> C:\Windows\SysWow64\Wbem\mpsdrv.mof -> [2006/09/18 16:35:23 | 00,001,088 | ---- | M] ()
(swmsflt) swmsflt [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\swmsflt.sys -> [2008/10/15 11:58:34 | 00,028,808 | ---- | M] ()
(Tcpip) TCP/IP Protocol Driver [Kernel | Boot | Running] -> C:\Windows\SysWow64\Wbem\tcpip.mof -> [2006/09/18 16:36:40 | 00,003,066 | ---- | M] ()
(winusb) WinUSB Service [Kernel | On_Demand | Stopped] -> C:\Windows\SysWow64\winusb.dll -> [2008/01/20 21:49:57 | 00,016,384 | ---- | M] (Microsoft Corporation)
 
[Registry - Safe List]
< 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://www.toshibadirect.com/dpdstart -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" ->  [binary data] -> 
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://www.toshibadirect.com/dpdstart -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" ->  [binary data] -> 
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-1181517193-3524019295-1311160477-1000\] > -> -> 
HKEY_USERS\S-1-5-21-1181517193-3524019295-1311160477-1000\: Main\\"Default_Page_URL" -> http://www.toshibadirect.com/dpdstart -> 
HKEY_USERS\S-1-5-21-1181517193-3524019295-1311160477-1000\: Main\\"Local Page" -> C:\Windows\system32\blank.htm -> 
HKEY_USERS\S-1-5-21-1181517193-3524019295-1311160477-1000\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_USERS\S-1-5-21-1181517193-3524019295-1311160477-1000\: Main\\"Start Page" -> http://www.google.com/ -> 
HKEY_USERS\S-1-5-21-1181517193-3524019295-1311160477-1000\: Main\\"StartPageCache" -> 1 -> 
HKEY_USERS\S-1-5-21-1181517193-3524019295-1311160477-1000\: "ProxyEnable" -> 0 -> 
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  -> 
HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b} -> C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\] -> [2009/04/02 17:52:27 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71} -> C:\PROGRAM FILES (X86)\AVG\AVG8\FIREFOX [C:\PROGRAM FILES (X86)\AVG\AVG8\FIREFOX] -> [2009/05/03 22:38:52 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\{1d5287d1-8a92-0001-1f31-1cec198018d8} -> C:\PROGRAM FILES (X86)\AVG\AVG8\TOOLBARFF [C:\PROGRAM FILES (X86)\AVG\AVG8\TOOLBARFF] -> [2009/05/03 22:38:52 | 00,000,000 | ---D | M]
< FireFox Extensions [User Folders] > -> 
 -> C:\Users\Shontia\AppData\Roaming\mozilla\Extensions -> [2009/05/10 18:58:31 | 00,000,000 | ---D | M]
 -> C:\Users\Shontia\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org -> [2009/05/10 18:58:31 | 00,000,000 | ---D | M]
< HOSTS File > (736 bytes and 20 lines) -> C:\Windows\SysNative\Drivers\etc\hosts -> 
Reset Hosts
::1             localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/10/22 22:08:42 | 00,062,080 | ---- | M] (Adobe Systems Incorporated)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> C:\Program Files (x86)\AVG\AVG8\avgssie.dll [AVG Safe Search] -> [2009/05/03 22:38:54 | 01,107,224 | ---- | M] (AVG Technologies CZ, s.r.o.)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> [2007/09/25 03:11:33 | 00,501,136 | ---- | M] (Sun Microsystems, Inc.)
{A057A204-BACC-4D26-9990-79A187E2698E} [HKLM] -> C:\Program Files (x86)\AVG\AVG8\avgtoolbar.dll [AVG Security Toolbar] -> [2009/05/03 22:39:51 | 02,223,872 | ---- | M] (AVG Technologies CZ, s.r.o.)
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll [Google Toolbar Helper] -> [2009/03/04 20:06:22 | 00,251,504 | ---- | M] ()
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [Google Toolbar Notifier BHO] -> [2009/05/11 19:15:56 | 00,668,656 | ---- | M] (Google Inc.)
{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [Google Dictionary Compression sdch] -> [2009/03/04 20:06:19 | 00,522,224 | ---- | M] (Google Inc.)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll [&Google Toolbar] -> [2009/03/04 20:06:22 | 00,251,504 | ---- | M] ()
"{A057A204-BACC-4D26-9990-79A187E2698E}" [HKLM] -> C:\Program Files (x86)\AVG\AVG8\avgtoolbar.dll [AVG Security Toolbar] -> [2009/05/03 22:39:51 | 02,223,872 | ---- | M] (AVG Technologies CZ, s.r.o.)
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1181517193-3524019295-1311160477-1000\] > -> HKEY_USERS\S-1-5-21-1181517193-3524019295-1311160477-1000\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll [&Google Toolbar] -> [2009/03/04 20:06:22 | 00,251,504 | ---- | M] ()
< 64bit-Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"00TCrdMain" -> C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [%ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe] -> [2008/05/09 14:32:26 | 00,865,280 | ---- | M] (TOSHIBA Corporation)
"HSON" -> C:\Program Files\TOSHIBA\TBS\HSON.exe [%ProgramFiles%\TOSHIBA\TBS\HSON.exe] -> [2007/12/06 17:06:50 | 00,052,560 | ---- | M] (TOSHIBA Corporation)
"RtHDVCpl" -> C:\Windows\RAVCpl64.exe [RAVCpl64.exe] -> [2008/01/29 20:51:00 | 05,682,688 | ---- | M] (Realtek Semiconductor)
"Skytel" -> C:\Windows\SkyTel.exe [Skytel.exe] -> [2007/11/20 20:15:58 | 01,826,816 | ---- | M] (Realtek Semiconductor Corp.)
"SmoothView" -> C:\Program Files\Toshiba\SmoothView\SmoothView.exe [%ProgramFiles%\Toshiba\SmoothView\SmoothView.exe] -> [2008/06/02 15:27:34 | 00,518,008 | ---- | M] (TOSHIBA Corporation)
"SynTPEnh" -> C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] -> [2007/12/06 20:12:50 | 01,216,808 | ---- | M] (Synaptics, Inc.)
"TPwrMain" -> C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [%ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE] -> [2008/02/06 15:50:34 | 00,431,968 | ---- | M] (TOSHIBA Corporation)
"Windows Defender" -> C:\Program Files\Windows Defender\MSASCui.exe [%ProgramFiles%\Windows Defender\MSASCui.exe -hide] -> [2008/01/20 21:47:32 | 01,584,184 | ---- | M] (Microsoft Corporation)
"Windows Mobile-based device management" -> C:\Windows\WindowsMobile\wmdSync.exe [%windir%\WindowsMobile\wmdSync.exe] -> [2008/01/20 21:47:00 | 00,225,792 | ---- | M] (Microsoft Corporation)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Adobe Reader Speed Launcher" -> C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe ["C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"]    -> [2008/10/15 00:04:34 | 00,039,792 | ---- | M] (Adobe Systems Incorporated)
"AVG8_TRAY" -> C:\Program Files (x86)\AVG\AVG8\avgtray.exe [C:\PROGRA~2\AVG\AVG8\avgtray.exe] -> [2009/05/03 22:38:53 | 01,947,928 | ---- | M] (AVG Technologies CZ, s.r.o.)
"Camera Assistant Software" ->  ["C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start] -> File not found
"iTunesHelper" -> C:\Program Files (x86)\iTunes\iTunesHelper.exe ["C:\Program Files (x86)\iTunes\iTunesHelper.exe"]    -> [2009/01/06 13:06:36 | 00,290,088 | ---- | M] (Apple Inc.)
"jswtrayutil" -> C:\Program Files (x86)\Jumpstart\jswtrayutil.exe ["C:\Program Files (x86)\Jumpstart\jswtrayutil.exe"]    -> File not found
"NDSTray.exe" ->  [NDSTray.exe] -> File not found
"QuickTime Task" -> C:\Program Files (x86)\QuickTime\QTTask.exe ["C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime] -> [2009/01/05 16:18:48 | 00,413,696 | ---- | M] (Apple Inc.)
"Sprint SmartView" -> C:\Program Files (x86)\Sprint\Sprint SmartView\SprintSV.exe ["C:\Program Files (x86)\Sprint\Sprint SmartView\SprintSV.exe" -a] -> [2008/10/15 12:02:34 | 00,017,664 | ---- | M] (Sprint)
"StartCCC" -> C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe] -> [2006/11/10 13:35:24 | 00,090,112 | ---- | M] ()
"ToshibaServiceStation" -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TSS.exe ["C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TSS.exe" /hide] -> [2008/08/04 16:46:38 | 01,242,424 | ---- | M] (TOSHIBA Corporation)
< Run [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Sidebar" -> C:\Program Files (x86)\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem] -> [2008/01/20 21:47:33 | 01,233,920 | ---- | M] (Microsoft Corporation)
"WindowsWelcomeCenter" -> C:\Windows\SysWow64\oobefldr.dll [rundll32.exe oobefldr.dll,ShowWelcomeCenter] -> [2008/01/20 21:47:52 | 02,153,472 | ---- | M] (Microsoft Corporation)
< Run [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Sidebar" -> C:\Program Files (x86)\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem] -> [2008/01/20 21:47:33 | 01,233,920 | ---- | M] (Microsoft Corporation)
"WindowsWelcomeCenter" -> C:\Windows\SysWow64\oobefldr.dll [rundll32.exe oobefldr.dll,ShowWelcomeCenter] -> [2008/01/20 21:47:52 | 02,153,472 | ---- | M] (Microsoft Corporation)
< Run [HKEY_USERS\S-1-5-21-1181517193-3524019295-1311160477-1000\] > -> HKEY_USERS\S-1-5-21-1181517193-3524019295-1311160477-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Cognac" -> C:\Users\Shontia\AppData\Local\Temp\b.exe [C:\Users\Shontia\AppData\Local\Temp\b.exe] -> File not found
"Google Update" -> C:\Users\Shontia\AppData\Local\Google\Update\GoogleUpdate.exe ["C:\Users\Shontia\AppData\Local\Google\Update\GoogleUpdate.exe" /c] -> [2009/05/10 18:58:03 | 00,133,104 | ---- | M] (Google Inc.)
"Sidebar" -> C:\Program Files\Windows Sidebar\sidebar.exe [C:\Program Files\Windows Sidebar\sidebar.exe /autoRun] -> [2008/01/20 21:47:57 | 01,555,968 | ---- | M] (Microsoft Corporation)
"swg" -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> [2008/08/20 14:39:59 | 00,068,856 | ---- | M] (Google Inc.)
"TOSCDSPD" ->  [TOSCDSPD.EXE] -> File not found
"WMPNSCFG" -> C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe [C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoActiveDesktop" ->  [1] -> File not found
\\"NoActiveDesktopChanges" ->  [1] -> File not found
\\"ForceActiveDesktopOn" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"ConsentPromptBehaviorAdmin" ->  [2] -> File not found
\\"ConsentPromptBehaviorUser" ->  [1] -> File not found
\\"EnableInstallerDetection" ->  [1] -> File not found
\\"EnableLUA" ->  [1] -> File not found
\\"EnableSecureUIAPaths" ->  [1] -> File not found
\\"EnableVirtualization" ->  [1] -> File not found
\\"PromptOnSecureDesktop" ->  [1] -> File not found
\\"ValidateAdminCodeSignatures" ->  [0] -> File not found
\\"dontdisplaylastusername" ->  [0] -> File not found
\\"legalnoticecaption" ->  [] -> File not found
\\"legalnoticetext" ->  [] -> File not found
\\"scforceoption" ->  [0] -> File not found
\\"shutdownwithoutlogon" ->  [1] -> File not found
\\"undockwithoutlogon" ->  [1] -> File not found
\\"FilterAdministratorToken" ->  [0] -> File not found
\\"EnableUIADesktopToggle" ->  [0] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
\UIPI\Clipboard\ExceptionFormats\\"CF_TEXT" ->  [1] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_BITMAP" ->  [2] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_OEMTEXT" ->  [7] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_DIB" ->  [8] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_PALETTE" ->  [9] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_UNICODETEXT" ->  [13] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_DIBV5" ->  [17] -> File not found
< 64bit-Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-1181517193-3524019295-1311160477-1000\] > -> HKEY_USERS\S-1-5-21-1181517193-3524019295-1311160477-1000\Software\Microsoft\Internet Explorer\MenuExt\ -> 
E&xport to Microsoft Excel -> C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE [res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000] -> [2009/05/04 08:40:04 | 18,333,536 | ---- | M] (Microsoft Corporation)
E&xport to Microsoft Excel -> C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE [res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000] -> [2009/05/04 08:40:04 | 18,333,536 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKLM] -> C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll [Menu: Sun Java Console] -> [2007/09/25 03:11:33 | 00,501,136 | ---- | M] (Sun Microsystems, Inc.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL [Button: Research] -> [2006/10/26 22:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
< 64bit-Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< 64bit-Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< 64bit-Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< 64bit-Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-1181517193-3524019295-1311160477-1000\] > -> HKEY_USERS\S-1-5-21-1181517193-3524019295-1311160477-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-21-1181517193-3524019295-1311160477-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1181517193-3524019295-1311160477-1000\] > -> HKEY_USERS\S-1-5-21-1181517193-3524019295-1311160477-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-21-1181517193-3524019295-1311160477-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{0CCA191D-13A6-4E29-B746-314DEE697D83} [HKLM] -> http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab [Facebook Photo Uploader 5 Control] -> 
{48DD0448-9209-4F81-9F6D-D83562940134} [HKLM] -> http://lads.myspace.com/upload/MySpaceUploader1006.cab [MySpace Uploader Control] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab [Java Plug-in 1.6.0_03] -> 
{9C23D886-43CB-43DE-B2DB-112A68D7E10A} [HKLM] -> http://lads.myspace.com/upload/MySpaceUploader2.cab [MySpace Uploader Control] -> 
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab [Java Plug-in 1.6.0_03] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab [Java Plug-in 1.6.0_03] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 206.55.180.129 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{1C4C76BD-ADF8-4605-883D-FBB144CF0A22}\\DhcpNameServer -> 206.55.180.129   (Atheros AR5007EG Wireless Network Adapter) -> 
{44B10B9C-D083-4523-AFE3-07767133C417}\\DhcpNameServer -> 192.168.1.1 192.168.1.1   (Realtek RTL8102E Family PCI-E Fast Ethernet NIC (NDIS 6.0)) -> 
{608D96AC-E2D4-4762-8FB2-0CBB8883B92A}\\DhcpNameServer -> 192.168.0.1   (Remote NDIS based Internet Sharing Device) -> 
< 64bit-AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 
64bit-*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> 
avgrssta.dll -> C:\Windows\SysNative\avgrssta.dll -> [2009/05/03 22:40:04 | 00,012,464 | ---- | M] ()
*MultiFile Done* -> -> 
< 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
64bit-*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
explorer.exe -> C:\Windows\explorer.exe -> [2008/10/29 01:49:22 | 03,080,704 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
explorer.exe -> C:\Windows\SysWow64\explorer.exe -> [2008/10/29 01:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Vista Public Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications -> 
< Vista Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications -> 
< Vista Active Firewall Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> 
{7B034548-CAE0-4920-A3EE-0CEF4B4A6C6B} -> lport=6004 | profile=public | protocol=17 | dir=in | action=allow | name=microsoft office outlook | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
{CF2BA56A-8022-4FA4-A060-2BA3B28AC525} -> lport=1900 | profile=public | protocol=17 | dir=in | action=allow | name=network discovery (ssdp-in) | app=c:\windows\system32\svchost.exe | svc=ssdpsrv | 
< Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> 
{3357D4B7-252C-40AF-9220-9196E8B616E3} -> profile=public | protocol=6 | dir=in | action=allow | name=bonjour | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
{96F89F56-89C7-4173-86C0-BCFE5592854B} -> profile=public | protocol=17 | dir=in | action=allow | name=bonjour | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
{99C22C29-958A-4981-9294-ABAEF771B7F9} -> profile=public | protocol=6 | dir=in | action=allow | name=itunes | app=c:\program files (x86)\itunes\itunes.exe | 
{BD68C990-D217-4419-861D-A04CCC1C0BB9} -> profile=public | dir=in | action=allow | name=avgnsa.exe | app=c:\program files (x86)\avg\avg8\avgnsa.exe | 
{DF11DB95-4AB0-4B39-95D7-C65A98EC6A39} -> profile=public | protocol=17 | dir=in | action=allow | name=itunes | app=c:\program files (x86)\itunes\itunes.exe | 
{FB0FD52C-FE72-4F29-8EF5-A1D72C0EDC03} -> profile=public | dir=in | action=allow | name=avgupd.exe | app=c:\program files (x86)\avg\avg8\avgupd.exe | 
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
"AlternateShell" -> cmd.exe -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" -> C:\Windows\SysNative\DRIVERS\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2008/01/20 21:46:54 | 00,079,872 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
\{0c63d946-0913-11de-a450-001e336a6deb}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0c63d946-0913-11de-a450-001e336a6deb}\shell
\{0c63d946-0913-11de-a450-001e336a6deb}\shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0c63d946-0913-11de-a450-001e336a6deb}\shell\AutoRun\command
\{0c63d946-0913-11de-a450-001e336a6deb}\shell\AutoRun\command\\"" -> E:\WIN\setup.exe [E:\WIN\setup.exe] -> File not found
\{1181585b-1192-11de-99b3-001e336a6deb}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1181585b-1192-11de-99b3-001e336a6deb}\shell\AutoRun\command
\{1181585b-1192-11de-99b3-001e336a6deb}\shell\AutoRun\command\\"" -> E:\JDLightning\Windows\JDLightning.exe [E:\JDLightning\Windows\JDLightning.exe] -> File not found
\{6d65a22b-09ef-11de-8691-00a0d5ffff85}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6d65a22b-09ef-11de-8691-00a0d5ffff85}\shell
\{6d65a22b-09ef-11de-8691-00a0d5ffff85}\shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6d65a22b-09ef-11de-8691-00a0d5ffff85}\shell\AutoRun\command
\{6d65a22b-09ef-11de-8691-00a0d5ffff85}\shell\AutoRun\command\\"" -> G:\LaunchU3.exe [G:\LaunchU3.exe -a] -> File not found
 
[Registry - Additional Scans - Safe List]
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 5/13/2009 3:35:03 AM Computer Name = Shontia-PC | Source = Google Update | ID = 20 -> Description = 
Application [ Error ] 5/13/2009 4:35:45 AM Computer Name = Shontia-PC | Source = Google Update | ID = 20 -> Description = 
Application [ Error ] 5/14/2009 11:31:22 AM Computer Name = Shontia-PC | Source = WinMgmt | ID = 10 -> Description = 
Application [ Error ] 5/22/2009 2:07:43 PM Computer Name = Shontia-PC | Source = WinMgmt | ID = 10 -> Description = 
Application [ Error ] 5/23/2009 3:23:59 PM Computer Name = Shontia-PC | Source = Google Update | ID = 20 -> Description = 
Application [ Error ] 5/23/2009 4:23:59 PM Computer Name = Shontia-PC | Source = Google Update | ID = 20 -> Description = 
Application [ Error ] 5/23/2009 5:25:16 PM Computer Name = Shontia-PC | Source = Google Update | ID = 20 -> Description = 
Application [ Error ] 5/25/2009 12:47:20 PM Computer Name = Shontia-PC | Source = EventSystem | ID = 4621 -> Description = 
Application [ Error ] 5/25/2009 12:50:14 PM Computer Name = Shontia-PC | Source = WinMgmt | ID = 10 -> Description = 
Application [ Error ] 5/30/2009 12:14:34 PM Computer Name = Shontia-PC | Source = Application Hang | ID = 1002 -> Description = The program WINWORD.EXE version 12.0.6331.5000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.  Process ID: 16f4  Start Time: 01c9e13f7ed5cd60  Termination Time: 78
System [ Error ] 4/30/2009 9:40:30 PM Computer Name = Shontia-PC | Source = HTTP | ID = 15016 -> Description = 
System [ Error ] 5/3/2009 3:01:29 PM Computer Name = Shontia-PC | Source = Service Control Manager | ID = 7011 -> Description = 
System [ Error ] 5/3/2009 3:01:47 PM Computer Name = Shontia-PC | Source = disk | ID = 262155 -> Description = The driver detected a controller error on \Device\Harddisk1\DR5.
System [ Error ] 5/3/2009 6:55:55 PM Computer Name = Shontia-PC | Source = Service Control Manager | ID = 7011 -> Description = 
System [ Error ] 5/3/2009 10:37:36 PM Computer Name = Shontia-PC | Source = DCOM | ID = 10010 -> Description = 
System [ Error ] 5/3/2009 10:48:04 PM Computer Name = Shontia-PC | Source = HTTP | ID = 15016 -> Description = 
System [ Error ] 5/3/2009 11:45:07 PM Computer Name = Shontia-PC | Source = DCOM | ID = 10010 -> Description = 
System [ Error ] 5/4/2009 6:33:49 PM Computer Name = Shontia-PC | Source = HTTP | ID = 15016 -> Description = 
System [ Error ] 5/7/2009 5:34:14 PM Computer Name = Shontia-PC | Source = DCOM | ID = 10010 -> Description = 
System [ Error ] 5/7/2009 5:35:38 PM Computer Name = Shontia-PC | Source = HTTP | ID = 15016 -> Description = 
 
[Files/Folders - Created Within 30 Days]
OTS.exe -> C:\Users\Shontia\Desktop\OTS.exe -> [2009/06/12 09:53:50 | 00,507,392 | ---- | C] (OldTimer Tools)
grabandgo.xls -> C:\Users\Shontia\Desktop\grabandgo.xls -> [2009/06/11 13:21:54 | 00,019,456 | ---- | C] ()
pg2-rc1-test2-2.exe -> C:\Users\Shontia\Desktop\pg2-rc1-test2-2.exe -> [2009/06/10 07:58:34 | 01,958,450 | ---- | C] (Methlabs Productions                                        )
spybotsd162.exe -> C:\Users\Shontia\Desktop\spybotsd162.exe -> [2009/06/10 07:47:23 | 16,409,960 | ---- | C] (Safer Networking Limited                                    )
filealyz.exe -> C:\Users\Shontia\Desktop\filealyz.exe -> [2009/06/10 07:42:27 | 02,992,752 | ---- | C] (Safer Networking Limited                                    )
localspl.dll -> C:\Windows\SysNative\localspl.dll -> [2009/06/10 06:56:14 | 00,791,552 | ---- | C] ()
localspl.dll -> C:\Windows\SysWow64\localspl.dll -> [2009/06/10 06:56:14 | 00,636,928 | ---- | C] (Microsoft Corporation)
rpcrt4.dll -> C:\Windows\SysNative\rpcrt4.dll -> [2009/06/10 06:56:09 | 01,280,512 | ---- | C] ()
rpcrt4.dll -> C:\Windows\SysWow64\rpcrt4.dll -> [2009/06/10 06:56:08 | 00,677,376 | ---- | C] (Microsoft Corporation)
win32k.sys -> C:\Windows\SysNative\win32k.sys -> [2009/06/10 06:56:07 | 02,742,272 | ---- | C] ()
mshtml.dll -> C:\Windows\SysNative\mshtml.dll -> [2009/06/10 06:55:57 | 05,682,688 | ---- | C] ()
mshtml.dll -> C:\Windows\SysWow64\mshtml.dll -> [2009/06/10 06:55:56 | 03,581,952 | ---- | C] (Microsoft Corporation)
ieframe.dll -> C:\Windows\SysNative\ieframe.dll -> [2009/06/10 06:55:55 | 07,004,672 | ---- | C] ()
urlmon.dll -> C:\Windows\SysNative\urlmon.dll -> [2009/06/10 06:55:53 | 01,418,752 | ---- | C] ()
ieframe.dll -> C:\Windows\SysWow64\ieframe.dll -> [2009/06/10 06:55:52 | 06,069,248 | ---- | C] (Microsoft Corporation)
urlmon.dll -> C:\Windows\SysWow64\urlmon.dll -> [2009/06/10 06:55:51 | 01,166,336 | ---- | C] (Microsoft Corporation)
wininet.dll -> C:\Windows\SysNative\wininet.dll -> [2009/06/10 06:55:51 | 01,014,272 | ---- | C] ()
wininet.dll -> C:\Windows\SysWow64\wininet.dll -> [2009/06/10 06:55:50 | 00,827,904 | ---- | C] (Microsoft Corporation)
msfeeds.dll -> C:\Windows\SysNative\msfeeds.dll -> [2009/06/10 06:55:49 | 00,580,608 | ---- | C] ()
iedkcs32.dll -> C:\Windows\SysNative\iedkcs32.dll -> [2009/06/10 06:55:49 | 00,480,256 | ---- | C] ()
iertutil.dll -> C:\Windows\SysNative\iertutil.dll -> [2009/06/10 06:55:49 | 00,375,296 | ---- | C] ()
iertutil.dll -> C:\Windows\SysWow64\iertutil.dll -> [2009/06/10 06:55:49 | 00,270,848 | ---- | C] (Microsoft Corporation)
msfeeds.dll -> C:\Windows\SysWow64\msfeeds.dll -> [2009/06/10 06:55:48 | 00,458,240 | ---- | C] (Microsoft Corporation)
iedkcs32.dll -> C:\Windows\SysWow64\iedkcs32.dll -> [2009/06/10 06:55:48 | 00,389,120 | ---- | C] (Microsoft Corporation)
ieaksie.dll -> C:\Windows\SysNative\ieaksie.dll -> [2009/06/10 06:55:48 | 00,267,776 | ---- | C] ()
mshtml.tlb -> C:\Windows\SysWow64\mshtml.tlb -> [2009/06/10 06:55:47 | 01,383,424 | ---- | C] (Microsoft Corporation)
mstime.dll -> C:\Windows\SysNative\mstime.dll -> [2009/06/10 06:55:47 | 01,129,984 | ---- | C] ()
mstime.dll -> C:\Windows\SysWow64\mstime.dll -> [2009/06/10 06:55:47 | 00,671,232 | ---- | C] (Microsoft Corporation)
html.iec -> C:\Windows\SysNative\html.iec -> [2009/06/10 06:55:47 | 00,485,376 | ---- | C] ()
html.iec -> C:\Windows\SysWow64\html.iec -> [2009/06/10 06:55:47 | 00,389,632 | ---- | C] (Microsoft Corporation)
ieaksie.dll -> C:\Windows\SysWow64\ieaksie.dll -> [2009/06/10 06:55:47 | 00,230,400 | ---- | C] (Microsoft Corporation)
occache.dll -> C:\Windows\SysNative\occache.dll -> [2009/06/10 06:55:47 | 00,165,376 | ---- | C] ()
occache.dll -> C:\Windows\SysWow64\occache.dll -> [2009/06/10 06:55:47 | 00,102,912 | ---- | C] (Microsoft Corporation)
ieencode.dll -> C:\Windows\SysNative\ieencode.dll -> [2009/06/10 06:55:47 | 00,086,528 | ---- | C] ()
ieencode.dll -> C:\Windows\SysWow64\ieencode.dll -> [2009/06/10 06:55:47 | 00,078,336 | ---- | C] (Microsoft Corporation)
ieUnatt.exe -> C:\Windows\SysNative\ieUnatt.exe -> [2009/06/10 06:55:47 | 00,032,768 | ---- | C] ()
jsproxy.dll -> C:\Windows\SysNative\jsproxy.dll -> [2009/06/10 06:55:47 | 00,032,256 | ---- | C] ()
jsproxy.dll -> C:\Windows\SysWow64\jsproxy.dll -> [2009/06/10 06:55:47 | 00,028,160 | ---- | C] (Microsoft Corporation)
ieUnatt.exe -> C:\Windows\SysWow64\ieUnatt.exe -> [2009/06/10 06:55:47 | 00,026,624 | ---- | C] (Microsoft Corporation)
mshtml.tlb -> C:\Windows\SysNative\mshtml.tlb -> [2009/06/10 06:55:46 | 01,383,424 | ---- | C] ()
located.rtf -> C:\Users\Shontia\Desktop\located.rtf -> [2009/06/09 21:08:04 | 00,000,253 | ---- | C] ()
N360BUOptions.ini -> C:\ProgramData\N360BUOptions.ini -> [2009/06/09 19:45:35 | 00,007,361 | ---- | C] ()
Adobe -> C:\Users\Shontia\AppData\Local\Adobe -> [2009/06/09 18:11:16 | 00,000,000 | ---D | C]
Adobe -> C:\Users\Shontia\AppData\Roaming\Adobe -> [2009/06/09 18:00:29 | 00,000,000 | ---D | C]
FOOD AND NUTRITION SERVICES MANAGER.docx -> C:\Users\Shontia\Documents\FOOD AND NUTRITION SERVICES MANAGER.docx -> [2009/06/09 16:35:24 | 00,010,827 | ---- | C] ()
{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job -> C:\Windows\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job -> [2009/06/09 11:46:21 | 00,000,290 | -H-- | C] ()
{783AF354-B514-42d6-970E-3E8BF0A5279C}.job -> C:\Windows\tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job -> [2009/06/09 11:46:19 | 00,000,290 | -H-- | C] ()
MGR SCHEDULE.xls -> C:\Users\Shontia\Desktop\MGR SCHEDULE.xls -> [2009/06/08 17:05:57 | 00,038,400 | ---- | C] ()
ZAMI -> C:\Users\Shontia\Desktop\ZAMI -> [2009/06/07 15:27:31 | 00,000,000 | ---D | C]
setup.exe -> C:\Users\Shontia\Desktop\setup.exe -> [2009/06/03 11:36:44 | 06,097,532 | ---- | C] (Kappix                                                      )
Product.doc -> C:\Users\Shontia\Documents\Product.doc -> [2009/06/02 20:02:35 | 00,026,624 | ---- | C] ()
Wondershare -> C:\Program Files (x86)\Wondershare -> [2009/06/01 17:42:26 | 00,000,000 | ---D | C]
Adobe Reader 8.lnk -> C:\Users\Public\Desktop\Adobe Reader 8.lnk -> [2009/06/01 12:04:34 | 00,001,928 | ---- | C] ()
Dear Shontia.docx -> C:\Users\Shontia\Documents\Dear Shontia.docx -> [2009/06/01 11:05:50 | 00,010,705 | ---- | C] ()
Dear Leea.docx -> C:\Users\Shontia\Documents\Dear Leea.docx -> [2009/05/28 18:44:35 | 00,013,322 | ---- | C] ()
budget.xls -> C:\Users\Shontia\Documents\budget.xls -> [2009/05/14 10:45:16 | 00,039,936 | ---- | C] ()
fbd.sys -> C:\Windows\SysWow64\drivers\fbd.sys -> [2009/03/04 19:27:52 | 00,000,013 | RHS- | C] ()
swmsflt.sys -> C:\Windows\SysWow64\drivers\swmsflt.sys -> [2008/10/15 11:58:34 | 00,028,808 | ---- | C] ()
csellang.ini -> C:\Windows\SysWow64\csellang.ini -> [2008/09/12 22:38:49 | 00,128,113 | ---- | C] ()
csellang.dll -> C:\Windows\SysWow64\csellang.dll -> [2008/09/12 22:38:49 | 00,045,056 | ---- | C] ()
cseltbl.ini -> C:\Windows\SysWow64\cseltbl.ini -> [2008/09/12 22:38:49 | 00,007,671 | ---- | C] ()
NDSTray.INI -> C:\Windows\NDSTray.INI -> [2008/08/20 15:42:05 | 00,000,000 | ---- | C] ()
IVIresizeW7.dll -> C:\Windows\SysWow64\IVIresizeW7.dll -> [2008/08/20 14:34:13 | 00,204,800 | ---- | C] ()
IVIresizeA6.dll -> C:\Windows\SysWow64\IVIresizeA6.dll -> [2008/08/20 14:34:13 | 00,200,704 | ---- | C] ()
IVIresizeP6.dll -> C:\Windows\SysWow64\IVIresizeP6.dll -> [2008/08/20 14:34:13 | 00,192,512 | ---- | C] ()
IVIresizeM6.dll -> C:\Windows\SysWow64\IVIresizeM6.dll -> [2008/08/20 14:34:13 | 00,192,512 | ---- | C] ()
IVIresizePX.dll -> C:\Windows\SysWow64\IVIresizePX.dll -> [2008/08/20 14:34:13 | 00,188,416 | ---- | C] ()
IVIresize.dll -> C:\Windows\SysWow64\IVIresize.dll -> [2008/08/20 14:34:13 | 00,020,480 | ---- | C] ()
tcpmon.ini -> C:\Windows\SysWow64\tcpmon.ini -> [2008/01/20 21:50:05 | 00,060,124 | ---- | C] ()
msjetoledb40.dll -> C:\Windows\SysWow64\msjetoledb40.dll -> [2008/01/20 21:49:49 | 00,368,640 | ---- | C] ()
win.ini -> C:\Windows\win.ini -> [2006/11/02 07:34:27 | 00,000,219 | ---- | C] ()
system.ini -> C:\Windows\system.ini -> [2006/11/02 07:34:27 | 00,000,219 | ---- | C] ()
 
[Files/Folders - Modified Within 30 Days]
1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> 
2 C:\Users\Shontia\AppData\Local\Temp\*.tmp files -> C:\Users\Shontia\AppData\Local\Temp\*.tmp -> 
5 C:\Users\Shontia\AppData\Local\Temp\Low\*.tmp files -> C:\Users\Shontia\AppData\Local\Temp\Low\*.tmp -> 
NTUSER.DAT -> C:\Users\Shontia\NTUSER.DAT -> [2009/06/12 11:30:42 | 02,097,152 | -HS- | M] ()
{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job -> C:\Windows\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job -> [2009/06/12 11:00:05 | 00,000,290 | -H-- | M] ()
{783AF354-B514-42d6-970E-3E8BF0A5279C}.job -> C:\Windows\tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job -> [2009/06/12 11:00:02 | 00,000,290 | -H-- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [2009/06/12 10:30:37 | 00,003,616 | -H-- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [2009/06/12 10:30:37 | 00,003,616 | -H-- | M] ()
OTS.exe -> C:\Users\Shontia\Desktop\OTS.exe -> [2009/06/12 09:53:58 | 00,507,392 | ---- | M] (OldTimer Tools)
PublishedRacMonSWITable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonSWITable.DAT -> [2009/06/12 08:30:52 | 00,133,196 | ---- | M] ()
PublishedRacMonAFLTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonAFLTable.DAT -> [2009/06/12 08:30:52 | 00,010,212 | ---- | M] ()
PublishedRacMonIndex.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonIndex.DAT -> [2009/06/12 08:30:52 | 00,002,400 | ---- | M] ()
PublishedRacMonOSFTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonOSFTable.DAT -> [2009/06/12 08:30:52 | 00,000,552 | ---- | M] ()
PublishedRacMonHFLTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonHFLTable.DAT -> [2009/06/12 08:30:52 | 00,000,000 | ---- | M] ()
PublishedRacMonCLKTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonCLKTable.DAT -> [2009/06/12 08:30:52 | 00,000,000 | ---- | M] ()
bootstat.dat -> C:\Windows\bootstat.dat -> [2009/06/12 08:30:39 | 00,067,584 | --S- | M] ()
GoogleUpdateTaskUserS-1-5-21-1181517193-3524019295-1311160477-1000.job -> C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1181517193-3524019295-1311160477-1000.job -> [2009/06/11 20:02:00 | 00,000,864 | ---- | M] ()
ShontiaRivers Resume.pdf -> C:\Users\Shontia\Documents\ShontiaRivers Resume.pdf -> [2009/06/11 14:09:48 | 00,026,604 | ---- | M] ()
grabandgo.xls -> C:\Users\Shontia\Desktop\grabandgo.xls -> [2009/06/11 13:21:56 | 00,019,456 | ---- | M] ()
PerfStringBackup.INI -> C:\Windows\SysNative\PerfStringBackup.INI -> [2009/06/11 12:11:55 | 00,690,960 | ---- | M] ()
perfh009.dat -> C:\Windows\SysNative\perfh009.dat -> [2009/06/11 12:11:55 | 00,595,684 | ---- | M] ()
perfc009.dat -> C:\Windows\SysNative\perfc009.dat -> [2009/06/11 12:11:55 | 00,101,350 | ---- | M] ()
incavi.avm -> C:\Windows\SysNative\drivers\Avg\incavi.avm -> [2009/06/11 09:06:57 | 37,035,801 | ---- | M] ()
microavi.avg -> C:\Windows\SysNative\drivers\Avg\microavi.avg -> [2009/06/11 09:06:57 | 00,074,578 | ---- | M] ()
qmgr1.dat -> C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat -> [2009/06/11 06:28:48 | 04,194,304 | ---- | M] ()
qmgr0.dat -> C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat -> [2009/06/11 06:28:48 | 04,194,304 | ---- | M] ()
FNTCACHE.DAT -> C:\Windows\SysNative\FNTCACHE.DAT -> [2009/06/11 06:25:40 | 00,397,800 | ---- | M] ()
SA.DAT -> C:\Windows\tasks\SA.DAT -> [2009/06/11 06:25:35 | 00,000,006 | -H-- | M] ()
hiberfil.sys -> C:\hiberfil.sys -> [2009/06/11 06:24:26 | 41,582,63296 | -HS- | M] ()
NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Shontia\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms -> [2009/06/10 22:16:35 | 00,524,288 | -HS- | M] ()
NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf -> C:\Users\Shontia\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf -> [2009/06/10 22:16:35 | 00,065,536 | -HS- | M] ()
IconCache.db -> C:\Users\Shontia\AppData\Local\IconCache.db -> [2009/06/10 22:08:21 | 02,858,217 | -H-- | M] ()
pg2-rc1-test2-2.exe -> C:\Users\Shontia\Desktop\pg2-rc1-test2-2.exe -> [2009/06/10 07:58:40 | 01,958,450 | ---- | M] (Methlabs Productions                                        )
spybotsd162.exe -> C:\Users\Shontia\Desktop\spybotsd162.exe -> [2009/06/10 07:47:38 | 16,409,960 | ---- | M] (Safer Networking Limited                                    )
filealyz.exe -> C:\Users\Shontia\Desktop\filealyz.exe -> [2009/06/10 07:42:44 | 02,992,752 | ---- | M] (Safer Networking Limited                                    )
located.rtf -> C:\Users\Shontia\Desktop\located.rtf -> [2009/06/09 21:08:04 | 00,000,253 | ---- | M] ()
a.dat -> C:\Users\Shontia\AppData\Local\Temp\a.dat -> [2009/06/09 21:01:48 | 00,068,840 | ---- | M] ()
N360BUOptions.ini -> C:\ProgramData\N360BUOptions.ini -> [2009/06/09 19:45:35 | 00,007,361 | ---- | M] ()
GDIPFONTCACHEV1.DAT -> C:\Users\Shontia\AppData\Local\GDIPFONTCACHEV1.DAT -> [2009/06/09 19:40:15 | 00,114,832 | ---- | M] ()
FOOD AND NUTRITION SERVICES MANAGER.docx -> C:\Users\Shontia\Documents\FOOD AND NUTRITION SERVICES MANAGER.docx -> [2009/06/09 16:35:25 | 00,010,827 | ---- | M] ()
ShontiaRivers Resume.doc -> C:\Users\Shontia\Documents\ShontiaRivers Resume.doc -> [2009/06/09 15:51:57 | 00,036,352 | ---- | M] ()
MGR SCHEDULE.xls -> C:\Users\Shontia\Desktop\MGR SCHEDULE.xls -> [2009/06/08 17:06:01 | 00,038,400 | ---- | M] ()
FlashPlayerUpdate.exe -> C:\Users\Shontia\AppData\Local\Temp\FlashPlayerUpdate.exe -> [2009/06/06 16:34:46 | 01,914,600 | ---- | M] (Adobe Systems Incorporated)
setup.exe -> C:\Users\Shontia\Desktop\setup.exe -> [2009/06/03 11:36:53 | 06,097,532 | ---- | M] (Kappix                                                      )
Product.doc -> C:\Users\Shontia\Documents\Product.doc -> [2009/06/02 20:02:35 | 00,026,624 | ---- | M] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\Shontia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009/06/01 16:52:38 | 00,008,192 | ---- | M] ()
mrt.exe -> C:\Windows\SysNative\mrt.exe -> [2009/06/01 12:16:48 | 25,255,368 | ---- | M] ()
Adobe Reader 8.lnk -> C:\Users\Public\Desktop\Adobe Reader 8.lnk -> [2009/06/01 12:04:34 | 00,001,928 | ---- | M] ()
Dear Shontia.docx -> C:\Users\Shontia\Documents\Dear Shontia.docx -> [2009/06/01 11:06:11 | 00,010,705 | ---- | M] ()
Dear Leea.docx -> C:\Users\Shontia\Documents\Dear Leea.docx -> [2009/05/30 11:33:01 | 00,013,322 | ---- | M] ()
budget.xls -> C:\Users\Shontia\Documents\budget.xls -> [2009/05/15 12:01:55 | 00,039,936 | ---- | M] ()
SearchWithGoogleUpdate.exe -> C:\Users\Shontia\AppData\Local\Temp\SearchWithGoogleUpdate.exe -> [2009/05/11 19:15:56 | 00,934,896 | ---- | M] (Google Inc.)
d.exe -> C:\Users\Shontia\AppData\Local\Temp\Low\d.exe -> [2009/05/10 14:03:57 | 00,000,000 | -H-- | M] ()
GoogleUpdateSetup.exe5db3f01 -> C:\Users\Shontia\AppData\Local\Temp\GoogleUpdateSetup.exe5db3f01 -> [2009/04/23 20:33:00 | 00,556,016 | ---- | M] (Google Inc.)
opa12.dat -> C:\ProgramData\Microsoft\OFFICE\DATA\opa12.dat -> [2009/04/10 05:42:59 | 00,008,440 | ---- | M] ()
srtspso.dat -> C:\Users\Shontia\AppData\Local\Temp\srtspso.dat -> [2009/03/04 20:14:08 | 00,002,692 | ---- | M] ()
srtspse.dat -> C:\Users\Shontia\AppData\Local\Temp\srtspse.dat -> [2009/03/04 20:03:14 | 00,000,588 | ---- | M] ()
Shontia.dat -> C:\ProgramData\Microsoft\User Account Pictures\Shontia.dat -> [2009/03/04 19:27:43 | 00,000,000 | ---- | M] ()
srtspsp.dat -> C:\Users\Shontia\AppData\Local\Temp\srtspsp.dat -> [2008/08/20 15:33:19 | 00,000,524 | ---- | M] ()
FLV2MP3.exe -> C:\Users\Shontia\AppData\Local\Temp\Temp1_flv2mp3.zip\FLV2MP3.exe -> [2008/02/23 01:28:40 | 00,249,768 | ---- | M] (Aniscartujo.com)
 
[File - Lop Check]
Roaming -> C:\Users\Default\AppData\Roaming -> [2006/11/02 10:07:25 | 00,000,000 | ---D | M]
Media Center Programs -> C:\Users\Default\AppData\Roaming\Media Center Programs -> [2006/11/02 10:07:25 | 00,000,000 | ---D | M]
Roaming -> C:\Users\Default User\AppData\Roaming -> [2006/11/02 10:07:25 | 00,000,000 | ---D | M]
Media Center Programs -> C:\Users\Default User\AppData\Roaming\Media Center Programs -> [2006/11/02 10:07:25 | 00,000,000 | ---D | M]
Roaming -> C:\Users\Shontia\AppData\Roaming -> [2009/06/11 18:14:32 | 00,000,000 | ---D | M]
ATI -> C:\Users\Shontia\AppData\Roaming\ATI -> [2009/03/04 19:28:37 | 00,000,000 | ---D | M]
LimeWire -> C:\Users\Shontia\AppData\Roaming\LimeWire -> [2009/06/09 16:02:15 | 00,000,000 | ---D | M]
Media Center Programs -> C:\Users\Shontia\AppData\Roaming\Media Center Programs -> [2006/11/02 10:07:25 | 00,000,000 | ---D | M]
Sierra Wireless -> C:\Users\Shontia\AppData\Roaming\Sierra Wireless -> [2009/03/04 19:53:29 | 00,000,000 | ---D | M]
TOSHIBA -> C:\Users\Shontia\AppData\Roaming\TOSHIBA -> [2009/05/02 13:26:22 | 00,000,000 | ---D | M]
WildTangent -> C:\Users\Shontia\AppData\Roaming\WildTangent -> [2009/04/05 10:15:00 | 00,000,000 | ---D | M]
C:\Windows\Tasks\ -> C:\Windows\Tasks -> [2009/06/09 21:00:02 | 00,000,000 | ---D | M]
GoogleUpdateTaskUserS-1-5-21-1181517193-3524019295-1311160477-1000.job -> C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1181517193-3524019295-1311160477-1000.job -> [2009/06/11 20:02:00 | 00,000,864 | ---- | M] ()
SA.DAT -> C:\Windows\Tasks\SA.DAT -> [2009/06/11 06:25:35 | 00,000,006 | -H-- | M] ()
SCHEDLGU.TXT -> C:\Windows\Tasks\SCHEDLGU.TXT -> [2009/06/10 22:18:03 | 00,020,374 | ---- | M] ()
{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job -> C:\Windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job -> [2009/06/12 11:00:05 | 00,000,290 | -H-- | M] ()
{783AF354-B514-42d6-970E-3E8BF0A5279C}.job -> C:\Windows\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job -> [2009/06/12 11:00:02 | 00,000,290 | -H-- | M] ()
 
[File - Purity Scan]
 
< End of report >

CatByte · 06-12-2009, 02:57 PM

Hi.

Please do the following:

Start OTS
Copy/Paste the information inside the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

Quote:

[Kill All Processes]
[Unregister Dlls]
[Registry - Safe List]
< Run [HKEY_USERS\S-1-5-21-1181517193-3524019295-1311160477-1000\] > -> HKEY_USERS\S-1-5-21-1181517193-3524019295-1311160477-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "Cognac" -> C:\Users\Shontia\AppData\Local\Temp\b.exe [C:\Users\Shontia\AppData\Local\Temp\b.exe]
[Files/Folders - Created Within 30 Days]
NY -> {5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job -> C:\Windows\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
NY -> {783AF354-B514-42d6-970E-3E8BF0A5279C}.job -> C:\Windows\tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job
[Files/Folders - Modified Within 30 Days]
NY -> 1 C:\Windows\*.tmp files -> C:\Windows\*.tmp
NY -> 2 C:\Users\Shontia\AppData\Local\Temp\*.tmp files -> C:\Users\Shontia\AppData\Local\Temp\*.tmp
NY -> 5 C:\Users\Shontia\AppData\Local\Temp\Low\*.tmp files -> C:\Users\Shontia\AppData\Local\Temp\Low\*.tmp
NY -> {5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job -> C:\Windows\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
NY -> {783AF354-B514-42d6-970E-3E8BF0A5279C}.job -> C:\Windows\tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job
NY -> a.dat -> C:\Users\Shontia\AppData\Local\Temp\a.dat
NY -> d.exe -> C:\Users\Shontia\AppData\Local\Temp\Low\d.exe
[File - Lop Check]
NY -> {5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job -> C:\Windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
NY -> {783AF354-B514-42d6-970E-3E8BF0A5279C}.job -> C:\Windows\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job
[Purity]
[Empty Temp Folders]
[Start Explorer]
[Reboot]

The fix should only take a very short time. When the fix is completed a message box will popup either telling you that it is finished, or that a reboot is needed to complete the fix. If the fix is complete, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that log back here in your next reply.

If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTS will finish moving any files that could not be moved during the fix and NotePad will open with the final results at that time. Post that log back here in your next reply.

Also, please describe how your computer is running now and if there are any outstanding issues.

vibrantverse · 06-12-2009, 04:31 PM

The computer is running just a tad slower than usual, but that me because I've been on it all day. Other than that, it seems ok.

All Processes Killed
[Registry - Safe List]
Registry value HKEY_USERS\S-1-5-21-1181517193-3524019295-1311160477-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Cognac deleted successfully.
[Files/Folders - Created Within 30 Days]
C:\Windows\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job moved successfully.
C:\Windows\tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job moved successfully.
[Files/Folders - Modified Within 30 Days]
C:\Windows\msdownld.tmp folder deleted successfully.
C:\Users\Shontia\AppData\Local\Temp\7zS1CF2.tmp folder deleted successfully.
C:\Users\Shontia\AppData\Local\Temp\~nsu.tmp folder deleted successfully.
File C:\Windows\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job not found!
File C:\Windows\tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job not found!
C:\Users\Shontia\AppData\Local\Temp\a.dat moved successfully.
C:\Users\Shontia\AppData\Local\Temp\Low\d.exe moved successfully.
[File - Lop Check]
File C:\Windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job not found!
File C:\Windows\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job not found!
[Purity]
Purity scan complete.
[Empty Temp Folders]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Shontia
->Temp folder emptied: 17848945 bytes
File delete failed. C:\Users\Shontia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 742131490 bytes
->Java cache emptied: 1225056 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
Windows Temp folder emptied: 75522 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 731.25 mb

Explorer started successfully
< End of fix log >
OTS by OldTimer - Version 3.0.5.1 fix logfile created on 06122009_170932

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

CatByte · 06-12-2009, 04:39 PM

Hi,

Please do the following:

Please download Malwarebytes' Anti-Malware

**Vista users - right click on the IE icon and run as administrator

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected. <-- very important
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

NEXT

Run an on-line scan with Kaspersky

**Vista users - right click on the IE icon and run as administrator

Please do a scan with Kaspersky Online Scanner. Please note: Kaspersky requires Java Runtime Environment (JRE) be installed before scanning for malware, as ActiveX is no longer being used.)

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Open the Kaspersky WebScanner
page.
Click on the button on the main page.
The program will launch and fill in the Information section on the left.
Read the "Requirements and Limitations" then press the button.
The program will begin downloading the latest program and definition files. It may take a while so please be patient and let it finish.

under the Scan section on the left:
Select My Computer
The program will now start and scan your system. This will run for a while, be patient and let it finish.
Once the scan is complete, click on View scan report
Now, click on the Save Report as button.
Save the file to your desktop.
Copy and paste that information in your next post.

You can refer to this animation by sundavis.

In your next reply please include

MBAM Log
Kaspersky report

vibrantverse · 06-12-2009, 10:31 PM

Hi, below & attached is the MBAM log. For some reason, after I ran the Kaspersky scan and clicked "view report", nothing showed up. Even when I saved it, it was in html format and there was nothing saved to my computer. I am trying to do the whole thing over again, and will repost if I have any luck.

Malwarebytes' Anti-Malware 1.37
Database version: 2269
Windows 6.0.6001 Service Pack 1

6/12/2009 6:04:49 PM
mbam-log-2009-06-12 (18-04-49).txt

Scan type: Quick Scan
Objects scanned: 69461
Time elapsed: 3 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ColdWare (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

CatByte · 06-13-2009, 09:29 AM

Hi,

Good news for the Kaspersky scan - it appears all the malware is gone from your system.

How is your computer running now?

Please re run OTS and post the log so I can verify you are clean, then we can clean up the tools.

vibrantverse · 06-13-2009, 10:20 AM

I re-ran the OTS scan (below and attached). My computer has been acting a bit strange today, however. I can't seem to open the "Network and Sharing Center" for my wireless internet (keeps going in and out since yesterday) and I also can't open the Control Panel. I see the Vista blue circle icon as if it's about to open these windows, but then it fails because I don't see anything...not even in the "Processes" tab of my Task Manager. I'm not sure why this is happening or what it means. Maybe I just need to re-start the computer.

Code:

OTS logfile created on: 6/13/2009 11:11:47 AM - Run 3
OTS by OldTimer - Version 3.0.5.1     Folder = C:\Users\Shontia\Documents\Trojan Virus Fix
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.87 Gb Total Physical Memory | 2.59 Gb Available Physical Memory | 67.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 231.42 Gb Total Space | 146.98 Gb Free Space | 63.51% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: SHONTIA-PC
Current User Name: Shontia
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days
 
[Processes - Safe List]
applemobiledeviceservice.exe -> C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.)
cec_main.exe -> C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe -> [2008/01/22 13:00:30 | 04,624,384 | ---- | M] ()
cfsvcs.exe -> C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -> [2007/12/25 15:07:14 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION)
cfswmgr.exe -> C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe -> [2007/12/25 15:06:52 | 00,405,504 | ---- | M] (TOSHIBA CORPORATION)
googletoolbarnotifier.exe -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> [2008/08/20 14:39:59 | 00,068,856 | ---- | M] (Google Inc.)
googleupdate.exe -> C:\Users\Shontia\AppData\Local\Google\Update\GoogleUpdate.exe -> [2009/05/10 18:58:03 | 00,133,104 | ---- | M] (Google Inc.)
ieuser.exe -> C:\Program Files (x86)\Internet Explorer\ieuser.exe -> [2008/01/20 21:50:38 | 00,299,520 | ---- | M] (Microsoft Corporation)
ipodservice.exe -> C:\Program Files (x86)\iPod\bin\iPodService.exe -> [2009/01/06 13:06:24 | 00,536,872 | ---- | M] (Apple Inc.)
ituneshelper.exe -> C:\Program Files (x86)\iTunes\iTunesHelper.exe -> [2009/01/06 13:06:36 | 00,290,088 | ---- | M] (Apple Inc.)
mdnsresponder.exe -> C:\Program Files (x86)\Bonjour\mDNSResponder.exe -> [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.)
ndstray.exe -> C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe -> [2008/01/09 16:02:08 | 01,056,768 | ---- | M] (TOSHIBA CORPORATION)
ots.exe -> C:\Users\Shontia\Documents\Trojan Virus Fix\OTS.exe -> [2009/06/12 09:53:58 | 00,507,392 | ---- | M] (OldTimer Tools)
tnavisrv.exe -> C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -> [2008/01/21 18:54:46 | 00,083,312 | ---- | M] (TOSHIBA Corporation)
traybar.exe -> C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe -> [2007/10/25 19:41:18 | 00,413,696 | ---- | M] (Chicony)
ulcdrsvr.exe -> C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -> [2006/08/23 18:39:48 | 00,049,152 | ---- | M] (Ulead Systems, Inc.)
 
[Win32 Services - Safe List]
64bit-(AgereModemAudio) Agere Modem Call Progress Audio [Win32_Own | Auto | Running] -> C:\Windows\SysNative\agr64svc.exe -> [2007/12/11 13:11:30 | 00,015,872 | ---- | M] ()
64bit-(Ati External Event Utility) Ati External Event Utility [Win32_Own | Auto | Running] -> C:\Windows\SysNative\Ati2evxx.exe -> [2007/07/28 00:25:44 | 00,787,968 | ---- | M] ()
64bit-(clr_optimization_v2.0.50727_32) Microsoft .NET Framework NGEN v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2008/07/27 13:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation)
64bit-(clr_optimization_v2.0.50727_64) Microsoft .NET Framework NGEN v2.0.50727_X64 [Win32_Own | On_Demand | Stopped] -> C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -> [2008/07/27 13:01:49 | 00,093,184 | ---- | M] (Microsoft Corporation)
64bit-(ehRecvr) Windows Media Center Receiver Service [Win32_Own | On_Demand | Stopped] -> C:\Windows\ehome\ehRecvr.exe -> [2008/01/20 21:51:36 | 00,344,064 | ---- | M] (Microsoft Corporation)
64bit-(ehSched) Windows Media Center Scheduler Service [Win32_Own | On_Demand | Stopped] -> C:\Windows\ehome\ehsched.exe -> [2008/01/20 21:51:36 | 00,153,600 | ---- | M] (Microsoft Corporation)
64bit-(ehstart) Windows Media Center Service Launcher [Win32_Shared | Auto | Stopped] -> C:\Windows\ehome\ehstart.dll -> [2006/11/02 10:03:48 | 00,015,360 | ---- | M] (Microsoft Corporation)
64bit-(FontCache3.0.0.0) Windows Presentation Foundation Font Cache 3.0.0.0 [Win32_Own | Auto | Running] -> C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe -> [2008/06/19 20:17:12 | 00,046,104 | ---- | M] (Microsoft Corporation)
64bit-(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -> [2008/06/19 20:16:53 | 00,859,648 | ---- | M] (Microsoft Corporation)
64bit-(NetTcpPortSharing) Net.Tcp Port Sharing Service [Win32_Shared | Disabled | Stopped] -> C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe -> [2008/06/19 20:16:54 | 00,119,808 | ---- | M] (Microsoft Corporation)
64bit-(RapiMgr) Windows Mobile-based device connectivity [Win32_Shared | Auto | Running] -> C:\Windows\WindowsMobile\rapimgr.dll -> [2008/01/20 21:47:00 | 00,211,968 | ---- | M] (Microsoft Corporation)
64bit-(SmartFaceVWatchSrv) SmartFaceVWatchSrv [Win32_Own | On_Demand | Running] -> C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -> [2008/04/24 20:57:40 | 00,084,992 | ---- | M] (Toshiba)
64bit-(TODDSrv) TOSHIBA Optical Disc Drive Service [Win32_Own | Auto | Running] -> C:\Windows\SysNative\TODDSrv.exe -> [2007/11/21 18:53:16 | 00,135,168 | ---- | M] ()
64bit-(TosCoSrv) TOSHIBA Power Saver [Win32_Own | Auto | Running] -> C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -> [2008/02/06 15:50:18 | 00,434,016 | ---- | M] (TOSHIBA Corporation)
64bit-(TOSHIBA SMART Log Service) TOSHIBA SMART Log Service [Win32_Own | Auto | Running] -> C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -> [2007/12/03 19:04:48 | 00,175,104 | ---- | M] (TOSHIBA Corporation)
64bit-(WcesComm) Windows Mobile 2003-based device connectivity [Win32_Shared | Auto | Running] -> C:\Windows\WindowsMobile\wcescomm.dll -> [2008/01/20 21:47:00 | 00,428,544 | ---- | M] (Microsoft Corporation)
64bit-(WinDefend) Windows Defender [Win32_Shared | Auto | Running] -> C:\Program Files\Windows Defender\mpsvc.dll -> [2008/01/20 21:47:32 | 00,383,544 | ---- | M] (Microsoft Corporation)
64bit-(WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Windows Media Player\wmpnetwk.exe -> [2008/01/20 21:52:15 | 01,216,000 | ---- | M] (Microsoft Corporation)
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.)
(Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> C:\Program Files (x86)\Bonjour\mDNSResponder.exe -> [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.)
(CASprint) Sprint Con App Svc [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\Sprint\Sprint SmartView\ConAppsSvc.exe -> [2008/10/15 12:02:02 | 00,124,160 | ---- | M] (PCTEL)
(clr_optimization_v2.0.50727_32) Microsoft .NET Framework NGEN v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2008/07/27 13:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation)
(clr_optimization_v2.0.50727_64) Microsoft .NET Framework NGEN v2.0.50727_X64 [Win32_Own | On_Demand | Stopped] -> C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -> [2008/07/27 13:01:49 | 00,093,184 | ---- | M] (Microsoft Corporation)
(ConfigFree Service) ConfigFree Service [Win32_Own | Auto | Running] -> C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -> [2007/12/25 15:07:14 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION)
(ehRecvr) Windows Media Center Receiver Service [Win32_Own | On_Demand | Stopped] -> C:\Windows\ehome\ehRecvr.exe -> [2008/01/20 21:51:36 | 00,344,064 | ---- | M] (Microsoft Corporation)
(ehSched) Windows Media Center Scheduler Service [Win32_Own | On_Demand | Stopped] -> C:\Windows\ehome\ehsched.exe -> [2008/01/20 21:51:36 | 00,153,600 | ---- | M] (Microsoft Corporation)
(ehstart) Windows Media Center Service Launcher [Win32_Shared | Auto | Stopped] -> C:\Windows\ehome\ehstart.dll -> [2006/11/02 10:03:48 | 00,015,360 | ---- | M] (Microsoft Corporation)
(FontCache3.0.0.0) Windows Presentation Foundation Font Cache 3.0.0.0 [Win32_Own | Auto | Running] -> C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe -> [2008/06/19 20:17:12 | 00,046,104 | ---- | M] (Microsoft Corporation)
(GameConsoleService) GameConsoleService [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -> [2008/05/28 18:20:16 | 00,164,600 | ---- | M] (WildTangent, Inc.)
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe -> [2009/03/04 20:24:04 | 00,137,200 | ---- | M] (Google)
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -> [2005/11/14 03:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation)
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -> [2008/06/19 20:16:53 | 00,859,648 | ---- | M] (Microsoft Corporation)
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> C:\Program Files (x86)\iPod\bin\iPodService.exe -> [2009/01/06 13:06:24 | 00,536,872 | ---- | M] (Apple Inc.)
(jswpsapi) Jumpstart Wifi Protected Setup [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\Jumpstart\jswpsapi.exe -> [2007/10/30 02:35:40 | 00,937,984 | ---- | M] (Atheros Communications, Inc.)
(KeyIso) CNG Key Isolation [Win32_Shared | On_Demand | Running] -> C:\Windows\SysWow64\keyiso.dll -> [2006/11/02 04:46:05 | 00,018,944 | ---- | M] (Microsoft Corporation)
(MSDTC) Distributed Transaction Coordinator [Win32_Own | Unknown | Stopped] -> C:\Windows\SysWow64\Msdtc -> [2006/11/02 08:34:14 | 00,000,000 | ---D | M]
(Netlogon) Netlogon [Win32_Shared | On_Demand | Stopped] -> C:\Windows\SysWow64\netlogon.dll -> [2008/01/20 21:48:28 | 00,592,384 | ---- | M] (Microsoft Corporation)
(odserv) Microsoft Office Diagnostics Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -> [2007/08/24 02:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation)
(ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE -> [2006/10/26 16:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation)
(RapiMgr) Windows Mobile-based device connectivity [Win32_Shared | Auto | Running] -> C:\Windows\WindowsMobile\rapimgr.dll -> [2008/01/20 21:47:00 | 00,211,968 | ---- | M] (Microsoft Corporation)
(SprintRcAppSvc) Sprint RcAppSvc [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\Sprint\Sprint SmartView\RcAppSvc.exe -> [2008/10/15 12:02:34 | 00,111,872 | ---- | M] (PCTEL)
(TMachInfo) TMachInfo [Win32_Own | Auto | Running] -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -> [2008/08/04 16:46:22 | 00,046,392 | ---- | M] (TOSHIBA Corporation)
(TNaviSrv) TOSHIBA Navi Support Service [Win32_Own | Auto | Running] -> C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -> [2008/01/21 18:54:46 | 00,083,312 | ---- | M] (TOSHIBA Corporation)
(UleadBurningHelper) Ulead Burning Helper [Win32_Own | Auto | Running] -> C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -> [2006/08/23 18:39:48 | 00,049,152 | ---- | M] (Ulead Systems, Inc.)
(vds) Virtual Disk [Win32_Own | On_Demand | Stopped] -> C:\Windows\SysWow64\Wbem\vds.mof -> [2006/11/02 01:35:15 | 00,060,994 | ---- | M] ()
(VSS) Volume Shadow Copy [Win32_Own | On_Demand | Stopped] -> C:\Windows\SysWow64\Wbem\vss.mof -> [2006/11/02 01:35:15 | 00,055,846 | ---- | M] ()
(WcesComm) Windows Mobile 2003-based device connectivity [Win32_Shared | Auto | Running] -> C:\Windows\WindowsMobile\wcescomm.dll -> [2008/01/20 21:47:00 | 00,428,544 | ---- | M] (Microsoft Corporation)
 
[Driver Services - Safe List]
64bit-(AgereSoftModem) TOSHIBA Software Modem [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\agrsm64.sys -> [2008/02/29 16:59:32 | 01,252,352 | ---- | M] ()
64bit-(athr) Atheros Extensible Wireless LAN device driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\athrx.sys -> [2008/01/25 18:25:50 | 00,957,440 | ---- | M] ()
64bit-(atikmdag) atikmdag [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\atikmdag.sys -> [2007/07/28 00:38:32 | 03,544,576 | ---- | M] ()
64bit-(AtiPcie) ATI PCI Express (3GIO) Filter [Kernel | Boot | Running] -> C:\Windows\SysNative\DRIVERS\AtiPcie.sys -> [2006/11/07 12:30:56 | 00,016,656 | ---- | M] ()
64bit-(CmBatt) Microsoft ACPI Control Method Battery Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\CmBatt.sys -> [2008/01/20 21:46:51 | 00,017,792 | ---- | M] ()
64bit-(FwLnk) FwLnk Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\FwLnk.sys -> [2006/11/20 00:11:06 | 00,008,704 | ---- | M] ()
64bit-(GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -> [2008/04/17 13:12:54 | 00,019,304 | ---- | M] ()
64bit-(HdAudAddService) Microsoft 1.1 UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\HdAudio.sys -> [2006/11/02 00:28:10 | 00,273,920 | ---- | M] ()
64bit-(JSWPSLWF) JumpStart Wireless Filter Driver [Kernel | System | Running] -> C:\Windows\SysNative\DRIVERS\jswpslwfx.sys -> [2007/08/31 19:43:38 | 00,026,624 | ---- | M] ()
64bit-(KR10I64) KR10I64 [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\kr10i64.sys -> [2006/11/09 01:33:00 | 00,248,320 | ---- | M] ()
64bit-(KR10N64) KR10N64 [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\kr10n64.sys -> [2006/11/09 01:34:00 | 00,237,568 | ---- | M] ()
64bit-(NWADI) NWADI Bus Enumerator [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\NWADIenum.sys -> [2008/10/15 11:58:26 | 00,247,808 | ---- | M] ()
64bit-(PCASp50a64) PCASp50a64 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\PCASp50a64.sys -> [2008/10/15 11:58:32 | 00,041,280 | ---- | M] ()
64bit-(PCTINDIS5X64) PCTINDIS5X64 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\PCTINDIS5X64.SYS -> [2008/10/15 11:56:10 | 00,043,032 | ---- | M] ()
64bit-(RimVSerPort) RIM Virtual Serial Port v2 [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys -> [2007/01/18 15:10:22 | 00,030,336 | ---- | M] ()
64bit-(ROOTMODEM) Microsoft Legacy Modem Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\Drivers\RootMdm.sys -> [2008/01/20 21:49:47 | 00,011,264 | ---- | M] ()
64bit-(RTL8169) Realtek 8169 NT Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\Rtlh64.sys -> [2008/04/15 12:05:42 | 00,161,792 | ---- | M] ()
64bit-(RTSTOR) Realtek USB 2.0 Card Reader [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\RTSTOR64.SYS -> [2008/02/21 00:01:24 | 00,063,488 | ---- | M] ()
64bit-(sscdbus) SAMSUNG USB Composite Device driver (WDM) [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\sscdbus.sys -> [2007/07/03 18:02:12 | 00,105,128 | ---- | M] ()
64bit-(sscdmdfl) SAMSUNG Mobile Modem Filter [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\sscdmdfl.sys -> [2007/07/03 18:04:16 | 00,016,040 | ---- | M] ()
64bit-(sscdmdm) SAMSUNG Mobile Modem Drivers [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\sscdmdm.sys -> [2007/07/03 18:04:44 | 00,142,504 | ---- | M] ()
64bit-(swmsflt) swmsflt [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\swmsflt.sys -> [2008/10/15 11:58:34 | 00,028,808 | ---- | M] ()
64bit-(swmx00) Sierra Wireless USB MUX Driver (#00) [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\swmx00.sys -> [2008/10/15 11:58:34 | 00,198,408 | ---- | M] ()
64bit-(SWNC5E00) Sierra Wireless MUX NDIS Driver (#00) [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\SWNC5E00.sys -> [2008/10/15 11:58:34 | 00,202,248 | ---- | M] ()
64bit-(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\SynTP.sys -> [2007/12/06 20:12:56 | 00,320,048 | ---- | M] ()
64bit-(tdcmdpst) TOSHIBA Writing Engine Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\tdcmdpst.sys -> [2007/12/11 16:03:36 | 00,027,272 | ---- | M] ()
64bit-(tos_sps64) TOSHIBA tos_sps64 Service [Kernel | Boot | Running] -> C:\Windows\SysNative\DRIVERS\tos_sps64.sys -> [2008/01/21 17:42:26 | 00,531,968 | ---- | M] ()
64bit-(TVALZ) TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver [Kernel | Boot | Running] -> C:\Windows\SysNative\DRIVERS\TVALZ_O.SYS -> [2007/11/09 16:00:30 | 00,026,968 | ---- | M] ()
64bit-(USBAAPL64) Apple Mobile USB Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\usbaapl64.sys -> [2008/11/07 14:23:30 | 00,040,448 | ---- | M] ()
64bit-(usbvideo) Chicony USB 2.0 Camera [Kernel | On_Demand | Running] -> C:\Windows\SysNative\Drivers\usbvideo.sys -> [2008/01/20 21:47:27 | 00,168,704 | ---- | M] ()
64bit-(usb_rndisx) USB RNDIS Adapter [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\usb8023x.sys -> [2008/01/20 21:46:52 | 00,019,456 | ---- | M] ()
64bit-(UVCFTR) UVCFTR [Kernel | On_Demand | Running] -> C:\Windows\SysNative\Drivers\UVCFTR_S.SYS -> [2007/12/20 18:10:50 | 00,028,200 | ---- | M] ()
64bit-(winusb) WinUSB Service [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\winusb.sys -> [2008/01/20 21:47:02 | 00,036,864 | ---- | M] ()
(mpsdrv) Windows Firewall Authorization Driver [Kernel | On_Demand | Running] -> C:\Windows\SysWow64\Wbem\mpsdrv.mof -> [2006/09/18 16:35:23 | 00,001,088 | ---- | M] ()
(swmsflt) swmsflt [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\swmsflt.sys -> [2008/10/15 11:58:34 | 00,028,808 | ---- | M] ()
(Tcpip) TCP/IP Protocol Driver [Kernel | Boot | Running] -> C:\Windows\SysWow64\Wbem\tcpip.mof -> [2006/09/18 16:36:40 | 00,003,066 | ---- | M] ()
(winusb) WinUSB Service [Kernel | On_Demand | Stopped] -> C:\Windows\SysWow64\winusb.dll -> [2008/01/20 21:49:57 | 00,016,384 | ---- | M] (Microsoft Corporation)
 
[Registry - Safe List]
< 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://www.toshibadirect.com/dpdstart -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" ->  [binary data] -> 
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://www.toshibadirect.com/dpdstart -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" ->  [binary data] -> 
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-1181517193-3524019295-1311160477-1000\] > -> -> 
HKEY_USERS\S-1-5-21-1181517193-3524019295-1311160477-1000\: Main\\"Default_Page_URL" -> http://www.toshibadirect.com/dpdstart -> 
HKEY_USERS\S-1-5-21-1181517193-3524019295-1311160477-1000\: Main\\"Local Page" -> C:\Windows\system32\blank.htm -> 
HKEY_USERS\S-1-5-21-1181517193-3524019295-1311160477-1000\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_USERS\S-1-5-21-1181517193-3524019295-1311160477-1000\: Main\\"Start Page" -> http://www.google.com/ -> 
HKEY_USERS\S-1-5-21-1181517193-3524019295-1311160477-1000\: Main\\"StartPageCache" -> 1 -> 
HKEY_USERS\S-1-5-21-1181517193-3524019295-1311160477-1000\: "ProxyEnable" -> 0 -> 
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
< FireFox Extensions [User Folders] > -> 
 -> C:\Users\Shontia\AppData\Roaming\mozilla\Extensions -> [2009/05/10 18:58:31 | 00,000,000 | ---D | M]
 -> C:\Users\Shontia\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org -> [2009/05/10 18:58:31 | 00,000,000 | ---D | M]
< HOSTS File > (736 bytes and 20 lines) -> C:\Windows\SysNative\Drivers\etc\hosts -> 
Reset Hosts
::1             localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/10/22 22:08:42 | 00,062,080 | ---- | M] (Adobe Systems Incorporated)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> C:\Program Files (x86)\AVG\AVG8\avgssie.dll [AVG Safe Search] -> File not found
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> [2007/09/25 03:11:33 | 00,501,136 | ---- | M] (Sun Microsystems, Inc.)
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll [Google Toolbar Helper] -> [2009/03/04 20:06:22 | 00,251,504 | ---- | M] ()
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [Google Toolbar Notifier BHO] -> [2009/05/11 19:15:56 | 00,668,656 | ---- | M] (Google Inc.)
{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [Google Dictionary Compression sdch] -> [2009/03/04 20:06:19 | 00,522,224 | ---- | M] (Google Inc.)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll [&Google Toolbar] -> [2009/03/04 20:06:22 | 00,251,504 | ---- | M] ()
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1181517193-3524019295-1311160477-1000\] > -> HKEY_USERS\S-1-5-21-1181517193-3524019295-1311160477-1000\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll [&Google Toolbar] -> [2009/03/04 20:06:22 | 00,251,504 | ---- | M] ()
< 64bit-Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"00TCrdMain" -> C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [%ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe] -> [2008/05/09 14:32:26 | 00,865,280 | ---- | M] (TOSHIBA Corporation)
"HSON" -> C:\Program Files\TOSHIBA\TBS\HSON.exe [%ProgramFiles%\TOSHIBA\TBS\HSON.exe] -> [2007/12/06 17:06:50 | 00,052,560 | ---- | M] (TOSHIBA Corporation)
"RtHDVCpl" -> C:\Windows\RAVCpl64.exe [RAVCpl64.exe] -> [2008/01/29 20:51:00 | 05,682,688 | ---- | M] (Realtek Semiconductor)
"Skytel" -> C:\Windows\SkyTel.exe [Skytel.exe] -> [2007/11/20 20:15:58 | 01,826,816 | ---- | M] (Realtek Semiconductor Corp.)
"SmoothView" -> C:\Program Files\Toshiba\SmoothView\SmoothView.exe [%ProgramFiles%\Toshiba\SmoothView\SmoothView.exe] -> [2008/06/02 15:27:34 | 00,518,008 | ---- | M] (TOSHIBA Corporation)
"SynTPEnh" -> C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] -> [2007/12/06 20:12:50 | 01,216,808 | ---- | M] (Synaptics, Inc.)
"TPwrMain" -> C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [%ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE] -> [2008/02/06 15:50:34 | 00,431,968 | ---- | M] (TOSHIBA Corporation)
"Windows Defender" -> C:\Program Files\Windows Defender\MSASCui.exe [%ProgramFiles%\Windows Defender\MSASCui.exe -hide] -> [2008/01/20 21:47:32 | 01,584,184 | ---- | M] (Microsoft Corporation)
"Windows Mobile-based device management" -> C:\Windows\WindowsMobile\wmdSync.exe [%windir%\WindowsMobile\wmdSync.exe] -> [2008/01/20 21:47:00 | 00,225,792 | ---- | M] (Microsoft Corporation)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Adobe Reader Speed Launcher" -> C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe ["C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"]     -> [2008/10/15 00:04:34 | 00,039,792 | ---- | M] (Adobe Systems Incorporated)
"Camera Assistant Software" ->  ["C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start] -> File not found
"iTunesHelper" -> C:\Program Files (x86)\iTunes\iTunesHelper.exe ["C:\Program Files (x86)\iTunes\iTunesHelper.exe"]     -> [2009/01/06 13:06:36 | 00,290,088 | ---- | M] (Apple Inc.)
"jswtrayutil" -> C:\Program Files (x86)\Jumpstart\jswtrayutil.exe ["C:\Program Files (x86)\Jumpstart\jswtrayutil.exe"]     -> File not found
"NDSTray.exe" ->  [NDSTray.exe] -> File not found
"QuickTime Task" -> C:\Program Files (x86)\QuickTime\QTTask.exe ["C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime] -> [2009/01/05 16:18:48 | 00,413,696 | ---- | M] (Apple Inc.)
"Sprint SmartView" -> C:\Program Files (x86)\Sprint\Sprint SmartView\SprintSV.exe ["C:\Program Files (x86)\Sprint\Sprint SmartView\SprintSV.exe" -a] -> [2008/10/15 12:02:34 | 00,017,664 | ---- | M] (Sprint)
"StartCCC" -> C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe] -> [2006/11/10 13:35:24 | 00,090,112 | ---- | M] ()
"ToshibaServiceStation" -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TSS.exe ["C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TSS.exe" /hide] -> [2008/08/04 16:46:38 | 01,242,424 | ---- | M] (TOSHIBA Corporation)
< Run [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Sidebar" -> C:\Program Files (x86)\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem] -> [2008/01/20 21:47:33 | 01,233,920 | ---- | M] (Microsoft Corporation)
"WindowsWelcomeCenter" -> C:\Windows\SysWow64\oobefldr.dll [rundll32.exe oobefldr.dll,ShowWelcomeCenter] -> [2008/01/20 21:47:52 | 02,153,472 | ---- | M] (Microsoft Corporation)
< Run [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Sidebar" -> C:\Program Files (x86)\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem] -> [2008/01/20 21:47:33 | 01,233,920 | ---- | M] (Microsoft Corporation)
"WindowsWelcomeCenter" -> C:\Windows\SysWow64\oobefldr.dll [rundll32.exe oobefldr.dll,ShowWelcomeCenter] -> [2008/01/20 21:47:52 | 02,153,472 | ---- | M] (Microsoft Corporation)
< Run [HKEY_USERS\S-1-5-21-1181517193-3524019295-1311160477-1000\] > -> HKEY_USERS\S-1-5-21-1181517193-3524019295-1311160477-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Google Update" -> C:\Users\Shontia\AppData\Local\Google\Update\GoogleUpdate.exe ["C:\Users\Shontia\AppData\Local\Google\Update\GoogleUpdate.exe" /c] -> [2009/05/10 18:58:03 | 00,133,104 | ---- | M] (Google Inc.)
"Sidebar" -> C:\Program Files\Windows Sidebar\sidebar.exe [C:\Program Files\Windows Sidebar\sidebar.exe /autoRun] -> [2008/01/20 21:47:57 | 01,555,968 | ---- | M] (Microsoft Corporation)
"swg" -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> [2008/08/20 14:39:59 | 00,068,856 | ---- | M] (Google Inc.)
"TOSCDSPD" ->  [TOSCDSPD.EXE] -> File not found
"WMPNSCFG" -> C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe [C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoActiveDesktop" ->  [1] -> File not found
\\"ForceActiveDesktopOn" ->  [0] -> File not found
\\"NoActiveDesktopChanges" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"ConsentPromptBehaviorAdmin" ->  [2] -> File not found
\\"ConsentPromptBehaviorUser" ->  [1] -> File not found
\\"EnableInstallerDetection" ->  [1] -> File not found
\\"EnableLUA" ->  [1] -> File not found
\\"EnableSecureUIAPaths" ->  [1] -> File not found
\\"EnableVirtualization" ->  [1] -> File not found
\\"PromptOnSecureDesktop" ->  [1] -> File not found
\\"ValidateAdminCodeSignatures" ->  [0] -> File not found
\\"dontdisplaylastusername" ->  [0] -> File not found
\\"legalnoticecaption" ->  [] -> File not found
\\"legalnoticetext" ->  [] -> File not found
\\"scforceoption" ->  [0] -> File not found
\\"shutdownwithoutlogon" ->  [1] -> File not found
\\"undockwithoutlogon" ->  [1] -> File not found
\\"FilterAdministratorToken" ->  [0] -> File not found
\\"EnableUIADesktopToggle" ->  [0] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
\UIPI\Clipboard\ExceptionFormats\\"CF_TEXT" ->  [1] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_BITMAP" ->  [2] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_OEMTEXT" ->  [7] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_DIB" ->  [8] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_PALETTE" ->  [9] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_UNICODETEXT" ->  [13] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_DIBV5" ->  [17] -> File not found
< 64bit-Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-1181517193-3524019295-1311160477-1000\] > -> HKEY_USERS\S-1-5-21-1181517193-3524019295-1311160477-1000\Software\Microsoft\Internet Explorer\MenuExt\ -> 
E&xport to Microsoft Excel -> C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE [res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000] -> [2009/05/04 08:40:04 | 18,333,536 | ---- | M] (Microsoft Corporation)
E&xport to Microsoft Excel -> C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE [res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000] -> [2009/05/04 08:40:04 | 18,333,536 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKLM] -> C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll [Menu: Sun Java Console] -> [2007/09/25 03:11:33 | 00,501,136 | ---- | M] (Sun Microsystems, Inc.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL [Button: Research] -> [2006/10/26 22:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
< 64bit-Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< 64bit-Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< 64bit-Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< 64bit-Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-1181517193-3524019295-1311160477-1000\] > -> HKEY_USERS\S-1-5-21-1181517193-3524019295-1311160477-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-21-1181517193-3524019295-1311160477-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1181517193-3524019295-1311160477-1000\] > -> HKEY_USERS\S-1-5-21-1181517193-3524019295-1311160477-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-21-1181517193-3524019295-1311160477-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{0CCA191D-13A6-4E29-B746-314DEE697D83} [HKLM] -> http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab [Facebook Photo Uploader 5 Control] -> 
{48DD0448-9209-4F81-9F6D-D83562940134} [HKLM] -> http://lads.myspace.com/upload/MySpaceUploader1006.cab [MySpace Uploader Control] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab [Java Plug-in 1.6.0_03] -> 
{9C23D886-43CB-43DE-B2DB-112A68D7E10A} [HKLM] -> http://lads.myspace.com/upload/MySpaceUploader2.cab [MySpace Uploader Control] -> 
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab [Java Plug-in 1.6.0_03] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab [Java Plug-in 1.6.0_03] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 204.130.255.3 64.122.32.71 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{1C4C76BD-ADF8-4605-883D-FBB144CF0A22}\\DhcpNameServer -> 204.130.255.3 64.122.32.71   (Atheros AR5007EG Wireless Network Adapter) -> 
{44B10B9C-D083-4523-AFE3-07767133C417}\\DhcpNameServer -> 192.168.1.1 192.168.1.1   (Realtek RTL8102E Family PCI-E Fast Ethernet NIC (NDIS 6.0)) -> 
{608D96AC-E2D4-4762-8FB2-0CBB8883B92A}\\DhcpNameServer -> 192.168.0.1   (Remote NDIS based Internet Sharing Device) -> 
< 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
64bit-*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
explorer.exe -> C:\Windows\explorer.exe -> [2008/10/29 01:49:22 | 03,080,704 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
explorer.exe -> C:\Windows\SysWow64\explorer.exe -> [2008/10/29 01:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Vista Public Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications -> 
< Vista Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications -> 
< Vista Active Firewall Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> 
{7B034548-CAE0-4920-A3EE-0CEF4B4A6C6B} -> lport=6004 | profile=public | protocol=17 | dir=in | action=allow | name=microsoft office outlook | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
{CF2BA56A-8022-4FA4-A060-2BA3B28AC525} -> lport=1900 | profile=public | protocol=17 | dir=in | action=allow | name=network discovery (ssdp-in) | app=c:\windows\system32\svchost.exe | svc=ssdpsrv | 
< Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> 
{3357D4B7-252C-40AF-9220-9196E8B616E3} -> profile=public | protocol=6 | dir=in | action=allow | name=bonjour | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
{96F89F56-89C7-4173-86C0-BCFE5592854B} -> profile=public | protocol=17 | dir=in | action=allow | name=bonjour | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
{99C22C29-958A-4981-9294-ABAEF771B7F9} -> profile=public | protocol=6 | dir=in | action=allow | name=itunes | app=c:\program files (x86)\itunes\itunes.exe | 
{DF11DB95-4AB0-4B39-95D7-C65A98EC6A39} -> profile=public | protocol=17 | dir=in | action=allow | name=itunes | app=c:\program files (x86)\itunes\itunes.exe | 
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
"AlternateShell" -> cmd.exe -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" -> C:\Windows\SysNative\DRIVERS\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2008/01/20 21:46:54 | 00,079,872 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
\{0c63d946-0913-11de-a450-001e336a6deb}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0c63d946-0913-11de-a450-001e336a6deb}\shell
\{0c63d946-0913-11de-a450-001e336a6deb}\shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0c63d946-0913-11de-a450-001e336a6deb}\shell\AutoRun\command
\{0c63d946-0913-11de-a450-001e336a6deb}\shell\AutoRun\command\\"" -> E:\WIN\setup.exe [E:\WIN\setup.exe] -> File not found
\{1181585b-1192-11de-99b3-001e336a6deb}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1181585b-1192-11de-99b3-001e336a6deb}\shell\AutoRun\command
\{1181585b-1192-11de-99b3-001e336a6deb}\shell\AutoRun\command\\"" -> E:\JDLightning\Windows\JDLightning.exe [E:\JDLightning\Windows\JDLightning.exe] -> File not found
\{6d65a22b-09ef-11de-8691-00a0d5ffff85}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6d65a22b-09ef-11de-8691-00a0d5ffff85}\shell
\{6d65a22b-09ef-11de-8691-00a0d5ffff85}\shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6d65a22b-09ef-11de-8691-00a0d5ffff85}\shell\AutoRun\command
\{6d65a22b-09ef-11de-8691-00a0d5ffff85}\shell\AutoRun\command\\"" -> G:\LaunchU3.exe [G:\LaunchU3.exe -a] -> File not found
 
[Registry - Additional Scans - Safe List]
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
[Files/Folders - Created Within 30 Days]
Trojan Virus Fix -> C:\Users\Shontia\Documents\Trojan Virus Fix -> [2009/06/13 09:58:01 | 00,000,000 | ---D | C]
Minidump -> C:\Windows\Minidump -> [2009/06/13 08:06:53 | 00,000,000 | ---D | C]
MEMORY.DMP -> C:\Windows\MEMORY.DMP -> [2009/06/13 08:04:49 | 63,077,3491 | ---- | C] ()
MGR_SCHEDULE.xls -> C:\Users\Shontia\Desktop\MGR_SCHEDULE.xls -> [2009/06/12 18:24:18 | 00,046,080 | ---- | C] ()
Malwarebytes -> C:\Users\Shontia\AppData\Roaming\Malwarebytes -> [2009/06/12 17:57:51 | 00,000,000 | ---D | C]
mbamswissarmy.sys -> C:\Windows\SysWow64\drivers\mbamswissarmy.sys -> [2009/06/12 17:57:47 | 00,040,160 | ---- | C] (Malwarebytes Corporation)
mbam.sys -> C:\Windows\SysNative\drivers\mbam.sys -> [2009/06/12 17:57:45 | 00,022,040 | ---- | C] ()
Malwarebytes' Anti-Malware -> C:\Program Files (x86)\Malwarebytes' Anti-Malware -> [2009/06/12 17:57:45 | 00,000,000 | ---D | C]
Malwarebytes -> C:\ProgramData\Malwarebytes -> [2009/06/12 17:57:45 | 00,000,000 | ---D | C]
_OTS -> C:\_OTS -> [2009/06/12 17:09:32 | 00,000,000 | ---D | C]
grabandgo.xls -> C:\Users\Shontia\Desktop\grabandgo.xls -> [2009/06/11 13:21:54 | 00,019,456 | ---- | C] ()
pg2-rc1-test2-2.exe -> C:\Users\Shontia\Desktop\pg2-rc1-test2-2.exe -> [2009/06/10 07:58:34 | 01,958,450 | ---- | C] (Methlabs Productions                                        )
spybotsd162.exe -> C:\Users\Shontia\Desktop\spybotsd162.exe -> [2009/06/10 07:47:23 | 16,409,960 | ---- | C] (Safer Networking Limited                                    )
filealyz.exe -> C:\Users\Shontia\Desktop\filealyz.exe -> [2009/06/10 07:42:27 | 02,992,752 | ---- | C] (Safer Networking Limited                                    )
localspl.dll -> C:\Windows\SysNative\localspl.dll -> [2009/06/10 06:56:14 | 00,791,552 | ---- | C] ()
localspl.dll -> C:\Windows\SysWow64\localspl.dll -> [2009/06/10 06:56:14 | 00,636,928 | ---- | C] (Microsoft Corporation)
rpcrt4.dll -> C:\Windows\SysNative\rpcrt4.dll -> [2009/06/10 06:56:09 | 01,280,512 | ---- | C] ()
rpcrt4.dll -> C:\Windows\SysWow64\rpcrt4.dll -> [2009/06/10 06:56:08 | 00,677,376 | ---- | C] (Microsoft Corporation)
win32k.sys -> C:\Windows\SysNative\win32k.sys -> [2009/06/10 06:56:07 | 02,742,272 | ---- | C] ()
mshtml.dll -> C:\Windows\SysNative\mshtml.dll -> [2009/06/10 06:55:57 | 05,682,688 | ---- | C] ()
mshtml.dll -> C:\Windows\SysWow64\mshtml.dll -> [2009/06/10 06:55:56 | 03,581,952 | ---- | C] (Microsoft Corporation)
ieframe.dll -> C:\Windows\SysNative\ieframe.dll -> [2009/06/10 06:55:55 | 07,004,672 | ---- | C] ()
urlmon.dll -> C:\Windows\SysNative\urlmon.dll -> [2009/06/10 06:55:53 | 01,418,752 | ---- | C] ()
ieframe.dll -> C:\Windows\SysWow64\ieframe.dll -> [2009/06/10 06:55:52 | 06,069,248 | ---- | C] (Microsoft Corporation)
urlmon.dll -> C:\Windows\SysWow64\urlmon.dll -> [2009/06/10 06:55:51 | 01,166,336 | ---- | C] (Microsoft Corporation)
wininet.dll -> C:\Windows\SysNative\wininet.dll -> [2009/06/10 06:55:51 | 01,014,272 | ---- | C] ()
wininet.dll -> C:\Windows\SysWow64\wininet.dll -> [2009/06/10 06:55:50 | 00,827,904 | ---- | C] (Microsoft Corporation)
msfeeds.dll -> C:\Windows\SysNative\msfeeds.dll -> [2009/06/10 06:55:49 | 00,580,608 | ---- | C] ()
iedkcs32.dll -> C:\Windows\SysNative\iedkcs32.dll -> [2009/06/10 06:55:49 | 00,480,256 | ---- | C] ()
iertutil.dll -> C:\Windows\SysNative\iertutil.dll -> [2009/06/10 06:55:49 | 00,375,296 | ---- | C] ()
iertutil.dll -> C:\Windows\SysWow64\iertutil.dll -> [2009/06/10 06:55:49 | 00,270,848 | ---- | C] (Microsoft Corporation)
msfeeds.dll -> C:\Windows\SysWow64\msfeeds.dll -> [2009/06/10 06:55:48 | 00,458,240 | ---- | C] (Microsoft Corporation)
iedkcs32.dll -> C:\Windows\SysWow64\iedkcs32.dll -> [2009/06/10 06:55:48 | 00,389,120 | ---- | C] (Microsoft Corporation)
ieaksie.dll -> C:\Windows\SysNative\ieaksie.dll -> [2009/06/10 06:55:48 | 00,267,776 | ---- | C] ()
mshtml.tlb -> C:\Windows\SysWow64\mshtml.tlb -> [2009/06/10 06:55:47 | 01,383,424 | ---- | C] (Microsoft Corporation)
mstime.dll -> C:\Windows\SysNative\mstime.dll -> [2009/06/10 06:55:47 | 01,129,984 | ---- | C] ()
mstime.dll -> C:\Windows\SysWow64\mstime.dll -> [2009/06/10 06:55:47 | 00,671,232 | ---- | C] (Microsoft Corporation)
html.iec -> C:\Windows\SysNative\html.iec -> [2009/06/10 06:55:47 | 00,485,376 | ---- | C] ()
html.iec -> C:\Windows\SysWow64\html.iec -> [2009/06/10 06:55:47 | 00,389,632 | ---- | C] (Microsoft Corporation)
ieaksie.dll -> C:\Windows\SysWow64\ieaksie.dll -> [2009/06/10 06:55:47 | 00,230,400 | ---- | C] (Microsoft Corporation)
occache.dll -> C:\Windows\SysNative\occache.dll -> [2009/06/10 06:55:47 | 00,165,376 | ---- | C] ()
occache.dll -> C:\Windows\SysWow64\occache.dll -> [2009/06/10 06:55:47 | 00,102,912 | ---- | C] (Microsoft Corporation)
ieencode.dll -> C:\Windows\SysNative\ieencode.dll -> [2009/06/10 06:55:47 | 00,086,528 | ---- | C] ()
ieencode.dll -> C:\Windows\SysWow64\ieencode.dll -> [2009/06/10 06:55:47 | 00,078,336 | ---- | C] (Microsoft Corporation)
ieUnatt.exe -> C:\Windows\SysNative\ieUnatt.exe -> [2009/06/10 06:55:47 | 00,032,768 | ---- | C] ()
jsproxy.dll -> C:\Windows\SysNative\jsproxy.dll -> [2009/06/10 06:55:47 | 00,032,256 | ---- | C] ()
jsproxy.dll -> C:\Windows\SysWow64\jsproxy.dll -> [2009/06/10 06:55:47 | 00,028,160 | ---- | C] (Microsoft Corporation)
ieUnatt.exe -> C:\Windows\SysWow64\ieUnatt.exe -> [2009/06/10 06:55:47 | 00,026,624 | ---- | C] (Microsoft Corporation)
mshtml.tlb -> C:\Windows\SysNative\mshtml.tlb -> [2009/06/10 06:55:46 | 01,383,424 | ---- | C] ()
N360BUOptions.ini -> C:\ProgramData\N360BUOptions.ini -> [2009/06/09 19:45:35 | 00,007,361 | ---- | C] ()
Adobe -> C:\Users\Shontia\AppData\Local\Adobe -> [2009/06/09 18:11:16 | 00,000,000 | ---D | C]
Adobe -> C:\Users\Shontia\AppData\Roaming\Adobe -> [2009/06/09 18:00:29 | 00,000,000 | ---D | C]
FOOD AND NUTRITION SERVICES MANAGER.docx -> C:\Users\Shontia\Documents\FOOD AND NUTRITION SERVICES MANAGER.docx -> [2009/06/09 16:35:24 | 00,010,827 | ---- | C] ()
MGR SCHEDULE.xls -> C:\Users\Shontia\Desktop\MGR SCHEDULE.xls -> [2009/06/08 17:05:57 | 00,038,400 | ---- | C] ()
ZAMI -> C:\Users\Shontia\Documents\ZAMI -> [2009/06/07 15:27:31 | 00,000,000 | ---D | C]
setup.exe -> C:\Users\Shontia\Desktop\setup.exe -> [2009/06/03 11:36:44 | 06,097,532 | ---- | C] (Kappix                                                      )
Product.doc -> C:\Users\Shontia\Documents\Product.doc -> [2009/06/02 20:02:35 | 00,026,624 | ---- | C] ()
Wondershare -> C:\Program Files (x86)\Wondershare -> [2009/06/01 17:42:26 | 00,000,000 | ---D | C]
Adobe Reader 8.lnk -> C:\Users\Public\Desktop\Adobe Reader 8.lnk -> [2009/06/01 12:04:34 | 00,001,928 | ---- | C] ()
Dear Shontia.docx -> C:\Users\Shontia\Documents\Dear Shontia.docx -> [2009/06/01 11:05:50 | 00,010,705 | ---- | C] ()
Dear Leea.docx -> C:\Users\Shontia\Documents\Dear Leea.docx -> [2009/05/28 18:44:35 | 00,013,322 | ---- | C] ()
fbd.sys -> C:\Windows\SysWow64\drivers\fbd.sys -> [2009/03/04 19:27:52 | 00,000,013 | RHS- | C] ()
swmsflt.sys -> C:\Windows\SysWow64\drivers\swmsflt.sys -> [2008/10/15 11:58:34 | 00,028,808 | ---- | C] ()
csellang.ini -> C:\Windows\SysWow64\csellang.ini -> [2008/09/12 22:38:49 | 00,128,113 | ---- | C] ()
csellang.dll -> C:\Windows\SysWow64\csellang.dll -> [2008/09/12 22:38:49 | 00,045,056 | ---- | C] ()
cseltbl.ini -> C:\Windows\SysWow64\cseltbl.ini -> [2008/09/12 22:38:49 | 00,007,671 | ---- | C] ()
NDSTray.INI -> C:\Windows\NDSTray.INI -> [2008/08/20 15:42:05 | 00,000,000 | ---- | C] ()
IVIresizeW7.dll -> C:\Windows\SysWow64\IVIresizeW7.dll -> [2008/08/20 14:34:13 | 00,204,800 | ---- | C] ()
IVIresizeA6.dll -> C:\Windows\SysWow64\IVIresizeA6.dll -> [2008/08/20 14:34:13 | 00,200,704 | ---- | C] ()
IVIresizeP6.dll -> C:\Windows\SysWow64\IVIresizeP6.dll -> [2008/08/20 14:34:13 | 00,192,512 | ---- | C] ()
IVIresizeM6.dll -> C:\Windows\SysWow64\IVIresizeM6.dll -> [2008/08/20 14:34:13 | 00,192,512 | ---- | C] ()
IVIresizePX.dll -> C:\Windows\SysWow64\IVIresizePX.dll -> [2008/08/20 14:34:13 | 00,188,416 | ---- | C] ()
IVIresize.dll -> C:\Windows\SysWow64\IVIresize.dll -> [2008/08/20 14:34:13 | 00,020,480 | ---- | C] ()
tcpmon.ini -> C:\Windows\SysWow64\tcpmon.ini -> [2008/01/20 21:50:05 | 00,060,124 | ---- | C] ()
msjetoledb40.dll -> C:\Windows\SysWow64\msjetoledb40.dll -> [2008/01/20 21:49:49 | 00,368,640 | ---- | C] ()
win.ini -> C:\Windows\win.ini -> [2006/11/02 07:34:27 | 00,000,219 | ---- | C] ()
system.ini -> C:\Windows\system.ini -> [2006/11/02 07:34:27 | 00,000,219 | ---- | C] ()
 
[Files/Folders - Modified Within 30 Days]
42 C:\Users\Shontia\AppData\Local\Temp\Low\jkos-Shontia\binaries\*.tmp files -> C:\Users\Shontia\AppData\Local\Temp\Low\jkos-Shontia\binaries\*.tmp -> 
NTUSER.DAT -> C:\Users\Shontia\NTUSER.DAT -> [2009/06/13 11:11:56 | 02,097,152 | -HS- | M] ()
PerfStringBackup.INI -> C:\Windows\SysNative\PerfStringBackup.INI -> [2009/06/13 09:07:47 | 00,690,960 | ---- | M] ()
perfh009.dat -> C:\Windows\SysNative\perfh009.dat -> [2009/06/13 09:07:47 | 00,595,684 | ---- | M] ()
perfc009.dat -> C:\Windows\SysNative\perfc009.dat -> [2009/06/13 09:07:47 | 00,101,350 | ---- | M] ()
bootstat.dat -> C:\Windows\bootstat.dat -> [2009/06/13 09:06:18 | 00,067,584 | --S- | M] ()
qmgr0.dat -> C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat -> [2009/06/13 08:09:46 | 04,194,304 | ---- | M] ()
qmgr1.dat -> C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat -> [2009/06/13 08:09:45 | 04,194,304 | ---- | M] ()
MEMORY.DMP -> C:\Windows\MEMORY.DMP -> [2009/06/13 08:06:50 | 63,077,3491 | ---- | M] ()
SA.DAT -> C:\Windows\tasks\SA.DAT -> [2009/06/13 08:05:45 | 00,000,006 | -H-- | M] ()
hiberfil.sys -> C:\hiberfil.sys -> [2009/06/13 08:04:45 | 41,582,63296 | -HS- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [2009/06/13 02:18:03 | 00,003,616 | -H-- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [2009/06/13 02:18:03 | 00,003,616 | -H-- | M] ()
PublishedRacMonSWITable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonSWITable.DAT -> [2009/06/13 00:33:10 | 00,133,480 | ---- | M] ()
PublishedRacMonAFLTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonAFLTable.DAT -> [2009/06/13 00:33:10 | 00,010,212 | ---- | M] ()
PublishedRacMonOSFTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonOSFTable.DAT -> [2009/06/13 00:33:10 | 00,000,552 | ---- | M] ()
PublishedRacMonHFLTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonHFLTable.DAT -> [2009/06/13 00:33:10 | 00,000,000 | ---- | M] ()
PublishedRacMonCLKTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonCLKTable.DAT -> [2009/06/13 00:33:10 | 00,000,000 | ---- | M] ()
PublishedRacMonIndex.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonIndex.DAT -> [2009/06/13 00:33:09 | 00,002,424 | ---- | M] ()
sfdb.dat -> C:\Users\Shontia\AppData\Local\Temp\Low\jkos-Shontia\engine\bases\sfdb.dat -> [2009/06/12 23:32:54 | 00,232,068 | ---- | M] ()
msvcr80.dll -> C:\Users\Shontia\AppData\Local\Temp\Low\jkos-Shontia\binaries\msvcr80.dll -> [2009/06/12 23:31:25 | 00,626,688 | ---- | M] (Microsoft Corporation)
msvcp80.dll -> C:\Users\Shontia\AppData\Local\Temp\Low\jkos-Shontia\binaries\msvcp80.dll -> [2009/06/12 23:31:25 | 00,548,864 | ---- | M] (Microsoft Corporation)
prremote.dll -> C:\Users\Shontia\AppData\Local\Temp\Low\jkos-Shontia\binaries\prremote.dll -> [2009/06/12 23:31:25 | 00,090,112 | ---- | M] (Kaspersky Lab)
ikave.dll -> C:\Users\Shontia\AppData\Local\Temp\Low\jkos-Shontia\binaries\ikave.dll -> [2009/06/12 23:31:25 | 00,065,536 | ---- | M] ()
msvcm80.dll -> C:\Users\Shontia\AppData\Local\Temp\Low\jkos-Shontia\binaries\msvcm80.dll -> [2009/06/12 23:31:23 | 00,479,232 | ---- | M] (Microsoft Corporation)
GoogleUpdateTaskUserS-1-5-21-1181517193-3524019295-1311160477-1000.job -> C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1181517193-3524019295-1311160477-1000.job -> [2009/06/12 21:52:15 | 00,000,864 | ---- | M] ()
kosglue-7.0.26.0.dll -> C:\Users\Shontia\AppData\Local\Temp\Low\jkos-Shontia\binaries\kosglue-7.0.26.0.dll -> [2009/06/12 18:30:23 | 00,729,152 | ---- | M] (Kaspersky Lab)
prLoader.dll -> C:\Users\Shontia\AppData\Local\Temp\Low\jkos-Shontia\binaries\prLoader.dll -> [2009/06/12 18:30:23 | 00,184,320 | ---- | M] (Kaspersky Lab)
kave.dll -> C:\Users\Shontia\AppData\Local\Temp\Low\jkos-Shontia\binaries\kave.dll -> [2009/06/12 18:30:22 | 00,282,624 | ---- | M] (Kaspersky Lab.)
ScanningProcess.exe -> C:\Users\Shontia\AppData\Local\Temp\Low\jkos-Shontia\binaries\ScanningProcess.exe -> [2009/06/12 18:30:22 | 00,139,264 | ---- | M] (Kaspersky Lab.)
FSSync.dll -> C:\Users\Shontia\AppData\Local\Temp\Low\jkos-Shontia\binaries\FSSync.dll -> [2009/06/12 18:30:22 | 00,038,400 | ---- | M] (Kaspersky Lab)
MGR_SCHEDULE.xls -> C:\Users\Shontia\Desktop\MGR_SCHEDULE.xls -> [2009/06/12 18:24:19 | 00,046,080 | ---- | M] ()
NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Shontia\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms -> [2009/06/12 18:16:49 | 00,524,288 | -HS- | M] ()
NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf -> C:\Users\Shontia\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf -> [2009/06/12 18:16:49 | 00,065,536 | -HS- | M] ()
IconCache.db -> C:\Users\Shontia\AppData\Local\IconCache.db -> [2009/06/12 18:16:48 | 06,291,456 | -H-- | M] ()
ShontiaRivers Resume.pdf -> C:\Users\Shontia\Documents\ShontiaRivers Resume.pdf -> [2009/06/11 14:09:48 | 00,026,604 | ---- | M] ()
grabandgo.xls -> C:\Users\Shontia\Desktop\grabandgo.xls -> [2009/06/11 13:21:56 | 00,019,456 | ---- | M] ()
FNTCACHE.DAT -> C:\Windows\SysNative\FNTCACHE.DAT -> [2009/06/11 06:25:40 | 00,397,800 | ---- | M] ()
pg2-rc1-test2-2.exe -> C:\Users\Shontia\Desktop\pg2-rc1-test2-2.exe -> [2009/06/10 07:58:40 | 01,958,450 | ---- | M] (Methlabs Productions                                        )
spybotsd162.exe -> C:\Users\Shontia\Desktop\spybotsd162.exe -> [2009/06/10 07:47:38 | 16,409,960 | ---- | M] (Safer Networking Limited                                    )
filealyz.exe -> C:\Users\Shontia\Desktop\filealyz.exe -> [2009/06/10 07:42:44 | 02,992,752 | ---- | M] (Safer Networking Limited                                    )
N360BUOptions.ini -> C:\ProgramData\N360BUOptions.ini -> [2009/06/09 19:45:35 | 00,007,361 | ---- | M] ()
GDIPFONTCACHEV1.DAT -> C:\Users\Shontia\AppData\Local\GDIPFONTCACHEV1.DAT -> [2009/06/09 19:40:15 | 00,114,832 | ---- | M] ()
FOOD AND NUTRITION SERVICES MANAGER.docx -> C:\Users\Shontia\Documents\FOOD AND NUTRITION SERVICES MANAGER.docx -> [2009/06/09 16:35:25 | 00,010,827 | ---- | M] ()
ShontiaRivers Resume.doc -> C:\Users\Shontia\Documents\ShontiaRivers Resume.doc -> [2009/06/09 15:51:57 | 00,036,352 | ---- | M] ()
MGR SCHEDULE.xls -> C:\Users\Shontia\Desktop\MGR SCHEDULE.xls -> [2009/06/08 17:06:01 | 00,038,400 | ---- | M] ()
setup.exe -> C:\Users\Shontia\Desktop\setup.exe -> [2009/06/03 11:36:53 | 06,097,532 | ---- | M] (Kappix                                                      )
Product.doc -> C:\Users\Shontia\Documents\Product.doc -> [2009/06/02 20:02:35 | 00,026,624 | ---- | M] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\Shontia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009/06/01 16:52:38 | 00,008,192 | ---- | M] ()
mrt.exe -> C:\Windows\SysNative\mrt.exe -> [2009/06/01 12:16:48 | 25,255,368 | ---- | M] ()
Adobe Reader 8.lnk -> C:\Users\Public\Desktop\Adobe Reader 8.lnk -> [2009/06/01 12:04:34 | 00,001,928 | ---- | M] ()
Dear Shontia.docx -> C:\Users\Shontia\Documents\Dear Shontia.docx -> [2009/06/01 11:06:11 | 00,010,705 | ---- | M] ()
Dear Leea.docx -> C:\Users\Shontia\Documents\Dear Leea.docx -> [2009/05/30 11:33:01 | 00,013,322 | ---- | M] ()
mbamswissarmy.sys -> C:\Windows\SysWow64\drivers\mbamswissarmy.sys -> [2009/05/26 13:20:08 | 00,040,160 | ---- | M] (Malwarebytes Corporation)
mbam.sys -> C:\Windows\SysNative\drivers\mbam.sys -> [2009/05/26 13:19:58 | 00,022,040 | ---- | M] ()
budget.xls -> C:\Users\Shontia\Documents\budget.xls -> [2009/05/15 12:01:55 | 00,039,936 | ---- | M] ()
opa12.dat -> C:\ProgramData\Microsoft\OFFICE\DATA\opa12.dat -> [2009/04/10 05:42:59 | 00,008,440 | ---- | M] ()
Shontia.dat -> C:\ProgramData\Microsoft\User Account Pictures\Shontia.dat -> [2009/03/04 19:27:43 | 00,000,000 | ---- | M] ()
 
[File - Lop Check]
Roaming -> C:\Users\Default\AppData\Roaming -> [2006/11/02 10:07:25 | 00,000,000 | ---D | M]
Media Center Programs -> C:\Users\Default\AppData\Roaming\Media Center Programs -> [2006/11/02 10:07:25 | 00,000,000 | ---D | M]
Roaming -> C:\Users\Default User\AppData\Roaming -> [2006/11/02 10:07:25 | 00,000,000 | ---D | M]
Media Center Programs -> C:\Users\Default User\AppData\Roaming\Media Center Programs -> [2006/11/02 10:07:25 | 00,000,000 | ---D | M]
Roaming -> C:\Users\Shontia\AppData\Roaming -> [2009/06/12 17:57:51 | 00,000,000 | ---D | M]
ATI -> C:\Users\Shontia\AppData\Roaming\ATI -> [2009/03/04 19:28:37 | 00,000,000 | ---D | M]
LimeWire -> C:\Users\Shontia\AppData\Roaming\LimeWire -> [2009/06/09 16:02:15 | 00,000,000 | ---D | M]
Media Center Programs -> C:\Users\Shontia\AppData\Roaming\Media Center Programs -> [2006/11/02 10:07:25 | 00,000,000 | ---D | M]
Sierra Wireless -> C:\Users\Shontia\AppData\Roaming\Sierra Wireless -> [2009/03/04 19:53:29 | 00,000,000 | ---D | M]
TOSHIBA -> C:\Users\Shontia\AppData\Roaming\TOSHIBA -> [2009/05/02 13:26:22 | 00,000,000 | ---D | M]
WildTangent -> C:\Users\Shontia\AppData\Roaming\WildTangent -> [2009/04/05 10:15:00 | 00,000,000 | ---D | M]
C:\Windows\Tasks\ -> C:\Windows\Tasks -> [2009/06/12 17:09:33 | 00,000,000 | ---D | M]
GoogleUpdateTaskUserS-1-5-21-1181517193-3524019295-1311160477-1000.job -> C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1181517193-3524019295-1311160477-1000.job -> [2009/06/12 21:52:15 | 00,000,864 | ---- | M] ()
SA.DAT -> C:\Windows\Tasks\SA.DAT -> [2009/06/13 08:05:45 | 00,000,006 | -H-- | M] ()
SCHEDLGU.TXT -> C:\Windows\Tasks\SCHEDLGU.TXT -> [2009/06/12 18:16:55 | 00,021,760 | ---- | M] ()
 
[File - Purity Scan]
 
< End of report >

CatByte · 06-13-2009, 10:41 AM

Hi,

Yes try rebooting a couple of times.

removing malware is often a tricky business and sometimes when it is removed it can break a necessary service.

If rebooting doesn't resolve the outstanding issues, then I suggest posting a new topic in our Vista forum and let the tech experts see if they can find what the issue is.

The issues that you describe are not malware related.

Link back to this topic so the tech's can see you are clean of malware:

Lets clean up the tools now and set a new restore point:

First do this:

Visit ADOBEand download the latest version of Acrobat Reader (version 9.1)
Having the latest updates ensures there are no security vulnerabilities in your system.

NEXT

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.

Download the latest version of Java Runtime Environment (JRE) 6 and save it to your desktop.
Scroll down to where it says "Java SE Runtime Environment (JRE) 6 Update 14. The Java SE Runtime Environment (JRE) allows end-users to run Java applications."
Click the "Download" button to the right.
Select the Windows platform from the dropdown menu.
Read the License Agreement and then check the box that says: " I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement". Click on Continue.The page will refresh.
Click on the link to download Windows Offline Installation and save the file to your desktop.
Close any programs you may have running - especially your web browser.

Now go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java(TM) 6) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u13-windows-i586-p.exe to install the newest version.

After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
- On the General tab, under Temporary Internet Files, click the Settings button.
- Next, click on the Delete Files button
- There are two options in the window to clear the cache - Leave BOTH Checked
  - Applications and AppletsTrace and Log Files
- Click OK on Delete Temporary Files Window
  
  Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
- Click OK to leave the Temporary Files Window
- Click OK to leave the Java Control Panel.

NEXT

Make sure you have an Internet Connection.
Double-click OTS.exe to run it. (Vista users, please right click on OTS.exe and select "Run as an Administrator")
Click on the CleanUp! button
A list of tool components used in the Cleanup of malware will be downloaded.
If your Firewall or Real Time protection attempts to block OTS to reach the Internet, please allow the application to do so.
Click Yes to begin the Cleanup process and remove these components, including this application.
You should be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

NEXT

Now we need to create a new clean SYSTEM RESTORE point.

Close and save any documents that you may have open.
Open up the Start Menu and right-click on "Computer", and then select "Properties"
This will take you into the System area of Control Panel. Click on the "Advanced system settings" on the left hand side.
Now select the "System Protection" tab to get to the System Restore section.
Click the "Create" button to create a new restore point. You'll be prompted for a name, and you might want to give it a useful name that you'll be able to easily identify later.
Click the Create button, and then the system will create the restore point.
When it's all finished, you'll get a message saying it's completed successfully.
You will now have a new restore point

Then remove all previous Restore Points

Click Start Menu > Run > copy and paste
cleanmgr into the run box
At the top, click on the More Options tab, under System Restore and Shadow Copies group,
Click the Clean up button,
Vista will ask you if you’re sure, click on Yes button.
When finished, click on Cancel button to exit.

Next

I will include all my usual closing recommendations: some of the programs may not be compatible with 64bit Vista, so just give them a try - keep if you wish:

Below I have included a number of recommendations for how to protect your computer against malware infections.

Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.
SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.
SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.
Make Internet Explorer more secure
- Click Start > Run
- Type Inetcpl.cpl & click OK
- Click on the Security tab
- Click Reset all zones to default level
- Make sure the Internet Zone is selected & Click Custom level
- In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
- Next Click OK, then Apply button and then OK to exit the Internet Properties page.
ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
- Green to go
- Yellow for caution
- Red to stop
WOT has an addon available for both Firefox and IE
For Firefox, I highly recommend this add-on to keep your PC even more secure.
- NoScript - for blocking ads and other potential website attacks
Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
Think Prevention.
PC Safety and Security--What Do I Need?.

**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

vibrantverse · 06-13-2009, 02:50 PM

I was not able to finish the OTS clean-up. I tried five different times and as the clean-up was running, it would say the program had stopped responding. Anyways, I did go ahead and reboot the computer. I followed the other instructions you listed. The only 3 programs I tried to download were Erunt, Spyware Guard and MVSP Hosts...both didn't work. I had the spyware guard icon on my desktop, but every time I double clicked on it or went to click on it from the system tray, nothing happened. I saved the Hosts.zip file to my desktop, but when I double clicked to open it it said the file was not found. So I just gave up on both of those, after trying to re-download them a couple times. I'm downloading Erunt now, that seems to be working.

Also, there are many files and folders under My Documents and Program Files which have icons that are faded...why is that? Can I delete them?

CatByte · 06-13-2009, 04:34 PM

Quote:

Also, there are many files and folders under My Documents and Program Files which have icons that are faded...why is that? Can I delete them?

No, those are hidden system files,

we need to reset them back to hidden,

OTS shows hidden files and folders as part of the cleaning process.

Please do the following:

Go to Start > Control Panel > Click Folder Options

On the view Tab > click the RESTORE DEFAULTS button > OK

That will set everything back to normal.

vibrantverse · 06-14-2009, 10:10 AM

Thanks, that seemed to work.

CatByte · 06-14-2009, 10:15 AM

Any other issues or can we close this thread as resolved?

vibrantverse · 06-14-2009, 10:18 AM

Nope that's it. Thanks for your help!!!

CatByte · 06-14-2009, 10:20 AM

You are more than welcome

stay safe

CB

06-09-2009, 07:21 PM	#1 (permalink)
vibrantverse Registered User Join Date: Jun 2009 Posts: 8 OS: Windows Vista Home Premium, Service Pack 1	DDS does not support my operating system (Trojan removal help) Hello, I am a new member seeking help removing a Trojan virus on my computer. The virus pops-up through Windows Defender and is called "TrojanDownloader:Win32/Renos.IO". I visited the post "New Instructions for Trojan/Spyware Removal Help" to begin the process of posting my logs to get help removing the virus. However, when I downloaded the tool "DDS" and ran the application, I received an error message saying the DDS tool is not compatible with my operating system. Obviously, I cannot continue the process listed in the aforementioned thread (which is now closed)...could someone help me in finding another tool besides DDS which I can run to post my logs in this forum? Thanks for your help! PS: My operating system is Windows Vista Home Premium, Service Pack 1

06-11-2009, 08:54 AM	#2 (permalink)
CatByte Analyst, Security Team Join Date: Jan 2009 Location: Canada Posts: 1,989 OS: XP sp3	Re: DDS does not support my operating system (Trojan removal help) Hi, Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe. NOTE: Malware removal is NOT instantaneous. Most infections require more than one round to properly eradicate. Absence of symptoms does not always mean the job is complete. You can be certain that I will advise you when the computer is clean. Kindly follow my instructions in the order posted. Please resist the urge to run further scans or fix items on your own without my direction. Please do the following: Download OTS to your Desktop Close ALL OTHER PROGRAMS. Double-click on OTS.exe to start the program. Check the box that says Scan All Users Check the box that says 64 bit Under Additional Scans check the following: File - Lop Check File - Purity Scan Evnt - EvtViewer (last 10) Now click the Run Scan button on the toolbar. Let it run unhindered until it finishes. When the scan is complete Notepad will open with the report file loaded in it. Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it. Please attach the log in your next post. __________________ ASAP & UNITE Member

06-12-2009, 04:31 PM	#5 (permalink)
vibrantverse Registered User Join Date: Jun 2009 Posts: 8 OS: Windows Vista Home Premium, Service Pack 1	Re: DDS does not support my operating system (Trojan removal help) The computer is running just a tad slower than usual, but that me because I've been on it all day. Other than that, it seems ok. All Processes Killed [Registry - Safe List] Registry value HKEY_USERS\S-1-5-21-1181517193-3524019295-1311160477-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Cognac deleted successfully. [Files/Folders - Created Within 30 Days] C:\Windows\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job moved successfully. C:\Windows\tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job moved successfully. [Files/Folders - Modified Within 30 Days] C:\Windows\msdownld.tmp folder deleted successfully. C:\Users\Shontia\AppData\Local\Temp\7zS1CF2.tmp folder deleted successfully. C:\Users\Shontia\AppData\Local\Temp\~nsu.tmp folder deleted successfully. File C:\Windows\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job not found! File C:\Windows\tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job not found! C:\Users\Shontia\AppData\Local\Temp\a.dat moved successfully. C:\Users\Shontia\AppData\Local\Temp\Low\d.exe moved successfully. [File - Lop Check] File C:\Windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job not found! File C:\Windows\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job not found! [Purity] Purity scan complete. [Empty Temp Folders] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public User: Shontia ->Temp folder emptied: 17848945 bytes File delete failed. C:\Users\Shontia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. ->Temporary Internet Files folder emptied: 742131490 bytes ->Java cache emptied: 1225056 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes Windows Temp folder emptied: 75522 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 731.25 mb Explorer started successfully < End of fix log > OTS by OldTimer - Version 3.0.5.1 fix logfile created on 06122009_170932 Files\Folders moved on Reboot... Registry entries deleted on Reboot... Last edited by vibrantverse; 06-12-2009 at 04:35 PM.

06-12-2009, 04:39 PM	#6 (permalink)
CatByte Analyst, Security Team Join Date: Jan 2009 Location: Canada Posts: 1,989 OS: XP sp3	Re: DDS does not support my operating system (Trojan removal help) Hi, Please do the following: Please download Malwarebytes' Anti-Malware Vista users - right click on the IE icon and run as administrator Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish, so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. <-- very important When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. NEXT Run an on-line scan with Kaspersky Vista users - right click on the IE icon and run as administrator Please do a scan with Kaspersky Online Scanner. Please note: Kaspersky requires Java Runtime Environment (JRE) be installed before scanning for malware, as ActiveX is no longer being used.) If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan. Open the Kaspersky WebScanner page. Click on the button on the main page. The program will launch and fill in the Information section on the left. Read the "Requirements and Limitations" then press the button. The program will begin downloading the latest program and definition files. It may take a while so please be patient and let it finish. under the Scan section on the left: Select My Computer The program will now start and scan your system. This will run for a while, be patient and let it finish. Once the scan is complete, click on View scan report Now, click on the Save Report as button. Save the file to your desktop. Copy and paste that information in your next post. You can refer to this animation by sundavis. In your next reply please include MBAM Log Kaspersky report __________________ ASAP & UNITE Member

06-13-2009, 09:29 AM	#8 (permalink)
CatByte Analyst, Security Team Join Date: Jan 2009 Location: Canada Posts: 1,989 OS: XP sp3	Re: DDS does not support my operating system (Trojan removal help) Hi, Good news for the Kaspersky scan - it appears all the malware is gone from your system. How is your computer running now? Please re run OTS and post the log so I can verify you are clean, then we can clean up the tools. __________________ ASAP & UNITE Member

06-13-2009, 10:41 AM	#10 (permalink)
CatByte Analyst, Security Team Join Date: Jan 2009 Location: Canada Posts: 1,989 OS: XP sp3	Re: DDS does not support my operating system (Trojan removal help) Hi, Yes try rebooting a couple of times. removing malware is often a tricky business and sometimes when it is removed it can break a necessary service. If rebooting doesn't resolve the outstanding issues, then I suggest posting a new topic in our Vista forum and let the tech experts see if they can find what the issue is. The issues that you describe are not malware related. Link back to this topic so the tech's can see you are clean of malware: Lets clean up the tools now and set a new restore point: First do this: Visit ADOBEand download the latest version of Acrobat Reader (version 9.1) Having the latest updates ensures there are no security vulnerabilities in your system. NEXT Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update. Download the latest version of Java Runtime Environment (JRE) 6 and save it to your desktop. Scroll down to where it says "Java SE Runtime Environment (JRE) 6 Update 14. The Java SE Runtime Environment (JRE) allows end-users to run Java applications." Click the "Download" button to the right. Select the Windows platform from the dropdown menu. Read the License Agreement and then check the box that says: " I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement". Click on Continue.The page will refresh. Click on the link to download Windows Offline Installation and save the file to your desktop. Close any programs you may have running - especially your web browser. Now go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java. Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java(TM) 6) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java version. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6u13-windows-i586-p.exe to install the newest version. After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup) On the General tab, under Temporary Internet Files, click the Settings button. Next, click on the Delete Files button There are two options in the window to clear the cache - Leave BOTH Checked Applications and AppletsTrace and Log Files Click OK on Delete Temporary Files Window Note: This deletes ALL the Downloaded Applications and Applets from the CACHE. Click OK to leave the Temporary Files Window Click OK to leave the Java Control Panel. NEXT Make sure you have an Internet Connection. Double-click OTS.exe to run it. (Vista users, please right click on OTS.exe and select "Run as an Administrator") Click on the CleanUp! button A list of tool components used in the Cleanup of malware will be downloaded. If your Firewall or Real Time protection attempts to block OTS to reach the Internet, please allow the application to do so. Click Yes to begin the Cleanup process and remove these components, including this application. You should be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes. NEXT Now we need to create a new clean SYSTEM RESTORE point. Close and save any documents that you may have open. Open up the Start Menu and right-click on "Computer", and then select "Properties" This will take you into the System area of Control Panel. Click on the "Advanced system settings" on the left hand side. Now select the "System Protection" tab to get to the System Restore section. Click the "Create" button to create a new restore point. You'll be prompted for a name, and you might want to give it a useful name that you'll be able to easily identify later. Click the Create button, and then the system will create the restore point. When it's all finished, you'll get a message saying it's completed successfully. You will now have a new restore point Then remove all previous Restore Points Click Start Menu > Run > copy and paste cleanmgr into the run box At the top, click on the More Options tab, under System Restore and Shadow Copies group, Click the Clean up button, Vista will ask you if you’re sure, click on Yes button. When finished, click on Cancel button to exit. Next I will include all my usual closing recommendations: some of the programs may not be compatible with 64bit Vista, so just give them a try - keep if you wish: Below I have included a number of recommendations for how to protect your computer against malware infections. Keep Windows updated by regularly checking their website at : http://windowsupdate.microsoft.com/ This will ensure your computer has always the latest security updates available installed on your computer. SpywareBlaster protects against bad ActiveX, it immunizes your PC against them. SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict. Make Internet Explorer more secure Click Start > Run Type Inetcpl.cpl & click OK Click on the Security tab Click Reset all zones to default level Make sure the Internet Zone is selected & Click Custom level In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable". Next Click OK, then Apply button and then OK to exit the Internet Properties page. ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders. MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future. WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites: Green to go Yellow for caution Red to stop WOT has an addon available for both Firefox and IE For Firefox, I highly recommend this add-on to keep your PC even more secure. NoScript - for blocking ads and other potential website attacks Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions. ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed. In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles: Think Prevention. PC Safety and Security--What Do I Need?. **Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them. Thank you for your patience, and performing all of the procedures requested. Please respond one last time so we can consider the thread resolved and close it, thank-you. __________________ ASAP & UNITE Member

06-13-2009, 02:50 PM	#11 (permalink)
vibrantverse Registered User Join Date: Jun 2009 Posts: 8 OS: Windows Vista Home Premium, Service Pack 1	Re: DDS does not support my operating system (Trojan removal help) I was not able to finish the OTS clean-up. I tried five different times and as the clean-up was running, it would say the program had stopped responding. Anyways, I did go ahead and reboot the computer. I followed the other instructions you listed. The only 3 programs I tried to download were Erunt, Spyware Guard and MVSP Hosts...both didn't work. I had the spyware guard icon on my desktop, but every time I double clicked on it or went to click on it from the system tray, nothing happened. I saved the Hosts.zip file to my desktop, but when I double clicked to open it it said the file was not found. So I just gave up on both of those, after trying to re-download them a couple times. I'm downloading Erunt now, that seems to be working. Also, there are many files and folders under My Documents and Program Files which have icons that are faded...why is that? Can I delete them?

06-14-2009, 10:10 AM	#13 (permalink)
vibrantverse Registered User Join Date: Jun 2009 Posts: 8 OS: Windows Vista Home Premium, Service Pack 1	Re: DDS does not support my operating system (Trojan removal help) Thanks, that seemed to work.

06-14-2009, 10:15 AM	#14 (permalink)
CatByte Analyst, Security Team Join Date: Jan 2009 Location: Canada Posts: 1,989 OS: XP sp3	Re: DDS does not support my operating system (Trojan removal help) Any other issues or can we close this thread as resolved? __________________ ASAP & UNITE Member

06-14-2009, 10:18 AM	#15 (permalink)
vibrantverse Registered User Join Date: Jun 2009 Posts: 8 OS: Windows Vista Home Premium, Service Pack 1	Re: DDS does not support my operating system (Trojan removal help) Nope that's it. Thanks for your help!!!

06-14-2009, 10:20 AM	#16 (permalink)
CatByte Analyst, Security Team Join Date: Jan 2009 Location: Canada Posts: 1,989 OS: XP sp3	Re: DDS does not support my operating system (Trojan removal help) You are more than welcome stay safe CB __________________ ASAP & UNITE Member