Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

DDS log--hope I finally did this as you want

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

DDS log--hope I finally did this as you want

Unread postby karonruiz » May 23rd, 2011, 9:08 am

.
DDS (Ver_11-05-19.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.7600.16385
Run by Karon Ruiz at 6:00:16 on 2011-05-23
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3891.3308 [GMT -7:00]
.
AV: Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spyware Doctor *Enabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\windows\Explorer.EXE
C:\windows\system32\ctfmon.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\system32\DllHost.exe
C:\Users\Karon Ruiz\Desktop\dds.scr
C:\windows\SysWOW64\WSCRIPT.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.crawler.com/homepage.aspx?tbid=60287
uDefault_Page_URL = hxxp://start.toshiba.com/g/
uSearch Bar = hxxp://www.crawler.com/search/dispatche ... p=aus&qkw=%s&tbid=60287
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: &Crawler Toolbar Helper: {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: &Crawler Toolbar Helper: {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
BHO: Support.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: Support.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: &Crawler Toolbar: {4b3803ea-5230-4dc3-a7fc-33638f3d3542} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [SpywareTerminatorUpdate] "C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe"
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
mRun: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
mRun: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [ISTray] "C:\Program Files (x86)\PC Tools Security\pctsGui.exe" /hideGUI
mRun: [PCRx] "C:\Program Files (x86)\PCRx\PCRxTray.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
LSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg64.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [(Default)]
mRun-x64: [IgfxTray] C:\windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\windows\system32\igfxpers.exe
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
mRun-x64: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [ThpSrv] C:\windows\system32\thpsrv /logon
mRun-x64: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun-x64: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun-x64: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun-x64: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun-x64: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
mRun-x64: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
mRun-x64: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
mRun-x64: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
mRun-x64: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
mRun-x64: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
mRun-x64: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
mRun-x64: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Karon Ruiz\AppData\Roaming\Mozilla\Firefox\Profiles\2q15fo6i.default\
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;C:\windows\system32\drivers\PCTCore64.sys --> C:\windows\system32\drivers\PCTCore64.sys [?]
R0 pctDS;PC Tools Data Store;C:\windows\system32\drivers\pctDS64.sys --> C:\windows\system32\drivers\pctDS64.sys [?]
R0 pctEFA;PC Tools Extended File Attributes;C:\windows\system32\drivers\pctEFA64.sys --> C:\windows\system32\drivers\pctEFA64.sys [?]
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\system32\DRIVERS\thpdrv.sys --> C:\windows\system32\DRIVERS\thpdrv.sys [?]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\system32\DRIVERS\Thpevm.SYS --> C:\windows\system32\DRIVERS\Thpevm.SYS [?]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-5-4 128384]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\system32\DRIVERS\NETwNs64.sys --> C:\windows\system32\DRIVERS\NETwNs64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-28 136176]
S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\SymcPCCULaunchSvc.exe [2010-12-17 115056]
S2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe [2010-12-17 126392]
S2 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe [2011-5-21 366840]
S2 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\PC Tools Security\pctsSvc.exe [2011-5-21 1150936]
S2 sp_rsdrv2;Spyware Terminator Driver Filter;C:\windows\system32\DRIVERS\stflt.sys --> C:\windows\system32\DRIVERS\stflt.sys [?]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-7-28 267192]
S2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-17 2320920]
S3 acpials;ALS Sensor Filter;C:\windows\system32\DRIVERS\acpials.sys --> C:\windows\system32\DRIVERS\acpials.sys [?]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;\??\C:\windows\system32\drivers\BVRPMPR5a64.SYS --> C:\windows\system32\drivers\BVRPMPR5a64.SYS [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-28 136176]
S3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]
S3 IntcDAud;Intel(R) Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
S3 JMCR;JMCR;C:\windows\system32\DRIVERS\jmcr.sys --> C:\windows\system32\DRIVERS\jmcr.sys [?]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-7-19 340240]
S3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-12-17 51512]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
S3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-7-22 822192]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S3 wdkmd;Intel WiDi KMD;C:\windows\system32\DRIVERS\WDKMD.sys --> C:\windows\system32\DRIVERS\WDKMD.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-05-22 14:02:32 -------- d-----w- C:\Users\Karon Ruiz\AppData\Roaming\SUPERAntiSpyware.com
2011-05-22 14:02:32 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-05-22 14:02:29 -------- d-----w- C:\ProgramData\!SASCORE
2011-05-22 14:02:26 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-05-22 13:20:49 -------- d-----w- C:\ProgramData\SecTaskMan
2011-05-22 13:20:46 -------- d-----w- C:\Program Files (x86)\Security Task Manager
2011-05-22 13:15:20 -------- d-----w- C:\Users\Karon Ruiz\AppData\Roaming\PCRx
2011-05-22 07:28:37 -------- d-----w- C:\windows\SysWow64\New folder
2011-05-22 07:15:59 -------- d-----w- C:\ProgramData\PCRx
2011-05-22 07:15:58 -------- d-----w- C:\Program Files (x86)\PCRx
2011-05-22 02:42:51 -------- d-----w- C:\Program Files (x86)\Data Rescue PC 3
2011-05-22 02:03:49 -------- d-----w- C:\Users\Karon Ruiz\AppData\Roaming\GetRightToGo
2011-05-22 00:45:30 -------- d-----w- C:\Program Files (x86)\Crawler
2011-05-22 00:45:28 -------- d-----w- C:\Users\Karon Ruiz\AppData\Roaming\Spyware Terminator
2011-05-22 00:45:18 -------- d-----w- C:\ProgramData\Spyware Terminator
2011-05-22 00:45:18 -------- d-----w- C:\Program Files (x86)\Spyware Terminator
2011-05-22 00:28:53 816016 ----a-w- C:\windows\System32\drivers\pctEFA64.sys
2011-05-22 00:28:53 452872 ----a-w- C:\windows\System32\drivers\pctDS64.sys
2011-05-22 00:28:52 334976 ----a-w- C:\windows\System32\drivers\pctgntdi64.sys
2011-05-22 00:28:52 137704 ----a-w- C:\windows\System32\drivers\pctwfpfilter64.sys
2011-05-22 00:28:51 257232 ----a-w- C:\windows\System32\drivers\PCTCore64.sys
2011-05-22 00:28:48 92896 ----a-w- C:\windows\System32\drivers\pctplsg64.sys
2011-05-22 00:28:44 -------- d-----w- C:\Program Files (x86)\PC Tools Security
2011-05-22 00:25:55 257024 ----a-w- C:\windows\System32\explorer.exe.exe
2011-05-21 23:49:53 -------- d-----w- C:\Program Files (x86)\Loaris
2011-05-21 21:33:14 -------- d-----w- C:\Users\Karon Ruiz\AppData\Roaming\PC Tools
2011-05-21 21:33:14 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2011-05-20 22:50:46 -------- d-----w- C:\Program Files (x86)\SpyZooka
2011-05-20 21:02:39 -------- d-----w- C:\ProgramData\AVG Security Toolbar
2011-05-20 21:00:14 -------- d-----w- C:\windows\SysWow64\drivers\AVG
2011-05-20 20:54:51 -------- d-----w- C:\ProgramData\PC Tools
2011-05-20 12:23:46 -------- d-----w- C:\Users\Karon Ruiz\AppData\Roaming\AVG10
2011-05-20 12:20:20 -------- d--h--w- C:\ProgramData\Common Files
2011-05-20 12:18:51 -------- d-----w- C:\windows\System32\drivers\AVG
2011-05-20 12:18:51 -------- d-----w- C:\ProgramData\AVG10
2011-05-20 12:17:55 -------- d-----w- C:\Program Files (x86)\AVG
2011-05-20 12:12:59 -------- d-----w- C:\ProgramData\MFAData
2011-05-20 11:53:49 -------- d-----w- C:\Users\Karon Ruiz\AppData\Roaming\Sammsoft
2011-05-20 11:47:50 -------- d-----w- C:\Program Files (x86)\Ask.com
2011-05-20 04:28:14 0 ---ha-w- C:\Users\Karon Ruiz\AppData\Local\BITB089.tmp
2011-05-20 01:44:50 -------- d--h--w- C:\Users\Karon Ruiz\AppData\Local\CrashDumps
2011-05-18 12:49:49 8802128 ---ha-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8BA95511-0214-48B0-B2F8-6790DACF502B}\mpengine.dll
2011-05-18 12:49:28 142336 ----a-w- C:\windows\System32\poqexec.exe
2011-05-18 12:49:28 123904 ----a-w- C:\windows\SysWow64\poqexec.exe
2011-05-18 04:38:05 35840 ----a-r- C:\windows\System32\drivers\BVRPMPR5a64.SYS
2011-05-18 04:37:44 -------- d--h--w- C:\Netgear
2011-05-14 16:03:31 -------- d--h--w- C:\ProgramData\Symantec
2011-05-12 14:28:16 5509504 ----a-w- C:\windows\System32\ntoskrnl.exe
2011-05-12 14:28:13 3957632 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2011-05-12 14:28:13 3901824 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
.
==================== Find3M ====================
.
2011-03-15 21:20:04 20480 ---ha-w- C:\windows\SysWow64\cliconfg.728
2011-03-12 12:03:46 662528 ----a-w- C:\windows\System32\XpsPrint.dll
2011-03-12 11:31:58 442880 ----a-w- C:\windows\SysWow64\XpsPrint.dll
2011-03-11 06:23:13 187264 ----a-w- C:\windows\System32\drivers\storport.sys
2011-03-11 06:23:06 166272 ----a-w- C:\windows\System32\drivers\nvstor.sys
2011-03-11 06:23:06 1657216 ----a-w- C:\windows\System32\drivers\ntfs.sys
2011-03-11 06:23:06 148352 ----a-w- C:\windows\System32\drivers\nvraid.sys
2011-03-11 06:23:00 410496 ----a-w- C:\windows\System32\drivers\iaStorV.sys
2011-03-11 06:22:41 107904 ----a-w- C:\windows\System32\drivers\amdsata.sys
2011-03-11 06:22:40 27008 ----a-w- C:\windows\System32\drivers\amdxata.sys
2011-03-11 06:19:26 1395712 ----a-w- C:\windows\System32\mfc42.dll
2011-03-11 06:19:26 1359872 ----a-w- C:\windows\System32\mfc42u.dll
2011-03-11 06:18:20 2566144 ----a-w- C:\windows\System32\esent.dll
2011-03-11 06:15:54 96768 ----a-w- C:\windows\System32\fsutil.exe
2011-03-11 05:40:24 1164288 ----a-w- C:\windows\SysWow64\mfc42u.dll
2011-03-11 05:40:24 1137664 ----a-w- C:\windows\SysWow64\mfc42.dll
2011-03-11 05:39:35 1686016 ----a-w- C:\windows\SysWow64\esent.dll
2011-03-11 05:37:34 74240 ----a-w- C:\windows\SysWow64\fsutil.exe
2011-03-08 06:14:30 976896 ----a-w- C:\windows\System32\inetcomm.dll
2011-03-08 05:38:13 740864 ----a-w- C:\windows\SysWow64\inetcomm.dll
2011-03-04 06:17:25 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:17:24 347648 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 06:17:10 182272 ----a-w- C:\windows\System32\dnsrslvr.dll
2011-03-03 06:14:38 30208 ----a-w- C:\windows\System32\dnscacheugc.exe
2011-03-03 05:27:30 28672 ----a-w- C:\windows\SysWow64\dnscacheugc.exe
2011-03-03 03:58:32 3133440 ----a-w- C:\windows\System32\win32k.sys
2011-02-26 06:23:14 2870272 ----a-w- C:\windows\explorer.exe
2011-02-26 05:33:07 2614784 ----a-w- C:\windows\SysWow64\explorer.exe
2011-02-24 06:30:00 476160 ----a-w- C:\windows\System32\XpsGdiConverter.dll
2011-02-24 06:29:15 1197056 ----a-w- C:\windows\System32\wininet.dll
2011-02-24 06:24:57 57856 ----a-w- C:\windows\System32\licmgr10.dll
2011-02-24 05:32:52 288256 ----a-w- C:\windows\SysWow64\XpsGdiConverter.dll
2011-02-24 05:32:44 981504 ----a-w- C:\windows\SysWow64\wininet.dll
2011-02-24 05:30:16 44544 ----a-w- C:\windows\SysWow64\licmgr10.dll
2011-02-24 05:05:13 482816 ----a-w- C:\windows\System32\html.iec
2011-02-24 04:24:04 1638912 ----a-w- C:\windows\System32\mshtml.tlb
2011-02-24 04:23:48 386048 ----a-w- C:\windows\SysWow64\html.iec
2011-02-24 03:50:26 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb
2011-02-23 05:16:28 461312 ----a-w- C:\windows\System32\drivers\srv.sys
2011-02-23 05:16:01 401920 ----a-w- C:\windows\System32\drivers\srv2.sys
2011-02-23 05:15:50 161792 ----a-w- C:\windows\System32\drivers\srvnet.sys
2011-02-23 05:15:27 157696 ----a-w- C:\windows\System32\drivers\mrxsmb.sys
2011-02-23 05:15:14 286720 ----a-w- C:\windows\System32\drivers\mrxsmb10.sys
2011-02-23 05:15:13 126464 ----a-w- C:\windows\System32\drivers\mrxsmb20.sys
2011-02-23 05:15:06 90624 ----a-w- C:\windows\System32\drivers\bowser.sys
.
============= FINISH: 6:01:05.75 ===============
karonruiz
Active Member
 
Posts: 6
Joined: May 21st, 2011, 11:28 am
Advertisement
Register to Remove

Re: DDS log--hope I finally did this as you want

Unread postby askey127 » May 25th, 2011, 7:46 am

HI karonruiz,
Please tell me what symptoms you are seeing.
---------------------------------------------
Run a Scan with OTL
  1. Please download OTL.exe by OldTimer and save it to your desktop.
  2. Right click on OTL.exe and select Run As Administrator to run it. If Windows UAC prompts you, please allow it.
    Check the box at the top, labeled Include 64 bit scans
  3. Check the boxes labeled :
    • Scan All Users
    • LOP check
    • Purity check
  4. Click on the Run Scan button at the top left hand corner.
  5. OTL will start running. When done, 2 Notepad files will open; OTL.txt and Extras.txt.
    They will both be saved on your desktop.
Please post the contents of these files.
You may use separate replies if you wish.
If any of the files are too large to post, you can split the oversize one(s) into multiple replies
(The file Extras.txt will only appear the very first time you run OTL)

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13905
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: DDS log--hope I finally did this as you want

Unread postby karonruiz » May 25th, 2011, 8:37 am

OTL logfile created on: 5/25/2011 5:29:30 AM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Karon Ruiz\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.32 Gb Available Physical Memory | 61.02% Memory free
7.60 Gb Paging File | 5.74 Gb Available in Paging File | 75.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.26 Gb Total Space | 407.92 Gb Free Space | 90.19% Space Free | Partition Type: NTFS

Computer Name: KARONRUIZ-PC | User Name: Karon Ruiz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/25 05:27:20 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Karon Ruiz\Desktop\OTL.exe
PRC - [2011/05/21 17:45:28 | 003,318,784 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
PRC - [2011/05/10 06:29:24 | 000,353,888 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\PCRx\PCRxTray.exe
PRC - [2011/04/17 11:20:20 | 000,235,168 | -H-- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10p_ActiveX.exe
PRC - [2011/04/08 04:03:46 | 002,536,696 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\Crawler\Toolbar\CToolbar.exe
PRC - [2011/01/13 15:17:26 | 001,589,208 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools Security\pctsGui.exe
PRC - [2010/11/19 06:57:14 | 001,150,936 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools Security\pctsSvc.exe
PRC - [2010/10/20 12:37:28 | 000,115,056 | RH-- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\SymcPCCULaunchSvc.exe
PRC - [2010/05/01 17:55:36 | 002,454,840 | -H-- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
PRC - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe
PRC - [2010/03/03 15:42:02 | 002,320,920 | -H-- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/03/03 15:41:58 | 000,268,824 | -H-- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/12/25 16:21:16 | 000,034,160 | -H-- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
PRC - [2009/08/24 15:49:41 | 000,126,392 | RH-- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe


========== Modules (SafeList) ==========

MOD - [2011/05/25 05:27:20 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Karon Ruiz\Desktop\OTL.exe
MOD - [2010/08/20 22:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2010/08/04 13:19:26 | 000,150,576 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools Security\PCTGMhk.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/05/04 10:55:09 | 000,128,384 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2010/09/28 13:30:28 | 000,489,384 | -H-- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | -H-- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/07/28 11:27:16 | 000,267,192 | -H-- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2010/07/22 17:36:16 | 000,822,192 | -H-- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2010/07/19 19:08:30 | 001,429,776 | -H-- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2010/07/19 18:48:36 | 000,340,240 | -H-- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2010/07/19 18:46:54 | 000,838,928 | -H-- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2010/02/05 17:44:48 | 000,137,560 | -H-- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/10/21 10:30:36 | 000,531,520 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
SRV:64bit: - [2009/07/28 15:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/05/21 17:45:28 | 000,948,775 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)
SRV - [2010/11/19 06:57:14 | 001,150,936 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2010/10/20 12:37:28 | 000,115,056 | RH-- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2010/03/18 14:16:28 | 000,130,384 | -H-- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/03/03 15:42:02 | 002,320,920 | -H-- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010/03/03 15:41:58 | 000,268,824 | -H-- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/10/06 10:21:50 | 000,051,512 | -H-- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/08/24 15:49:41 | 000,126,392 | RH-- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/03/10 23:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/10 13:24:50 | 000,257,232 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)
DRV:64bit: - [2010/07/29 06:10:42 | 010,610,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/07/28 12:46:18 | 007,821,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R)
DRV:64bit: - [2010/07/16 14:53:32 | 000,816,016 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pctEFA64.sys -- (pctEFA)
DRV:64bit: - [2010/07/07 11:26:46 | 000,050,696 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\stflt.sys -- (sp_rsdrv2)
DRV:64bit: - [2010/06/29 10:35:34 | 000,452,872 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pctDS64.sys -- (pctDS)
DRV:64bit: - [2010/06/21 18:45:56 | 000,287,232 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010/06/18 11:38:06 | 000,039,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2010/05/18 17:02:48 | 000,164,464 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2010/05/08 19:38:56 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2010/05/03 15:44:02 | 000,331,880 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/03/10 19:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/02/27 08:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/17 11:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 11:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2010/01/15 13:22:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/10/09 19:41:20 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/09/17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009/08/24 21:10:52 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV:64bit: - [2009/07/30 22:02:36 | 000,044,912 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2009/07/30 20:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:00:24 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpials.sys -- (acpials)
DRV:64bit: - [2009/06/29 17:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2009/06/29 11:25:22 | 000,034,880 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)
DRV:64bit: - [2009/06/22 18:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/19 20:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/10 13:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1581709432-2270041597-456217428-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/g/
IE - HKU\S-1-5-21-1581709432-2270041597-456217428-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1581709432-2270041597-456217428-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.crawler.com/homepage.aspx?tbid=60287
IE - HKU\S-1-5-21-1581709432-2270041597-456217428-1000\..\URLSearchHook: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files (x86)\Crawler\Toolbar\ctbr.dll (Crawler.com)
IE - HKU\S-1-5-21-1581709432-2270041597-456217428-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1581709432-2270041597-456217428-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/02/28 14:20:27 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Program Files (x86)\Crawler\Toolbar\firefox\ [2011/05/21 17:45:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/05/17 00:24:05 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/05/17 00:24:06 | 000,000,000 | -H-D | M]

[2011/03/08 09:21:58 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Karon Ruiz\AppData\Roaming\Mozilla\Extensions
[2011/05/20 04:47:49 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Karon Ruiz\AppData\Roaming\Mozilla\Firefox\Profiles\2q15fo6i.default\extensions
[2011/05/20 04:48:38 | 000,000,000 | ---D | M] (Support.com Toolbar) -- C:\Users\Karon Ruiz\AppData\Roaming\Mozilla\Firefox\Profiles\2q15fo6i.default\extensions\toolbar@ask.com
[2011/02/01 19:05:08 | 000,002,333 | ---- | M] () -- C:\Users\Karon Ruiz\AppData\Roaming\Mozilla\Firefox\Profiles\2q15fo6i.default\searchplugins\askcom.xml
[2011/03/08 09:21:34 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/02/28 14:20:27 | 000,000,000 | -H-D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
[2009/09/21 12:24:16 | 000,001,329 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\crawlersrch.xml

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (&Crawler Toolbar Helper) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files (x86)\Crawler\Toolbar\ctbr.dll (Crawler.com)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (Support.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files (x86)\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Support.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-1581709432-2270041597-456217428-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-1581709432-2270041597-456217428-1000\..\Toolbar\WebBrowser: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files (x86)\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKU\S-1-5-21-1581709432-2270041597-456217428-1000\..\Toolbar\WebBrowser: (Support.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [ThpSrv] C:\windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [ISTray] C:\Program Files (x86)\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba)
O4 - HKLM..\Run: [PCRx] C:\Program Files (x86)\PCRx\PCRxTray.exe (Crawler.com)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe (TOSHIBA)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1581709432-2270041597-456217428-1000..\Run: [SpywareTerminatorUpdate] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O4 - HKU\S-1-5-21-1581709432-2270041597-456217428-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files (x86)\Crawler\Toolbar\ctbr.dll (Crawler.com)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0514e2d1-0a27-11e0-8fda-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0514e2d1-0a27-11e0-8fda-806e6f6e6963}\Shell\AutoRun\command - "" = D:\drpc3\drpc3-wrapper-dialog.exe
O34 - HKLM BootExecute: (autocheck autochk) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/25 05:27:18 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Karon Ruiz\Desktop\OTL.exe
[2011/05/23 05:59:18 | 000,606,738 | R--- | C] (Swearware) -- C:\Users\Karon Ruiz\Desktop\dds.scr
[2011/05/22 07:02:32 | 000,000,000 | ---D | C] -- C:\Users\Karon Ruiz\AppData\Roaming\SUPERAntiSpyware.com
[2011/05/22 07:02:32 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/05/22 07:02:29 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2011/05/22 07:02:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/05/22 07:02:26 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/05/22 06:20:49 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2011/05/22 06:20:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
[2011/05/22 06:20:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager
[2011/05/22 06:15:20 | 000,000,000 | ---D | C] -- C:\Users\Karon Ruiz\AppData\Roaming\PCRx
[2011/05/22 00:28:37 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\New folder
[2011/05/22 00:15:59 | 000,000,000 | ---D | C] -- C:\ProgramData\PCRx
[2011/05/22 00:15:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCRx
[2011/05/22 00:15:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PCRx
[2011/05/21 19:42:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Data Rescue PC 3
[2011/05/21 19:42:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Data Rescue PC 3
[2011/05/21 19:09:10 | 042,829,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MRT.exe
[2011/05/21 19:03:54 | 000,000,000 | ---D | C] -- C:\Users\Karon Ruiz\Desktop\Downloads
[2011/05/21 19:03:49 | 000,000,000 | ---D | C] -- C:\Users\Karon Ruiz\AppData\Roaming\GetRightToGo
[2011/05/21 17:45:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crawler Toolbar
[2011/05/21 17:45:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Crawler
[2011/05/21 17:45:28 | 000,000,000 | ---D | C] -- C:\Users\Karon Ruiz\AppData\Roaming\Spyware Terminator
[2011/05/21 17:45:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator
[2011/05/21 17:45:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator
[2011/05/21 17:45:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Terminator
[2011/05/21 17:28:53 | 000,816,016 | ---- | C] (PC Tools) -- C:\windows\SysNative\drivers\pctEFA64.sys
[2011/05/21 17:28:53 | 000,452,872 | ---- | C] (PC Tools) -- C:\windows\SysNative\drivers\pctDS64.sys
[2011/05/21 17:28:52 | 000,334,976 | ---- | C] (PC Tools) -- C:\windows\SysNative\drivers\pctgntdi64.sys
[2011/05/21 17:28:52 | 000,137,704 | ---- | C] (PC Tools) -- C:\windows\SysNative\drivers\pctwfpfilter64.sys
[2011/05/21 17:28:51 | 000,257,232 | ---- | C] (PC Tools) -- C:\windows\SysNative\drivers\PCTCore64.sys
[2011/05/21 17:28:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
[2011/05/21 17:28:48 | 000,092,896 | ---- | C] (PC Tools) -- C:\windows\SysNative\drivers\pctplsg64.sys
[2011/05/21 17:28:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools Security
[2011/05/21 17:25:55 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\explorer.exe.exe
[2011/05/21 17:09:47 | 000,000,000 | ---D | C] -- C:\Users\Karon Ruiz\Desktop\old programs
[2011/05/21 16:49:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Loaris
[2011/05/21 14:33:14 | 000,000,000 | ---D | C] -- C:\Users\Karon Ruiz\AppData\Roaming\PC Tools
[2011/05/21 14:33:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2011/05/20 15:50:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpyZooka
[2011/05/20 14:02:39 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2011/05/20 14:00:14 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\drivers\AVG
[2011/05/20 13:54:51 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/05/20 05:23:46 | 000,000,000 | ---D | C] -- C:\Users\Karon Ruiz\AppData\Roaming\AVG10
[2011/05/20 05:20:20 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/05/20 05:18:51 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011/05/20 05:18:51 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\AVG
[2011/05/20 05:17:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2011/05/20 05:12:59 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/05/20 04:53:49 | 000,000,000 | ---D | C] -- C:\Users\Karon Ruiz\AppData\Roaming\Sammsoft
[2011/05/20 04:47:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2011/05/19 21:05:00 | 000,000,000 | -H-D | C] -- C:\Users\Karon Ruiz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery
[2011/05/19 18:44:50 | 000,000,000 | -H-D | C] -- C:\Users\Karon Ruiz\AppData\Local\CrashDumps
[2011/05/18 05:49:28 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\poqexec.exe
[2011/05/18 05:49:28 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\poqexec.exe
[2011/05/17 21:38:05 | 000,035,840 | R--- | C] (Avanquest Software) -- C:\windows\SysNative\drivers\BVRPMPR5a64.SYS
[2011/05/17 21:37:44 | 000,000,000 | -H-D | C] -- C:\Netgear
[2011/05/16 05:42:51 | 000,000,000 | -H-D | C] -- C:\Users\Karon Ruiz\Desktop\FSCA AND HOMESCHOOLING
[2011/05/14 09:03:31 | 000,000,000 | -H-D | C] -- C:\ProgramData\Symantec
[2011/05/13 17:15:37 | 000,000,000 | -H-D | C] -- C:\Users\Karon Ruiz\Desktop\chefa.org 5.13.11_files
[2011/05/13 16:18:59 | 000,000,000 | -H-D | C] -- C:\Users\Karon Ruiz\Desktop\fsca website 5.11.11_files
[2011/05/13 16:12:54 | 000,000,000 | -H-D | C] -- C:\Users\Karon Ruiz\Desktop\index_files - Copy (2)
[2011/05/12 07:44:14 | 000,000,000 | -H-D | C] -- C:\Users\Karon Ruiz\AppData\Roaming\FileZilla
[2011/05/12 07:44:09 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2011/05/12 07:44:05 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\FileZilla FTP Client
[2011/05/12 07:37:20 | 000,000,000 | -H-D | C] -- C:\Users\Karon Ruiz\Documents\FileZilla_3.5.0-rc1_win32[1]
[2011/05/12 07:32:55 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla Server
[2011/05/12 07:28:16 | 005,509,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2011/05/12 07:28:13 | 003,957,632 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2011/05/12 07:28:13 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2011/04/28 18:32:56 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\windows\explorer.exe
[2011/04/28 18:32:55 | 002,614,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\explorer.exe
[2011/04/28 18:32:50 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XpsPrint.dll
[2011/04/28 18:32:50 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XpsPrint.dll
[2011/04/28 18:32:30 | 002,566,144 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\esent.dll
[2011/04/28 18:32:29 | 001,686,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\esent.dll
[2011/04/28 18:32:29 | 000,187,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\storport.sys
[2011/04/28 18:32:29 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\windows\SysNative\drivers\amdsata.sys
[2011/04/28 18:32:29 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\windows\SysNative\drivers\amdxata.sys
[2011/04/28 18:32:28 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\fsutil.exe
[2011/04/28 18:32:28 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\fsutil.exe
[2011/04/28 18:32:18 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\prevhost.exe
[2011/04/28 18:32:18 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\prevhost.exe
[2011/04/28 17:53:14 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\Karon Ruiz\AppData\Local\*.tmp files -> C:\Users\Karon Ruiz\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/25 05:27:20 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Karon Ruiz\Desktop\OTL.exe
[2011/05/25 05:25:52 | 000,016,304 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/25 05:25:52 | 000,016,304 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/25 05:24:23 | 000,000,908 | -H-- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/25 05:22:38 | 000,765,724 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2011/05/25 05:22:38 | 000,650,776 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2011/05/25 05:22:38 | 000,118,096 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2011/05/25 05:18:18 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/05/25 05:18:15 | 3059,748,864 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/24 06:57:02 | 000,000,912 | -H-- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/24 06:33:17 | 000,142,848 | ---- | M] () -- C:\new enrollment with history options.pub
[2011/05/23 16:49:31 | 000,473,891 | ---- | M] () -- C:\Scan.bin
[2011/05/23 05:59:21 | 000,606,738 | R--- | M] (Swearware) -- C:\Users\Karon Ruiz\Desktop\dds.scr
[2011/05/22 07:02:28 | 000,001,819 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/05/22 00:15:59 | 000,000,794 | ---- | M] () -- C:\Users\Public\Desktop\PCRx.lnk
[2011/05/21 19:43:31 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Data Rescue PC 3.lnk
[2011/05/21 17:49:28 | 000,001,117 | ---- | M] () -- C:\Users\Karon Ruiz\Application Data\Microsoft\Internet Explorer\Quick Launch\Spyware Terminator.lnk
[2011/05/21 17:49:28 | 000,001,093 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Terminator.lnk
[2011/05/21 17:28:49 | 000,002,045 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2011/05/21 17:21:49 | 000,512,992 | ---- | M] () -- C:\Users\Karon Ruiz\Desktop\sdasetup_revwire207[1].exe
[2011/05/21 07:13:52 | 000,002,593 | ---- | M] () -- C:\Users\Karon Ruiz\Desktop\Microsoft Office Publisher 2007.lnk
[2011/05/20 14:02:33 | 001,377,748 | ---- | M] () -- C:\windows\SysNative\drivers\Cat.DB
[2011/05/20 14:00:14 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\drivers\AVG\iavifw.avm
[2011/05/20 05:24:28 | 000,652,909 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\iavifw.avm
[2011/05/20 03:50:08 | 000,001,379 | -H-- | M] () -- C:\Users\Karon Ruiz\Desktop\Norton Installation Files.lnk
[2011/05/19 22:11:11 | 000,005,293 | ---- | M] () -- C:\WirelessDiagLog.csv
[2011/05/19 21:28:04 | 000,000,000 | -H-- | M] () -- C:\Users\Karon Ruiz\AppData\Local\{1DCF529E-345C-4DE1-B034-1D2AE15FB111}
[2011/05/19 21:07:08 | 000,000,400 | -H-- | M] () -- C:\ProgramData\37412600
[2011/05/19 21:05:01 | 000,000,136 | -H-- | M] () -- C:\ProgramData\~37412600r
[2011/05/19 21:05:01 | 000,000,112 | -H-- | M] () -- C:\ProgramData\~37412600
[2011/05/19 18:46:36 | 000,001,104 | -H-- | M] () -- C:\Users\Karon Ruiz\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/05/13 19:16:21 | 000,068,669 | -H-- | M] () -- C:\Users\Karon Ruiz\Documents\index.htm
[2011/05/13 18:37:18 | 000,891,904 | -H-- | M] () -- C:\Users\Karon Ruiz\Documents\FSCA website 5.13.11.pub
[2011/05/13 16:01:36 | 000,001,078 | -H-- | M] () -- C:\Users\Karon Ruiz\Desktop\fsca website 5.11.11_image561.wmz
[2011/04/29 11:29:28 | 042,829,768 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\MRT.exe
[2011/04/28 18:25:26 | 000,417,456 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\Karon Ruiz\AppData\Local\*.tmp files -> C:\Users\Karon Ruiz\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/24 06:33:17 | 000,142,848 | ---- | C] () -- C:\new enrollment with history options.pub
[2011/05/23 16:49:31 | 000,473,891 | ---- | C] () -- C:\Scan.bin
[2011/05/22 07:02:28 | 000,001,819 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/05/22 00:15:59 | 000,000,794 | ---- | C] () -- C:\Users\Public\Desktop\PCRx.lnk
[2011/05/21 19:42:53 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Data Rescue PC 3.lnk
[2011/05/21 17:49:28 | 000,001,117 | ---- | C] () -- C:\Users\Karon Ruiz\Application Data\Microsoft\Internet Explorer\Quick Launch\Spyware Terminator.lnk
[2011/05/21 17:49:28 | 000,001,093 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Terminator.lnk
[2011/05/21 17:28:49 | 000,002,045 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2011/05/21 17:21:50 | 000,512,992 | ---- | C] () -- C:\Users\Karon Ruiz\Desktop\sdasetup_revwire207[1].exe
[2011/05/20 14:02:15 | 001,377,748 | ---- | C] () -- C:\windows\SysNative\drivers\Cat.DB
[2011/05/20 14:00:14 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\drivers\AVG\iavifw.avm
[2011/05/20 05:24:28 | 000,652,909 | ---- | C] () -- C:\windows\SysNative\drivers\AVG\iavifw.avm
[2011/05/19 21:28:04 | 000,000,000 | -H-- | C] () -- C:\Users\Karon Ruiz\AppData\Local\{1DCF529E-345C-4DE1-B034-1D2AE15FB111}
[2011/05/19 21:05:01 | 000,000,136 | -H-- | C] () -- C:\ProgramData\~37412600r
[2011/05/19 21:05:01 | 000,000,112 | -H-- | C] () -- C:\ProgramData\~37412600
[2011/05/19 21:04:35 | 000,000,400 | -H-- | C] () -- C:\ProgramData\37412600
[2011/05/17 00:12:49 | 000,005,293 | ---- | C] () -- C:\WirelessDiagLog.csv
[2011/05/13 17:08:31 | 000,891,904 | -H-- | C] () -- C:\Users\Karon Ruiz\Documents\FSCA website 5.13.11.pub
[2011/05/13 16:12:54 | 000,000,270 | -H-- | C] () -- C:\Users\Karon Ruiz\Desktop\Prepare, publish, and maintain your Publisher Web site - Copy (2).url
[2011/05/13 16:01:36 | 000,001,078 | -H-- | C] () -- C:\Users\Karon Ruiz\Desktop\fsca website 5.11.11_image561.wmz
[2011/03/15 14:32:40 | 000,000,098 | -H-- | C] () -- C:\Users\Karon Ruiz\AppData\Local\fusioncache.dat
[2011/03/15 14:04:39 | 000,757,008 | -H-- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/02/28 14:31:05 | 000,000,820 | ---- | C] () -- C:\windows\hpomdl33.dat.temp
[2011/02/28 14:18:14 | 000,163,574 | ---- | C] () -- C:\windows\hpoins33.dat
[2011/02/28 14:18:14 | 000,000,820 | ---- | C] () -- C:\windows\hpomdl33.dat
[2011/02/21 22:47:19 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2010/07/29 06:08:46 | 000,127,868 | -H-- | C] () -- C:\windows\SysWow64\igcompkrng575.bin
[2010/07/29 06:08:44 | 000,104,796 | -H-- | C] () -- C:\windows\SysWow64\igfcg575m.bin
[2010/07/29 06:08:42 | 000,870,560 | -H-- | C] () -- C:\windows\SysWow64\igkrng575.bin
[2010/07/29 05:14:38 | 000,208,896 | -H-- | C] () -- C:\windows\SysWow64\iglhsip32.dll
[2010/07/29 05:14:38 | 000,143,360 | -H-- | C] () -- C:\windows\SysWow64\iglhcp32.dll
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | -H-- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | -H-- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
[2009/04/28 05:37:00 | 000,028,672 | -H-- | C] () -- C:\windows\SysWow64\SPCtl.dll
[2003/01/07 16:05:08 | 000,002,695 | -H-- | C] () -- C:\windows\SysWow64\OUTLPERF.INI

========== LOP Check ==========

[2011/05/20 05:23:46 | 000,000,000 | ---D | M] -- C:\Users\Karon Ruiz\AppData\Roaming\AVG10
[2011/05/20 04:35:44 | 000,000,000 | -H-D | M] -- C:\Users\Karon Ruiz\AppData\Roaming\CrystalButton
[2011/05/13 18:18:00 | 000,000,000 | -H-D | M] -- C:\Users\Karon Ruiz\AppData\Roaming\FileZilla
[2011/05/21 19:07:12 | 000,000,000 | ---D | M] -- C:\Users\Karon Ruiz\AppData\Roaming\GetRightToGo
[2011/05/20 04:35:44 | 000,000,000 | -H-D | M] -- C:\Users\Karon Ruiz\AppData\Roaming\Individual Software
[2011/05/22 06:15:22 | 000,000,000 | ---D | M] -- C:\Users\Karon Ruiz\AppData\Roaming\PCRx
[2011/04/01 21:06:51 | 000,000,000 | -H-D | M] -- C:\Users\Karon Ruiz\AppData\Roaming\Registry Mechanic
[2011/05/20 08:58:51 | 000,000,000 | ---D | M] -- C:\Users\Karon Ruiz\AppData\Roaming\Sammsoft
[2011/03/25 16:37:00 | 000,000,000 | -H-D | M] -- C:\Users\Karon Ruiz\AppData\Roaming\scriptocean
[2011/05/22 00:15:31 | 000,000,000 | ---D | M] -- C:\Users\Karon Ruiz\AppData\Roaming\Spyware Terminator
[2011/03/27 12:59:45 | 000,000,000 | -H-D | M] -- C:\Users\Karon Ruiz\AppData\Roaming\Tific
[2011/04/02 23:47:40 | 000,000,000 | -H-D | M] -- C:\Users\Karon Ruiz\AppData\Roaming\Toshiba
[2011/02/21 18:46:36 | 000,000,000 | -H-D | M] -- C:\Users\Karon Ruiz\AppData\Roaming\WinBatch
[2011/05/24 05:44:02 | 000,032,574 | -H-- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 193 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >
karonruiz
Active Member
 
Posts: 6
Joined: May 21st, 2011, 11:28 am

Re: DDS log--hope I finally did this as you want

Unread postby askey127 » May 26th, 2011, 7:51 am

karonruiz,
We will remove a couple of questionable toolbars and a few others.
In general, don't agree to install toolbars. At best, they are mostly for the purveyor's benefit.
At worst, they produce redirects or distribute spyware.
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Uninstall a program under the Programs heading.
Right click each Entry, as follows, one by one, if it exists, choose Uninstall/Change, and give permission to Continue:

Ask Toolbar
Crawler Toolbar
Spyware terminator
Java(TM)6 update 20


Take extra care in answering questions posed by any Uninstaller.
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    Code: Select all
    :processes
    killallprocesses
    
    :OTL
    SRV - [2011/05/21 17:45:28 | 000,948,775 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)
    IE - HKU\S-1-5-21-1581709432-2270041597-456217428-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.crawler.com/homepage.aspx?tbid=60287
    IE - HKU\S-1-5-21-1581709432-2270041597-456217428-1000\..\URLSearchHook: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files (x86)\Crawler\Toolbar\ctbr.dll (Crawler.com)
    [2011/05/20 04:48:38 | 000,000,000 | ---D | M] (Support.com Toolbar) -- C:\Users\Karon Ruiz\AppData\Roaming\Mozilla\Firefox\Profiles\2q15fo6i.default\extensions\toolbar@ask.com
    [2011/02/01 19:05:08 | 000,002,333 | ---- | M] () -- C:\Users\Karon Ruiz\AppData\Roaming\Mozilla\Firefox\Profiles\2q15fo6i.default\searchplugins\askcom.xml
    [2009/09/21 12:24:16 | 000,001,329 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\crawlersrch.xml
    O2 - BHO: (&Crawler Toolbar Helper) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files (x86)\Crawler\Toolbar\ctbr.dll (Crawler.com)
    O2 - BHO: (Support.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files (x86)\Crawler\Toolbar\ctbr.dll (Crawler.com)
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Support.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKU\S-1-5-21-1581709432-2270041597-456217428-1000\..\Toolbar\WebBrowser: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files (x86)\Crawler\Toolbar\ctbr.dll (Crawler.com)
    O3 - HKU\S-1-5-21-1581709432-2270041597-456217428-1000\..\Toolbar\WebBrowser: (Support.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O4 - HKU\S-1-5-21-1581709432-2270041597-456217428-1000..\Run: [SpywareTerminatorUpdate] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
    @Alternate Data Stream - 193 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:D1B5B4F1
    
    :Files
    C:\Program Files (x86)\Spyware Terminator
    C:\ProgramData\Spyware Terminator
    C:\Program Files (x86)\Crawler
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crawler Toolbar
    C:\Program Files (x86)\SpyZooka
    C:\ProgramData\AVG Security Toolbar
    C:\windows\SysWow64\drivers\AVG
    C:\ProgramData\AVG10
    C:\windows\SysNative\drivers\AVG
    C:\Program Files (x86)\AVG
    C:\Program Files (x86)\Ask.com
    C:\Users\Public\Desktop\Spyware Terminator.lnk
    
    :Commands
    [PURITY]
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    [Reboot]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces (OTL.TXT) in your next reply.

So we are looking for the log from OTL.
What problems are you having ?
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13905
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: DDS log--hope I finally did this as you want

Unread postby karonruiz » May 26th, 2011, 9:37 am

OTL logfile created on: 5/26/2011 6:31:39 AM - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Karon Ruiz\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.68 Gb Available Physical Memory | 70.62% Memory free
7.60 Gb Paging File | 6.38 Gb Available in Paging File | 83.92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.26 Gb Total Space | 409.29 Gb Free Space | 90.50% Space Free | Partition Type: NTFS

Computer Name: KARONRUIZ-PC | User Name: Karon Ruiz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/25 05:27:20 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Karon Ruiz\Desktop\OTL.exe
PRC - [2011/05/10 06:29:24 | 000,353,888 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\PCRx\PCRxTray.exe
PRC - [2010/10/20 12:37:28 | 000,115,056 | RH-- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\SymcPCCULaunchSvc.exe
PRC - [2010/05/01 17:55:36 | 002,454,840 | -H-- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
PRC - [2010/03/03 15:41:58 | 000,268,824 | -H-- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/12/25 16:21:16 | 000,034,160 | -H-- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
PRC - [2009/08/24 15:49:41 | 000,126,392 | RH-- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe


========== Modules (SafeList) ==========

MOD - [2011/05/25 05:27:20 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Karon Ruiz\Desktop\OTL.exe
MOD - [2010/08/20 22:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/05/04 10:55:09 | 000,128,384 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2010/09/28 13:30:28 | 000,489,384 | -H-- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | -H-- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/07/28 11:27:16 | 000,267,192 | -H-- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2010/07/22 17:36:16 | 000,822,192 | -H-- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2010/07/19 19:08:30 | 001,429,776 | -H-- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2010/07/19 18:48:36 | 000,340,240 | -H-- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2010/07/19 18:46:54 | 000,838,928 | -H-- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2010/02/05 17:44:48 | 000,137,560 | -H-- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/10/21 10:30:36 | 000,531,520 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
SRV:64bit: - [2009/07/28 15:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/10/20 12:37:28 | 000,115,056 | RH-- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2010/03/18 14:16:28 | 000,130,384 | -H-- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 15:42:02 | 002,320,920 | -H-- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010/03/03 15:41:58 | 000,268,824 | -H-- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/10/06 10:21:50 | 000,051,512 | -H-- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/08/24 15:49:41 | 000,126,392 | RH-- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/03/10 23:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/07/29 06:10:42 | 010,610,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/07/28 12:46:18 | 007,821,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R)
DRV:64bit: - [2010/06/21 18:45:56 | 000,287,232 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010/06/18 11:38:06 | 000,039,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2010/05/18 17:02:48 | 000,164,464 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2010/05/08 19:38:56 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2010/05/03 15:44:02 | 000,331,880 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/03/10 19:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/02/27 08:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/17 11:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 11:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2010/01/15 13:22:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/10/09 19:41:20 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/09/17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009/08/24 21:10:52 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV:64bit: - [2009/07/30 22:02:36 | 000,044,912 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2009/07/30 20:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:00:24 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpials.sys -- (acpials)
DRV:64bit: - [2009/06/29 17:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2009/06/29 11:25:22 | 000,034,880 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)
DRV:64bit: - [2009/06/22 18:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/19 20:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/10 13:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/g/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.weightwatchers.com/plan/index.aspx
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Crawler Search"
FF - prefs.js..browser.search.order.1: "Crawler Search"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "http://www.crawler.com/homepage.aspx?tbid=60287"
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/02/28 14:20:27 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/05/17 00:24:05 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/05/17 00:24:06 | 000,000,000 | -H-D | M]

[2011/03/08 09:21:58 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Karon Ruiz\AppData\Roaming\Mozilla\Extensions
[2011/05/26 06:13:20 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Karon Ruiz\AppData\Roaming\Mozilla\Firefox\Profiles\2q15fo6i.default\extensions
[2011/03/08 09:21:34 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [ThpSrv] C:\windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba)
O4 - HKLM..\Run: [PCRx] C:\Program Files (x86)\PCRx\PCRxTray.exe (Crawler.com)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe (TOSHIBA)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0514e2d1-0a27-11e0-8fda-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0514e2d1-0a27-11e0-8fda-806e6f6e6963}\Shell\AutoRun\command - "" = D:\drpc3\drpc3-wrapper-dialog.exe
O34 - HKLM BootExecute: (autocheck autochk) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/26 06:26:38 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/25 05:27:18 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Karon Ruiz\Desktop\OTL.exe
[2011/05/23 05:59:18 | 000,606,738 | R--- | C] (Swearware) -- C:\Users\Karon Ruiz\Desktop\dds.scr
[2011/05/22 07:02:32 | 000,000,000 | ---D | C] -- C:\Users\Karon Ruiz\AppData\Roaming\SUPERAntiSpyware.com
[2011/05/22 07:02:32 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/05/22 07:02:29 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2011/05/22 07:02:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/05/22 07:02:26 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/05/22 06:20:49 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2011/05/22 06:20:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
[2011/05/22 06:20:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager
[2011/05/22 06:15:20 | 000,000,000 | ---D | C] -- C:\Users\Karon Ruiz\AppData\Roaming\PCRx
[2011/05/22 00:28:37 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\New folder
[2011/05/22 00:15:59 | 000,000,000 | ---D | C] -- C:\ProgramData\PCRx
[2011/05/22 00:15:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCRx
[2011/05/22 00:15:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PCRx
[2011/05/21 19:42:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Data Rescue PC 3
[2011/05/21 19:42:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Data Rescue PC 3
[2011/05/21 19:03:54 | 000,000,000 | ---D | C] -- C:\Users\Karon Ruiz\Desktop\Downloads
[2011/05/21 19:03:49 | 000,000,000 | ---D | C] -- C:\Users\Karon Ruiz\AppData\Roaming\GetRightToGo
[2011/05/21 17:28:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools Security
[2011/05/21 17:09:47 | 000,000,000 | ---D | C] -- C:\Users\Karon Ruiz\Desktop\old programs
[2011/05/21 16:49:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Loaris
[2011/05/21 14:33:14 | 000,000,000 | ---D | C] -- C:\Users\Karon Ruiz\AppData\Roaming\PC Tools
[2011/05/21 14:33:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2011/05/20 13:54:51 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/05/20 05:23:46 | 000,000,000 | ---D | C] -- C:\Users\Karon Ruiz\AppData\Roaming\AVG10
[2011/05/20 05:20:20 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/05/20 05:12:59 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/05/20 04:53:49 | 000,000,000 | ---D | C] -- C:\Users\Karon Ruiz\AppData\Roaming\Sammsoft
[2011/05/19 21:05:00 | 000,000,000 | -H-D | C] -- C:\Users\Karon Ruiz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery
[2011/05/19 18:44:50 | 000,000,000 | -H-D | C] -- C:\Users\Karon Ruiz\AppData\Local\CrashDumps
[2011/05/17 21:38:05 | 000,035,840 | R--- | C] (Avanquest Software) -- C:\windows\SysNative\drivers\BVRPMPR5a64.SYS
[2011/05/17 21:37:44 | 000,000,000 | -H-D | C] -- C:\Netgear
[2011/05/16 05:42:51 | 000,000,000 | -H-D | C] -- C:\Users\Karon Ruiz\Desktop\FSCA AND HOMESCHOOLING
[2011/05/14 09:03:31 | 000,000,000 | -H-D | C] -- C:\ProgramData\Symantec
[2011/05/13 17:15:37 | 000,000,000 | -H-D | C] -- C:\Users\Karon Ruiz\Desktop\chefa.org 5.13.11_files
[2011/05/13 16:18:59 | 000,000,000 | -H-D | C] -- C:\Users\Karon Ruiz\Desktop\fsca website 5.11.11_files
[2011/05/13 16:12:54 | 000,000,000 | -H-D | C] -- C:\Users\Karon Ruiz\Desktop\index_files - Copy (2)
[2011/05/12 07:44:14 | 000,000,000 | -H-D | C] -- C:\Users\Karon Ruiz\AppData\Roaming\FileZilla
[2011/05/12 07:44:09 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2011/05/12 07:44:05 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\FileZilla FTP Client
[2011/05/12 07:37:20 | 000,000,000 | -H-D | C] -- C:\Users\Karon Ruiz\Documents\FileZilla_3.5.0-rc1_win32[1]
[2011/05/12 07:32:55 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla Server
[2011/04/28 17:53:14 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[1 C:\Users\Karon Ruiz\AppData\Local\*.tmp files -> C:\Users\Karon Ruiz\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/26 06:30:21 | 000,000,908 | -H-- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/26 06:29:31 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/05/26 06:29:28 | 3059,748,864 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/26 06:22:57 | 000,016,304 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/26 06:22:57 | 000,016,304 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/26 06:19:56 | 000,765,724 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2011/05/26 06:19:56 | 000,650,776 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2011/05/26 06:19:56 | 000,118,096 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2011/05/26 05:57:02 | 000,000,912 | -H-- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/25 05:27:20 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Karon Ruiz\Desktop\OTL.exe
[2011/05/24 06:33:17 | 000,142,848 | ---- | M] () -- C:\new enrollment with history options.pub
[2011/05/23 16:49:31 | 000,473,891 | ---- | M] () -- C:\Scan.bin
[2011/05/23 05:59:21 | 000,606,738 | R--- | M] (Swearware) -- C:\Users\Karon Ruiz\Desktop\dds.scr
[2011/05/22 07:02:28 | 000,001,819 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/05/22 00:15:59 | 000,000,794 | ---- | M] () -- C:\Users\Public\Desktop\PCRx.lnk
[2011/05/21 19:43:31 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Data Rescue PC 3.lnk
[2011/05/21 17:21:49 | 000,512,992 | ---- | M] () -- C:\Users\Karon Ruiz\Desktop\sdasetup_revwire207[1].exe
[2011/05/21 07:13:52 | 000,002,593 | ---- | M] () -- C:\Users\Karon Ruiz\Desktop\Microsoft Office Publisher 2007.lnk
[2011/05/20 14:02:33 | 001,377,748 | ---- | M] () -- C:\windows\SysNative\drivers\Cat.DB
[2011/05/20 03:50:08 | 000,001,379 | -H-- | M] () -- C:\Users\Karon Ruiz\Desktop\Norton Installation Files.lnk
[2011/05/19 22:11:11 | 000,005,293 | ---- | M] () -- C:\WirelessDiagLog.csv
[2011/05/19 21:28:04 | 000,000,000 | -H-- | M] () -- C:\Users\Karon Ruiz\AppData\Local\{1DCF529E-345C-4DE1-B034-1D2AE15FB111}
[2011/05/19 21:07:08 | 000,000,400 | -H-- | M] () -- C:\ProgramData\37412600
[2011/05/19 21:05:01 | 000,000,136 | -H-- | M] () -- C:\ProgramData\~37412600r
[2011/05/19 21:05:01 | 000,000,112 | -H-- | M] () -- C:\ProgramData\~37412600
[2011/05/19 18:46:36 | 000,001,104 | -H-- | M] () -- C:\Users\Karon Ruiz\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/05/13 19:16:21 | 000,068,669 | -H-- | M] () -- C:\Users\Karon Ruiz\Documents\index.htm
[2011/05/13 18:37:18 | 000,891,904 | -H-- | M] () -- C:\Users\Karon Ruiz\Documents\FSCA website 5.13.11.pub
[2011/05/13 16:01:36 | 000,001,078 | -H-- | M] () -- C:\Users\Karon Ruiz\Desktop\fsca website 5.11.11_image561.wmz
[2011/04/28 18:25:26 | 000,417,456 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[1 C:\Users\Karon Ruiz\AppData\Local\*.tmp files -> C:\Users\Karon Ruiz\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/24 06:33:17 | 000,142,848 | ---- | C] () -- C:\new enrollment with history options.pub
[2011/05/23 16:49:31 | 000,473,891 | ---- | C] () -- C:\Scan.bin
[2011/05/22 07:02:28 | 000,001,819 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/05/22 00:15:59 | 000,000,794 | ---- | C] () -- C:\Users\Public\Desktop\PCRx.lnk
[2011/05/21 19:42:53 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Data Rescue PC 3.lnk
[2011/05/21 17:21:50 | 000,512,992 | ---- | C] () -- C:\Users\Karon Ruiz\Desktop\sdasetup_revwire207[1].exe
[2011/05/20 14:02:15 | 001,377,748 | ---- | C] () -- C:\windows\SysNative\drivers\Cat.DB
[2011/05/19 21:28:04 | 000,000,000 | -H-- | C] () -- C:\Users\Karon Ruiz\AppData\Local\{1DCF529E-345C-4DE1-B034-1D2AE15FB111}
[2011/05/19 21:05:01 | 000,000,136 | -H-- | C] () -- C:\ProgramData\~37412600r
[2011/05/19 21:05:01 | 000,000,112 | -H-- | C] () -- C:\ProgramData\~37412600
[2011/05/19 21:04:35 | 000,000,400 | -H-- | C] () -- C:\ProgramData\37412600
[2011/05/17 00:12:49 | 000,005,293 | ---- | C] () -- C:\WirelessDiagLog.csv
[2011/05/13 17:08:31 | 000,891,904 | -H-- | C] () -- C:\Users\Karon Ruiz\Documents\FSCA website 5.13.11.pub
[2011/05/13 16:12:54 | 000,000,270 | -H-- | C] () -- C:\Users\Karon Ruiz\Desktop\Prepare, publish, and maintain your Publisher Web site - Copy (2).url
[2011/05/13 16:01:36 | 000,001,078 | -H-- | C] () -- C:\Users\Karon Ruiz\Desktop\fsca website 5.11.11_image561.wmz
[2011/03/15 14:32:40 | 000,000,098 | -H-- | C] () -- C:\Users\Karon Ruiz\AppData\Local\fusioncache.dat
[2011/03/15 14:04:39 | 000,757,008 | -H-- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/02/28 14:31:05 | 000,000,820 | ---- | C] () -- C:\windows\hpomdl33.dat.temp
[2011/02/28 14:18:14 | 000,163,574 | ---- | C] () -- C:\windows\hpoins33.dat
[2011/02/28 14:18:14 | 000,000,820 | ---- | C] () -- C:\windows\hpomdl33.dat
[2011/02/21 22:47:19 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2010/07/29 06:08:46 | 000,127,868 | -H-- | C] () -- C:\windows\SysWow64\igcompkrng575.bin
[2010/07/29 06:08:44 | 000,104,796 | -H-- | C] () -- C:\windows\SysWow64\igfcg575m.bin
[2010/07/29 06:08:42 | 000,870,560 | -H-- | C] () -- C:\windows\SysWow64\igkrng575.bin
[2010/07/29 05:14:38 | 000,208,896 | -H-- | C] () -- C:\windows\SysWow64\iglhsip32.dll
[2010/07/29 05:14:38 | 000,143,360 | -H-- | C] () -- C:\windows\SysWow64\iglhcp32.dll
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | -H-- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | -H-- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
[2009/04/28 05:37:00 | 000,028,672 | -H-- | C] () -- C:\windows\SysWow64\SPCtl.dll
[2003/01/07 16:05:08 | 000,002,695 | -H-- | C] () -- C:\windows\SysWow64\OUTLPERF.INI

========== LOP Check ==========

[2011/05/20 05:23:46 | 000,000,000 | ---D | M] -- C:\Users\Karon Ruiz\AppData\Roaming\AVG10
[2011/05/20 04:35:44 | 000,000,000 | -H-D | M] -- C:\Users\Karon Ruiz\AppData\Roaming\CrystalButton
[2011/05/13 18:18:00 | 000,000,000 | -H-D | M] -- C:\Users\Karon Ruiz\AppData\Roaming\FileZilla
[2011/05/21 19:07:12 | 000,000,000 | ---D | M] -- C:\Users\Karon Ruiz\AppData\Roaming\GetRightToGo
[2011/05/20 04:35:44 | 000,000,000 | -H-D | M] -- C:\Users\Karon Ruiz\AppData\Roaming\Individual Software
[2011/05/22 06:15:22 | 000,000,000 | ---D | M] -- C:\Users\Karon Ruiz\AppData\Roaming\PCRx
[2011/04/01 21:06:51 | 000,000,000 | -H-D | M] -- C:\Users\Karon Ruiz\AppData\Roaming\Registry Mechanic
[2011/05/20 08:58:51 | 000,000,000 | ---D | M] -- C:\Users\Karon Ruiz\AppData\Roaming\Sammsoft
[2011/03/25 16:37:00 | 000,000,000 | -H-D | M] -- C:\Users\Karon Ruiz\AppData\Roaming\scriptocean
[2011/03/27 12:59:45 | 000,000,000 | -H-D | M] -- C:\Users\Karon Ruiz\AppData\Roaming\Tific
[2011/04/02 23:47:40 | 000,000,000 | -H-D | M] -- C:\Users\Karon Ruiz\AppData\Roaming\Toshiba
[2011/02/21 18:46:36 | 000,000,000 | -H-D | M] -- C:\Users\Karon Ruiz\AppData\Roaming\WinBatch
[2011/05/24 05:44:02 | 000,032,574 | -H-- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
karonruiz
Active Member
 
Posts: 6
Joined: May 21st, 2011, 11:28 am

Re: DDS log--hope I finally did this as you want

Unread postby askey127 » May 26th, 2011, 7:07 pm

Looks a lot better.
Tell me how it's running.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13905
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: DDS log--hope I finally did this as you want

Unread postby askey127 » May 30th, 2011, 6:38 am

this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13905
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 27 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware