Jump to content

System is Infected


furnace

Recommended Posts

I keep getting popups that says a system file is damaged plus programs won't run.

Also that there are threats and do I want to run antivirus.

Internet sites will not load.

On the infected computer there are two users.

An Admin and Regular user accounts.

I can't get on the internet or run Malwarebytes in the regular user account.

I can do it thru Admin.

I've run Malwarebytes thru safe mode (regular acct) and Admin acct with no success.

I have Defogger, GMER Rootkit Scanner and the latest version of Malwarebytes ready to go.

Also have Spybot S&D and HiJackThis updated.

Does it matter which user account I use to perform the cleanup steps as outlined in the forum sticky?

thanks

Link to post
Share on other sites

Welcome to the forum, try this under the infected account:

Carefully read and follow this Guide.

Make sure you run rkill and then immediately run MBAM as desribed.

Most important....update MBAM before you run it.

The link below explains how to rename MBAM set-up if needed:

http://forums.malwarebytes.org/index.php?showtopic=55485&view=findpost&p=274963

Post the logs back here, Good Luck....MrC

Link to post
Share on other sites

I ran Rkill first and then MBAM.

I was trying to keep track of all of these programs and which user identity I ran them on and couldn't find rkill's log.

So I ran it again after MBAM and that is why the time is listed as being later.

I had also followed some instructions from the sticky in this forum and ran degogger on the admin account before I received your instructions in this thread.

MBAM found 4 items like it did yesterday and removed them both times.

The malware reappeared yesterday and I'm going to reboot out of safe mode to see what happens.

thanks

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5786

Windows 6.0.6001 Service Pack 1 (Safe Mode)

Internet Explorer 8.0.6001.19019

2/17/2011 4:09:42 PM

mbam-log-2011-02-17 (16-08-19).txt

Scan type: Full scan (C:\|)

Objects scanned: 369324

Time elapsed: 1 hour(s), 7 minute(s), 1 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 2

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\g043oqxanu (Trojan.FakeAlert) -> No action taken.

Registry Values Infected:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> No action taken.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\irlofpqi (Trojan.FakeAlert.Gen) -> Value: irlofpqi -> No action taken.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Users\furnace creek\AppData\Local\Temp\lnubswvmk\oggudojsikk.exe (Trojan.FakeAlert.Gen) -> No action taken.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 4:28:01 PM, on 2/17/2011

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v8.00 (8.00.6001.19019)

Boot mode: Safe mode with network support

Running processes:

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Users\Furnace Creek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HQLXO16H\HijackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll

O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe

O4 - HKLM\..\Run: [HWSetup] \HWSetup.exe hwSetUP

O4 - HKLM\..\Run: [sVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL

O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe

O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe

O4 - HKLM\..\Run: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe

O4 - HKLM\..\Run: [skytel] Skytel.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\RunOnce: [GrpConv] grpconv -o

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll

O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.photobiz.com/global/uploader/24/ImageUploader5.cab

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: ZoneAlarm ForceField IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: pinger - Unknown owner - C:\Toshiba\IVP\ISM\pinger.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe

O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\Windows\system32\Wacom_Tablet.exe

O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe

O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe

O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

--

End of file - 10416 bytes

This log file is located at C:\rkill.log.

Please post this only if requested to by the person helping you.

Otherwise you can close this log when you wish.

Rkill was run on 02/17/2011 at 16:45:21.

Operating System: Windows Vista Home Premium

Processes terminated by Rkill or while it was running:

Rkill completed on 02/17/2011 at 16:45:30.

Link to post
Share on other sites

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTListIt.txt <-- Will be opened

Extra.txt <-- Will be minimized

MrC

Link to post
Share on other sites

OTL Extras logfile created on: 2/17/2011 6:13:01 PM - Run 1

OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Furnace Creek\Downloads

Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19019)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 32.00% Memory free

6.00 Gb Paging File | 4.00 Gb Available in Paging File | 64.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 231.42 Gb Total Space | 54.10 Gb Free Space | 23.38% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Furnace Creek | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPP\DPPViewer.exe /path "%1" (CANON INC.)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"UacDisableNotify" = 0

"InternetSettingsDisableNotify" = 0

"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

"DoNotAllowExceptions" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

"DoNotAllowExceptions" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine -- (TOSHIBA Corporation)

"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- ()

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{7B3AA8B8-360D-4C7F-A482-FB895A87BDF5}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{29049615-AC80-48E6-8AF7-470E4CB790A4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{50140492-2F5D-4F9A-BB19-032FD2B10C0F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{676E9D37-EB3A-41B3-ABFA-F98F04AA5FB2}" = protocol=17 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |

"{74027E1B-6E09-47B6-8298-113DD3B5AD5F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |

"{9148A1AC-3509-452A-94C7-1D13DB981CC4}" = protocol=6 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |

"{916B83A2-A3A2-4868-97CA-98BF98BC6C92}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{92073A8E-C589-42B1-91B4-874EC65DD687}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |

"{BD20F338-40E8-4D3B-ABD5-BBA95474F132}" = dir=in | app=c:\program files\itunes\itunes.exe |

"{D28A6BCF-FDAA-4A7E-B19F-5F37E665044E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0

"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime

"{0A146245-DB79-4197-BF5D-FE1A699A2CC7}" = Camera Window DS

"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver

"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java 6 Update 21

"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears

"{35260E0B-A8C2-4D25-97E2-448DE7275C85}" = Canon Camera WIA Driver

"{36C65B50-37BA-4467-AAD5-0523EFDF6F62}" = Camera Window MC

"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba

"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0

"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis

"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password

"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{589D17BB-C997-48C0-BCD2-CC8DC3375FE8}" = EOS Capture 1.5

"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support

"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator

"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center

"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari

"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree

"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials

"{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}" = PhotoStitch

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista

"{890EF3F8-742F-46BD-9E8E-084B3A1F4364}" = QuickBooks Financial Center

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr

"{8C2690CF-5B74-4F93-8139-7B5644CD6A3B}" = MobileMe Control Panel

"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp

"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer

"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime

"{A1D0D14A-B776-4907-BC00-5149F2298086}" = Camera Support Core Library

"{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}" = Camera Window DVC

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes

"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser

"{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}" = RAW Image Task 2.2

"{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon Camera WIA Driver

"{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}" = Canon PhotoRecord

"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster

"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon ZoomBrowser EX (E)

"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba

"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI

"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware

"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager

"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series

"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities

"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications

"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support

"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01

"{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}" = mCore

"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package

"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour

"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites

"Ad-Aware" = Ad-Aware

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"AVerMedia USB Hybrid Capture Device" = AVerMedia USB Hybrid Capture Device 1.3.0.67

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"DPP" = Canon Utilities Digital Photo Professional 3.6

"ENTERPRISE" = Microsoft Office Enterprise 2007

"EPSON Printer and Utilities" = EPSON Printer Software

"HDMI" = Intel® Graphics Media Accelerator Driver

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"InstallShield_{0A146245-DB79-4197-BF5D-FE1A699A2CC7}" = Canon Camera Window DSLR 5 for ZoomBrowser EX

"InstallShield_{35260E0B-A8C2-4D25-97E2-448DE7275C85}" = Canon EOS-1D Mark II N WIA Driver

"InstallShield_{36C65B50-37BA-4467-AAD5-0523EFDF6F62}" = Canon Camera Window MC 5 for ZoomBrowser EX

"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password

"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup

"InstallShield_{589D17BB-C997-48C0-BCD2-CC8DC3375FE8}" = Canon Utilities EOS Capture 1.5

"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center

"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility

"InstallShield_{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}" = Canon Utilities PhotoStitch 3.1

"InstallShield_{A1D0D14A-B776-4907-BC00-5149F2298086}" = Canon Camera Support Core Library

"InstallShield_{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}" = Canon Camera Window DC_DV 5 for ZoomBrowser EX

"InstallShield_{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}" = Canon RAW Image Task for ZoomBrowser EX

"InstallShield_{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon EOS 5D WIA Driver

"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.

"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"PhotoManager4.5" = PhotoManager

"Picasa 3" = Picasa 3

"ProInst" = Intel® PROSet/Wireless Software

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"TOSHIBA Software Modem" = TOSHIBA Software Modem

"Wacom Tablet Driver" = Wacom Tablet

"WildTangent toshiba Master Uninstall" = TOSHIBA Games

"Windows Media Encoder 9" = Windows Media Encoder 9 Series

"WinLiveSuite_Wave3" = Windows Live Essentials

"ZoneAlarm Extreme Security" = ZoneAlarm Extreme Security

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-146885961-897915187-2518328447-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Burrell Digital Printing" = Burrell Digital Printing

"Facebook Plug-In" = Facebook Plug-In

"GoToMeeting" = GoToMeeting 4.5.0.457

"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 2/17/2011 7:35:17 AM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 131584

Description =

Error - 2/17/2011 10:28:56 AM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Users\Owner\AppData\Local\Temp\RarSFX0\redist.dll".

Dependent

Assembly Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.4148"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 2/17/2011 10:56:03 AM | Computer Name = Owner-PC | Source = Perflib | ID = 1010

Description =

Error - 2/17/2011 2:43:53 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description =

Error - 2/17/2011 2:55:51 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description =

Error - 2/17/2011 2:59:57 PM | Computer Name = Owner-PC | Source = EventSystem | ID = 4609

Description =

Error - 2/17/2011 3:39:07 PM | Computer Name = Owner-PC | Source = EventSystem | ID = 4609

Description =

Error - 2/17/2011 5:15:23 PM | Computer Name = Owner-PC | Source = EventSystem | ID = 4609

Description =

Error - 2/17/2011 5:45:34 PM | Computer Name = Owner-PC | Source = EventSystem | ID = 4609

Description =

Error - 2/17/2011 5:58:15 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description =

[ OSession Events ]

Error - 5/13/2010 12:06:04 AM | Computer Name = Owner-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6514.5001, Microsoft Office Version: 12.0.4518.1014. This session lasted 110384

seconds with 2580 seconds of active time. This session ended with a crash.

[ System Events ]

Error - 2/17/2011 5:15:23 PM | Computer Name = Owner-PC | Source = DCOM | ID = 10005

Description =

Error - 2/17/2011 5:15:28 PM | Computer Name = Owner-PC | Source = DCOM | ID = 10005

Description =

Error - 2/17/2011 5:15:59 PM | Computer Name = Owner-PC | Source = DCOM | ID = 10005

Description =

Error - 2/17/2011 5:17:43 PM | Computer Name = Owner-PC | Source = DCOM | ID = 10005

Description =

Error - 2/17/2011 5:56:02 PM | Computer Name = Owner-PC | Source = HTTP | ID = 15016

Description =

Error - 2/17/2011 5:56:24 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 2/17/2011 5:59:04 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7009

Description =

Error - 2/17/2011 5:59:06 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 2/17/2011 6:02:07 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7022

Description =

Error - 2/17/2011 6:12:21 PM | Computer Name = Owner-PC | Source = BROWSER | ID = 8032

Description =

< End of report >

OTL logfile created on: 2/17/2011 6:13:01 PM - Run 1

OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Furnace Creek\Downloads

Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19019)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 32.00% Memory free

6.00 Gb Paging File | 4.00 Gb Available in Paging File | 64.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 231.42 Gb Total Space | 54.10 Gb Free Space | 23.38% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Furnace Creek | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/17 18:11:31 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Furnace Creek\Downloads\OTL.exe

PRC - [2011/02/15 20:00:35 | 001,405,384 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

PRC - [2011/02/15 20:00:35 | 000,939,848 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

PRC - [2011/01/10 14:23:41 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2011/01/10 14:23:30 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2011/01/10 14:23:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2011/01/05 11:59:50 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PRC - [2010/11/19 11:43:09 | 000,233,936 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe

PRC - [2010/10/16 15:31:22 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe

PRC - [2010/08/29 01:54:52 | 002,434,568 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\ZoneLabs\vsmon.exe

PRC - [2010/08/29 01:53:14 | 001,039,360 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

PRC - [2010/08/27 04:34:02 | 000,493,032 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe

PRC - [2010/08/27 04:34:00 | 000,730,600 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe

PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

PRC - [2009/09/10 10:15:42 | 000,870,672 | ---- | M] (SonicWALL, Inc.) -- C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe

PRC - [2009/03/20 06:36:58 | 000,210,216 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynToshiba.exe

PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

PRC - [2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2008/10/10 11:13:40 | 000,159,528 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\WTablet\Wacom_TabletUser.exe

PRC - [2008/10/10 11:13:08 | 002,749,224 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\Wacom_Tablet.exe

PRC - [2008/01/19 02:33:39 | 000,244,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wisptis.exe

PRC - [2008/01/19 02:33:37 | 000,397,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Mail\WinMail.exe

PRC - [2007/10/23 18:27:16 | 000,066,928 | ---- | M] () -- c:\Toshiba\IVP\swupdate\swupdtmr.exe

PRC - [2007/09/19 14:01:12 | 000,077,824 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe

PRC - [2007/09/03 20:39:22 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

PRC - [2007/06/16 00:01:58 | 000,448,080 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SmoothView\SmoothView.exe

PRC - [2007/03/29 13:39:20 | 000,427,576 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe

PRC - [2007/03/06 19:55:42 | 000,643,072 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

PRC - [2007/03/06 19:37:04 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

PRC - [2007/02/25 23:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

PRC - [2007/01/25 20:47:50 | 000,136,816 | ---- | M] () -- C:\Toshiba\IVP\ISM\pinger.exe

PRC - [2007/01/22 10:59:08 | 000,417,792 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe

PRC - [2006/11/15 00:02:36 | 001,372,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe

PRC - [2006/11/14 23:19:42 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe

PRC - [2006/11/14 22:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe

PRC - [2006/11/06 19:14:44 | 000,034,352 | ---- | M] () -- C:\Program Files\Toshiba\Utilities\KeNotify.exe

PRC - [2006/10/05 14:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe

PRC - [2006/08/23 18:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

PRC - [2006/05/25 20:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe

========== Modules (SafeList) ==========

MOD - [2011/02/17 18:11:31 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Furnace Creek\Downloads\OTL.exe

MOD - [2010/08/31 10:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll

MOD - [2010/08/27 04:34:08 | 000,640,488 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

MOD - [2010/08/27 04:33:58 | 000,562,664 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll

MOD - [2010/03/29 13:17:53 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll

MOD - [2010/03/29 13:17:53 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcp80.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/02/15 20:00:35 | 001,405,384 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)

SRV - [2011/01/10 14:23:41 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2011/01/10 14:23:30 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011/01/05 11:59:50 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2010/08/29 01:54:52 | 002,434,568 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon)

SRV - [2010/08/27 04:34:02 | 000,493,032 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)

SRV - [2009/12/17 16:36:24 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®

SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)

SRV - [2008/10/10 11:13:08 | 002,749,224 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\System32\Wacom_Tablet.exe -- (TabletServiceWacom)

SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007/10/23 18:27:16 | 000,066,928 | ---- | M] () [Auto | Running] -- c:\Toshiba\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)

SRV - [2007/09/24 20:38:00 | 000,181,784 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)

SRV - [2007/09/19 14:01:12 | 000,077,824 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)

SRV - [2007/03/29 13:39:20 | 000,427,576 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)

SRV - [2007/03/06 19:55:42 | 000,643,072 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®

SRV - [2007/03/06 19:37:04 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®

SRV - [2007/02/25 23:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)

SRV - [2007/01/25 20:47:50 | 000,136,816 | ---- | M] () [Auto | Running] -- C:\Toshiba\IVP\ISM\pinger.exe -- (pinger)

SRV - [2006/11/14 22:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)

SRV - [2006/10/05 14:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)

SRV - [2006/08/23 18:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)

SRV - [2006/05/25 20:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)

SRV - [2005/11/14 03:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)

========== Driver Services (SafeList) ==========

DRV - [2011/02/15 20:00:36 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)

DRV - [2011/01/10 14:23:53 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2011/01/10 14:23:53 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2010/08/27 04:33:54 | 000,035,568 | ---- | M] (Check Point Software Technologies) [Kernel | On_Demand | Running] -- C:\Program Files\CheckPoint\ZAForceField\AK\icsak.sys -- (icsak)

DRV - [2010/08/27 04:33:54 | 000,026,352 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)

DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2010/06/09 18:16:08 | 000,462,424 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)

DRV - [2009/10/12 17:15:28 | 000,305,168 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)

DRV - [2009/10/12 17:15:26 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)

DRV - [2009/03/20 06:37:42 | 000,208,688 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)

DRV - [2008/10/06 10:53:24 | 000,015,656 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor)

DRV - [2008/07/11 10:16:50 | 000,013,352 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)

DRV - [2007/11/09 04:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)

DRV - [2007/10/31 20:59:57 | 000,479,488 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr3npxp.sys -- (KR3NPXP)

DRV - [2007/10/31 20:58:10 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)

DRV - [2007/10/31 20:57:55 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)

DRV - [2007/09/26 12:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®

DRV - [2007/09/19 13:59:12 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)

DRV - [2007/09/13 18:23:50 | 001,925,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)

DRV - [2007/09/05 19:36:26 | 001,953,944 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2007/04/30 15:42:14 | 000,081,408 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)

DRV - [2007/04/16 13:19:10 | 000,011,776 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)

DRV - [2007/02/16 10:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)

DRV - [2007/02/15 15:11:28 | 000,011,440 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WacomVKHid.sys -- (WacomVKHid)

DRV - [2007/01/24 16:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)

DRV - [2006/11/28 17:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2006/11/02 04:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)

DRV - [2006/11/02 04:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)

DRV - [2006/11/02 04:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)

DRV - [2006/11/02 04:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)

DRV - [2006/11/02 04:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)

DRV - [2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)

DRV - [2006/11/02 04:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)

DRV - [2006/11/02 04:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)

DRV - [2006/11/02 04:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)

DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)

DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)

DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)

DRV - [2006/11/02 04:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)

DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)

DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)

DRV - [2006/11/02 04:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)

DRV - [2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)

DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)

DRV - [2006/11/02 04:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)

DRV - [2006/11/02 04:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)

DRV - [2006/11/02 04:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)

DRV - [2006/11/02 04:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)

DRV - [2006/11/02 04:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)

DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)

DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)

DRV - [2006/11/02 04:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)

DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)

DRV - [2006/11/02 04:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)

DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)

DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)

DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)

DRV - [2006/11/02 04:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)

DRV - [2006/11/02 04:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)

DRV - [2006/11/02 04:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)

DRV - [2006/11/02 04:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)

DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)

DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)

DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)

DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)

DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)

DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)

DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)

DRV - [2006/11/02 02:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®

DRV - [2006/10/18 13:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)

DRV - [2006/10/04 21:42:42 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdralw2k.sys -- (Cdralw2k)

DRV - [2006/10/04 21:42:42 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)

DRV - [2006/07/28 18:25:26 | 000,019,456 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\LPCFilter.sys -- (LPCFilter)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-146885961-897915187-2518328447-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie

IE - HKU\S-1-5-21-146885961-897915187-2518328447-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKU\S-1-5-21-146885961-897915187-2518328447-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/

IE - HKU\S-1-5-21-146885961-897915187-2518328447-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-146885961-897915187-2518328447-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie

IE - HKU\S-1-5-21-146885961-897915187-2518328447-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie'>http://www.google.com/ie

IE - HKU\S-1-5-21-146885961-897915187-2518328447-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-146885961-897915187-2518328447-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2010/11/09 11:55:03 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/06 08:21:37 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O3 - HKU\S-1-5-21-146885961-897915187-2518328447-1001\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [HWSetup] File not found

O4 - HKLM..\Run: [KeNotify] C:\Program Files\Toshiba\Utilities\KeNotify.exe ()

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NDSTray.exe] File not found

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [smoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [sVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)

O4 - HKLM..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)

O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-146885961-897915187-2518328447-1001..\Run: [TOSCDSPD] File not found

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)

O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)

O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.photobiz.com/global/uploader/24/ImageUploader5.cab (Image Uploader Control)

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.75.198 68.87.64.150

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)

O24 - Desktop WallPaper: C:\Forge\2010 Snowstorms\2-6-10 Snow Storm\Jpegs\IMG_1720.JPG

O24 - Desktop BackupWallPaper: C:\Forge\2010 Snowstorms\2-6-10 Snow Storm\Jpegs\IMG_1720.JPG

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{0799017c-3341-11de-bd84-001b38b2eca3}\Shell - "" = AutoRun

O33 - MountPoints2\{0799017c-3341-11de-bd84-001b38b2eca3}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a

O33 - MountPoints2\{9a663a69-5a6c-11de-ac27-001b38b2eca3}\Shell - "" = AutoRun

O33 - MountPoints2\{9a663a69-5a6c-11de-ac27-001b38b2eca3}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a

O33 - MountPoints2\E\Shell - "" = AutoRun

O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/17 09:33:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

[2011/02/17 09:33:07 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys

[2011/02/17 09:33:00 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys

[2011/02/17 09:33:00 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys

[2011/02/17 09:32:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira

[2011/02/17 09:32:57 | 000,000,000 | ---D | C] -- C:\Program Files\Avira

[2011/02/17 06:43:30 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2011/02/16 21:41:33 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys

[2011/02/16 21:41:22 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys

[2011/02/16 21:35:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft

[2011/02/16 21:35:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft

[2011/02/16 21:35:49 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft

[2011/02/16 15:48:34 | 000,000,000 | -H-D | C] -- C:\ProgramData\{84D8B12B-411B-484B-91F0-823C394D5DD9}

[2011/02/16 15:33:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy

[2011/02/16 15:33:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2011/02/16 15:33:43 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

[2011/02/14 10:56:30 | 000,000,000 | ---D | C] -- C:\Users\Furnace Creek\Documents\Blacksmithing

[2011/02/01 13:33:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2011/02/01 13:32:03 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2011/02/01 13:31:59 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2011/02/01 13:25:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

[2011/02/01 13:25:06 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime

[2011/01/21 09:05:53 | 000,000,000 | ---D | C] -- C:\Users\Furnace Creek\AppData\Local\{FAD32D04-44D8-42B1-8237-FFFF318D72B3}

[2004/12/13 07:57:36 | 000,065,536 | ---- | C] ( ) -- C:\Windows\System32\RCCOLLAB.DLL

[2 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/17 18:11:24 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011/02/17 18:11:24 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011/02/17 17:42:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/02/17 17:04:52 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011/02/17 17:04:51 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011/02/17 17:03:47 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job

[2011/02/17 16:56:04 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011/02/17 16:55:34 | 3209,105,408 | -HS- | M] () -- C:\hiberfil.sys

[2011/02/17 14:54:11 | 000,000,680 | ---- | M] () -- C:\Users\Furnace Creek\AppData\Local\d3d9caps.dat

[2011/02/17 13:36:01 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011/02/17 09:33:29 | 000,001,858 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk

[2011/02/16 21:41:22 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys

[2011/02/16 21:36:39 | 000,001,018 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk

[2011/02/16 21:13:07 | 000,405,112 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2011/02/15 20:00:36 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys

[2011/02/15 20:00:35 | 000,016,432 | ---- | M] () -- C:\Windows\System32\lsdelete.exe

[2011/02/15 00:03:12 | 000,147,968 | ---- | M] () -- C:\Users\Furnace Creek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/02/08 13:52:20 | 000,049,664 | ---- | M] () -- C:\Users\Furnace Creek\Documents\Senior Names for 518.doc

[2011/02/04 18:58:42 | 000,002,651 | ---- | M] () -- C:\Users\Furnace Creek\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk

[2011/02/01 13:33:32 | 000,001,675 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2011/02/01 13:25:40 | 000,001,737 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2011/01/30 16:42:20 | 008,954,258 | ---- | M] () -- C:\Users\Furnace Creek\Documents\AR_winter_05.pdf

[2011/01/27 11:30:23 | 400,298,101 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2011/01/22 07:27:00 | 000,000,120 | ---- | M] () -- C:\Users\Furnace Creek\AppData\Local\Ttuwepi.dat

[2011/01/22 07:27:00 | 000,000,000 | ---- | M] () -- C:\Users\Furnace Creek\AppData\Local\Enina.bin

[2011/01/21 10:36:50 | 000,000,954 | ---- | M] () -- C:\Users\Furnace Creek\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/17 16:55:34 | 3209,105,408 | -HS- | C] () -- C:\hiberfil.sys

[2011/02/17 14:05:45 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job

[2011/02/17 09:33:29 | 000,001,858 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk

[2011/02/17 03:24:22 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe

[2011/02/16 21:36:39 | 000,001,018 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk

[2011/02/08 13:52:18 | 000,049,664 | ---- | C] () -- C:\Users\Furnace Creek\Documents\Senior Names for 518.doc

[2011/02/01 13:33:32 | 000,001,675 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2011/02/01 13:25:40 | 000,001,737 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2011/01/30 16:42:19 | 008,954,258 | ---- | C] () -- C:\Users\Furnace Creek\Documents\AR_winter_05.pdf

[2011/01/21 09:05:54 | 000,000,120 | ---- | C] () -- C:\Users\Furnace Creek\AppData\Local\Ttuwepi.dat

[2011/01/21 09:05:54 | 000,000,000 | ---- | C] () -- C:\Users\Furnace Creek\AppData\Local\Enina.bin

[2009/04/30 11:12:58 | 000,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI

[2009/02/18 14:32:40 | 000,031,007 | ---- | C] () -- C:\Users\Furnace Creek\AppData\Roaming\UserTile.png

[2008/11/05 09:50:54 | 000,000,680 | ---- | C] () -- C:\Users\Furnace Creek\AppData\Local\d3d9caps.dat

[2008/10/30 21:15:01 | 000,147,968 | ---- | C] () -- C:\Users\Furnace Creek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/02/08 03:14:12 | 000,000,004 | RHS- | C] () -- C:\Windows\System32\drivers\taishop.sys

[2007/11/01 19:52:31 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll

[2007/11/01 19:52:31 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll

[2007/11/01 19:52:31 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll

[2007/11/01 19:52:31 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll

[2007/11/01 19:52:31 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll

[2007/11/01 19:52:31 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll

[2007/11/01 18:58:10 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI

[2007/11/01 18:57:18 | 000,036,864 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll

[2007/11/01 18:50:50 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini

[2007/11/01 18:50:50 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini

[2007/11/01 18:50:49 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini

[2007/11/01 18:50:49 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll

[2007/09/13 18:31:06 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll

[2007/09/13 18:22:46 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll

[2007/09/13 18:22:46 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll

[2007/09/13 18:11:18 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll

[2007/03/06 19:54:04 | 000,995,328 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll

[2006/12/05 15:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll

[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/03/09 13:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[2005/11/23 16:55:42 | 000,024,576 | ---- | C] () -- C:\Windows\System32\SPCtl.dll

[2005/07/22 23:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

========== LOP Check ==========

[2010/03/16 11:25:03 | 000,000,000 | ---D | M] -- C:\Users\Furnace Creek\AppData\Roaming\#ISW.FS#

[2009/04/30 11:28:48 | 000,000,000 | ---D | M] -- C:\Users\Furnace Creek\AppData\Roaming\Canon

[2009/12/14 13:51:18 | 000,000,000 | ---D | M] -- C:\Users\Furnace Creek\AppData\Roaming\CheckPoint

[2010/03/01 18:05:06 | 000,000,000 | ---D | M] -- C:\Users\Furnace Creek\AppData\Roaming\Facebook

[2011/02/17 17:01:10 | 000,000,000 | ---D | M] -- C:\Users\Furnace Creek\AppData\Roaming\MailFrontier

[2010/10/15 19:45:43 | 000,000,000 | ---D | M] -- C:\Users\Furnace Creek\AppData\Roaming\PeerNetworking

[2009/03/13 21:28:38 | 000,000,000 | ---D | M] -- C:\Users\Furnace Creek\AppData\Roaming\TOSHIBA

[2009/04/28 07:26:08 | 000,000,000 | ---D | M] -- C:\Users\Furnace Creek\AppData\Roaming\WinBatch

[2010/02/10 09:03:44 | 000,000,000 | ---D | M] -- C:\Users\Furnace Creek\AppData\Roaming\Windows Live Writer

[2010/05/17 15:03:12 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\CheckPoint

[2011/02/17 07:04:07 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\MailFrontier

[2008/03/07 19:50:02 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PeerNetworking

[2011/02/17 17:03:47 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job

[2011/02/17 13:56:47 | 000,032,574 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Link to post
Share on other sites

Looks pretty good.

Can you take a look in these two folders and see what's in them an do you recognize them, you my have to enable hidden files to see them:

http://www.bleepingcomputer.com/tutorials/tutorial130.html

C:\ProgramData\{84D8B12B-411B-484B-91F0-823C394D5DD9}

C:\Users\Furnace Creek\AppData\Local\{FAD32D04-44D8-42B1-8237-FFFF318D72B3}

--------------------------------------------

Please do this: (it will require a reboot)

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKU\S-1-5-21-146885961-897915187-2518328447-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    O4 - HKLM..\Run: [HWSetup] File not found
    O4 - HKLM..\Run: [NDSTray.exe] File not found
    O4 - HKU\S-1-5-21-146885961-897915187-2518328447-1001..\Run: [TOSCDSPD] File not found
    [2011/01/22 07:27:00 | 000,000,120 | ---- | M] () -- C:\Users\Furnace Creek\AppData\Local\Ttuwepi.dat
    [2011/01/22 07:27:00 | 000,000,000 | ---- | M] () -- C:\Users\Furnace Creek\AppData\Local\Enina.bin
    :Commands
    [emptytemp]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

--------------------------

Then update and run a quick scan with MBAM post the log, MrC

Link to post
Share on other sites

I ran OTL and pasted the code in it. All desktop icons and taskbar disappeared and OTL hung up.

Had to shut down and restart.

It generated a logfile.

Should I retry?

Did not run Mbam yet.

Files\Folders moved on Reboot...

File\Folder C:\Users\Furnace Creek\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\XEV6I9I8\.com_@2Fads_@2Fad21754a-map.cgi_@2FBCPG175222.253833.302718_@2FVTS=2Ge0z[1]._lU1_@2FSZ%3D300X250A_@2FV%3D0QrE_@2F_@2FST%3D0QrE0i9J10y61DH30rR3sx0QrE02vc02vc_@2FREDIRURL%3D not found!

File\Folder C:\Users\Furnace Creek\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\XEV6I9I8\507278[1].htm not found!

C:\Users\Furnace Creek\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\XEV6I9I8\andes_c[1].html moved successfully.

C:\Users\Furnace Creek\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\XEV6I9I8\sync-min[1].html moved successfully.

File\Folder C:\Users\Furnace Creek\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\XEV6I9I8\sync-min[2].html not found!

File\Folder C:\Users\Furnace Creek\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\NPEMSUFF\;net=cm;u=,cm-95826769_1297989114,11b7cf4dc78740f,polit,cm.polit_l;;cmw=owl;sz=160x600;net=cm;env=ifr;ord1=346084;contx=polit;an=60;dc=w;btg=cm[1].polit_l;ord=[timestamp] not found!

File\Folder C:\Users\Furnace Creek\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\BYNBM30U\drudgereport_com[1].htm not found!

C:\Users\Furnace Creek\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\BYNBM30U\sync-min[1].html moved successfully.

C:\Users\Furnace Creek\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\3RFMALF6\1342992_CON_120104_SYS_NOTEBOOK_INSP_17R_PRESIDENTSDAY_INTEL_V2_728x90[1].html moved successfully.

File\Folder C:\Users\Furnace Creek\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\3RFMALF6\ADTECH;cookie=info;target=_blank;key=key1+key2+key3+key4;grp=000001[1].htm not found!

File\Folder C:\Users\Furnace Creek\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\3RFMALF6\intermarkets[2].htm not found!

Registry entries deleted on Reboot...

Link to post
Share on other sites

Yes but use this code:

:OTL

IE - HKU\S-1-5-21-146885961-897915187-2518328447-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

O4 - HKLM..\Run: [HWSetup] File not found

O4 - HKLM..\Run: [NDSTray.exe] File not found

O4 - HKU\S-1-5-21-146885961-897915187-2518328447-1001..\Run: [TOSCDSPD] File not found

[2011/01/22 07:27:00 | 000,000,120 | ---- | M] () -- C:\Users\Furnace Creek\AppData\Local\Ttuwepi.dat

[2011/01/22 07:27:00 | 000,000,000 | ---- | M] () -- C:\Users\Furnace Creek\AppData\Local\Enina.bin

MrC

Link to post
Share on other sites

========== OTL ==========

HKU\S-1-5-21-146885961-897915187-2518328447-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HWSetup not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NDSTray.exe not found.

Registry value HKEY_USERS\S-1-5-21-146885961-897915187-2518328447-1001\Software\Microsoft\Windows\CurrentVersion\Run\\TOSCDSPD not found.

File C:\Users\Furnace Creek\AppData\Local\Ttuwepi.dat not found.

File C:\Users\Furnace Creek\AppData\Local\Enina.bin not found.

OTL by OldTimer - Version 3.2.20.6 log created on 02182011_081839

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5794

Windows 6.0.6001 Service Pack 1

Internet Explorer 8.0.6001.19019

2/18/2011 11:46:37 AM

mbam-log-2011-02-18 (11-46-37).txt

Scan type: Full scan (C:\|)

Objects scanned: 373668

Time elapsed: 3 hour(s), 22 minute(s), 54 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Users\furnace creek\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\7BYE3YU8\so[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\Users\furnace creek\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\PNWN1610\so[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.