Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Possibly infected Toshiba Satellite A355 laptop

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Possibly infected Toshiba Satellite A355 laptop

Unread postby bkloth » March 31st, 2011, 10:36 pm

Hi. I'm posting here because I have Google Calendar Sync for Microsoft Outlook installed, but lately I keeping seeing an error message box stating "Could not initialize Google Calendar Sync for Microsoft Outlook: code 1008." The official Google resolution states that you must be logged in as an Admin or you will get that message, but I am an Admin on my machine. When searching for alternate solutions, I found another post in this forum with the same issue that wound up being malware.

Additionally, I have also been getting an error message stating "Ad-Aware was shut down unexpectedly." At first I ignored it, thinking it was an issue with Ad-Aware itself, but I keep getting that message every day.

I also occasionally receive a message stating "Emsisoft Anti-Malware Service stopped working and was closed. A problem caused the application to stop working correctly. Windows will notify you if a solution is available."

Those two messages are the trouble I am having, along with my computer seeming to browse more slowly than I would expect (though I had just chalked that up to my computer being a few years old).

Below are my DDS and Attach logs. I read the instructions on what to post here, but please let me know if I missed anything. Thank you in advance for any help you can give me!

DDS Log
.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Brad at 22:19:09.20 on Thu 03/31/2011
Internet Explorer: 8.0.6001.19019 BrowserJavaVersion: 1.6.0_24
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3960.1224 [GMT -4:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Emsisoft Anti-Malware *Disabled/Outdated* {607A6E45-BE50-AFD5-4F70-7EAAEC5B715D}
AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Emsisoft Anti-Malware *Disabled/Outdated* {DB1B8FA1-986A-A05B-75C0-45D897DC3BE0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Windows\system32\agr64svc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Windows\System32\msdtc.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files (x86)\PureText.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\TouchFreeze\TouchFreeze.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files\MozyHome\mozystat.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
C:\Windows\system32\igfxext.exe
C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TSS.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\Users\Brad\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe
C:\Program Files (x86)\Windows 7 Shortcuts 0.4\Windows 7 0.4.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Brad\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com/ig
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain ... &bmod=TSHB
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.comcast.net/
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain ... &bmod=TSHB
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
uRun: [PureText] "C:\Program Files (x86)\PureText.exe"
uRun: [Windows Live Sync] "C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe" /background
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [TouchFreeze] C:\Program Files (x86)\TouchFreeze\TouchFreeze.exe
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [NDSTray.exe] NDSTray.exe
mRun: [cfFncEnabler.exe] cfFncEnabler.exe
mRun: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
mRun: [SVPWUTIL] "C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" SVPwUTIL
mRun: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe"
mRun: [Ad-Watch] "C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe"
mRun: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
mRun: [StartupDelayer] "C:\Program Files (x86)\r2 Studios\Startup Delayer\Startup Launcher.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GOOGLE~1.LNK - C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MOZYHO~1.LNK - C:\Program Files\MozyHome\mozystat.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
Trusted Zone: gsu.edu
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://accessaz.bannerhealth.com/CACHE ... vpnweb.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} - hxxp://support.microsoft.com/mats/DiagWebControl.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: {245853D1-EA47-4A87-8BBE-F8DFD26B5331} = 172.23.3.220,172.23.3.240
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
mRun-x64: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
mRun-x64: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun-x64: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun-x64: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun-x64: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [CanonSolutionMenu] "C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" /logon
mRun-x64: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
Hosts: 127.0.0.1 http://www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\of9jd81o.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.netvibes.com/|http://my.yaho ... /espn.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=n ... t&hl=en&q=
FF - component: C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\of9jd81o.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\of9jd81o.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - plugin: C:\Program Files (x86)\eMusic Download Manager\plugin\npemusic.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Users\Brad\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\of9jd81o.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2.dll
FF - plugin: C:\Users\Brad\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Brad\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - %profile%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: FfChrome: {9bc51d13-3849-4541-a69c-da418934ca05} - %profile%\extensions\{9bc51d13-3849-4541-a69c-da418934ca05}
FF - Ext: Read It Later: isreaditlater@ideashower.com - %profile%\extensions\isreaditlater@ideashower.com
FF - Ext: Greasefire: greasefire@skrul.com - %profile%\extensions\greasefire@skrul.com
FF - Ext: ColorfulTabs: {0545b830-f0aa-4d7e-8820-50a4629a56fe} - %profile%\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
FF - Ext: CLEO: CLEO@guid.customsoftwareconsult.com - %profile%\extensions\CLEO@guid.customsoftwareconsult.com
FF - Ext: FEBE: {4BBDD651-70CF-4821-84F8-2B918CF89CA3} - %profile%\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
FF - Ext: SmartSearch: {4fa0d965-cd01-4d08-9bdb-0d8c47cfd5d8} - %profile%\extensions\{4fa0d965-cd01-4d08-9bdb-0d8c47cfd5d8}
FF - Ext: Forecastfox Weather: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3} - %profile%\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: BugMeNot: {987311C6-B504-4aa2-90BF-60CC49808D42} - %profile%\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
FF - Ext: OPIE: OPIE@guid.customsoftwareconsult.com - %profile%\extensions\OPIE@guid.customsoftwareconsult.com
FF - Ext: All-in-One Sidebar: {097d3191-e6fa-4728-9826-b533d755359d} - %profile%\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
FF - Ext: BetterPrivacy: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3} - %profile%\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
FF - Ext: Personal Menu: CompactMenuCE@Merci.chao - %profile%\extensions\CompactMenuCE@Merci.chao
FF - Ext: Tree Style Tab: treestyletab@piro.sakura.ne.jp - %profile%\extensions\treestyletab@piro.sakura.ne.jp
FF - Ext: LeechBlock: {a95d8332-e4b4-6e7f-98ac-20b733364387} - %profile%\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Minimap Addon: {398e77b8-2304-11dc-8314-0800200c9a66} - %profile%\extensions\{398e77b8-2304-11dc-8314-0800200c9a66}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: CookieCuller: {99B98C2C-7274-45a3-A640-D9DF1A1C8460} - %profile%\extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}
FF - Ext: Torbutton: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca} - %profile%\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: OptimizeGoogle: optimizegoogle@optimizegoogle.com - %profile%\extensions\optimizegoogle@optimizegoogle.com
FF - Ext: IE Tab 2 (FF 3.6+): {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} - %profile%\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\System32\drivers\Lbd.sys [2010-10-14 69152]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\Windows\System32\drivers\tos_sps64.sys [2009-3-19 504912]
R1 a2injectiondriver;a2injectiondriver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [2010-11-18 48216]
R1 a2util;a-squared Malware-IDS utility driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [2010-11-18 14720]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2009-5-6 273488]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-29 128752]
R2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2010-11-18 2806000]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2009-5-6 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2009-5-6 62032]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-6-27 40384]
R2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe [2008-6-27 36864]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe [2008-7-10 40960]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2010-12-3 1405384]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-5-5 1153368]
R2 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2008-9-1 46392]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2008-7-17 139776]
R3 a2acc;a2acc;C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys [2010-11-18 84752]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2010-12-3 17152]
R3 NETw5v64;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit ;C:\Windows\System32\drivers\NETw5v64.sys [2008-4-28 4730368]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [2008-8-25 89600]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-17 135664]
S3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2008-8-7 143360]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-2-18 51712]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-4 89920]
S4 KR10I64;KR10I64;C:\Windows\System32\drivers\KR10I64.sys [2008-9-1 248320]
S4 KR10N64;KR10N64;C:\Windows\System32\drivers\KR10N64.sys [2008-9-1 237568]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-03-30 02:34:40 8424784 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{409D8AA5-5CD2-4A44-AD38-C7E2EE70A4DC}\mpengine.dll
2011-03-23 01:16:33 1149440 ----a-w- C:\Windows\System32\FntCache.dll
2011-03-23 01:16:32 479744 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-03-23 01:16:32 1068544 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-03-23 01:16:31 288768 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-03-23 01:16:30 1555968 ----a-w- C:\Windows\System32\DWrite.dll
2011-03-18 01:53:20 -------- d-----w- C:\Users\Brad\AppData\Roaming\VOWSoft
2011-03-18 01:42:05 -------- d-----w- C:\Program Files (x86)\VOWSoft iPod Software
2011-03-13 06:46:26 -------- d-----w- C:\Program Files (x86)\TouchFreeze
2011-03-13 04:31:03 -------- d-----w- C:\Program Files\iPod
2011-03-13 04:31:00 -------- d-----w- C:\Program Files\iTunes
2011-03-10 01:00:53 2425344 ----a-w- C:\Windows\System32\mstscax.dll
2011-03-10 01:00:49 2067968 ----a-w- C:\Windows\SysWow64\mstscax.dll
2011-03-10 01:00:46 731136 ----a-w- C:\Windows\System32\mstsc.exe
2011-03-10 01:00:44 677888 ----a-w- C:\Windows\SysWow64\mstsc.exe
2011-03-10 01:00:32 559616 ----a-w- C:\Windows\System32\EncDec.dll
2011-03-10 01:00:31 416768 ----a-w- C:\Windows\System32\sbe.dll
2011-03-10 01:00:30 429056 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-03-10 01:00:29 226816 ----a-w- C:\Windows\System32\mpg2splt.ax
2011-03-10 01:00:27 322560 ----a-w- C:\Windows\SysWow64\sbe.dll
2011-03-10 01:00:27 177664 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2011-03-10 01:00:26 153088 ----a-w- C:\Windows\SysWow64\sbeio.dll
2011-03-10 01:00:25 210944 ----a-w- C:\Windows\System32\sbeio.dll
2011-03-09 04:38:54 -------- d-----w- C:\Program Files (x86)\CloseAll
2011-03-09 04:22:41 -------- d-----w- C:\Users\Brad\AppData\Roaming\r2 Studios
2011-03-09 04:22:40 -------- d-----w- C:\PROGRA~3\r2 Studios
2011-03-09 04:22:28 -------- d-----w- C:\Program Files (x86)\r2 Studios
2011-03-07 02:01:43 -------- d-----w- C:\Program Files (x86)\VS Revo Group
.
==================== Find3M ====================
.
2011-02-18 21:36:58 51712 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2011-02-18 21:36:58 4184352 ----a-w- C:\Windows\System32\usbaaplrc.dll
2011-02-03 02:40:23 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-02-02 22:11:20 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-01-23 05:26:30 525792 ----a-w- C:\Windows\DIFxAPI.dll
2011-01-20 16:46:10 900480 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2011-01-20 16:17:15 366592 ----a-w- C:\Windows\System32\winspool.drv
2011-01-20 16:17:03 625152 ----a-w- C:\Windows\System32\dxgi.dll
2011-01-20 16:16:53 287232 ----a-w- C:\Windows\System32\d3d10core.dll
2011-01-20 16:16:52 327680 ----a-w- C:\Windows\System32\d3d10_1core.dll
2011-01-20 16:16:52 196096 ----a-w- C:\Windows\System32\d3d10_1.dll
2011-01-20 16:16:52 1268224 ----a-w- C:\Windows\System32\d3d10.dll
2011-01-20 16:16:47 748544 ----a-w- C:\Windows\System32\stobject.dll
2011-01-20 16:16:40 47104 ----a-w- C:\Windows\System32\cdd.dll
2011-01-20 16:16:10 3548672 ----a-w- C:\Windows\System32\mf.dll
2011-01-20 16:16:08 35840 ----a-w- C:\Windows\System32\printfilterpipelineprxy.dll
2011-01-20 16:14:49 278528 ----a-w- C:\Windows\System32\mfplat.dll
2011-01-20 16:14:49 195072 ----a-w- C:\Windows\System32\mfps.dll
2011-01-20 16:08:16 478720 ----a-w- C:\Windows\SysWow64\dxgi.dll
2011-01-20 16:08:06 219648 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2011-01-20 16:08:06 189952 ----a-w- C:\Windows\SysWow64\d3d10core.dll
2011-01-20 16:08:06 160768 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2011-01-20 16:08:06 1029120 ----a-w- C:\Windows\SysWow64\d3d10.dll
2011-01-20 16:07:42 258048 ----a-w- C:\Windows\SysWow64\winspool.drv
2011-01-20 16:07:16 586240 ----a-w- C:\Windows\SysWow64\stobject.dll
2011-01-20 16:06:38 2873344 ----a-w- C:\Windows\SysWow64\mf.dll
2011-01-20 16:04:54 98816 ----a-w- C:\Windows\SysWow64\mfps.dll
2011-01-20 16:04:54 209920 ----a-w- C:\Windows\SysWow64\mfplat.dll
2011-01-20 15:01:50 3068416 ----a-w- C:\Windows\System32\xpsservices.dll
2011-01-20 15:01:09 1653760 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-01-20 14:59:59 1032192 ----a-w- C:\Windows\System32\printfilterpipelinesvc.exe
2011-01-20 14:58:38 1461760 ----a-w- C:\Windows\System32\OpcServices.dll
2011-01-20 14:57:28 231936 ----a-w- C:\Windows\System32\XpsRasterService.dll
2011-01-20 14:42:00 1257984 ----a-w- C:\Windows\System32\MFH264Dec.dll
2011-01-20 14:41:29 428544 ----a-w- C:\Windows\System32\MFHEAACdec.dll
2011-01-20 14:40:17 345088 ----a-w- C:\Windows\System32\mfreadwrite.dll
2011-01-20 14:40:14 34304 ----a-w- C:\Windows\System32\mfpmp.exe
2011-01-20 14:40:11 377344 ----a-w- C:\Windows\System32\mfmp4src.dll
2011-01-20 14:37:06 2002944 ----a-w- C:\Windows\System32\d3d10warp.dll
2011-01-20 14:35:30 566272 ----a-w- C:\Windows\System32\d3d10level9.dll
2011-01-20 14:28:38 1554432 ----a-w- C:\Windows\SysWow64\xpsservices.dll
2011-01-20 14:27:50 876032 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-01-20 14:25:25 847360 ----a-w- C:\Windows\SysWow64\OpcServices.dll
2011-01-20 14:24:26 135680 ----a-w- C:\Windows\SysWow64\XpsRasterService.dll
2011-01-20 14:15:10 979456 ----a-w- C:\Windows\SysWow64\MFH264Dec.dll
2011-01-20 14:14:39 357376 ----a-w- C:\Windows\SysWow64\MFHEAACdec.dll
2011-01-20 14:14:03 302592 ----a-w- C:\Windows\SysWow64\mfmp4src.dll
2011-01-20 14:14:03 261632 ----a-w- C:\Windows\SysWow64\mfreadwrite.dll
2011-01-20 14:12:46 1172480 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2011-01-20 14:11:34 486400 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2011-01-20 14:06:15 834048 ----a-w- C:\Windows\System32\d2d1.dll
2011-01-20 13:47:51 683008 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-01-13 08:47:35 38848 ----a-w- C:\Windows\avastSS.scr
2011-01-13 08:37:23 62032 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-01-08 09:03:01 48128 ----a-w- C:\Windows\System32\atmlib.dll
2011-01-08 08:47:50 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-01-08 06:45:51 367104 ----a-w- C:\Windows\System32\atmfd.dll
2011-01-08 06:28:49 292352 ----a-w- C:\Windows\SysWow64\atmfd.dll
2003-08-21 07:00:00 28672 ----a-w- C:\Program Files (x86)\PureText.exe
.
============= FINISH: 22:20:50.70 ===============

Attach Log
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 3/19/2009 5:31:42 PM
System Uptime: 3/31/2011 7:56:06 PM (3 hours ago)
.
Motherboard: TOSHIBA | | KTKAA
Processor: Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz | U2E1 | 2200/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 223 GiB total, 47.565 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0000
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter
PNP Device ID: ROOT\*ISATAP\0000
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
PNP Device ID: ROOT\NET\0000
Service: vpnva
.
==== System Restore Points ===================
.
RP632: 3/18/2011 3:38:23 AM - Scheduled Checkpoint
RP633: 3/19/2011 12:07:58 AM - Windows Update
RP634: 3/22/2011 9:08:36 PM - Windows Update
RP635: 3/22/2011 11:07:40 PM - Windows Update
RP636: 3/24/2011 12:42:27 AM - Scheduled Checkpoint
RP637: 3/24/2011 3:00:33 AM - Windows Update
RP638: 3/25/2011 12:29:44 AM - Scheduled Checkpoint
RP639: 3/25/2011 10:19:55 PM - Windows Update
RP640: 3/29/2011 10:33:36 PM - Windows Update
RP641: 3/31/2011 9:01:28 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
ABC (remove only)
Acrobat.com
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3
Advanced SystemCare 3
Amazon MP3 Downloader 1.0.10
Apple Application Support
Apple Software Update
ArcSoft MediaImpression for Kodak
ArcSoft MediaImpression HD Edition
ArcSoft PhotoStudio 5.5
avast! Free Antivirus
CacheMyWork
Camera Assistant Software for Toshiba
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MP Navigator EX 1.0
Canon MP970 series User Registration
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
CD/DVD Drive Acoustic Silencer
CNET TechTracker
Compatibility Pack for the 2007 Office system
COWON Media Center - jetAudio Basic VX
CyberLink PowerCinema for TOSHIBA
Driver Detective
DVD MovieFactory for TOSHIBA
eFax Messenger
Emsisoft Anti-Malware 5.0
eMusic Download Manager 4.1.3.1
Everything 1.2.1.371
File Shredder 2.0
FLV Player 2.0 (build 25)
GnuWin32: Wget-1.11.4-1
Google Calendar Sync
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
iBackupBot for iTunes 3.0.10
iConcertCal
IrfanView (remove only)
Java Auto Updater
Java(TM) 6 Update 24
Java(TM) 6 Update 7
JMicron JMB38X Flash Media Controller
KeePass Password Safe 2.14
Last.fm 1.5.4.27091
Malwarebytes' Anti-Malware
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Ultimate 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works 6-9 Converter
Microsoft XML Parser
Mozilla Firefox (3.6.16)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Netflix in Windows Media Center
Network Stumbler 0.4.0 (remove only)
NoteTab Light 6 (Remove only)
Pdf995
Picasa 3
QuickBooks Financial Center
Quicksys RegDefrag 2.9
QuickTime
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
Revo Uninstaller 1.91
ScanSoft OmniPage SE 4
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Spybot - Search & Destroy
SpywareBlaster 4.4
Startup Delayer v2.5 (build 138)
System Requirements Lab for Intel
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Desktop Links
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Flash Cards Support Utility
TOSHIBA Hardware Setup
Toshiba Registration
TOSHIBA Service Station
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TouchFreeze
TrueCrypt
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2508979)
Utility Common Driver
Vista Services Optimizer
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WildTangent Games
Windows Live Sync
Windows Media Encoder 9 Series
Wise Disk Cleaner 5.83
Wise Registry Cleaner 5.9.1
Xvid 1.2.2 final uninstall
.
==== End Of File ===========================
bkloth
Active Member
 
Posts: 6
Joined: March 31st, 2011, 10:22 pm
Advertisement
Register to Remove

Re: Possibly infected Toshiba Satellite A355 laptop

Unread postby askey127 » April 4th, 2011, 7:40 am

Hi bkloth,
Best to not EVER use any Registry Optimizer, cleaner, booster, etc.
One software bug and your machine can be turned into an unbootable doorstop.
....and besides, they don't work.

You have too many Security programs running. We will disable and/or remove some.
-----------------------------------------------------------
Disable Windows Defender
Open Windows Defender by clicking the Start button, All Programs, and then clicking Windows Defender.
If you don't see it in the Programs List, you can access and start it using the Control Panel.
Start Windows Defender and Click Tools, and then click Options.
Scroll down to the bottom. Under Administrator options, UNcheck the Use Windows Defender check box, and then click Save.
Administrator permission is required. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
---------------------------------------------------
Disable Emsisoft AntiMalware on Startup
Run the Anti-Malware Guard via the Start menu - Programs - Emsisoft Anti-Malware - Emsisoft Anti-Malware Guard.
Go to the guard configuration and ensure the box "Enable protection on system startup" is DE-Activated.
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Uninstall a program under the Programs heading.
Right click each Entry, as follows, one by one, if it exists, choose Uninstall/Change, and give permission to Continue:
Ad-Aware
Adobe Reader 9.3
Advanced SystemCare 3
Java(TM) 6 Update 7
Quicksys RegDefrag 2.9
SpywareBlaster 4.4
Wise Registry Cleaner 5.9.1
Vista Services Optimizer

Take extra care in answering questions posed by any Uninstaller.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
--------------------------------------------------------
Download and Install the newest version of Adobe Reader for reading pdf files, due to the vulnerabilities in earlier versions.
All versions numbered lower than 10.0 are vulnerable.
Go HERE and click on AdbeRdr1001_en_US.exe to download the latest version of Adobe Acrobat Reader.
Save this file to your desktop and run it to install the latest version of Adobe Reader.

After the new Reader is installed, Open Adobe Reader X. (Right click and Run as administrator in Vista/Win7)
OK the license.
Click on Edit and select Preferences.
On the Left, click on the Javascript category and Uncheck Enable Acrobat Javascript.
Click on the Security (Enhanced) category and Uncheck Automatically trust sites from my Win OS security zones.
Click on the Trust Manager category and Uncheck Allow opening of non-PDF file attachments with external applications.
Click the OK button
---------------------------------------------
Run a Scan with OTL
  1. Please download OTL.exe by OldTimer and save it to your desktop.
  2. Right click on OTL.exe and select Run As Administrator to run it. If Windows UAC prompts you, please allow it.
    If you have a 64-bit version of Windows, check the box at the top, labeled Include 64 bit scans
  3. Check the boxes labeled :
    • Scan All Users
    • LOP check
    • Purity check
  4. Click on the Run Scan button at the top left hand corner.
  5. OTL will start running. When done, 2 Notepad files will open; OTL.txt and Extras.txt.
    They will be saved on your desktop.
Please post the contents of these files.
You may use separate replies if you wish.
If any of the files are too large to post, you can split the oversize one(s) into multiple replies

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Possibly infected Toshiba Satellite A355 laptop

Unread postby bkloth » April 4th, 2011, 5:42 pm

Thank you for your help. FWIW, all of the Registry Optimizer, cleaner, booster, etc., programs as well as the multiple security programs were recommended by PCWorld magazine. (I had a feeling that there might be too many security programs running, but I thought I had set them up where most of them would only be run as on-demand scans.)

I followed all of your steps; following are the OTL and Extras logs generated by OTL. Thanks!

OTL.Txt
OTL logfile created on: 4/4/2011 5:02:02 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Brad\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 49.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 222.72 Gb Total Space | 46.78 Gb Free Space | 21.00% Space Free | Partition Type: NTFS

Computer Name: BRAD-PC | User Name: Brad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/04 17:00:32 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Brad\Desktop\OTL.exe
PRC - [2011/01/13 04:47:34 | 003,396,624 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/01/13 04:47:33 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/12/02 19:19:18 | 002,621,952 | ---- | M] () -- C:\Users\Brad\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe
PRC - [2010/11/18 02:17:12 | 002,806,000 | ---- | M] (Emsi Software GmbH) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
PRC - [2010/10/27 21:21:54 | 001,155,072 | ---- | M] (Last.fm) -- C:\Program Files (x86)\Last.fm\LastFM.exe
PRC - [2010/07/12 18:41:30 | 000,304,304 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/02/04 23:15:18 | 000,204,673 | ---- | M] () -- C:\Program Files (x86)\Windows 7 Shortcuts 0.4\Windows 7 0.4.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/10/02 12:23:16 | 000,546,288 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
PRC - [2008/08/20 00:34:32 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/07/10 20:58:40 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2008/07/10 20:57:30 | 000,634,880 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
PRC - [2008/06/27 21:46:06 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe
PRC - [2008/04/17 03:19:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2007/05/21 04:37:36 | 000,124,512 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
PRC - [2006/11/06 20:14:44 | 000,034,352 | ---- | M] () -- C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe
PRC - [2006/08/23 19:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2005/04/29 17:15:40 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\TouchFreeze\TouchFreeze.exe
PRC - [2003/08/21 03:00:00 | 000,028,672 | ---- | M] (http://www.SteveMiller.net) -- C:\Program Files (x86)\PureText.exe


========== Modules (SafeList) ==========

MOD - [2011/04/04 17:00:32 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Brad\Desktop\OTL.exe
MOD - [2011/01/13 04:47:35 | 000,189,728 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2010/08/28 16:31:38 | 000,211,432 | ---- | M] (Emsi Software GmbH) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2hooks32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/01/13 04:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/06/29 13:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2008/08/25 12:58:12 | 000,089,600 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV:64bit: - [2008/08/19 02:24:02 | 000,434,016 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2008/07/17 14:00:14 | 000,139,776 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV:64bit: - [2008/04/30 23:20:42 | 001,371,136 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2008/04/30 22:42:20 | 000,826,368 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2008/03/18 15:26:56 | 000,015,872 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/11/21 20:53:16 | 000,135,168 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2010/11/18 02:17:12 | 002,806,000 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/08/20 00:34:32 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/08/04 17:46:22 | 000,046,392 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2008/07/10 20:58:40 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/06/27 21:46:06 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)
SRV - [2008/05/28 19:20:16 | 000,164,600 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/05/23 01:55:32 | 000,150,376 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2006/08/23 19:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/02/18 17:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/01/13 04:37:23 | 000,062,032 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2010/12/03 05:05:34 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\Lbd.sys -- (Lbd)
DRV:64bit: - [2010/11/15 15:01:43 | 000,230,352 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2010/05/04 21:30:09 | 000,027,640 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\vpnva64.sys -- (vpnva)
DRV:64bit: - [2010/02/08 09:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/09/14 13:04:28 | 000,066,040 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\mozy.sys -- (mozyFilter)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/11/16 19:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\dne64x.sys -- (DNE)
DRV:64bit: - [2008/08/20 00:01:44 | 000,504,912 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2008/08/07 20:01:36 | 000,143,360 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\jmcr.sys -- (JMCR)
DRV:64bit: - [2008/08/06 19:26:08 | 000,174,592 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/07/20 20:44:54 | 000,402,456 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2008/06/26 19:24:18 | 000,020,520 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV:64bit: - [2008/06/12 21:51:36 | 007,911,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2008/04/28 09:38:12 | 004,730,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel(R)
DRV:64bit: - [2008/03/21 15:47:14 | 001,253,376 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/02/07 03:29:08 | 000,195,632 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2008/01/20 22:47:25 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV:64bit: - [2008/01/20 22:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2007/12/11 18:03:36 | 000,027,272 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2007/11/09 17:00:30 | 000,026,968 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2006/11/09 02:34:00 | 000,237,568 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\kr10n64.sys -- (KR10N64)
DRV:64bit: - [2006/11/09 02:33:00 | 000,248,320 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\kr10i64.sys -- (KR10I64)
DRV:64bit: - [2006/10/23 19:33:08 | 000,018,944 | ---- | M] (TOSHIBA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\tosrfec.sys -- (tosrfec)
DRV:64bit: - [2006/09/18 17:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2010/09/19 09:57:36 | 000,084,752 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys -- (a2acc)
DRV - [2010/09/05 13:25:22 | 000,048,216 | ---- | M] (Emsi Software GmbH) [File_System | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys -- (a2injectiondriver)
DRV - [2010/05/05 10:40:54 | 000,014,720 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys -- (a2util)
DRV - [2008/05/07 14:30:14 | 000,032,040 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\LPCFilter.sys -- (LPCFilter)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain ... &bmod=TSHB
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain ... &bmod=TSHB
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2573985777-1565772931-2293845180-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain ... &bmod=TSHB
IE - HKU\S-1-5-21-2573985777-1565772931-2293845180-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2573985777-1565772931-2293845180-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2573985777-1565772931-2293845180-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.bankofamerica.com/ [binary data]
IE - HKU\S-1-5-21-2573985777-1565772931-2293845180-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig
IE - HKU\S-1-5-21-2573985777-1565772931-2293845180-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2573985777-1565772931-2293845180-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2573985777-1565772931-2293845180-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2573985777-1565772931-2293845180-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2573985777-1565772931-2293845180-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\software\mozilla\eMusic Download Manager\Extensions\\Components: C:\Program Files (x86)\eMusic Download Manager\xulrunner\components [2010/12/12 19:39:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\eMusic Download Manager\Extensions\\Plugins: C:\Program Files (x86)\eMusic Download Manager\xulrunner\plugins [2011/04/04 16:14:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/04/03 23:57:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/04/04 16:14:52 | 000,000,000 | ---D | M]

[2009/05/04 00:49:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brad\AppData\Roaming\Mozilla\Extensions
[2011/04/04 00:37:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\of9jd81o.default\extensions
[2010/10/03 19:59:44 | 000,000,000 | ---D | M] (Forecastfox Weather) -- C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\of9jd81o.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2011/03/23 21:50:38 | 000,000,000 | ---D | M] (All-in-One Sidebar) -- C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\of9jd81o.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
[2010/12/23 14:11:21 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\of9jd81o.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2010/04/28 20:59:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\of9jd81o.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/17 12:34:14 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\of9jd81o.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/11/11 00:14:34 | 000,000,000 | ---D | M] (Minimap Addon) -- C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\of9jd81o.default\extensions\{398e77b8-2304-11dc-8314-0800200c9a66}
[2010/10/16 10:26:58 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\of9jd81o.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010/06/04 16:00:52 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\of9jd81o.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2011/03/23 21:50:40 | 000,000,000 | ---D | M] (SmartSearch) -- C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\of9jd81o.default\extensions\{4fa0d965-cd01-4d08-9bdb-0d8c47cfd5d8}
[2009/09/22 23:46:53 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\of9jd81o.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
[2010/11/11 01:10:30 | 000,000,000 | ---D | M] (CookieCuller) -- C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\of9jd81o.default\extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}
[2009/05/04 00:55:35 | 000,000,000 | ---D | M] ("FfChrome") -- C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\of9jd81o.default\extensions\{9bc51d13-3849-4541-a69c-da418934ca05}
[2010/11/11 00:14:21 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\of9jd81o.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/03/23 21:50:30 | 000,000,000 | ---D | M] (LeechBlock) -- C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\of9jd81o.default\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}
[2010/09/09 22:06:28 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\of9jd81o.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2010/12/30 14:35:45 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\of9jd81o.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/11/25 12:08:38 | 000,000,000 | ---D | M] (Tiny Menu) -- C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\of9jd81o.default\extensions\{d33c2f7c-b1e6-4d46-ab0e-be1f6d05c904}
[2011/03/13 02:13:08 | 000,000,000 | ---D | M] ("BetterPrivacy") -- C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\of9jd81o.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2011/03/12 12:17:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\of9jd81o.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2011/03/13 02:13:17 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\of9jd81o.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/11/11 01:10:29 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\of9jd81o.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2011/02/12 22:16:40 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\of9jd81o.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/01/23 14:56:59 | 000,000,000 | ---D | M] ("2 Pane Bookmarks") -- C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\of9jd81o.default\extensions\{FD61379B-066A-4afc-89DE-89FB24D907C2}
[2009/10/22 21:25:57 | 000,000,000 | ---D | M] (CLEO) -- C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\of9jd81o.default\extensions\CLEO@guid.customsoftwareconsult.com
[2010/06/04 16:00:54 | 000,000,000 | ---D | M] (RetailMeNot) -- C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\of9jd81o.default\extensions\enquiries@retailmenot.com
[2011/04/03 23:11:00 | 000,000,000 | ---D | M] (Greasefire) -- C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\of9jd81o.default\extensions\greasefire@skrul.com
[2010/12/30 14:35:44 | 000,000,000 | ---D | M] (Read It Later) -- C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\of9jd81o.default\extensions\isreaditlater@ideashower.com
[2009/05/04 00:55:34 | 000,000,000 | ---D | M] (OPIE) -- C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\of9jd81o.default\extensions\OPIE@guid.customsoftwareconsult.com
[2010/12/03 15:42:34 | 000,000,000 | ---D | M] (OptimizeGoogle) -- C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\of9jd81o.default\extensions\optimizegoogle@optimizegoogle.com
[2011/04/04 00:37:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\of9jd81o.default\extensions\staged
[2011/03/12 12:17:23 | 000,000,000 | ---D | M] ("Tree Style Tab") -- C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\of9jd81o.default\extensions\treestyletab@piro.sakura.ne.jp
[2011/03/12 12:17:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\of9jd81o.default\extensions\{dc572301-7619-498c-a57d-39143191b318}\modules\extensions
[2011/04/04 15:46:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/06/23 01:29:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/13 16:24:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/12/07 19:46:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/03/04 23:36:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2009/05/31 23:28:37 | 000,000,000 | ---D | M] (eMusic - Apple iTunes Support) -- C:\PROGRAM FILES (X86)\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_ITUNES@EMUSIC.COM
[2009/05/31 23:28:37 | 000,000,000 | ---D | M] (eMusic - Nullsoft Winamp Support) -- C:\PROGRAM FILES (X86)\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WINAMP@EMUSIC.COM
[2009/05/31 23:28:37 | 000,000,000 | ---D | M] (eMusic - Microsoft Media Player Support) -- C:\PROGRAM FILES (X86)\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WMP@EMUSIC.COM
[2011/03/18 13:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/01/20 03:38:59 | 000,429,101 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 http://www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 http://www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 http://www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 http://www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 http://www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 http://www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 http://www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 http://www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 http://www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 http://www.10sek.com
O1 - Hosts: 127.0.0.1 http://www.1-2005-search.com
O1 - Hosts: 14778 more lines...
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll (Google Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-21-2573985777-1565772931-2293845180-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [cfFncEnabler.exe] File not found
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe ()
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [StartupDelayer] C:\Program Files (x86)\r2 Studios\Startup Delayer\Startup Launcher.exe (r2 studios)
O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2573985777-1565772931-2293845180-1000..\Run: [PureText] C:\Program Files (x86)\PureText.exe (http://www.SteveMiller.net)
O4 - HKU\S-1-5-21-2573985777-1565772931-2293845180-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-2573985777-1565772931-2293845180-1000..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKU\S-1-5-21-2573985777-1565772931-2293845180-1000..\Run: [TouchFreeze] C:\Program Files (x86)\TouchFreeze\TouchFreeze.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2573985777-1565772931-2293845180-1000\..Trusted Domains: gsu.edu ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2573985777-1565772931-2293845180-1000\..Trusted Domains: gsu.edu ([]https in Trusted sites)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.co ... 1.66.0.cab (SysInfo Class)
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://accessaz.bannerhealth.com/CACHE ... vpnweb.cab (Cisco AnyConnect VPN Client Web Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} http://support.microsoft.com/mats/DiagWebControl.cab (Diagnostics ActiveX WebControl)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.68.166 68.87.74.166
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img31.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img31.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{199c7e0f-0003-11df-ad78-00235a07a8a6}\Shell - "" = AutoRun
O33 - MountPoints2\{199c7e0f-0003-11df-ad78-00235a07a8a6}\Shell\AutoRun\command - "" = F:\MI.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\Windows\43559597.exe \??\C:\Windows\43559597.dat) - File not found
O34 - HKLM BootExecute: (C:\Windows\159869153.exe \??\C:\Windows\159869153.dat) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/04 17:00:23 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Brad\Desktop\OTL.exe
[2011/04/04 16:13:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2011/04/03 23:43:25 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2011/04/03 23:38:10 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\Windows Live
[2011/04/03 23:38:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2011/03/22 22:52:30 | 000,000,000 | ---D | C] -- C:\Users\Brad\Documents\CMI
[2011/03/22 21:16:32 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2011/03/22 21:16:32 | 000,479,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011/03/22 21:16:31 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011/03/22 21:16:30 | 001,555,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011/03/17 21:53:20 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Roaming\VOWSoft
[2011/03/17 21:42:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VOWSoft iPod Software
[2011/03/17 21:42:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VOWSoft iPod Software
[2011/03/13 02:46:27 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TouchFreeze
[2011/03/13 02:46:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TouchFreeze
[2011/03/13 00:32:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/03/13 00:31:03 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/03/13 00:31:00 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/03/12 13:03:33 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Roaming\TOSHIBA
[2011/03/09 21:00:53 | 002,425,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2011/03/09 21:00:49 | 002,067,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2011/03/09 21:00:46 | 000,731,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2011/03/09 21:00:44 | 000,677,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2011/03/09 21:00:32 | 000,559,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011/03/09 21:00:31 | 000,416,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll
[2011/03/09 21:00:30 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011/03/09 21:00:29 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2011/03/09 21:00:27 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll
[2011/03/09 21:00:27 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2011/03/09 21:00:26 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbeio.dll
[2011/03/09 21:00:25 | 000,210,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbeio.dll
[2011/03/09 00:38:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CloseAll
[2011/03/09 00:22:41 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Roaming\r2 Studios
[2011/03/09 00:22:40 | 000,000,000 | ---D | C] -- C:\ProgramData\r2 Studios
[2011/03/09 00:22:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\r2 Studios
[2011/03/06 22:01:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2010/11/18 00:41:24 | 000,028,672 | ---- | C] (http://www.SteveMiller.net) -- C:\Program Files (x86)\PureText.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/04 17:00:32 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Brad\Desktop\OTL.exe
[2011/04/04 16:48:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2573985777-1565772931-2293845180-1000UA.job
[2011/04/04 16:45:04 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/04 16:14:52 | 000,001,933 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/04/04 16:01:27 | 000,707,456 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/04/04 16:01:27 | 000,607,406 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/04/04 16:01:27 | 000,105,014 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/04/04 15:55:32 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/04 15:55:05 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/04 15:55:05 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/04 15:54:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/04 15:54:35 | 4153,294,848 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/04 15:33:27 | 000,423,768 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/04/04 10:52:23 | 000,002,706 | ---- | M] () -- C:\Windows\mozy.blk
[2011/04/04 10:52:23 | 000,001,602 | ---- | M] () -- C:\Windows\mozy.flt
[2011/04/03 23:57:28 | 000,000,923 | ---- | M] () -- C:\Users\Brad\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/03 22:01:43 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2573985777-1565772931-2293845180-1000Core.job
[2011/04/03 21:56:33 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B394C8DF-5AAF-4A6D-9589-5BB9F9D1898F}.job
[2011/04/01 22:29:55 | 000,002,681 | ---- | M] () -- C:\Users\Brad\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook 2007.lnk
[2011/03/28 22:29:02 | 000,118,170 | ---- | M] () -- C:\Users\Brad\Desktop\LG Washer Rebate.pdf
[2011/03/15 00:12:52 | 000,096,554 | ---- | M] () -- C:\Users\Brad\Desktop\Goodyear Coupon.pdf
[2011/03/12 12:57:25 | 000,001,594 | ---- | M] () -- C:\Windows\VPNUnInstall.MIF
[2011/03/09 20:56:44 | 000,000,680 | ---- | M] () -- C:\Users\Brad\AppData\Local\d3d9caps.dat
[2011/03/09 00:40:42 | 000,000,881 | ---- | M] () -- C:\Users\Brad\Application Data\Microsoft\Internet Explorer\Quick Launch\CloseAll.lnk
[2011/03/08 00:34:13 | 000,006,510 | ---- | M] () -- C:\Users\Brad\Documents\KP.kdbx
[2011/03/06 21:51:45 | 000,006,366 | ---- | M] () -- C:\Users\Brad\Documents\KP - Copy.kdbx
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/04 16:14:52 | 000,001,933 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/04/04 16:14:52 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/04/03 23:57:28 | 000,000,911 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/03/31 22:18:13 | 000,625,664 | ---- | C] () -- C:\Users\Brad\Desktop\dds.scr
[2011/03/31 19:56:33 | 4153,294,848 | -HS- | C] () -- C:\hiberfil.sys
[2011/03/28 22:29:02 | 000,118,170 | ---- | C] () -- C:\Users\Brad\Desktop\LG Washer Rebate.pdf
[2011/03/15 00:12:48 | 000,096,554 | ---- | C] () -- C:\Users\Brad\Desktop\Goodyear Coupon.pdf
[2011/03/12 12:55:43 | 000,001,594 | ---- | C] () -- C:\Windows\VPNUnInstall.MIF
[2011/03/09 00:40:42 | 000,000,881 | ---- | C] () -- C:\Users\Brad\Application Data\Microsoft\Internet Explorer\Quick Launch\CloseAll.lnk
[2010/03/18 19:14:41 | 000,000,680 | ---- | C] () -- C:\Users\Brad\AppData\Local\d3d9caps.dat
[2010/02/15 18:28:01 | 000,709,336 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/12/04 00:35:27 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/12/04 00:34:35 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/12/04 00:33:52 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/11/05 10:21:27 | 000,000,732 | ---- | C] () -- C:\Users\Brad\AppData\Local\d3d9caps64.dat
[2009/08/26 20:02:58 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/08/26 20:02:58 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/05/13 00:17:06 | 000,047,616 | ---- | C] () -- C:\Windows\SysWow64\pdf995mon64.dll
[2009/05/13 00:17:06 | 000,000,090 | ---- | C] () -- C:\Windows\wpd99.drv
[2009/05/11 01:02:58 | 000,000,424 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2009/05/10 01:23:31 | 000,021,504 | ---- | C] () -- C:\Users\Brad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/04 01:26:39 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009/05/04 00:05:48 | 000,000,013 | RHS- | C] () -- C:\Windows\SysWow64\drivers\fbd.sys
[2009/03/19 16:55:41 | 000,128,113 | ---- | C] () -- C:\Windows\SysWow64\csellang.ini
[2009/03/19 16:55:41 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\csellang.dll
[2009/03/19 16:55:41 | 000,007,671 | ---- | C] () -- C:\Windows\SysWow64\cseltbl.ini
[2008/09/01 17:50:08 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll
[2008/09/01 17:50:08 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll
[2008/09/01 17:50:08 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll
[2008/09/01 17:50:08 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll
[2008/09/01 17:50:08 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll
[2008/09/01 17:50:08 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll
[2008/09/01 16:21:34 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/09/01 15:36:16 | 000,257,053 | ---- | C] () -- C:\Windows\WOLSET.exe
[2008/06/12 21:49:22 | 002,192,024 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2008/06/12 21:49:22 | 000,492,496 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2008/06/12 21:49:22 | 000,147,172 | ---- | C] () -- C:\Windows\SysWow64\igfcg550.bin
[2008/04/24 12:08:30 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\SPCtl.dll
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/12/21 19:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\TosBtAcc.dll
[2006/11/02 11:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 08:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 08:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 05:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2005/07/23 00:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\TosCommAPI.dll

========== LOP Check ==========

[2009/10/24 01:59:41 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\.ABC
[2010/11/14 23:30:22 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\AeroSnapApp
[2010/10/13 00:11:50 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\Amazon
[2010/12/12 20:09:16 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\Canon
[2010/11/15 01:17:43 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\CBS Interactive
[2010/05/05 01:03:10 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\Cisco
[2009/05/15 01:22:39 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\COWON
[2010/06/22 00:46:25 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\eFax Messenger
[2009/05/31 23:28:38 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\eMusic
[2010/11/18 02:02:38 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\EurekaLog
[2009/12/11 12:42:02 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\HandBrake
[2010/04/04 16:42:29 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\iConcertCal
[2011/02/02 17:31:38 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\IObit
[2010/12/16 23:22:09 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\IrfanView
[2010/06/22 00:47:07 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\j2 Global
[2011/04/04 15:53:38 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\KeePass
[2010/11/15 11:40:59 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\Ketarin
[2009/05/12 22:01:36 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\Musicmatch
[2009/05/05 20:33:00 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\NoteTab Light
[2009/05/05 23:34:37 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\OpenOffice.org
[2009/05/15 01:16:34 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\pdf995
[2011/03/09 00:22:41 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\r2 Studios
[2009/05/11 01:02:53 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\ScanSoft
[2010/06/06 21:38:58 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\SystemRequirementsLab
[2011/03/12 13:03:33 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\TOSHIBA
[2010/11/15 15:01:45 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\TrueCrypt
[2011/03/17 21:53:20 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\VOWSoft
[2010/03/15 20:09:19 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\KeePass
[2011/04/04 15:53:44 | 000,032,568 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/04/03 21:56:33 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{B394C8DF-5AAF-4A6D-9589-5BB9F9D1898F}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >


Extras.Txt
OTL Extras logfile created on: 4/4/2011 5:02:02 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Brad\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 49.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 222.72 Gb Total Space | 46.78 Gb Free Space | 21.00% Space Free | Partition Type: NTFS

Computer Name: BRAD-PC | User Name: Brad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2573985777-1565772931-2293845180-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 97 27 0A C6 75 7A CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00F2B524-3DAD-4159-80D3-E9F3DAFAD08E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1B599440-B5A6-402A-96EC-D88BDA0C454E}" = lport=138 | protocol=17 | dir=in | app=system |
"{27B717CC-8AB6-4749-AD2C-060B8E7F1115}" = rport=445 | protocol=6 | dir=out | app=system |
"{38C95098-4C2D-4B4C-9CF1-2FB8397F605C}" = lport=139 | protocol=6 | dir=in | app=system |
"{3E71CA2A-8F6E-4DD6-A2DB-B0E26048E2D4}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4097107A-EC03-464D-8327-EB4B1D429831}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{41AA7BD8-8759-4EEE-BE65-7F2E76B81766}" = rport=137 | protocol=17 | dir=out | app=system |
"{469D2ECC-2144-4436-B337-3FF9C92DBF14}" = lport=10243 | protocol=6 | dir=in | app=system |
"{47D74C20-63A9-4589-ADBF-3653CEE23FEB}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{4C96D187-E5A7-423C-9FC8-A5C178DEBC5F}" = lport=80 | protocol=6 | dir=in | name=itunes1 |
"{66658D51-44A0-443D-85AE-926B74399D7E}" = lport=137 | protocol=17 | dir=in | app=system |
"{6ECD1D6D-EDFE-43B6-995F-2E9286F6D94C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{703D2F86-B010-47B2-998C-46959C486581}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7767DAB1-751F-4C2D-B75A-B92DB29FF347}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7A662824-4CE9-41C7-8BD0-9ED33FF12D31}" = rport=138 | protocol=17 | dir=out | app=system |
"{89F70522-8F86-4FB4-9D17-4C5A041BF415}" = lport=445 | protocol=6 | dir=in | app=system |
"{952B0AD3-D4AC-4E5A-9651-4C697F12D8B5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{99CB257A-5126-4752-8E62-A8FAD6EEDAFE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A128AFCA-9D1F-4538-A09C-DBBD93E61019}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B58FEF3E-C7B8-4AB4-AE87-0F6038CFF5A6}" = rport=139 | protocol=6 | dir=out | app=system |
"{B88DCA07-F6A3-4285-B579-109FCE5CF335}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F5674113-95FF-4CE8-854E-F55DFBB86219}" = lport=443 | protocol=6 | dir=in | name=itunes2 |
"{F63756D4-C159-42D2-8BF5-EB70BDA1B3BB}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{FC01B134-115A-421C-A354-0334016B0D7C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{076EF7C6-3452-4D0D-AA02-B5053822A83F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{096B83BA-3BEA-4448-B005-1E9FB3B1382D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{0FA33437-5E73-412E-8B3F-AC26749C0943}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{13A905AD-DE7F-4754-B602-E4956F41BE62}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{1C7544E2-4E27-4530-BC1E-27A09CDC3DEC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1F8D2F53-6225-4702-B23C-FE808EE6B358}" = dir=in | app=c:\program files (x86)\cyberlink\powercinema for toshiba\kernel\dmp\clbrowserengine.exe |
"{24EF1926-04F8-4B74-AD2A-42E5DCC1CF77}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{28CA4A35-E575-4FEC-973E-675A4F25652E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2B065AC9-FE08-439B-B7E4-6BF6100E12C1}" = protocol=6 | dir=out | app=system |
"{2BD85E55-F6E2-4769-9D37-05FD8382EDA0}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{30E2DD5C-CA86-4C31-A7F9-F3D4695B448C}" = dir=in | app=c:\program files (x86)\cyberlink\powercinema for toshiba\powercinema.exe |
"{32351E88-E251-411E-BF2C-71E3416C9789}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{34392119-DD31-4F67-B93A-C3BCF65ED0E9}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{39F00205-C2A7-411E-806E-5CFCD2FA8E86}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3E0FCE95-F435-49B8-A8C3-EC517206479B}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{4033E014-A533-410B-991D-37168201CEAB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7A041F8D-EE6A-43F3-A4CA-B47AACDE4CA2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7A39C68D-8BB9-43DB-A0F8-C96433CD558C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7B6A8AA3-713C-49B8-A060-E8D25720F0F7}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{8676E0CF-B61A-447D-BF7E-22188ABEDF58}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{900E15D8-6117-49DD-A3F6-BC074B2FEAAC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{98170B61-4F6D-40C0-A987-FB3A53977BD7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{9985CF64-303C-445D-A2E9-3B532753FC97}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{A1A72B89-B095-4F1B-9057-5E26E2A3EC7F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A37F39A3-9B82-4853-B19A-F4F83891A35D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A8B38F88-95C4-4642-9306-CBD8282B2771}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{AA5C581D-8A6D-4BB1-B1F6-D51F80AFD587}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{ACAF2ADC-EFAA-40E8-AFEC-8EF40E039615}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{B287E9D5-27A3-4555-B7ED-8FC77DAF6172}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B7014FCC-7882-4CD9-B60F-C015E79F8050}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{BEEC167C-C119-4D92-AE4C-5D0C06FD2E07}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CBC4D15B-126C-4976-9167-0FC8D6558BA2}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{D3C6046F-E6E6-4B79-B4FD-36C87C37C36A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{D4960D70-FC8E-461A-BABF-D64976E17A9E}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E07FA86B-1151-4541-8FAD-00BC5C43FA2C}" = dir=in | app=c:\program files (x86)\cyberlink\powercinema for toshiba\kernel\dms\clmsservice.exe |
"{E12488AA-6EE4-44B6-AB25-0FB1EC6D07D9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{F55EEFE1-014F-4842-8026-14EFD970C157}" = dir=in | app=c:\program files (x86)\cyberlink\powercinema for toshiba\pcmservice.exe |
"{F7100FDA-BC88-4FDC-90F6-390E21918947}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"TCP Query User{B5670FE2-29F3-41BA-AF76-C0483922AB4A}C:\program files (x86)\abc\abc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\abc\abc.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP970_series" = Canon MP970 series
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{20387B45-18A4-4D48-ABD9-A23D2CBE42B3}" = Dolby Control Center
"{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Intel(R) PROSet/Wireless WiFi Software
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9545E9DB-6F4C-4404-BF25-E221BE8B44C5}" = iTunes
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA4B4C21-8575-40B9-8C7F-5601790484E7}" = MozyHome Remote Backup
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"CanonMyPrinter" = Canon My Printer
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"ProInst" = Intel PROSet Wireless
"Taskbar Shuffle_is1" = Taskbar Shuffle 64-bit version 2.5
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{005F78AF-110D-398A-8430-BE98950A1E22}" = Google Talk Plugin
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = TOSHIBA Assist
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema for TOSHIBA
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 24
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C3F3228-13BE-41D0-A782-3DDE7CB2479A}" = CD/DVD Drive Acoustic Silencer
"{4CD3A1CB-EB91-4DC5-B636-33B66BA56162}" = CacheMyWork
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{522DAB8E-9ED2-4737-9557-E4DE8E7191F7}" = Windows Live Sync
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{53AB4AF2-C55B-4986-B975-34B71E03716B}" = ArcSoft MediaImpression HD Edition
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7973FE67-7730-499E-8DC6-CC329714BB05}" = iConcertCal
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{890EF3F8-742F-46BD-9E8E-084B3A1F4364}" = QuickBooks Financial Center
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ULTIMATER_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{B2F3DBD9-A9D2-4838-B45D-C917DAB32BC3}" = ScanSoft OmniPage SE 4
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D031E017-2434-40A7-A352-4DDD0199170D}" = TouchFreeze
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6D9C5C7-88DF-486C-9BFC-DF8C4D5D1FAF}" = ArcSoft MediaImpression for Kodak
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF6DA606-904D-4C18-823F-A4CFC3035E53}" = eFax Messenger
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = COWON Media Center - jetAudio Basic VX
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1E56B8A-1AAF-422A-91DB-625059FB9863}" = TOSHIBA Desktop Links
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F751C062-87DA-4D33-8A12-6E7F1D4C051C}" = Netflix in Windows Media Center
"{F7FC9307-374E-4017-8E9D-DE1154780480}" = System Requirements Lab for Intel
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"ABC" = ABC (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"avast5" = avast! Free Antivirus
"Canon MP970 series User Registration" = Canon MP970 series User Registration
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonSolutionMenu" = Canon Utilities Solution Menu
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Emsisoft Anti-Malware_is1" = Emsisoft Anti-Malware 5.0
"eMusic Download Manager" = eMusic Download Manager 4.1.3.1
"Everything" = Everything 1.2.1.371
"File Shredder_is1" = File Shredder 2.0
"FLV Player" = FLV Player 2.0 (build 25)
"Google Calendar Sync" = Google Calendar Sync
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"iBackupBot for iTunes" = iBackupBot for iTunes 3.0.10
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema for TOSHIBA
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"IrfanView" = IrfanView (remove only)
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.14
"LastFM_is1" = Last.fm 1.5.4.27091
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox 4.0 (x86 en-US)" = Mozilla Firefox 4.0 (x86 en-US)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"Network Stumbler" = Network Stumbler 0.4.0 (remove only)
"NoteTab Light 6_is1" = NoteTab Light 6 (Remove only)
"Pdf995" = Pdf995
"Picasa 3" = Picasa 3
"Revo Uninstaller" = Revo Uninstaller 1.91
"Startup Delayer" = Startup Delayer v2.5 (build 138)
"TrueCrypt" = TrueCrypt
"ULTIMATER" = Microsoft Office Ultimate 2007
"Wget-1.11.4-1_is1" = GnuWin32: Wget-1.11.4-1
"WildTangent toshiba Master Uninstall" = WildTangent Games
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
"Wise Disk Cleaner_is1" = Wise Disk Cleaner 5.83
"Xvid_is1" = Xvid 1.2.2 final uninstall

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2573985777-1565772931-2293845180-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CNET TechTracker" = CNET TechTracker

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 11/4/2009 4:17:08 AM | Computer Name = Brad-PC | Source = avast! | ID = 33554522
Description =

Error - 11/6/2009 4:16:23 AM | Computer Name = Brad-PC | Source = avast! | ID = 33554522
Description =

Error - 11/11/2009 4:18:52 AM | Computer Name = Brad-PC | Source = avast! | ID = 33554522
Description =

Error - 12/10/2009 4:21:18 AM | Computer Name = Brad-PC | Source = avast! | ID = 33554522
Description =

Error - 12/10/2009 4:21:32 AM | Computer Name = Brad-PC | Source = avast! | ID = 33554522
Description =

Error - 12/12/2009 4:20:02 AM | Computer Name = Brad-PC | Source = avast! | ID = 33554522
Description =

Error - 12/23/2009 4:22:40 AM | Computer Name = Brad-PC | Source = avast! | ID = 33554522
Description =

Error - 1/22/2010 4:17:13 AM | Computer Name = Brad-PC | Source = avast! | ID = 33554522
Description =

Error - 2/10/2010 4:19:07 AM | Computer Name = Brad-PC | Source = avast! | ID = 33554522
Description =

Error - 6/19/2010 10:48:40 PM | Computer Name = Brad-PC | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 4/4/2011 10:02:27 AM | Computer Name = Brad-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/4/2011 10:02:27 AM | Computer Name = Brad-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 30366281

Error - 4/4/2011 10:02:27 AM | Computer Name = Brad-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 30366281

Error - 4/4/2011 10:02:28 AM | Computer Name = Brad-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/4/2011 10:02:28 AM | Computer Name = Brad-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 30367342

Error - 4/4/2011 10:02:28 AM | Computer Name = Brad-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 30367342

Error - 4/4/2011 10:51:59 AM | Computer Name = Brad-PC | Source = VSS | ID = 8194
Description =

Error - 4/4/2011 11:08:55 AM | Computer Name = Brad-PC | Source = VSS | ID = 8194
Description =

Error - 4/4/2011 3:34:30 PM | Computer Name = Brad-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/4/2011 3:55:16 PM | Computer Name = Brad-PC | Source = WinMgmt | ID = 10
Description =

[ Cisco AnyConnect VPN Client Events ]
Error - 5/7/2010 11:44:57 PM | Computer Name = Brad-PC | Source = vpnagent | ID = 50331649
Description = Function: WSARecv/WSARecvFrom Return code: 0 File: .\IPC\SocketTransport.cpp
Line:
1073 Description: unknown

Error - 5/7/2010 11:44:57 PM | Computer Name = Brad-PC | Source = vpnagent | ID = 50331649
Description = Function: CSocketTransport::readSocket Return code: 0xFE1F000F File:
.\IPC\IPCTransport.cpp Line: 751 Description: SOCKETTRANSPORT_ERROR_TRANSPORT_FAILURE


Error - 5/7/2010 11:44:57 PM | Computer Name = Brad-PC | Source = vpnagent | ID = 50331649
Description = Function: CIpcTransport::OnSocketReadComplete Return code: 0xFE1F000F
File:
.\IPC\IPCDepot.cpp Line: 787 Description: SOCKETTRANSPORT_ERROR_TRANSPORT_FAILURE


Error - 5/7/2010 11:44:57 PM | Computer Name = Brad-PC | Source = vpnagent | ID = 50331649
Description = Function: WSASend Return code: 10054 File: .\IPC\SocketTransport.cpp
Line:
1333 Description: An existing connection was forcibly closed by the remote host.



Error - 5/7/2010 11:44:57 PM | Computer Name = Brad-PC | Source = vpnagent | ID = 50331649
Description = Function: CSocketTransport::writeSocketBlocking Return code: 0xFE1F000B
File:
.\IPC\IPCTransport.cpp Line: 351 Description: SOCKETTRANSPORT_ERROR_WRITE

Error - 11/29/2010 4:11:00 PM | Computer Name = Brad-PC | Source = vpnui | ID = 50724865
Description = Function: ::LoadLibrary Return code: 126 File: .\Utility\Win\HModuleMgr.cpp
Line:
114 Description: The specified module could not be found.

Error - 11/29/2010 4:16:23 PM | Computer Name = Brad-PC | Source = vpnui | ID = 50724865
Description = Function: ::LoadLibrary Return code: 126 File: .\Utility\Win\HModuleMgr.cpp
Line:
114 Description: The specified module could not be found.

Error - 11/29/2010 4:16:25 PM | Computer Name = Brad-PC | Source = vpnui | ID = 50724865
Description = Function: SendRequestToPeer Return code: 0xFE00001D File: .\ConnectIfc.cpp
Line:
551 Description: unknown

Error - 11/29/2010 4:16:25 PM | Computer Name = Brad-PC | Source = vpnui | ID = 50724865
Description = Function: ConnectIfc::connect Return code: 0xFE00001D File: .\ConnectMgr.cpp
Line:
449 Description: unknown

Error - 11/29/2010 4:16:30 PM | Computer Name = Brad-PC | Source = vpnui | ID = 50724865
Description = Function: ::LoadLibrary Return code: 126 File: .\Utility\Win\HModuleMgr.cpp
Line:
114 Description: The specified module could not be found.

[ Media Center Events ]
Error - 2/15/2011 11:46:17 PM | Computer Name = Brad-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsTemplate.

[ OSession Events ]
Error - 5/6/2010 12:27:41 AM | Computer Name = Brad-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 271730
seconds with 6120 seconds of active time. This session ended with a crash.

Error - 5/21/2010 1:26:57 AM | Computer Name = Brad-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 46
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/28/2010 12:04:50 AM | Computer Name = Brad-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: 540, Application Version: 12.0.6425.1000,
Microsoft Office Version: 12.0.6425.1000. This session lasted 2330 seconds with
540 seconds of active time. This session ended with a crash.

Error - 9/9/2010 7:37:42 PM | Computer Name = Brad-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 771436
seconds with 8340 seconds of active time. This session ended with a crash.

Error - 9/13/2010 11:58:51 PM | Computer Name = Brad-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 603
seconds with 60 seconds of active time. This session ended with a crash.

Error - 9/24/2010 12:02:54 AM | Computer Name = Brad-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 621152
seconds with 11160 seconds of active time. This session ended with a crash.

Error - 12/7/2010 8:12:55 PM | Computer Name = Brad-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 596119
seconds with 9840 seconds of active time. This session ended with a crash.

Error - 1/6/2011 5:13:49 PM | Computer Name = Brad-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 311
seconds with 180 seconds of active time. This session ended with a crash.

Error - 1/9/2011 1:25:58 AM | Computer Name = Brad-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 31
seconds with 0 seconds of active time. This session ended with a crash.

Error - 4/2/2011 1:46:02 AM | Computer Name = Brad-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 26101
seconds with 16680 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 9/21/2009 8:14:21 PM | Computer Name = Brad-PC | Source = PlugPlayManager | ID = 12
Description = The device 'OHCI Compliant IEEE 1394 Host Controller' (PCI\VEN_197B&DEV_2380&SUBSYS_FF001179&REV_00\4&1fa03bb1&0&00E5)
disappeared from the system without first being prepared for removal.

Error - 9/21/2009 9:41:32 PM | Computer Name = Brad-PC | Source = bowser | ID = 8003
Description =

Error - 9/21/2009 9:42:06 PM | Computer Name = Brad-PC | Source = PlugPlayManager | ID = 12
Description = The device 'OHCI Compliant IEEE 1394 Host Controller' (PCI\VEN_197B&DEV_2380&SUBSYS_FF001179&REV_00\4&1fa03bb1&0&00E5)
disappeared from the system without first being prepared for removal.

Error - 9/21/2009 10:10:14 PM | Computer Name = Brad-PC | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{39955140-8301-4FB7-84D3-21B4489444FA}
because another computer on the network has the same name. The server could not
start.

Error - 9/22/2009 9:17:03 AM | Computer Name = Brad-PC | Source = PlugPlayManager | ID = 12
Description = The device 'OHCI Compliant IEEE 1394 Host Controller' (PCI\VEN_197B&DEV_2380&SUBSYS_FF001179&REV_00\4&1fa03bb1&0&00E5)
disappeared from the system without first being prepared for removal.

Error - 9/22/2009 9:49:23 AM | Computer Name = Brad-PC | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{39955140-8301-4FB7-84D3-21B4489444FA}
because another computer on the network has the same name. The server could not
start.

Error - 9/22/2009 10:29:55 PM | Computer Name = Brad-PC | Source = PlugPlayManager | ID = 12
Description = The device 'OHCI Compliant IEEE 1394 Host Controller' (PCI\VEN_197B&DEV_2380&SUBSYS_FF001179&REV_00\4&1fa03bb1&0&00E5)
disappeared from the system without first being prepared for removal.

Error - 9/23/2009 12:01:32 AM | Computer Name = Brad-PC | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{39955140-8301-4FB7-84D3-21B4489444FA}
because another computer on the network has the same name. The server could not
start.

Error - 9/23/2009 12:51:37 AM | Computer Name = Brad-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:49:20 AM on 9/23/2009 was unexpected.

Error - 9/23/2009 12:51:43 AM | Computer Name = Brad-PC | Source = HTTP | ID = 15016
Description =


< End of report >
bkloth
Active Member
 
Posts: 6
Joined: March 31st, 2011, 10:22 pm

Re: Possibly infected Toshiba Satellite A355 laptop

Unread postby askey127 » April 5th, 2011, 8:02 am

bkloth,
----------------------------------------------
After this run, please reset http://www.google.com as your home page again in both IE and Firefox.
Perform a Custom Scan or Fix with OTL
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    Code: Select all
    :processes
    killallprocesses
    
    :OTL
    [2011/02/02 17:31:38 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\IObit
    O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
    O15 - HKU\S-1-5-21-2573985777-1565772931-2293845180-1000\..Trusted Domains: gsu.edu ([]http in Trusted sites)
    O15 - HKU\S-1-5-21-2573985777-1565772931-2293845180-1000\..Trusted Domains: gsu.edu ([]https in Trusted sites)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O4 - HKLM..\Run: [cfFncEnabler.exe] File not found
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain ... &bmod=TSHB
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain ... &bmod=TSHB
    IE - HKU\S-1-5-21-2573985777-1565772931-2293845180-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain ... &bmod=TSHB
    IE - HKU\S-1-5-21-2573985777-1565772931-2293845180-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
    DRV:64bit: - [2010/12/03 05:05:34 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\Lbd.sys -- (Lbd)
    
    :Files
    
    :Commands
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    [Reboot]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
-----------------------------------------------
Please download MiniToolBox and run it.
Check ONLY the following in the list:
  • Flush DNS
  • Report IE Proxy Settings
  • List IP configuration
  • List Windows version, partitions, and memory size
Click GO and post the result (Result.txt).
-----------------------------------------
Check hard Drive for Errors
Open Notepad... then copy and paste the following line into Notepad:
(Notepad is in Start, Programs, Accessories)
Code: Select all
cmd  /c  chkdsk  c:  |find  /v  "percent"  >> "%userprofile%\desktop\checkhd.txt"

Now Save the NotePad file like this:
  • Click on File from the top menu bar.
  • Select Save As, use Filename: testhd.bat. and Save As Type: All Files.
  • Choose Desktop as the location
  • Click Save.
Right click on testhd.bat on your desktop and select Run As Administrator to run it. OK the UAC.
A Command Prompt box will pop up, then close after a couple minutes.
Please post the contents of the checkhd.txt file from your desktop.
If the file is very long, just copy and paste the LAST 20 or 30 lines into your reply.
---------------------------------------------------
So, In Your Reply, we will be looking for the following :
  • Latest OTL.txt from OTL
  • The Result.txt report from MiniToolbox
  • the contents of checkhd.txt
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Possibly infected Toshiba Satellite A355 laptop

Unread postby bkloth » April 6th, 2011, 8:36 pm

Do I need to check these boxes before I perform the OTL scan again?

If you have a 64-bit version of Windows, check the box at the top, labeled Include 64 bit scans
[*]Check the boxes labeled :
  • Scan All Users
  • LOP check
  • Purity check

Also, I forgot to include this in my previous reply, but when I opened Emisoft Anti-Malware, I was prompted to buy the Full Version as my 30-day free trial had expired. I bypassed this, but when I went to the guard configuration, the "Enable Guard on system startup" checkbox was unchecked and also greyed out. Should I just uninstall Emisoft Anti-Malware since the free trial has expired?

I will wait to hear back from you before performing any of the steps from your most recent post.

Thanks!
bkloth
Active Member
 
Posts: 6
Joined: March 31st, 2011, 10:22 pm

Re: Possibly infected Toshiba Satellite A355 laptop

Unread postby askey127 » April 6th, 2011, 8:52 pm

Go ahead with Uninstalling Emisoft, then please run the previous instruction, step by step.
DO check the 64-bit scans each time you run OTL
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Possibly infected Toshiba Satellite A355 laptop

Unread postby bkloth » April 7th, 2011, 11:48 pm

Latest OTL.txt from OTL
OTL logfile created on: 4/7/2011 11:12:23 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Brad\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 53.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 222.72 Gb Total Space | 56.16 Gb Free Space | 25.21% Space Free | Partition Type: NTFS

Computer Name: BRAD-PC | User Name: Brad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/04 17:00:32 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Brad\Desktop\OTL.exe
PRC - [2011/01/13 04:47:34 | 003,396,624 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/01/13 04:47:33 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/03/08 08:47:20 | 000,073,728 | ---- | M] (r2 studios) -- C:\Program Files (x86)\r2 Studios\Startup Delayer\Startup Launcher.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/10/02 12:23:16 | 000,546,288 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
PRC - [2008/08/20 00:34:32 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/07/10 20:58:40 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2008/07/10 20:57:30 | 000,634,880 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
PRC - [2008/06/27 21:46:06 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe
PRC - [2008/04/17 03:19:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2006/11/06 20:14:44 | 000,034,352 | ---- | M] () -- C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe
PRC - [2006/08/23 19:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2005/04/29 17:15:40 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\TouchFreeze\TouchFreeze.exe
PRC - [2003/08/21 03:00:00 | 000,028,672 | ---- | M] (http://www.SteveMiller.net) -- C:\Program Files (x86)\PureText.exe


========== Modules (SafeList) ==========

MOD - [2011/04/04 17:00:32 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Brad\Desktop\OTL.exe
MOD - [2011/01/13 04:47:35 | 000,189,728 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/01/13 04:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/06/29 13:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2008/08/25 12:58:12 | 000,089,600 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV:64bit: - [2008/08/19 02:24:02 | 000,434,016 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2008/07/17 14:00:14 | 000,139,776 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV:64bit: - [2008/04/30 23:20:42 | 001,371,136 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2008/04/30 22:42:20 | 000,826,368 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2008/03/18 15:26:56 | 000,015,872 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/11/21 20:53:16 | 000,135,168 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/08/20 00:34:32 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/08/04 17:46:22 | 000,046,392 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2008/07/10 20:58:40 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/06/27 21:46:06 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)
SRV - [2008/05/28 19:20:16 | 000,164,600 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/05/23 01:55:32 | 000,150,376 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2006/08/23 19:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/02/18 17:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/01/13 04:37:23 | 000,062,032 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2010/11/15 15:01:43 | 000,230,352 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2010/05/04 21:30:09 | 000,027,640 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\vpnva64.sys -- (vpnva)
DRV:64bit: - [2010/02/08 09:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/09/14 13:04:28 | 000,066,040 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\mozy.sys -- (mozyFilter)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/11/16 19:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\dne64x.sys -- (DNE)
DRV:64bit: - [2008/08/20 00:01:44 | 000,504,912 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2008/08/07 20:01:36 | 000,143,360 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\jmcr.sys -- (JMCR)
DRV:64bit: - [2008/08/06 19:26:08 | 000,174,592 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/07/20 20:44:54 | 000,402,456 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2008/06/26 19:24:18 | 000,020,520 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV:64bit: - [2008/06/12 21:51:36 | 007,911,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2008/04/28 09:38:12 | 004,730,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel(R)
DRV:64bit: - [2008/03/21 15:47:14 | 001,253,376 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/02/07 03:29:08 | 000,195,632 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2008/01/20 22:47:25 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV:64bit: - [2008/01/20 22:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2007/12/11 18:03:36 | 000,027,272 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2007/11/09 17:00:30 | 000,026,968 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2006/11/09 02:34:00 | 000,237,568 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\kr10n64.sys -- (KR10N64)
DRV:64bit: - [2006/11/09 02:33:00 | 000,248,320 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\kr10i64.sys -- (KR10I64)
DRV:64bit: - [2006/10/23 19:33:08 | 000,018,944 | ---- | M] (TOSHIBA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\tosrfec.sys -- (tosrfec)
DRV:64bit: - [2006/09/18 17:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2008/05/07 14:30:14 | 000,032,040 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\LPCFilter.sys -- (LPCFilter)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\software\mozilla\eMusic Download Manager\Extensions\\Components: C:\Program Files (x86)\eMusic Download Manager\xulrunner\components [2010/12/12 19:39:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\eMusic Download Manager\Extensions\\Plugins: C:\Program Files (x86)\eMusic Download Manager\xulrunner\plugins [2011/04/04 16:14:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/04/03 23:57:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/04/04 16:14:52 | 000,000,000 | ---D | M]

[2009/05/04 00:49:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brad\AppData\Roaming\Mozilla\Extensions
[2011/04/07 22:59:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\of9jd81o.default\extensions
[2010/10/03 19:59:44 | 000,000,000 | ---D | M] (Forecastfox Weather) -- C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\of9jd81o.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2011/03/23 21:50:38 | 000,000,000 | ---D | M] (All-in-One Sidebar) -- C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\of9jd81o.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
[2010/12/23 14:11:21 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\of9jd81o.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2010/04/28 20:59:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\of9jd81o.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/17 12:34:14 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\of9jd81o.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/11/11 00:14:34 | 000,000,000 | ---D | M] (Minimap Addon) -- C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\of9jd81o.default\extensions\{398e77b8-2304-11dc-8314-0800200c9a66}
[2010/10/16 10:26:58 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\of9jd81o.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010/06/04 16:00:52 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\of9jd81o.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2009/09/22 23:46:53 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\of9jd81o.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
[2010/11/11 01:10:30 | 000,000,000 | ---D | M] (CookieCuller) -- C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\of9jd81o.default\extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}
[2009/05/04 00:55:35 | 000,000,000 | ---D | M] ("FfChrome") -- C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\of9jd81o.default\extensions\{9bc51d13-3849-4541-a69c-da418934ca05}
[2011/03/23 21:50:30 | 000,000,000 | ---D | M] (LeechBlock) -- C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\of9jd81o.default\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}
[2010/09/09 22:06:28 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\of9jd81o.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2009/11/25 12:08:38 | 000,000,000 | ---D | M] (Tiny Menu) -- C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\of9jd81o.default\extensions\{d33c2f7c-b1e6-4d46-ab0e-be1f6d05c904}
[2011/03/13 02:13:08 | 000,000,000 | ---D | M] ("BetterPrivacy") -- C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\of9jd81o.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2011/03/12 12:17:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\of9jd81o.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2011/03/13 02:13:17 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\of9jd81o.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/11/11 01:10:29 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\of9jd81o.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2011/02/12 22:16:40 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\of9jd81o.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/01/23 14:56:59 | 000,000,000 | ---D | M] ("2 Pane Bookmarks") -- C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\of9jd81o.default\extensions\{FD61379B-066A-4afc-89DE-89FB24D907C2}
[2009/10/22 21:25:57 | 000,000,000 | ---D | M] (CLEO) -- C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\of9jd81o.default\extensions\CLEO@guid.customsoftwareconsult.com
[2010/06/04 16:00:54 | 000,000,000 | ---D | M] (RetailMeNot) -- C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\of9jd81o.default\extensions\enquiries@retailmenot.com
[2011/04/03 23:11:00 | 000,000,000 | ---D | M] (Greasefire) -- C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\of9jd81o.default\extensions\greasefire@skrul.com
[2010/12/30 14:35:44 | 000,000,000 | ---D | M] (Read It Later) -- C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\of9jd81o.default\extensions\isreaditlater@ideashower.com
[2009/05/04 00:55:34 | 000,000,000 | ---D | M] (OPIE) -- C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\of9jd81o.default\extensions\OPIE@guid.customsoftwareconsult.com
[2010/12/03 15:42:34 | 000,000,000 | ---D | M] (OptimizeGoogle) -- C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\of9jd81o.default\extensions\optimizegoogle@optimizegoogle.com
[2011/04/07 22:59:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\of9jd81o.default\extensions\staged
[2011/03/12 12:17:23 | 000,000,000 | ---D | M] ("Tree Style Tab") -- C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\of9jd81o.default\extensions\treestyletab@piro.sakura.ne.jp
[2011/03/12 12:17:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\of9jd81o.default\extensions\{dc572301-7619-498c-a57d-39143191b318}\modules\extensions
[2011/04/04 15:46:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/06/23 01:29:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/13 16:24:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/12/07 19:46:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/03/04 23:36:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2009/05/31 23:28:37 | 000,000,000 | ---D | M] (eMusic - Apple iTunes Support) -- C:\PROGRAM FILES (X86)\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_ITUNES@EMUSIC.COM
[2009/05/31 23:28:37 | 000,000,000 | ---D | M] (eMusic - Nullsoft Winamp Support) -- C:\PROGRAM FILES (X86)\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WINAMP@EMUSIC.COM
[2009/05/31 23:28:37 | 000,000,000 | ---D | M] (eMusic - Microsoft Media Player Support) -- C:\PROGRAM FILES (X86)\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WMP@EMUSIC.COM
[2011/03/18 13:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/01/20 03:38:59 | 000,429,101 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 14778 more lines...
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll (Google Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe ()
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [StartupDelayer] C:\Program Files (x86)\r2 Studios\Startup Delayer\Startup Launcher.exe (r2 studios)
O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKCU..\Run: [PureText] C:\Program Files (x86)\PureText.exe (http://www.SteveMiller.net)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKCU..\Run: [TouchFreeze] C:\Program Files (x86)\TouchFreeze\TouchFreeze.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.co ... 1.66.0.cab (SysInfo Class)
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://accessaz.bannerhealth.com/CACHE ... vpnweb.cab (Cisco AnyConnect VPN Client Web Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} http://support.microsoft.com/mats/DiagWebControl.cab (Diagnostics ActiveX WebControl)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.68.166 68.87.74.166
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img31.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img31.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{199c7e0f-0003-11df-ad78-00235a07a8a6}\Shell - "" = AutoRun
O33 - MountPoints2\{199c7e0f-0003-11df-ad78-00235a07a8a6}\Shell\AutoRun\command - "" = F:\MI.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\Windows\43559597.exe \??\C:\Windows\43559597.dat) - File not found
O34 - HKLM BootExecute: (C:\Windows\159869153.exe \??\C:\Windows\159869153.dat) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/07 23:02:13 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/04 17:00:23 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Brad\Desktop\OTL.exe
[2011/04/04 16:13:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2011/04/03 23:43:25 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2011/04/03 23:38:10 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\Windows Live
[2011/04/03 23:38:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2011/03/22 22:52:30 | 000,000,000 | ---D | C] -- C:\Users\Brad\Documents\CMI
[2011/03/17 21:53:20 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Roaming\VOWSoft
[2011/03/17 21:42:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VOWSoft iPod Software
[2011/03/17 21:42:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VOWSoft iPod Software
[2011/03/13 02:46:27 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TouchFreeze
[2011/03/13 02:46:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TouchFreeze
[2011/03/13 00:32:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/03/13 00:31:03 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/03/13 00:31:00 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/03/12 13:03:33 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Roaming\TOSHIBA
[2011/03/09 00:38:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CloseAll
[2011/03/09 00:22:41 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Roaming\r2 Studios
[2011/03/09 00:22:40 | 000,000,000 | ---D | C] -- C:\ProgramData\r2 Studios
[2011/03/09 00:22:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\r2 Studios
[2010/11/18 00:41:24 | 000,028,672 | ---- | C] (http://www.SteveMiller.net) -- C:\Program Files (x86)\PureText.exe

========== Files - Modified Within 30 Days ==========

[2011/04/07 23:13:39 | 000,707,456 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/04/07 23:13:39 | 000,607,406 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/04/07 23:13:39 | 000,105,014 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/04/07 23:10:22 | 000,002,706 | ---- | M] () -- C:\Windows\mozy.blk
[2011/04/07 23:10:22 | 000,001,602 | ---- | M] () -- C:\Windows\mozy.flt
[2011/04/07 23:07:28 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/07 23:06:57 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/07 23:06:57 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/07 23:06:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/07 23:06:42 | 4153,294,848 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/07 22:48:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2573985777-1565772931-2293845180-1000UA.job
[2011/04/07 22:45:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/07 22:23:11 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2573985777-1565772931-2293845180-1000Core.job
[2011/04/06 23:41:54 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B394C8DF-5AAF-4A6D-9589-5BB9F9D1898F}.job
[2011/04/06 21:12:02 | 000,279,878 | ---- | M] () -- C:\Users\Brad\Desktop\bookmarks-2011-04-06.json
[2011/04/05 23:35:45 | 000,504,682 | ---- | M] () -- C:\Users\Brad\Desktop\bookmarks.html
[2011/04/05 22:46:39 | 000,002,681 | ---- | M] () -- C:\Users\Brad\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook 2007.lnk
[2011/04/04 17:00:32 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Brad\Desktop\OTL.exe
[2011/04/04 15:33:27 | 000,423,768 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/04/03 23:57:28 | 000,000,923 | ---- | M] () -- C:\Users\Brad\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/03/28 22:29:02 | 000,118,170 | ---- | M] () -- C:\Users\Brad\Desktop\LG Washer Rebate.pdf
[2011/03/15 00:12:52 | 000,096,554 | ---- | M] () -- C:\Users\Brad\Desktop\Goodyear Coupon.pdf
[2011/03/12 12:57:25 | 000,001,594 | ---- | M] () -- C:\Windows\VPNUnInstall.MIF
[2011/03/09 20:56:44 | 000,000,680 | ---- | M] () -- C:\Users\Brad\AppData\Local\d3d9caps.dat
[2011/03/09 00:40:42 | 000,000,881 | ---- | M] () -- C:\Users\Brad\Application Data\Microsoft\Internet Explorer\Quick Launch\CloseAll.lnk

========== Files Created - No Company Name ==========

[2011/04/06 21:12:01 | 000,279,878 | ---- | C] () -- C:\Users\Brad\Desktop\bookmarks-2011-04-06.json
[2011/04/05 23:35:45 | 000,504,682 | ---- | C] () -- C:\Users\Brad\Desktop\bookmarks.html
[2011/04/04 16:14:52 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/04/03 23:57:28 | 000,000,911 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/03/31 22:18:13 | 000,625,664 | ---- | C] () -- C:\Users\Brad\Desktop\dds.scr
[2011/03/31 19:56:33 | 4153,294,848 | -HS- | C] () -- C:\hiberfil.sys
[2011/03/28 22:29:02 | 000,118,170 | ---- | C] () -- C:\Users\Brad\Desktop\LG Washer Rebate.pdf
[2011/03/15 00:12:48 | 000,096,554 | ---- | C] () -- C:\Users\Brad\Desktop\Goodyear Coupon.pdf
[2011/03/12 12:55:43 | 000,001,594 | ---- | C] () -- C:\Windows\VPNUnInstall.MIF
[2011/03/09 00:40:42 | 000,000,881 | ---- | C] () -- C:\Users\Brad\Application Data\Microsoft\Internet Explorer\Quick Launch\CloseAll.lnk
[2010/03/18 19:14:41 | 000,000,680 | ---- | C] () -- C:\Users\Brad\AppData\Local\d3d9caps.dat
[2010/02/15 18:28:01 | 000,709,336 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/12/04 00:35:27 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/12/04 00:34:35 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/12/04 00:33:52 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/11/05 10:21:27 | 000,000,732 | ---- | C] () -- C:\Users\Brad\AppData\Local\d3d9caps64.dat
[2009/08/26 20:02:58 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/08/26 20:02:58 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/05/13 00:17:06 | 000,047,616 | ---- | C] () -- C:\Windows\SysWow64\pdf995mon64.dll
[2009/05/13 00:17:06 | 000,000,090 | ---- | C] () -- C:\Windows\wpd99.drv
[2009/05/11 01:02:58 | 000,000,424 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2009/05/10 01:23:31 | 000,021,504 | ---- | C] () -- C:\Users\Brad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/04 01:26:39 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009/05/04 00:05:48 | 000,000,013 | RHS- | C] () -- C:\Windows\SysWow64\drivers\fbd.sys
[2009/03/19 16:55:41 | 000,128,113 | ---- | C] () -- C:\Windows\SysWow64\csellang.ini
[2009/03/19 16:55:41 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\csellang.dll
[2009/03/19 16:55:41 | 000,007,671 | ---- | C] () -- C:\Windows\SysWow64\cseltbl.ini
[2008/09/01 17:50:08 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll
[2008/09/01 17:50:08 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll
[2008/09/01 17:50:08 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll
[2008/09/01 17:50:08 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll
[2008/09/01 17:50:08 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll
[2008/09/01 17:50:08 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll
[2008/09/01 16:21:34 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/09/01 15:36:16 | 000,257,053 | ---- | C] () -- C:\Windows\WOLSET.exe
[2008/06/12 21:49:22 | 002,192,024 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2008/06/12 21:49:22 | 000,492,496 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2008/06/12 21:49:22 | 000,147,172 | ---- | C] () -- C:\Windows\SysWow64\igfcg550.bin
[2008/04/24 12:08:30 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\SPCtl.dll
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/12/21 19:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\TosBtAcc.dll
[2006/11/02 11:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 08:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 08:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 05:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2005/07/23 00:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\TosCommAPI.dll

========== LOP Check ==========

[2009/10/24 01:59:41 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\.ABC
[2010/11/14 23:30:22 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\AeroSnapApp
[2010/10/13 00:11:50 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\Amazon
[2010/12/12 20:09:16 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\Canon
[2010/11/15 01:17:43 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\CBS Interactive
[2010/05/05 01:03:10 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\Cisco
[2009/05/15 01:22:39 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\COWON
[2010/06/22 00:46:25 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\eFax Messenger
[2009/05/31 23:28:38 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\eMusic
[2010/11/18 02:02:38 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\EurekaLog
[2009/12/11 12:42:02 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\HandBrake
[2010/04/04 16:42:29 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\iConcertCal
[2010/12/16 23:22:09 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\IrfanView
[2010/06/22 00:47:07 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\j2 Global
[2011/04/07 23:04:59 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\KeePass
[2010/11/15 11:40:59 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\Ketarin
[2009/05/12 22:01:36 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\Musicmatch
[2009/05/05 20:33:00 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\NoteTab Light
[2009/05/05 23:34:37 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\OpenOffice.org
[2009/05/15 01:16:34 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\pdf995
[2011/03/09 00:22:41 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\r2 Studios
[2009/05/11 01:02:53 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\ScanSoft
[2010/06/06 21:38:58 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\SystemRequirementsLab
[2011/03/12 13:03:33 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\TOSHIBA
[2010/11/15 15:01:45 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\TrueCrypt
[2011/03/17 21:53:20 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\VOWSoft
[2011/04/07 23:05:08 | 000,032,568 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/04/06 23:41:54 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{B394C8DF-5AAF-4A6D-9589-5BB9F9D1898F}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >


The Result.txt report from MiniToolbox
MiniToolBox by Farbar
Ran by Brad at 2011-04-07 23:33:27
Windows (TM) Vista Home Premium Service Pack 2 (X64)

***************************************************************************


================= Flush DNS: ==============================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

================= End of Flush DNS ========================================

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= End of IE Proxy Settings ========================

================= IP Configuration: =======================================

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add route prefix=169.254.0.0/16 interface="iftype0_0" nexthop=192.168.1.111 metric=1
set interface interface="Local Area Connection" forwarding=disabled advertise=disabled mtu=1300 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled
set interface interface="Wireless Network Connection" forwarding=disabled advertise=disabled mtu=1300 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection 2" forwarding=disabled advertise=disabled metric=1 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled
set interface interface="ethernet_13" forwarding=disabled advertise=disabled mtu=1300 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled
set interface interface="ethernet_19" forwarding=disabled advertise=disabled mtu=1300 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled
add address name="Local Area Connection 2" address=0.0.0.0
add address name="ethernet_19" address=0.0.0.0
add address name="ethernet_13" address=10.23.18.3


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Brad-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hsd1.ga.comcast.net.

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : hsd1.ga.comcast.net.
Description . . . . . . . . . . . : Intel(R) Wireless WiFi Link 5100
Physical Address. . . . . . . . . : 00-22-FA-9B-02-F0
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::9946:9cc:b3e5:3f98%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.113(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, April 07, 2011 11:06:58 PM
Lease Expires . . . . . . . . . . : Friday, April 08, 2011 11:06:58 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 301998842
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-54-71-B9-00-23-5A-07-A8-A6
DNS Servers . . . . . . . . . . . : 68.87.68.166
68.87.74.166
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8102E Family PCI-E Fast Ethernet NIC (NDIS 6.0)
Physical Address. . . . . . . . . : 00-23-5A-07-A8-A6
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : hsd1.ga.comcast.net.
Description . . . . . . . . . . . : isatap.hsd1.ga.comcast.net.
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:2091:d1:3f57:fe8e(Preferred)
Link-local IPv6 Address . . . . . : fe80::2091:d1:3f57:fe8e%14(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{29F6AB2E-C731-4625-ACE2-A4E46C7DFC01}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: cns.s3woodstock.ga.atlanta.comcast.net
Address: 68.87.68.166

Name: google.com
Addresses: 74.125.47.103
74.125.47.105
74.125.47.106
74.125.47.147
74.125.47.99
74.125.47.104


Pinging google.com [74.125.47.105] with 32 bytes of data:
Reply from 74.125.47.105: bytes=32 time=123ms TTL=51
Reply from 74.125.47.105: bytes=32 time=187ms TTL=51

Ping statistics for 74.125.47.105:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 123ms, Maximum = 187ms, Average = 155ms
Server: cns.s3woodstock.ga.atlanta.comcast.net
Address: 68.87.68.166

Name: yahoo.com
Addresses: 98.137.149.56
209.191.122.70
67.195.160.76
69.147.125.65
72.30.2.43


Pinging yahoo.com [67.195.160.76] with 32 bytes of data:
Reply from 67.195.160.76: bytes=32 time=143ms TTL=48
Reply from 67.195.160.76: bytes=32 time=140ms TTL=48

Ping statistics for 67.195.160.76:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 140ms, Maximum = 143ms, Average = 141ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
11 ...00 22 fa 9b 02 f0 ...... Intel(R) Wireless WiFi Link 5100
10 ...00 23 5a 07 a8 a6 ...... Realtek RTL8102E Family PCI-E Fast Ethernet NIC (NDIS 6.0)
1 ........................... Software Loopback Interface 1
16 ...00 00 00 00 00 00 00 e0 isatap.hsd1.ga.comcast.net.
14 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
15 ...00 00 00 00 00 00 00 e0 isatap.{29F6AB2E-C731-4625-ACE2-A4E46C7DFC01}
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.113 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
169.254.0.0 255.255.0.0 192.168.1.111 192.168.1.113 26
192.168.1.0 255.255.255.0 On-link 192.168.1.113 281
192.168.1.113 255.255.255.255 On-link 192.168.1.113 281
192.168.1.255 255.255.255.255 On-link 192.168.1.113 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.113 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.113 281
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
169.254.0.0 255.255.0.0 192.168.1.111 1
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
14 18 ::/0 On-link
1 306 ::1/128 On-link
14 18 2001::/32 On-link
14 266 2001:0:4137:9e76:2091:d1:3f57:fe8e/128
On-link
11 281 fe80::/64 On-link
14 266 fe80::/64 On-link
14 266 fe80::2091:d1:3f57:fe8e/128
On-link
11 281 fe80::9946:9cc:b3e5:3f98/128
On-link
1 306 ff00::/8 On-link
14 266 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

================= End of IP Configuration =================================

========================= Memory info: ====================================

Percentage of memory in use: 53%
Total physical RAM: 3959.96 MB
Available physical RAM: 1840.37 MB
Total Pagefile: 8099.17 MB
Available Pagefile: 5776.73 MB
Total Virtual: 4095.88 MB
Available Virtual: 4013.69 MB

======================= Partitions: =======================================

1 Drive c: (SQ004805V04) (Fixed) (Total:222.72 GB) (Free:59.06 GB) NTFS


The contents of checkhd.txt
The type of the file system is NTFS.
Volume label is SQ004805V04.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
File verification completed.
1034 large file records processed.
0 bad file records processed.
0 EA records processed.
76 reparse records processed.
CHKDSK is verifying indexes (stage 2 of 3)...
Index verification completed.
0 unindexed files processed.
CHKDSK is verifying security descriptors (stage 3 of 3)...
Security descriptor verification completed.
40106 data files processed.
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
Windows has checked the file system and found no problems.

233542655 KB total disk space.
173129716 KB in 209447 files.
128792 KB in 40107 indexes.
0 KB in bad sectors.
385419 KB in use by the system.
65536 KB occupied by the log file.
59898728 KB available on disk.

4096 bytes in each allocation unit.
58385663 total allocation units on disk.
14974682 allocation units available on disk.
bkloth
Active Member
 
Posts: 6
Joined: March 31st, 2011, 10:22 pm

Re: Possibly infected Toshiba Satellite A355 laptop

Unread postby askey127 » April 8th, 2011, 6:08 am

bkloth,
Those scans and changes look OK.

With Super AntiSpyware running, you should not re-enable Windows Defender.
Be aware also that Super AntiSpyware has a SAFEBOOT utility you should never use.
If your machine should become infected, It can make your machine unbootable.

Tell me how it's running.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Possibly infected Toshiba Satellite A355 laptop

Unread postby bkloth » April 11th, 2011, 9:59 pm

Thanks, askey127! My computer seems to be running faster now, and my browsers are definitely running more quickly. Could you let me know all of the changes and fixes we made?

Also, are there any particular free antivirus/antimalware/etc. buttons that you particularly recommend? Or any paid ones, too?

Thanks!
bkloth
Active Member
 
Posts: 6
Joined: March 31st, 2011, 10:22 pm

Re: Possibly infected Toshiba Satellite A355 laptop

Unread postby askey127 » April 12th, 2011, 7:56 am

bkloth,
Most of the problems came from too many overlapping programs interfering with each other.

The following were already removed from your machine
==========================================
Adobe Reader 9.3 <== obsolete Reader, poses infection risk,, replaced by Adobe Reader X
Advanced SystemCare 3 <== extra antivirus, not desirable or needed, having TWO antivirus programs at once causes trouble
Java(TM) 6 Update 7 <== obsolete Java, poses infection risk
Quicksys RegDefrag 2.9 <== never use a Registry defrag, booster, optimizer, cleaner, etc
SpywareBlaster 4.4 <== unnecessary Anti-Spyware program
Wise Registry Cleaner 5.9.1 <== never use a Registry defrag, booster, optimizer, cleaner, etc
Vista Services Optimizer <== Unnecessary, useless Services utility
Ad-Aware <== unnecessary Anti-Spyware program

You only need ONE of the following Anti-Spyware programs. We will keep ONE and Uninstall the rest.
If you paid for EmsiSoft, let's keep that one. It is competent.

==========================================
Spybot - Search & Destroy <== unnecessary Anti-Spyware program
SuperAntiSpyware <== unnecessary Anti-Spyware program
Emsisoft Anti-Malware 5.0 <== WE WILL KEEP THIS ONE
Malwarebytes' Anti-Malware <== unnecessary Anti-Spyware program

------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Uninstall a program under the Programs heading.
Right click each Entry, as follows, one by one, if it exists, choose Uninstall/Change, and give permission to Continue:

Spybot - Search & Destroy
SuperAntiSpyware
Malwarebytes' Anti-Malware

Take extra care in answering questions posed by any Uninstaller.
If the Spybot Uninstaller asks whether you want to remove all files and settings, answer YES. If it reports that it cannot remove all files, that's OK.
------------------------------------------------
Re-Enable Emsisoft AntiMalware on Startup
Run the Anti-Malware Guard via the Start menu - Programs - Emsisoft Anti-Malware - Emsisoft Anti-Malware Guard.
Go to the guard configuration, and ensure the box "Enable protection on system startup" is Activated.
----------------------------------------------
Following is a File Cleaner that is Safe, and you can retain it on your desktop to use once a week or so
Download Temp File Cleaner and save it to your desktop.
Save any unsaved work. TFC will close ALL open programs... including your browser!
Double click to run it. (Right click and choose Run as Administrator in Vista or Win7)
If you have a lot of junk files to remove, it could take a while, so please be patient and let it finish.
When it's done, it will report the total size of files removed. If it asks to Reboot, choose to do so. This will remove files that could not be removed while Windows was running.
After Restart, log back in to your usual account.

Your free Avast! antivirus is just fine to keep. If you ever decide to use a different one, be sure to Uninstall Avast! when you install the new one.
You should be good to go. Just resist the temptation to install more helpers or security software. More is not better!
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Possibly infected Toshiba Satellite A355 laptop

Unread postby bkloth » April 14th, 2011, 10:47 pm

I actually already uninstalled Emisoft per your instructions above since I had just downloaded the free 30-day trial which had expired. So of Spybot - Search & Destroy, SuperAntiSpyware, and Malwarebytes' Anti-Malware, which should I keep? Or is there a better program to install?
bkloth
Active Member
 
Posts: 6
Joined: March 31st, 2011, 10:22 pm

Re: Possibly infected Toshiba Satellite A355 laptop

Unread postby askey127 » April 15th, 2011, 6:24 am

Malwarebytes is actually the best of those to install, and the only one you need.
The paid version is an inexpensive lifetime license, and has a full time guard.
The standard instruction to download and run it in Vista:
----------------------------------------------------------------------------------
Download and Run MalwareBytes' Anti-Malware It is free for non-business use.
Please go here to the Download Location, click on Download.
  • After clicking on the download and choosing Save, the "Save to location" dialog will come up.
  • Click the browse folders button, then click on Desktop on the left as the location for the installer and click Save again. Close the dialog when the download is complete.
  • You should now have a desktop icon named mbam-setup.exe.
  • Right click it, choose Run as administrator and Continue
  • Let it install where it wants to, with the default settings, and click Finish.
  • If an update is found, it will download and install the latest version. A shield symbol will show on the desktop icon while it is updating, and will disappear when it's done.
  • If necessary, start Malwarebytes Anti-Malware again.
  • Once the program has started up, select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • If it found any malware items, check all items except items in the C:\System Volume Information folder... and click Remove Selected.
  • When completed, a log will open in Notepad.
  • The log can also be found using the "Logs" tab in the program. You can click any "Scan" log listed to open its contents. The logs are listed and named by time/date stamp.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Possibly infected Toshiba Satellite A355 laptop

Unread postby askey127 » April 17th, 2011, 7:47 am

this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 53 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware