BleepingComputer.com: My 12 Year Old Daughter's Computer Needs Help

Stupid question...download on Josie's computer or mine?

On hers

If the internet on her computer does not work, let me know and I'll give you slightly different instructions.

I had to go back to my computer. When I did the Combofix I lost all of Josie's shortcuts on her desktop as well as losing her taskbar so I couldn't get her online after it rebooted. I did a search for the file name you said and I hope this is right....

ComboFix 10-01-21.01 - Toshiba 01/21/2010 13:05:45.1.1 - x86
Running from: C:\Documents and Settings\Toshiba\My Documents\Downloads\ComboFix.exe

This can't be right. What did I mess up now? I'll keep looking until I hear from you.

One thing I noticed while ComboFix was running it deleted a huge amount of files, including that winlogon86.exe one but it also deleted 2 folders and I know 1 was desktop

I'm trying to keep it on until tomorrow when I usually hear from you.

This post has been edited by BBlueize: 21 January 2010 - 08:46 PM

Don't panic here, I kind of expected something like this



It still boots normal however?

After it boots, can you press alt-ctrl-del, does this bring up the taskmanager?

If so, click File > Run, type explorer.exe and press enter.

Does this bring back the taskbar/desktop icons?

I knew it would do that, but I also know it would detect userinit.exe as missing and replace it with a new copy.

OK...it booted back up (there was a quick view if a black screen that looked like it would have gave me a choice to either pick Windows Recovery or Windows XP...it went real fast so I'm not sure exactly what they were...but it chose Windows XP.

Anyway, booted up and did all you said now in Task Manager it has 2 My Documents and there's 2 on the screen but no icons or taskbar.

Muriel

For laughs and giggles I closed everything

reopened taskmanager

retyped explorer.exe in file...run

and.......

everything came back....

Combofix restarted and said "Preparing Log Report. Do not run any programs until ComboFix has finished."

Windows Explorer opened with this message...

Your last browsing session closed unexpectedly.
Would you like to restore your last session, or go to your home page?

with button for each to choose.

Ashampoo Antispyware 2 (trial version) came up wanting me to buy it or whatever because the trial ran out .

This post has been edited by BBlueize: 22 January 2010 - 10:53 AM

Thats normal, if you don't do anything there windows will boot in XP.

What happened when you clicked file > run, typed explorer.exe and pressed enter?

Do you mean My Documents is two times on the desktop?

Sorry, husband called while I was trying to type to you.

Do you see what I added to my last reply?

(at the time it looked like there were 2 Documents open on the desktop but both went away when I closed them and when I reopened taskmanager it was empty when I ran it again)

Also, a log just popped up. It's what I'd expect a log to look like...biiiiig.

Post it please (the log)

Ok...here goes...

ComboFix 10-01-21.01 - Toshiba 01/21/2010 13:05:45.1.1 - x86
Running from: c:\documents and settings\Toshiba\My Documents\Downloads\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Toshiba\Application Data\Microsoft\Internet Explorer\Quick Launch\Ashampoo AntiSpyWare 2.lnk
c:\windows\command
c:\windows\desktop
c:\windows\system32\11478.exe
c:\windows\system32\11942.exe
c:\windows\system32\12382.exe
c:\windows\system32\14604.exe
c:\windows\system32\153.exe
c:\windows\system32\15724.exe
c:\windows\system32\17421.exe
c:\windows\system32\18467.exe
c:\windows\system32\18716.exe
c:\windows\system32\19169.exe
c:\windows\system32\19718.exe
c:\windows\system32\19895.exe
c:\windows\system32\24464.exe
c:\windows\system32\26500.exe
c:\windows\system32\26962.exe
c:\windows\system32\292.exe
c:\windows\system32\29358.exe
c:\windows\system32\2995.exe
c:\windows\system32\3902.exe
c:\windows\system32\4827.exe
c:\windows\system32\491.exe
c:\windows\system32\5447.exe
c:\windows\system32\6334.exe
c:\windows\system32\winlogon86.exe
c:\windows\Tasks\wkaycose.job

----- BITS: Possible infected sites -----

hxxp://77.74.48.111
.
((((((((((((((((((((((((( Files Created from 2009-12-22 to 2010-01-22 )))))))))))))))))))))))))))))))
.

2010-01-21 21:05 . 2008-04-14 12:42 1033728 -c--a-w- c:\windows\system32\dllcache\userinit.exe
2010-01-21 21:05 . 2008-04-14 12:42 1033728 ----a-w- c:\windows\system32\userinit.exe
2010-01-21 05:04 . 2008-04-14 07:10 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-01-03 17:12 . 2010-01-03 17:14 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-01-03 16:47 . 2010-01-03 16:47 -------- d-----w- c:\documents and settings\Toshiba\Application Data\Malwarebytes
2010-01-03 16:30 . 2009-12-30 22:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-03 16:30 . 2010-01-03 16:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-03 16:30 . 2009-12-30 22:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-03 08:14 . 2010-01-03 08:14 -------- d-----w- c:\program files\Common Files\Gibinsoft Shared
2010-01-03 08:14 . 2010-01-03 08:14 -------- d-----w- c:\program files\GiPo@Utilities
2010-01-03 07:36 . 2010-01-03 16:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-03 07:13 . 2010-01-03 07:13 -------- d-----w- c:\documents and settings\Toshiba\Local Settings\Application Data\Ashampoo
2010-01-03 06:56 . 2010-01-03 06:56 -------- d-----w- c:\program files\Ashampoo
2010-01-03 06:26 . 2010-01-03 06:26 0 ----a-w- c:\windows\nsreg.dat
2010-01-03 06:26 . 2010-01-03 06:26 -------- d-----w- c:\documents and settings\Toshiba\Local Settings\Application Data\Mozilla
2009-12-30 01:11 . 2009-12-30 01:11 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-12-27 00:42 . 2009-12-27 00:42 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2009-12-26 23:11 . 2009-12-26 23:11 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-12-26 22:10 . 2009-12-26 22:10 -------- d-----w- c:\windows\Sun
2009-12-26 22:10 . 2009-12-26 22:09 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-26 22:09 . 2009-12-26 22:09 -------- d-----w- c:\program files\Java
2009-12-26 22:08 . 2009-12-26 22:08 152576 ----a-w- c:\documents and settings\Toshiba\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-26 22:08 . 2009-12-26 22:08 79488 ----a-w- c:\documents and settings\Toshiba\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-26 01:16 . 2009-12-26 01:16 1956072 ----a-w- c:\documents and settings\Toshiba\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-11 03:04 . 2009-10-23 08:33 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-07 22:42 . 2002-08-29 01:27 96512 ----a-w- c:\windows\system32\drivers\atapi.sys.bak
2010-01-03 11:03 . 2009-11-20 17:20 768 ----a-w- c:\windows\system32\d3d8caps.dat
2009-11-20 17:35 . 2009-10-18 06:33 69232 ----a-w- c:\documents and settings\Toshiba\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-14 05:55 . 2009-10-18 16:33 229376 ----a-w- c:\documents and settings\NetworkService\NTUSER.DAT.tmp
2009-11-14 05:55 . 2009-10-18 16:33 229376 ----a-w- c:\documents and settings\LocalService\NTUSER.DAT.tmp
2009-10-18 15:12 . 2009-10-18 15:12 11079 ---ha-w- c:\program files\folder.htt
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"00THotkey"="c:\windows\system32\00THotkey.exe" [2001-09-07 98304]
"Tpwrtray"="TPWRTRAY.EXE" [2001-09-07 200704]
"TFncky"="TFncky.exe" [2001-09-12 69632]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-26 149280]
"'Ashampoo AntiSpyWare 2 Guard'"="c:\program files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe" [2009-07-15 2376536]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2009-10-24 122880]
U.S. Robotics 802.11g Wireless Network Utility.lnk - c:\u.s.r.turbogwlan\USRWLANG.exe [2009-10-22 806912]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R2 AASW2_Service;Ashampoo AntiSpyWare 2 Service;c:\program files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe [1/2/2010 10:57 PM 749912]
R3 Maestro;ESS Maestro2E Audio Driver (WDM);c:\windows\SYSTEM32\DRIVERS\essm2e.sys [10/18/2009 8:42 AM 137088]
R3 Tridkb;Tridkb;c:\windows\SYSTEM32\DRIVERS\tridkbm.sys [10/22/2009 7:11 AM 159232]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - d:\hbcd\wintools\autorun.exe
\Shell\Option1\Command - d:\hbcd\wintools\autorun.exe
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Toshiba\Application Data\Mozilla\Firefox\Profiles\ggucv4g0.default\
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-ninihisih - c:\windows\system32\katupolu.dll
SharedTaskScheduler-{e8359f2d-34e7-4536-9e7e-ad5599fb696b} - c:\windows\system32\lojaloke.dll
SharedTaskScheduler-{654e0b9f-c28f-471b-a392-5152cc08c06b} - c:\windows\system32\katupolu.dll
SSODL-witenivez-{e8359f2d-34e7-4536-9e7e-ad5599fb696b} - c:\windows\system32\lojaloke.dll
SSODL-nayasizos-{654e0b9f-c28f-471b-a392-5152cc08c06b} - c:\windows\system32\katupolu.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-22 07:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,52,dd,bb,74,26,fe,56,46,97,58,cc,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,52,dd,bb,74,26,fe,56,46,97,58,cc,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1720)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\TPWRTRAY.EXE
c:\windows\system32\TFncky.exe
c:\program files\Internet Explorer\IEXPLORE.EXE
.
**************************************************************************
.
Completion time: 2010-01-22 07:52:37 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-22 15:52

Pre-Run: 31,342,234,624 bytes free
Post-Run: 32,809,673,216 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - 894AC69D41B96AD1E283B4D34BB61DE8

Hi,

Combofix did its job nicely, and Windows System File Checker replaced userinit.exe on its own

When you restart now, how are things looking? Taskbar? Desktop icons?

I recommend you to uninstall Ashampoo antispyware, its not a free version and we have better alternatives that are also free.

Just restarted it...maybe I'm taking things a wee bit too far but you said not to do anything unless you said to, so...I don't. I've been leaving her computer on until you tell me to do whatever is next.

Anyway, like I said...shut it down; restarted it; what came up was again....no task bar; no shortcuts; but My Documents is open.

When we get this fixed (which I'm beginning to think might actually happen) I do want to get rid of Ashampoo. I was trying to remove it when the computer crashed (Josie remembered that yesterday). I was going to put on SUPERAntiSpyware. It was recommended to me but not by someone as smart as you. I hope that's a good choice. I also have to find her a Anti-Virus program. Comcast lets you have McAfee for free but for some reason it won't download on hers so I have to find a free one for her.

I just shut My Documents to see if that did anything but no. Still no shortcuts or taskbar. Computer hates me.





If I go to Taskmanager and type in explorer.exe everything comes back up again.


While I had it up I removed Ashampoo.

When everything comes back up after I go into taskmanager Windows Internet Explorer opens by itself with a blank page.

This post has been edited by BBlueize: 22 January 2010 - 01:25 PM

That Ashampoo message is nothing to worry about. You can assume its uninstalled correctly.

Lets start with Super Antispyware. This is indeed a good antispyware scanner, but make sure you don't use its real time protection, because that will seriously slow down your computer. We will get at an Antivirus program later on

SUPERANTISPYWARE
-----------------------------
Please download and scan with SUPERAntiSpyware Free

• Double-click SUPERAntiSypware.exe and use the default settings for installation.
• An icon will be created on your desktop. Double-click that icon to launch the program.
• If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
• If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
• In the Main Menu, click the Preferences... button.
• Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
• Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
  • Close browsers before scanning.
  • Scan for tracking cookies.
  • Terminate memory threats before quarantining.
• Click the "Close" button to leave the control center screen.
• Click the Preferences button.
• Click the Repairs tab.
• In the list on the repairs tab, scroll down to Reset winlogon shell and click on the Perform repair button.

Now restart your computer and let me know if taskmanager and desktop icons come up automatically.

No. Still comes up the same way.

Well, easy solutions don't always work

We need to create an OTL Report

1. Please download OTL from one of the following mirrors:
   • This is THE Mirror
2. Save it to your desktop.
3. Double click on the icon on your desktop.
4. Click the "Scan All Users" checkbox.
5. Push the button.
6. Two reports will open, copy and paste them in a reply here:
   • OTListIt.txt <-- Will be opened
   • Extra.txt <-- Will be minimized

Something happened while I was copying the last log so hopefully I'm not posting them twice.

OTL.txt log:

OTL logfile created on: 1/22/2010 11:17:54 AM - Run 1
OTL by OldTimer - Version 3.1.25.4 Folder = C:\Documents and Settings\Toshiba\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

191.00 Mb Total Physical Memory | 67.00 Mb Available Physical Memory | 35.00% Memory free
467.00 Mb Paging File | 252.00 Mb Available in Paging File | 54.00% Paging File free
Paging file location(s): C:\pagefile.sys 288 576 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 30.56 Gb Free Space | 82.04% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-2775XDVD
Current User Name: Toshiba
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/22 11:17:12 | 00,547,840 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Toshiba\My Documents\Downloads\OTL.exe
PRC - [2010/01/06 19:58:19 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/01/05 07:56:02 | 02,002,160 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2009/12/26 14:09:38 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/12/26 14:09:38 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2008/10/25 10:44:34 | 00,031,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008/04/14 04:42:42 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\wscntfy.exe
PRC - [2008/04/14 04:42:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/08/02 10:50:36 | 00,806,912 | ---- | M] (U.S. Robotics) -- C:\U.S.R.TurboGWLAN\USRWLANG.exe
PRC - [2003/02/19 12:23:10 | 00,122,880 | ---- | M] () -- C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
PRC - [2001/09/12 13:35:54 | 00,069,632 | ---- | M] (Toshiba Corporation) -- C:\WINDOWS\SYSTEM32\TFncKy.exe
PRC - [2001/09/06 21:37:58 | 00,200,704 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\SYSTEM32\TPWRTRAY.EXE
PRC - [2001/09/06 17:56:16 | 00,098,304 | ---- | M] (TOSHIBA Corp.) -- C:\WINDOWS\SYSTEM32\00THotkey.exe


========== Modules (SafeList) ==========

MOD - [2010/01/22 11:17:12 | 00,547,840 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Toshiba\My Documents\Downloads\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2009/12/26 14:09:38 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/25 10:44:08 | 00,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2010/01/05 07:56:06 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/01/05 07:56:04 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/05 07:56:02 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2008/04/13 21:09:16 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys -- (Secdrv)
DRV - [2004/06/28 13:58:50 | 00,387,072 | ---- | M] (U.S. Robotics) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\USR11G.SYS -- (USR11G)
DRV - [2004/03/11 20:16:32 | 00,062,865 | ---- | M] (Funk Software, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\odysseyIM3.sys -- (odysseyIM3)
DRV - [2003/03/31 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ptilink.sys -- (Ptilink)
DRV - [2002/08/28 15:34:38 | 00,420,992 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ltmdmntt.sys -- (ltmodem5)
DRV - [2002/08/28 15:00:54 | 00,137,088 | ---- | M] (ESS Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\essm2e.sys -- (Maestro) ESS Maestro2E Audio Driver (WDM)
DRV - [2001/08/17 13:23:58 | 00,005,264 | ---- | M] (Toshiba Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\TVALD.SYS -- (TVALD)
DRV - [2001/08/17 11:51:16 | 00,159,232 | ---- | M] (Trident Microsystems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\tridkbm.sys -- (Tridkb)
DRV - [2001/08/17 04:50:34 | 00,075,392 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\s3savmxm.sys -- (S3SavageMX)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-842925246-1078145449-1708537768-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-842925246-1078145449-1708537768-1003\S-1-5-21-842925246-1078145449-1708537768-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/10 01:13:47 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/06 19:58:40 | 00,000,000 | ---D | M]

[2010/01/02 22:26:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Toshiba\Application Data\Mozilla\Extensions
[2010/01/02 22:26:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Toshiba\Application Data\Mozilla\Firefox\Profiles\ggucv4g0.default\extensions
[2010/01/02 22:25:37 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/01/22 07:43:27 | 00,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [00THotkey] C:\WINDOWS\SYSTEM32\00THotkey.exe (TOSHIBA Corp.)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\SYSTEM32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TFncky] C:\WINDOWS\System32\TFncKy.exe (Toshiba Corporation)
O4 - HKLM..\Run: [Tpwrtray] C:\WINDOWS\System32\TPWRTRAY.EXE (TOSHIBA Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\U.S. Robotics 802.11g Wireless Network Utility.lnk = C:\U.S.R.TurboGWLAN\USRWLANG.exe (U.S. Robotics)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-842925246-1078145449-1708537768-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-842925246-1078145449-1708537768-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-842925246-1078145449-1708537768-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-842925246-1078145449-1708537768-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-842925246-1078145449-1708537768-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-842925246-1078145449-1708537768-1003\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.71.230 68.87.73.246
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Toshiba\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/18 07:15:04 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\hbcd\wintools\autorun.exe -- File not found
O33 - MountPoints2\D\Shell\Option1\Command - "" = D:\hbcd\wintools\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/22 10:51:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/01/22 10:50:16 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/01/22 10:50:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Toshiba\Application Data\SUPERAntiSpyware.com
[2010/01/22 10:48:33 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/01/22 08:03:57 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2010/01/21 13:05:25 | 01,033,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\userinit.exe
[2010/01/21 13:04:11 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2010/01/21 13:01:31 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/01/21 13:01:31 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/01/21 13:01:31 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/01/21 13:01:31 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/01/21 13:01:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/01/21 13:00:09 | 00,000,000 | ---D | C] -- C:\Qoobox
[2010/01/03 09:12:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2010/01/03 08:47:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Toshiba\Application Data\Malwarebytes
[2010/01/03 08:30:50 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/03 08:30:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/01/03 08:30:41 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/03 00:14:11 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Gibinsoft Shared
[2010/01/03 00:14:08 | 00,000,000 | ---D | C] -- C:\Program Files\GiPo@Utilities
[2010/01/02 23:36:55 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/02 23:13:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Toshiba\Local Settings\Application Data\Ashampoo
[2010/01/02 22:30:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Toshiba\My Documents\Downloads
[2010/01/02 22:26:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Toshiba\Local Settings\Application Data\Mozilla
[2010/01/02 22:26:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Toshiba\Application Data\Mozilla
[2010/01/02 22:25:33 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/01/02 22:24:30 | 08,086,544 | ---- | C] (Mozilla) -- C:\Documents and Settings\Toshiba\My Documents\Firefox Setup 3.5.6.exe
[2009/12/26 14:10:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2009/12/26 14:10:22 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/12/26 14:10:22 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/12/26 14:10:22 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/12/26 14:10:22 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/12/26 14:10:21 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/12/26 14:09:26 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009/12/26 14:08:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Toshiba\Application Data\Sun
[2009/10/17 19:19:55 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/10/17 19:19:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/10/17 19:19:53 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/10/17 19:19:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/22 11:04:12 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/22 11:01:50 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/22 11:01:46 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/22 11:01:41 | 20,079,0016 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/22 11:00:51 | 02,097,152 | ---- | M] () -- C:\Documents and Settings\Toshiba\NTUSER.DAT
[2010/01/22 11:00:51 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Toshiba\ntuser.ini
[2010/01/22 10:50:31 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/01/22 07:43:57 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/01/22 07:43:27 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/01/21 13:04:21 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2010/01/10 19:04:32 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/07 14:42:50 | 00,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atapi.sys
[2010/01/07 14:42:50 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys.bak
[2010/01/03 09:01:16 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\zomilari
[2010/01/03 08:30:56 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/03 03:03:59 | 00,000,768 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/01/02 23:24:26 | 00,263,168 | ---- | M] () -- C:\Documents and Settings\Toshiba\Desktop\rkill.com
[2010/01/02 22:26:29 | 00,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/01/02 22:25:43 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/01/02 22:24:54 | 08,086,544 | ---- | M] (Mozilla) -- C:\Documents and Settings\Toshiba\My Documents\Firefox Setup 3.5.6.exe
[2009/12/30 14:55:24 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/30 14:54:58 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/29 14:45:04 | 00,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/12/26 14:09:37 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/12/26 14:09:37 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/12/26 14:09:37 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/12/26 14:09:37 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/12/26 14:09:37 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/22 10:50:31 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/01/21 13:04:21 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2010/01/21 13:04:16 | 00,260,272 | ---- | C] () -- C:\cmldr
[2010/01/21 13:01:31 | 00,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/01/21 13:01:31 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/01/21 13:01:31 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/01/21 13:01:31 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/01/21 13:01:31 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/01/03 08:30:56 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/03 02:46:23 | 00,263,168 | ---- | C] () -- C:\Documents and Settings\Toshiba\Desktop\rkill.com
[2010/01/02 22:26:29 | 00,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/01/02 22:25:43 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/12/29 14:45:04 | 00,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/10/18 09:32:01 | 00,000,923 | ---- | C] () -- C:\WINDOWS\BTH.INI
[2009/10/18 07:12:18 | 00,011,079 | -H-- | C] () -- C:\Program Files\folder.htt
[2002/08/28 17:27:50 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys.bak
< End of report >




Extras.Txt log:


OTL Extras logfile created on: 1/22/2010 11:17:54 AM - Run 1
OTL by OldTimer - Version 3.1.25.4 Folder = C:\Documents and Settings\Toshiba\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

191.00 Mb Total Physical Memory | 67.00 Mb Available Physical Memory | 35.00% Memory free
467.00 Mb Paging File | 252.00 Mb Available in Paging File | 54.00% Paging File free
Paging file location(s): C:\pagefile.sys 288 576 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 30.56 Gb Free Space | 82.04% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-2775XDVD
Current User Name: Toshiba
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-842925246-1078145449-1708537768-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3D493787-367F-4841-B39A-7E26A6A7C1AA}" = U.S. Robotics 802.11g Wireless Network Adapter
"{8DC9BEFF-07FC-4631-BBF4-8F00F74953C2}" = InterVideo WinDVD Platinum
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{B37C842A-B624-46B8-A727-654E72F1C91A}" = Calculator Powertoy for Windows XP
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"BeatTheHouse_V1" = Beat the House, v1.0
"ENTERPRISER" = Microsoft Office Enterprise 2007
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
"Nero - Burning Rom!UninstallKey" = Nero OEM
"RegSupreme Pro_is1" = RegSupreme Pro
"Toshiba Power Saver" = TOSHIBA Power Saver
"Toshiba Services" = Toshiba Services
"TOSHIBA Utilities" = TOSHIBA Utilities
"Tweak UI 2.10" = Tweak UI
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinZip" = WinZip

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/3/2010 1:43:01 PM | Computer Name = HOME-2775XDVD | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module Flash10d.ocx, version 10.0.42.34, fault address 0x000e6f80.

Error - 1/3/2010 5:23:52 PM | Computer Name = HOME-2775XDVD | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module Flash10d.ocx, version 10.0.42.34, fault address 0x000e6f80.

Error - 1/7/2010 3:08:57 AM | Computer Name = HOME-2775XDVD | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module Flash10d.ocx, version 10.0.42.34, fault address 0x000e6f6a.

Error - 1/7/2010 6:19:26 PM | Computer Name = HOME-2775XDVD | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module Flash10d.ocx, version 10.0.42.34, fault address 0x000e6f80.

Error - 1/9/2010 11:42:33 PM | Computer Name = HOME-2775XDVD | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.1.3642, faulting module
shlwapi.dll, version 6.0.2900.5512, fault address 0x0002c4a8.

Error - 1/10/2010 4:53:59 PM | Computer Name = HOME-2775XDVD | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module Flash10d.ocx, version 10.0.42.34, fault address 0x000e6f80.

Error - 1/10/2010 8:56:04 PM | Computer Name = HOME-2775XDVD | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.1.3642, faulting module
shlwapi.dll, version 6.0.2900.5512, fault address 0x0002c4a8.

Error - 1/21/2010 10:47:31 AM | Computer Name = HOME-2775XDVD | Source = Userenv | ID = 1078
Description = Windows cannot obtain the security ID of the user. Group Policy processing
aborted.

Error - 1/21/2010 11:51:13 AM | Computer Name = HOME-2775XDVD | Source = EventSystem | ID = 4614
Description = The COM+ Event System detected an inconsistency in its internal state.
The assertion "GetLastError() == 122L" failed at line 162 of d:\comxp_sp3\com\com1x\src\events\shared\sectools.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 1/21/2010 11:51:33 AM | Computer Name = HOME-2775XDVD | Source = EventSystem | ID = 4614
Description = The COM+ Event System detected an inconsistency in its internal state.
The assertion "GetLastError() == 122L" failed at line 162 of d:\comxp_sp3\com\com1x\src\events\shared\sectools.cpp.
Please contact Microsoft Product Support Services to report this erro

[ Application Events ]
Error - 1/3/2010 1:43:01 PM | Computer Name = HOME-2775XDVD | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module Flash10d.ocx, version 10.0.42.34, fault address 0x000e6f80.

Error - 1/3/2010 5:23:52 PM | Computer Name = HOME-2775XDVD | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module Flash10d.ocx, version 10.0.42.34, fault address 0x000e6f80.

Error - 1/7/2010 3:08:57 AM | Computer Name = HOME-2775XDVD | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module Flash10d.ocx, version 10.0.42.34, fault address 0x000e6f6a.

Error - 1/7/2010 6:19:26 PM | Computer Name = HOME-2775XDVD | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module Flash10d.ocx, version 10.0.42.34, fault address 0x000e6f80.

Error - 1/9/2010 11:42:33 PM | Computer Name = HOME-2775XDVD | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.1.3642, faulting module
shlwapi.dll, version 6.0.2900.5512, fault address 0x0002c4a8.

Error - 1/10/2010 4:53:59 PM | Computer Name = HOME-2775XDVD | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module Flash10d.ocx, version 10.0.42.34, fault address 0x000e6f80.

Error - 1/10/2010 8:56:04 PM | Computer Name = HOME-2775XDVD | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.1.3642, faulting module
shlwapi.dll, version 6.0.2900.5512, fault address 0x0002c4a8.

Error - 1/21/2010 10:47:31 AM | Computer Name = HOME-2775XDVD | Source = Userenv | ID = 1078
Description = Windows cannot obtain the security ID of the user. Group Policy processing
aborted.

Error - 1/21/2010 11:51:13 AM | Computer Name = HOME-2775XDVD | Source = EventSystem | ID = 4614
Description = The COM+ Event System detected an inconsistency in its internal state.
The assertion "GetLastError() == 122L" failed at line 162 of d:\comxp_sp3\com\com1x\src\events\shared\sectools.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 1/21/2010 11:51:33 AM | Computer Name = HOME-2775XDVD | Source = EventSystem | ID = 4614
Description = The COM+ Event System detected an inconsistency in its internal state.
The assertion "GetLastError() == 122L" failed at line 162 of d:\comxp_sp3\com\com1x\src\events\shared\sectools.cpp.
Please contact Microsoft Product Support Services to report this erro

[ System Events ]
Error - 1/7/2010 6:24:44 PM | Computer Name = HOME-2775XDVD | Source = Service Control Manager | ID = 7031
Description = The DCOM Server Process Launcher service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Reboot the machine.

Error - 1/7/2010 6:24:44 PM | Computer Name = HOME-2775XDVD | Source = Service Control Manager | ID = 7034
Description = The Terminal Services service terminated unexpectedly. It has done
this 1 time(s).

Error - 1/7/2010 6:27:24 PM | Computer Name = HOME-2775XDVD | Source = ACPI | ID = 327684
Description = AMLI: ACPI BIOS is attempting to read from an illegal IO port address
(0x4d0), which lies in the 0x4d0 - 0x4d1 protected address range. This could lead
to system instability. Please contact your system vendor for technical assistance.

Error - 1/7/2010 6:27:24 PM | Computer Name = HOME-2775XDVD | Source = ACPI | ID = 327685
Description = AMLI: ACPI BIOS is attempting to write to an illegal IO port address
(0x4d0), which lies in the 0x4d0 - 0x4d1 protected address range. This could lead
to system instability. Please contact your system vendor for technical assistance.

Error - 1/7/2010 6:27:24 PM | Computer Name = HOME-2775XDVD | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 1/7/2010 6:27:24 PM | Computer Name = HOME-2775XDVD | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 1/7/2010 9:14:31 PM | Computer Name = HOME-2775XDVD | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 1/7/2010 10:36:30 PM | Computer Name = HOME-2775XDVD | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 1/7/2010 11:50:28 PM | Computer Name = HOME-2775XDVD | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 1/8/2010 12:48:21 AM | Computer Name = HOME-2775XDVD | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.


< End of report >