"Exploit Neosploit, 'Threat Detected', Threat appears when searching Google."
http://www.bleepingcomputer.com/forums/t/245189/exploit-neosploit-threat-detected/
I was unable to complete Step 6 and run DDS as in your Prep Guide since my OS is Windows Vista 64-bit. I have been directed to this forum and told to post my OTL log here:
OTL.Txt
OTL logfile created on: 9/1/2009 10:42:48 AM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Users\User\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.84 Gb Total Physical Memory | 1.59 Gb Available Physical Memory | 41.42% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288.50 Gb Total Space | 156.54 Gb Free Space | 54.26% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: USER-PC
Current User Name: User
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2009/08/17 10:58:55 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/08/17 11:07:17 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe
PRC - [2008/06/27 20:46:06 | 00,036,864 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
PRC - [2008/07/10 19:58:40 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2007/02/12 18:43:44 | 00,065,536 | ---- | M] (O2Micro International) -- C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe
PRC - [2008/07/18 22:39:30 | 00,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2006/08/23 18:39:48 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2009/08/17 11:07:01 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/08/17 11:04:21 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/03/05 16:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2007/12/13 21:52:00 | 00,143,360 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
PRC - [2008/07/10 20:35:30 | 00,188,416 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe
PRC - [2009/04/02 16:11:02 | 00,342,312 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
PRC - [2009/08/17 11:07:23 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iPod\bin\iPodService.exe
PRC - [2009/07/21 16:53:43 | 00,638,216 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
PRC - [2009/07/21 16:53:43 | 00,638,216 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
PRC - [2009/07/21 16:53:43 | 00,638,216 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
PRC - [2009/02/02 21:07:18 | 00,240,544 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWow64\Macromed\Flash\FlashUtil10b.exe
PRC - [2009/07/21 16:53:43 | 00,638,216 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
PRC - [2009/07/21 16:53:43 | 00,638,216 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
PRC - [2009/09/01 10:41:56 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2009/08/17 10:58:55 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV:64bit: - [2009/08/17 11:07:17 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV:64bit: - [2009/08/17 11:07:01 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
SRV:64bit: - [2009/08/17 11:04:21 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
SRV:64bit: - [2008/04/30 23:20:42 | 01,371,136 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng [Auto | Running])
SRV:64bit: - [2008/04/30 22:42:20 | 00,826,368 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc [Auto | Running])
SRV:64bit: - [2008/04/24 21:57:40 | 00,084,992 | ---- | M] (Toshiba) -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv [On_Demand | Running])
SRV:64bit: - [2007/11/21 19:53:16 | 00,135,168 | ---- | M] () -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv [Auto | Running])
SRV:64bit: - [2008/02/06 16:50:18 | 00,434,016 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv [Auto | Running])
SRV:64bit: - [2007/12/03 20:04:48 | 00,175,104 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service [Auto | Running])
SRV:64bit: - [2008/01/20 21:47:32 | 00,383,544 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])
SRV:64bit: - [2008/01/20 21:52:15 | 01,216,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Running])
SRV:64bit: - [2007/10/18 02:37:22 | 00,412,672 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService [Auto | Running])
SRV - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/07/27 13:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/27 13:01:49 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64 [On_Demand | Stopped])
SRV - [2008/06/27 20:46:06 | 00,036,864 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service [Auto | Running])
SRV - [2008/07/10 19:58:40 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service [Auto | Running])
SRV - [2008/01/20 21:51:36 | 00,344,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])
SRV - [2008/01/20 21:51:36 | 00,153,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
SRV - [2006/11/02 10:03:48 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2008/06/19 20:17:12 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [Auto | Running])
SRV - [2008/05/28 18:20:16 | 00,164,600 | ---- | M] (WildTangent, Inc.) -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService [On_Demand | Stopped])
SRV - [2005/11/14 03:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/06/19 20:16:53 | 00,859,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2006/11/02 04:46:05 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\keyiso.dll -- (KeyIso [On_Demand | Running])
SRV - [2006/10/27 00:47:54 | 00,065,824 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
SRV - [2006/11/02 08:34:14 | 00,000,000 | ---D | M] -- C:\Windows\SysWow64\Msdtc -- (MSDTC [Unknown | Stopped])
SRV - [2008/01/20 21:48:28 | 00,592,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\netlogon.dll -- (Netlogon [On_Demand | Stopped])
SRV - [2007/02/12 18:43:44 | 00,065,536 | ---- | M] (O2Micro International) -- C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe -- (o2flash [Auto | Running])
SRV - [2006/10/26 22:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 17:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2008/08/04 16:46:22 | 00,046,392 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo [Auto | Running])
SRV - [2008/07/18 22:39:30 | 00,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv [Auto | Running])
SRV - [2008/04/11 13:58:10 | 00,158,568 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service [Auto | Running])
SRV - [2006/08/23 18:39:48 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper [Auto | Running])
SRV - [2006/11/02 01:35:15 | 00,060,994 | ---- | M] () -- C:\Windows\SysWow64\Wbem\vds.mof -- (vds [On_Demand | Stopped])
SRV - [2006/11/02 01:35:15 | 00,055,846 | ---- | M] () -- C:\Windows\SysWow64\Wbem\vss.mof -- (VSS [On_Demand | Stopped])
========== Driver Services (SafeList) ==========
DRV:64bit: - [2009/08/17 11:05:43 | 00,022,096 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
DRV:64bit: - [2009/08/17 11:05:31 | 00,065,616 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\aswMonFlt.sys -- (aswMonFlt [Auto | Running])
DRV:64bit: - [2009/08/17 11:04:32 | 00,027,216 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr [System | Running])
DRV:64bit: - [2009/08/17 11:06:05 | 00,089,680 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP [System | Running])
DRV:64bit: - [2009/08/17 11:04:43 | 00,058,448 | ---- | M] () -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi [System | Running])
DRV:64bit: - [2008/03/25 19:47:06 | 00,294,400 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\CAXHWAZL.sys -- (CAXHWAZL [On_Demand | Running])
DRV:64bit: - [2008/01/20 21:46:51 | 00,017,792 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\CmBatt.sys -- (CmBatt [On_Demand | Running])
DRV:64bit: - [2008/03/04 13:32:46 | 00,222,720 | ---- | M] () -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService [On_Demand | Running])
DRV:64bit: - [2009/03/19 16:34:18 | 00,029,544 | ---- | M] () -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV:64bit: - [2006/11/02 00:28:10 | 00,273,920 | ---- | M] () -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService [On_Demand | Stopped])
DRV:64bit: - [2008/03/25 19:51:16 | 01,487,872 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys -- (HSF_DPV [On_Demand | Running])
DRV:64bit: - [2008/07/20 20:44:54 | 00,402,456 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor [Boot | Running])
DRV:64bit: - [2008/06/12 21:51:36 | 07,911,840 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx [On_Demand | Running])
DRV:64bit: - [2006/11/09 16:33:44 | 00,248,320 | ---- | M] () -- C:\Windows\SysNative\drivers\kr10i64.sys -- (KR10I64 [Disabled | Stopped])
DRV:64bit: - [2006/11/09 16:34:42 | 00,237,568 | ---- | M] () -- C:\Windows\SysNative\drivers\kr10n64.sys -- (KR10N64 [Disabled | Stopped])
DRV:64bit: - [2006/06/19 01:27:24 | 00,017,024 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV:64bit: - [2008/04/28 09:38:12 | 04,730,368 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64 [On_Demand | Running])
DRV:64bit: - [2008/04/15 12:14:40 | 00,062,040 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\o2mdx64.sys -- (O2MDRDR [On_Demand | Running])
DRV:64bit: - [2008/04/08 12:46:44 | 00,051,928 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\o2sdx64.sys -- (O2SDRDR [On_Demand | Running])
DRV:64bit: - [2007/04/09 18:15:44 | 00,009,728 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\QIOMem.sys -- (QIOMem [On_Demand | Running])
DRV:64bit: - [2008/01/20 21:46:55 | 00,111,104 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus [Disabled | Stopped])
DRV:64bit: - [2007/11/29 20:58:58 | 00,320,048 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV:64bit: - [2007/12/11 17:03:36 | 00,027,272 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\tdcmdpst.sys -- (tdcmdpst [On_Demand | Running])
DRV:64bit: - [2006/10/23 18:33:08 | 00,018,944 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\tosrfec.sys -- (tosrfec [Disabled | Stopped])
DRV:64bit: - [2008/07/18 20:52:16 | 00,504,912 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\tos_sps64.sys -- (tos_sps64 [Boot | Running])
DRV:64bit: - [2007/11/09 17:00:30 | 00,026,968 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\TVALZ_O.SYS -- (TVALZ [Boot | Running])
DRV:64bit: - [2008/01/20 21:47:27 | 00,168,704 | ---- | M] () -- C:\Windows\SysNative\Drivers\usbvideo.sys -- (usbvideo [On_Demand | Running])
DRV:64bit: - [2008/06/26 19:24:18 | 00,020,520 | ---- | M] () -- C:\Windows\SysNative\Drivers\UVCFTR_S.SYS -- (UVCFTR [On_Demand | Running])
DRV:64bit: - [2008/03/25 19:45:44 | 00,740,864 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf [On_Demand | Running])
DRV:64bit: - [2008/01/20 21:47:28 | 00,046,080 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb [On_Demand | Stopped])
DRV:64bit: - [2007/10/18 02:37:10 | 00,010,240 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio [Auto | Running])
DRV:64bit: - [2008/07/25 12:57:00 | 00,404,992 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64 [On_Demand | Running])
DRV - [2006/06/19 01:26:50 | 00,094,208 | ---- | M] (Conexant) -- C:\Windows\SysWow64\mdmxsdk.dll -- (mdmxsdk [Auto | Running])
DRV - [2006/09/18 16:35:23 | 00,001,088 | ---- | M] () -- C:\Windows\SysWow64\Wbem\mpsdrv.mof -- (mpsdrv [On_Demand | Running])
DRV - [2009/07/28 10:53:16 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Stopped])
DRV - [2009/07/28 10:53:16 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Stopped])
DRV - [2009/07/28 10:53:14 | 00,072,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [System | Stopped])
DRV - [2006/09/18 16:36:40 | 00,003,066 | ---- | M] () -- C:\Windows\SysWow64\Wbem\tcpip.mof -- (Tcpip [Boot | Running])
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?br...B&bmod=TSHB
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?br...B&bmod=TSHB
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?br...B&bmod=TSHB
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3271773104-3920608979-1219791600-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?br...B&bmod=TSHB
IE - HKU\S-1-5-21-3271773104-3920608979-1219791600-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-3271773104-3920608979-1219791600-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-3271773104-3920608979-1219791600-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.rabbitinasuit.com/
IE - HKU\S-1-5-21-3271773104-3920608979-1219791600-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3271773104-3920608979-1219791600-1000\S-1-5-21-3271773104-3920608979-1219791600-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.rabbitinasuit.com/"
FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.0.2
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.1
FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p="
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/23 22:06:51 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Components: C:\Program Files (x86)\M-Firefox\components [2009/07/27 18:57:33 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Plugins: C:\Program Files (x86)\M-Firefox\plugins [2009/07/27 18:57:29 | 00,000,000 | ---D | M]
[2009/07/27 18:57:49 | 00,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2009/07/27 18:57:49 | 00,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/01 19:42:48 | 00,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\zuq7e3r3.default\extensions
[2009/07/29 17:24:13 | 00,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\zuq7e3r3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/07/31 18:40:50 | 00,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\zuq7e3r3.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2006/10/26 23:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL
[2003/07/14 22:56:52 | 00,013,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL
[2008/10/14 21:33:30 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll
[2009/05/12 22:16:36 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll
[2009/05/12 22:16:36 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll
[2009/05/12 22:16:36 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll
[2009/05/12 22:16:36 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll
[2009/05/12 22:16:36 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll
[2009/05/12 22:16:36 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll
[2009/05/12 22:16:36 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll
[2009/07/27 02:16:57 | 00,001,489 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg_igeared.xml
O1 HOSTS File: (761 bytes) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-3271773104-3920608979-1219791600-1000\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe ()
O4:64bit: - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [PCMAgent] C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-21-3271773104-3920608979-1219791600-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\S-1-5-21-3271773104-3920608979-1219791600-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3271773104-3920608979-1219791600-1000\..Trusted Domains: 56 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.93.41.127 24.93.41.128
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files (x86)\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter: - text/xml - Reg Error: Key error. File not found
O18 - Protocol\Filter: - text/xml - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll ()
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2ea9184f-92d0-11de-9393-00238baba6cb}\Shell\AutoRun\command - "" = E:\Seagate\Installer\InstallSeagateManager.exe -- File not found
O33 - MountPoints2\{2ea9184f-92d0-11de-9393-00238baba6cb}\Shell\Install\command - "" = E:\Seagate\Installer\InstallSeagateManager.exe -- File not found
O33 - MountPoints2\{a67e6eff-7d68-11de-b883-00238baba6cb}\Shell - "" = AutoRun
O33 - MountPoints2\{a67e6eff-7d68-11de-b883-00238baba6cb}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{bd91df58-3e57-11de-a7b4-0022fa4e2b18}\Shell - "" = AutoRun
O33 - MountPoints2\{bd91df58-3e57-11de-a7b4-0022fa4e2b18}\Shell\AutoRun\command - "" = E:\MI.exe -- File not found
O33 - MountPoints2\{d92b9437-3cd2-11de-82b1-0022fa4e2b18}\Shell - "" = AutoRun
O33 - MountPoints2\{d92b9437-3cd2-11de-82b1-0022fa4e2b18}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{d92b9514-3cd2-11de-82b1-00238baba6cb}\Shell - "" = AutoRun
O33 - MountPoints2\{d92b9514-3cd2-11de-82b1-00238baba6cb}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\SysWow64\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
========== Files/Folders - Created Within 30 Days ==========
[2009/09/01 10:41:51 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2009/08/31 02:51:03 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tzres.dll
[2009/08/31 02:51:03 | 00,002,048 | ---- | C] () -- C:\Windows\SysNative\tzres.dll
[2009/08/30 16:26:28 | 00,359,932 | ---- | C] () -- C:\Users\User\Desktop\dds.scr
[2009/08/27 22:03:10 | 00,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Leadertech
[2009/08/27 01:08:30 | 00,058,448 | ---- | C] () -- C:\Windows\SysNative\drivers\aswTdi.sys
[2009/08/27 01:08:30 | 00,027,216 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRdr.sys
[2009/08/27 01:08:30 | 00,001,816 | ---- | C] () -- C:\Users\Public\Desktop\avast! Antivirus.lnk
[2009/08/27 01:08:29 | 00,097,480 | ---- | C] () -- C:\Windows\SysNative\AvastSS.scr
[2009/08/27 01:08:29 | 00,089,680 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSP.sys
[2009/08/27 01:08:29 | 00,065,616 | ---- | C] () -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2009/08/27 01:08:29 | 00,022,096 | ---- | C] () -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2009/08/27 01:08:05 | 01,279,456 | ---- | C] (ALWIL Software) -- C:\Windows\SysWow64\aswBoot.exe
[2009/08/27 01:08:05 | 00,380,928 | ---- | C] () -- C:\Windows\SysWow64\actskin4.ocx
[2009/08/23 21:44:12 | 01,692,160 | ---- | C] () -- C:\Windows\SysNative\lsasrv.dll
[2009/08/23 21:44:12 | 00,656,384 | ---- | C] () -- C:\Windows\SysNative\kerberos.dll
[2009/08/23 21:44:12 | 00,268,800 | ---- | C] () -- C:\Windows\SysNative\msv1_0.dll
[2009/08/23 21:44:11 | 00,499,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\kerberos.dll
[2009/08/23 21:44:11 | 00,213,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msv1_0.dll
[2009/08/23 21:44:11 | 00,205,312 | ---- | C] () -- C:\Windows\SysNative\wdigest.dll
[2009/08/23 21:44:11 | 00,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wdigest.dll
[2009/08/23 21:44:10 | 00,515,656 | ---- | C] () -- C:\Windows\SysNative\drivers\ksecdd.sys
[2009/08/23 21:44:10 | 00,338,944 | ---- | C] () -- C:\Windows\SysNative\schannel.dll
[2009/08/23 21:44:10 | 00,270,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\schannel.dll
[2009/08/23 21:44:10 | 00,094,720 | ---- | C] () -- C:\Windows\SysNative\secur32.dll
[2009/08/23 21:44:10 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secur32.dll
[2009/08/23 21:44:10 | 00,011,264 | ---- | C] () -- C:\Windows\SysNative\lsass.exe
[2009/08/11 16:28:50 | 02,423,296 | ---- | C] () -- C:\Windows\SysNative\mstscax.dll
[2009/08/11 16:28:49 | 02,066,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2009/08/11 16:28:26 | 00,202,752 | ---- | C] () -- C:\Windows\SysNative\wkssvc.dll
[2009/08/11 16:28:25 | 00,088,576 | ---- | C] () -- C:\Windows\SysNative\atl.dll
[2009/08/11 16:28:24 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\atl.dll
[2009/08/11 16:28:12 | 13,426,176 | ---- | C] () -- C:\Windows\SysNative\wmp.dll
[2009/08/11 16:28:02 | 10,624,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2009/08/11 16:28:01 | 00,368,128 | ---- | C] () -- C:\Windows\SysNative\wmpdxm.dll
[2009/08/11 16:28:01 | 00,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpdxm.dll
[2009/08/11 16:27:57 | 00,009,216 | ---- | C] () -- C:\Windows\SysNative\spwmp.dll
[2009/08/11 16:27:56 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spwmp.dll
[2009/08/11 16:27:55 | 00,005,120 | ---- | C] () -- C:\Windows\SysNative\msdxm.ocx
[2009/08/11 16:27:55 | 00,005,120 | ---- | C] () -- C:\Windows\SysNative\dxmasf.dll
[2009/08/11 16:27:55 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdxm.ocx
[2009/08/11 16:27:55 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxmasf.dll
[2009/08/11 16:27:53 | 08,147,968 | ---- | C] () -- C:\Windows\SysNative\wmploc.DLL
[2009/08/11 16:27:53 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2009/08/11 16:27:52 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdxm.tlb
[2009/08/11 16:27:52 | 00,043,520 | ---- | C] () -- C:\Windows\SysNative\msdxm.tlb
[2009/08/11 16:27:52 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\amcompat.tlb
[2009/08/11 16:27:52 | 00,018,432 | ---- | C] () -- C:\Windows\SysNative\amcompat.tlb
[2009/08/11 16:26:02 | 00,093,184 | ---- | C] () -- C:\Windows\SysNative\mciavi32.dll
[2009/08/11 16:26:02 | 00,076,800 | ---- | C] () -- C:\Windows\SysNative\avicap32.dll
[2009/08/11 16:26:01 | 00,108,544 | ---- | C] () -- C:\Windows\SysNative\avifil32.dll
[2009/08/11 16:26:01 | 00,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll
[2009/08/07 00:26:58 | 00,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Apple
[2009/08/07 00:26:40 | 00,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Apple Computer
[2009/08/04 18:34:13 | 00,000,000 | ---D | C] -- C:\ProgramData\Trymedia
[2009/08/04 18:34:08 | 00,000,977 | ---- | C] () -- C:\Users\User\Desktop\SCRABBLE Blast.lnk
[2009/08/04 18:34:06 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Funkitron
[2009/08/04 18:26:51 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\AOL Games
[2009/06/11 23:26:38 | 00,001,916 | ---- | C] () -- C:\Windows\IFiltSet.Ini
[2009/06/11 23:21:04 | 00,000,033 | ---- | C] () -- C:\Windows\iltwain.ini
[2009/05/12 00:00:02 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/05/01 08:35:08 | 00,000,014 | RHS- | C] () -- C:\Windows\SysWow64\drivers\fbd.sys
[2009/03/03 07:37:18 | 00,128,113 | ---- | C] () -- C:\Windows\SysWow64\csellang.ini
[2009/03/03 07:37:18 | 00,045,056 | ---- | C] () -- C:\Windows\SysWow64\csellang.dll
[2009/03/03 07:37:18 | 00,007,671 | ---- | C] () -- C:\Windows\SysWow64\cseltbl.ini
[2008/08/20 21:36:09 | 00,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/08/20 21:29:20 | 00,204,800 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll
[2008/08/20 21:29:20 | 00,200,704 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll
[2008/08/20 21:29:20 | 00,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll
[2008/08/20 21:29:20 | 00,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll
[2008/08/20 21:29:20 | 00,188,416 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll
[2008/08/20 21:29:20 | 00,020,480 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll
[2008/01/20 21:50:05 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 21:49:49 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2007/12/21 18:46:32 | 00,118,784 | ---- | C] () -- C:\Windows\SysWow64\TosBtAcc.dll
[2006/11/02 07:34:27 | 00,000,219 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 07:34:27 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2005/07/22 23:30:18 | 00,065,536 | ---- | C] () -- C:\Windows\SysWow64\TosCommAPI.dll
========== Files - Modified Within 30 Days ==========
[1 C:\Windows\*.tmp files]
[2009/09/01 10:41:56 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2009/09/01 09:14:47 | 00,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/09/01 09:14:47 | 00,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/08/31 23:22:36 | 00,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2009/08/31 23:22:36 | 00,595,684 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2009/08/31 23:22:36 | 00,101,350 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2009/08/31 23:14:54 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/08/31 23:14:41 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/08/31 23:14:24 | 41,239,10144 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/31 02:46:51 | 03,088,942 | -H-- | M] () -- C:\Users\User\AppData\Local\IconCache.db
[2009/08/30 16:26:33 | 00,359,932 | ---- | M] () -- C:\Users\User\Desktop\dds.scr
[2009/08/27 01:08:30 | 00,001,816 | ---- | M] () -- C:\Users\Public\Desktop\avast! Antivirus.lnk
[2009/08/27 01:08:29 | 00,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2009/08/17 11:10:20 | 01,279,456 | ---- | M] (ALWIL Software) -- C:\Windows\SysWow64\aswBoot.exe
[2009/08/17 11:06:05 | 00,089,680 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSP.sys
[2009/08/17 11:05:43 | 00,022,096 | ---- | M] () -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2009/08/17 11:05:31 | 00,065,616 | ---- | M] () -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2009/08/17 11:04:43 | 00,058,448 | ---- | M] () -- C:\Windows\SysNative\drivers\aswTdi.sys
[2009/08/17 11:04:32 | 00,027,216 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRdr.sys
[2009/08/17 11:02:50 | 00,097,480 | ---- | M] () -- C:\Windows\SysNative\AvastSS.scr
[2009/08/09 13:11:57 | 00,035,840 | ---- | M] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/04 18:34:08 | 00,000,977 | ---- | M] () -- C:\Users\User\Desktop\SCRABBLE Blast.lnk
[2009/08/04 18:30:32 | 00,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE
< End of report >
Extras.Txt
OTL Extras logfile created on: 9/1/2009 10:42:48 AM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Users\User\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.84 Gb Total Physical Memory | 1.59 Gb Available Physical Memory | 41.42% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288.50 Gb Total Space | 156.54 Gb Free Space | 54.26% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: USER-PC
Current User Name: User
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe ()
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE ()
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE ()
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe ()
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe ()
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE ()
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe ()
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe ()
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe ()
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe ()
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3271773104-3920608979-1219791600-1000\SOFTWARE\Classes\
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\M-Firefox\firefox.exe (Mozilla Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{29FA781C-402B-4B76-87A5-FAC92C2EC01A}" = lport=138 | protocol=17 | dir=in | app=system |
"{3CD43AAC-D9A0-4261-A660-547F1E98572D}" = rport=139 | protocol=6 | dir=out | app=system |
"{42D20B09-1FAD-48C3-9C9D-0EA39B17D01C}" = rport=138 | protocol=17 | dir=out | app=system |
"{42D393C5-3A74-457A-800A-8827E398191C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4E818EC0-B9C1-448D-B7FF-451CC8837F7A}" = lport=445 | protocol=6 | dir=in | app=system |
"{6BE65519-8070-4168-816C-256688EDA7B7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8434DA7A-A1CE-484C-B2DD-261087F257DA}" = lport=139 | protocol=6 | dir=in | app=system |
"{96EBB1AC-A370-4272-B346-CFD19FFD80BC}" = lport=137 | protocol=17 | dir=in | app=system |
"{C460A156-60E3-4EDF-B0FE-D9339EF4AFD0}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{FC2C7840-13A2-4C73-AA82-C657B1D7EF60}" = rport=137 | protocol=17 | dir=out | app=system |
"{FE3A9E72-3403-4F11-9807-317EC3EF5860}" = rport=445 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05F9B417-F584-49DA-BEE3-45FB670A9008}" = dir=in | app=c:\program files (x86)\cyberlink\powercinema for toshiba\kernel\dms\clmsservice.exe |
"{12569A1B-4D9A-419D-B104-3606D687B015}" = dir=in | app=c:\program files (x86)\cyberlink\powercinema for toshiba\powercinema.exe |
"{204458D3-F466-4D97-8781-2AA16D694665}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{208FF48F-F376-47BF-8EDC-9497AE7A1A94}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{27687AB6-588F-4DB2-A7A4-6736220BFD6D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{333955A6-F3C5-4C75-A7F4-FE4FD3B52567}" = dir=in | app=c:\program files (x86)\cyberlink\powercinema for toshiba\kernel\dmp\clbrowserengine.exe |
"{4900A754-B6A2-49F0-88C9-F3898E0683EB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{5DB7D228-BE51-4342-98F6-123622764F42}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{5EA99FC2-F691-4DB6-AC2A-29491D3666D4}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{94A741A8-48F8-4155-93E8-1DAADB8A1086}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{9D4CC65D-3987-4459-990B-D6F25C2FD8AB}" = dir=in | app=c:\program files (x86)\cyberlink\powercinema for toshiba\pcmservice.exe |
"{A9F14AA8-5A83-4A7C-9601-5707E9FEF5A4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C4638C7F-1D32-47D3-ACD7-7C8C03799774}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{DF40278A-0DB2-44FD-AE11-DB95EC5BB7C6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{EA89ACD0-218D-4390-8BA7-B027581A6093}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F75747D6-AB87-4674-8152-4FBCA67396B9}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"TCP Query User{4F23BBC0-0FDE-482F-B700-96D7A05D218D}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{CA2D8CD4-FE55-4F9C-B460-FBCD7007BF91}C:\program files (x86)\shareaza\shareaza.exe" = protocol=6 | dir=in | app=c:\program files (x86)\shareaza\shareaza.exe |
"TCP Query User{D4B405B9-AB74-4DA4-94E5-C31B4AE14DDB}C:\program files (x86)\shareaza\shareaza.exe" = protocol=6 | dir=in | app=c:\program files (x86)\shareaza\shareaza.exe |
"UDP Query User{2FA67C9A-443B-43E7-9718-A6460A18CF91}C:\program files (x86)\shareaza\shareaza.exe" = protocol=17 | dir=in | app=c:\program files (x86)\shareaza\shareaza.exe |
"UDP Query User{3892A1EE-4A54-456D-A4BF-BD06F9ABDBA3}C:\program files (x86)\shareaza\shareaza.exe" = protocol=17 | dir=in | app=c:\program files (x86)\shareaza\shareaza.exe |
"UDP Query User{E50F2378-F2DA-40D5-8A90-0296B73D5F88}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Intel® PROSet/Wireless WiFi Software
"{5254156F-AA77-499A-B7C1-D5581D44E788}" = Marvell Miniport Driver
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{AE303591-1BFC-48B3-881B-655298C4EDE0}" = iTunes
"{AE64AAFB-8C9A-482A-B2A9-3A420A65D5D5}" = O2Micro Flash Memory Card Reader Driver (x64)
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{BA1035C7-14DE-4857-8285-4ACFC74172EC}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{DF0853CA-A1D0-4169-8472-F2822C8FA1EB}" = TOSHIBA Supervisor Password
"{E8B39B08-7FAB-48CC-89E9-37C5589E130C}" = TOSHIBA Hardware Setup
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5051&SUBSYS_1179" = HDAUDIO Soft Data Fax Modem with SmartCP
"HDMI" = Intel® Graphics Media Accelerator Driver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = Toshiba Assist
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema for TOSHIBA
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java 6 Update 6
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{4C3F3228-13BE-41D0-A782-3DDE7CB2479A}" = CD/DVD Drive Acoustic Silencer
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{99D518AB-77F2-405B-B52A-18FC22394CF8}" = NetZero Internet Access Installer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{E1E56B8A-1AAF-422A-91DB-625059FB9863}" = TOSHIBA Desktop Links
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F204E2B3-225D-419D-A5DE-3F97E8ADDD1B}" = Geek Squad 24 Hour Computer Support
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.3
"Audacity_is1" = Audacity 1.2.6
"avast!" = avast! Antivirus
"ENTERPRISER" = Microsoft Office Enterprise 2007
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema for TOSHIBA
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{DF0853CA-A1D0-4169-8472-F2822C8FA1EB}" = TOSHIBA Supervisor Password
"InstallShield_{E8B39B08-7FAB-48CC-89E9-37C5589E130C}" = TOSHIBA Hardware Setup
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.1)" = Mozilla Firefox (3.5.1)
"PROHYBRIDR" = 2007 Microsoft Office system
"SCRABBLE Blast_is1" = SCRABBLE Blast
"Shareaza_is1" = Shareaza 2.4.0.0
"Trillian" = Trillian
"WildTangent toshiba Master Uninstall" = WildTangent Games
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinGimp-2.0_is1" = GIMP 2.6.6
"WinRAR archiver" = WinRAR archiver
========== Last 10 Event Log Errors ==========
[ Antivirus Events ]
Error - 7/22/2009 7:35:37 PM | Computer Name = User-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\User\AppData\Local\PowerCinema\CLML\CLDB_SUB_INFO.db failed, 00000005.
Error - 7/22/2009 7:35:39 PM | Computer Name = User-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
failed, 00000005.
Error - 7/22/2009 8:19:09 PM | Computer Name = User-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zgbgfjb1.default\places.sqlite
failed, 00000005.
Error - 7/22/2009 8:32:20 PM | Computer Name = User-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\User\AppData\Local\PowerCinema\CLML\CLDB_SUB_INFO.db failed, 00000005.
Error - 7/22/2009 8:32:26 PM | Computer Name = User-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
failed, 00000005.
Error - 7/22/2009 9:03:37 PM | Computer Name = User-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\User\AppData\Local\PowerCinema\CLML\CLDB_SUB_INFO.db failed, 00000005.
Error - 7/22/2009 9:03:44 PM | Computer Name = User-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\User\AppData\Local\IconCache.db failed, 00000005.
Error - 7/22/2009 9:24:46 PM | Computer Name = User-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\User\AppData\Local\PowerCinema\CLML\CLDB_SUB_INFO.db failed, 00000005.
Error - 7/23/2009 11:02:15 PM | Computer Name = User-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zgbgfjb1.default\places.sqlite
failed, 00000005.
Error - 7/27/2009 2:17:08 AM | Computer Name = User-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zgbgfjb1.default\downloads.sqlite
failed, 00000005.
[ Application Events ]
Error - 7/22/2009 8:20:24 PM | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description =
Error - 7/22/2009 8:27:54 PM | Computer Name = User-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 7/22/2009 8:35:33 PM | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description =
Error - 7/22/2009 8:49:49 PM | Computer Name = User-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 7/22/2009 8:49:49 PM | Computer Name = User-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 7/22/2009 8:55:36 PM | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description =
Error - 7/22/2009 9:18:53 PM | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description =
Error - 7/22/2009 9:35:01 PM | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description =
Error - 7/22/2009 9:35:58 PM | Computer Name = User-PC | Source = ESENT | ID = 455
Description = Catalog Database (1340) Catalog Database: Error -1811 occurred while
opening logfile C:\Windows\system32\CatRoot2\edb0012A.log.
Error - 7/22/2009 9:35:58 PM | Computer Name = User-PC | Source = Microsoft-Windows-CAPI2 | ID = 131329
Description =
[ System Events ]
Error - 7/23/2009 11:15:37 PM | Computer Name = User-PC | Source = HTTP | ID = 15016
Description =
Error - 7/24/2009 1:29:16 PM | Computer Name = User-PC | Source = HTTP | ID = 15016
Description =
Error - 7/24/2009 5:35:41 PM | Computer Name = User-PC | Source = HTTP | ID = 15016
Description =
Error - 7/24/2009 9:51:45 PM | Computer Name = User-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 7/24/2009 11:30:40 PM | Computer Name = User-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.102 for the Network Card with network
address 0022FA4E2B18 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).
Error - 7/25/2009 11:37:32 PM | Computer Name = User-PC | Source = HTTP | ID = 15016
Description =
Error - 7/26/2009 11:33:28 PM | Computer Name = User-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 7/27/2009 4:44:04 AM | Computer Name = User-PC | Source = HTTP | ID = 15016
Description =
Error - 7/27/2009 11:07:28 AM | Computer Name = User-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.102 for the Network Card with network
address 0022FA4E2B18 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).
Error - 7/27/2009 5:15:33 PM | Computer Name = User-PC | Source = HTTP | ID = 15016
Description =
< End of report >