Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Serious Issues (Freezing issues/No internet/ Can't run DDS, GMER, etc) [Computer 2]


  • This topic is locked This topic is locked
20 replies to this topic

#1 adam12068

adam12068

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:09:56 PM

Posted 19 December 2010 - 11:59 PM

Hi there,

This is my second computer that I am having problems with. This computer seemingly has more of an issue than my other computer in that I cannot run the GMER program at all, I can't run the DDS application (it freezes my computer everytime). The only thing I can do is run the defogger.

There is some kind of worm/virus/malware that is causing my system to run inefficiently and with such poor performance as the computer just started acting up. I checked my PC usage and it was at 100% which is extrememly abnormal. Also anytime I open internet explorer, it freezes and has to be shut down and reopened, just for the same thing to happen. (Same with Chrome)

I don't know what to do since the DDS freezes everytime I try to run it, the black screen appearing to be working but never producing any logs and freezing the computer....and the GMER isn't working either. I am typing this from my other computer because the infected PC has the above mentioned browser/internet issues.

I ran antimalware bytes and it said there were no infections found, I'll include the log, also I have AVG2011 for my antivirus. It is noteworthy to say that the desktop Icons are present but do NOT work, I can't click them half the time...I'll have to use the start, computer etc. buttons to get to use the shortcuts.

Please post ANY help, it is greatly appreciated.

Attached Files


Edited by adam12068, 20 December 2010 - 12:17 AM.


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,208 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:56 AM

Posted 30 December 2010 - 06:19 AM

Hello ,
And :welcome: to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Quick Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note - if you get the following warning, just ignore: "Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

Click on Cancel, then Accept.

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 adam12068

adam12068
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:09:56 PM

Posted 30 December 2010 - 12:23 PM

Thank you for your help!!!

I've pasted the three requested logs...

As a follow up to the first post, the icons on the computer desktop are still not working...sometimes they work sometimes they don't...otherwise same issues as listed in the original post.

I look forward to hearing back!!

Adam

---
OTL logfile created on: 12/30/2010 12:01:34 PM - Run 1
OTL by OldTimer - Version 3.2.18.2 Folder = E:\BLEEPING COMPUTER FILES
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 48.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 73.06 Gb Total Space | 25.13 Gb Free Space | 34.39% Space Free | Partition Type: NTFS
Drive E: | 1.89 Gb Total Space | 0.10 Gb Free Space | 5.36% Space Free | Partition Type: FAT

Computer Name: JEFF-PC | User Name: JEFF | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/30 12:05:26 | 000,602,624 | ---- | M] (OldTimer Tools) -- E:\BLEEPING COMPUTER FILES\OTL123010.exe
PRC - [2010/11/24 09:48:35 | 002,069,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/11/24 09:47:39 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/09/23 07:27:52 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/07/16 11:58:07 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/16 11:58:02 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/16 11:56:31 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/06/13 17:51:58 | 000,231,888 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10h_ActiveX.exe
PRC - [2010/05/21 15:32:28 | 000,632,792 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2010/05/05 09:23:46 | 000,869,816 | ---- | M] (CallingID Ltd.) -- C:\Program Files\comcasttb\CIDGlobalLight.exe
PRC - [2010/04/29 15:14:04 | 000,390,440 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
PRC - [2010/04/08 08:14:24 | 000,292,824 | ---- | M] (PC Tools ) -- C:\Program Files\Registry Mechanic\RMTray.exe
PRC - [2009/11/25 15:42:18 | 000,104,408 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
PRC - [2009/08/19 12:25:52 | 001,589,208 | ---- | M] () -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
PRC - [2009/06/17 12:49:44 | 000,616,408 | ---- | M] () -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
PRC - [2009/04/11 01:27:58 | 001,169,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/20 06:36:58 | 000,210,216 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynToshiba.exe
PRC - [2007/11/25 00:15:40 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/09/26 12:55:04 | 000,283,912 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
PRC - [2007/01/25 19:50:26 | 000,063,096 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
PRC - [2007/01/25 19:47:50 | 000,136,816 | ---- | M] () -- C:\TOSHIBA\IVP\ISM\pinger.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/12/20 01:16:44 | 000,411,768 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
PRC - [2006/12/20 01:15:44 | 000,428,152 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2006/11/14 22:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2006/11/09 12:57:52 | 003,784,704 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006/11/02 07:34:44 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe
PRC - [2006/11/01 00:40:16 | 000,077,824 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2006/09/12 10:03:20 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/05/25 20:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe


========== Modules (SafeList) ==========

MOD - [2010/12/30 12:05:26 | 000,602,624 | ---- | M] (OldTimer Tools) -- E:\BLEEPING COMPUTER FILES\OTL123010.exe
MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2010/07/16 11:58:07 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Unknown | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/07/16 11:58:02 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/05/21 15:32:28 | 000,632,792 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/24 20:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/06/17 12:49:44 | 000,616,408 | ---- | M] () [Auto | Running] -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe -- (AntiSpywareService)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/27 16:38:40 | 000,181,784 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/09/26 12:55:04 | 000,283,912 | ---- | M] (CA, Inc.) [Auto | Running] -- C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe -- (ITMRTSVC)
SRV - [2007/01/25 19:50:26 | 000,063,096 | ---- | M] () [Auto | Running] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2007/01/25 19:47:50 | 000,136,816 | ---- | M] () [Auto | Running] -- C:\TOSHIBA\IVP\ISM\pinger.exe -- (pinger)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/12/20 01:15:44 | 000,428,152 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2006/11/14 22:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2006/11/01 00:40:16 | 000,077,824 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2006/09/12 10:03:20 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/05/25 20:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2005/11/14 03:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010/07/16 11:58:10 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/16 11:56:33 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/02 07:50:21 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/09/30 21:22:08 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2009/06/19 20:44:14 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2009/04/18 23:10:44 | 000,018,816 | ---- | M] (RIF) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dvd43llh.sys -- (dvd43llh)
DRV - [2009/03/20 06:37:42 | 000,208,688 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/07/29 05:05:04 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/07/22 06:42:34 | 000,123,904 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/02/11 19:36:10 | 002,302,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/02/11 19:36:10 | 002,302,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2007/11/09 04:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2006/11/09 16:32:28 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
DRV - [2006/11/09 16:31:46 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
DRV - [2006/11/08 21:09:24 | 001,647,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/11/02 04:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 04:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 04:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 04:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 04:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 04:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 04:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 04:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 04:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 04:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 04:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 04:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 04:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 04:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 04:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 04:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2006/11/02 02:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/10/18 13:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/09/27 22:06:56 | 000,479,488 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr3npxp.sys -- (KR3NPXP)
DRV - [2006/08/31 08:53:00 | 001,161,152 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/07/28 18:25:26 | 000,019,456 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\LPCFilter.sys -- (LPCFilter)
DRV - [2005/08/01 18:45:08 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1710541107-1961418799-3693963291-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net?cid=110510
IE - HKU\S-1-5-21-1710541107-1961418799-3693963291-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1710541107-1961418799-3693963291-1000\..\URLSearchHook: 03402f96-3dc7-4285-bc50-9e81fefafe43} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1710541107-1961418799-3693963291-1000\..\URLSearchHook: CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1710541107-1961418799-3693963291-1000\..\URLSearchHook: EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1710541107-1961418799-3693963291-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1710541107-1961418799-3693963291-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.selectedEngine: "Search"

FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2007/11/25 00:18:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/03/28 17:21:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/11/24 09:49:27 | 000,000,000 | ---D | M]

[2010/04/15 05:36:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JEFF\AppData\Roaming\Mozilla\Firefox\Profiles\2cdzzg7j.default\extensions
[2007/11/26 00:14:23 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\JEFF\AppData\Roaming\Mozilla\Firefox\Profiles\2cdzzg7j.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/05/11 12:33:48 | 000,000,000 | ---D | M] (Comcast Toolbar) -- C:\Users\JEFF\AppData\Roaming\Mozilla\Firefox\Profiles\2cdzzg7j.default\extensions\{4E77EDAD-9566-4089-88D1-C81498CEE770}
[2009/06/16 06:57:37 | 000,000,000 | ---D | M] (AIM Toolbar) -- C:\Users\JEFF\AppData\Roaming\Mozilla\Firefox\Profiles\2cdzzg7j.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2010/04/15 05:36:04 | 000,000,000 | ---D | M] (Microsoft Default Manager) -- C:\Users\JEFF\AppData\Roaming\Mozilla\Firefox\Profiles\2cdzzg7j.default\extensions\DefaultManager@Microsoft
[2008/03/27 07:41:52 | 000,000,276 | ---- | M] () -- C:\Users\JEFF\AppData\Roaming\Mozilla\Firefox\Profiles\2cdzzg7j.default\searchplugins\search.xml
File not found (No name found) -- C:\PROGRAM FILES\GOOGLE\GOOGLE PHOTOS SCREENSAVER\FF_EXT
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\GOOGLE-CJK@PARTNERS.MOZILLA.COM
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\TALKBACK@MOZILLA.ORG
[2009/03/28 17:21:40 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Updater For Comcast Toolbar 3.5) - {164d3751-cac6-4a6d-becd-ea67df61d232} - C:\Program Files\comcasttb\auxi\comcastAu.dll (Visicom Media)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Comcast Toolbar) - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files\comcasttb\comcastdx.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (Comcast Toolbar) - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files\comcasttb\comcastdx.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1710541107-1961418799-3693963291-1000\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe File not found
O4 - HKU\S-1-5-18..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe File not found
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1710541107-1961418799-3693963291-1000..\Run: [ComcastAntispyClient] C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe ()
O4 - HKU\S-1-5-21-1710541107-1961418799-3693963291-1000..\Run: [FileHippo.com] C:\Program Files\filehippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKU\S-1-5-21-1710541107-1961418799-3693963291-1000..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RMTray.exe (PC Tools )
O4 - HKU\S-1-5-21-1710541107-1961418799-3693963291-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O7 - HKU\S-1-5-21-1710541107-1961418799-3693963291-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1710541107-1961418799-3693963291-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1710541107-1961418799-3693963291-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\JEFF\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\JEFF\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/10/03 03:26:24 | 000,000,090 | ---- | M] () - E:\AUTORUN.INF -- [ FAT ]
O33 - MountPoints2\{324a5110-296b-11de-b142-001b384bc1be}\Shell\AutoRun\command - "" = E:\setupSNK.exe -- [2008/01/20 22:33:00 | 000,013,312 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{aaca0ced-6161-11df-a5f9-001b384bc1be}\Shell - "" = AutoRun
O33 - MountPoints2\{aaca0ced-6161-11df-a5f9-001b384bc1be}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{bebfdc9f-95b7-11de-8a38-001b384bc1be}\Shell - "" = AutoRun
O33 - MountPoints2\{bebfdc9f-95b7-11de-8a38-001b384bc1be}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{ce444ea4-01a5-11de-94d2-001b384bc1be}\Shell - "" = AutoRun
O33 - MountPoints2\{ce444ea4-01a5-11de-94d2-001b384bc1be}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{d9e6b878-a701-11de-b94e-001b384bc1be}\Shell - "" = AutoRun
O33 - MountPoints2\{d9e6b878-a701-11de-b94e-001b384bc1be}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/30 12:00:18 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\JEFF\Desktop\OTL123010.exe
[2010/12/19 19:56:40 | 000,000,000 | ---D | C] -- C:\Users\JEFF\Desktop\BLEEPING COMPUTER FILES
[2010/12/19 15:53:41 | 000,000,000 | ---D | C] -- C:\ProgramData\abelhadigital.com
[2010/12/18 21:35:37 | 000,000,000 | ---D | C] -- C:\Users\JEFF\Documents\Groove Workspace Templates
[2009/04/18 23:25:23 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\JEFF\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2010/12/30 12:05:26 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\JEFF\Desktop\OTL123010.exe
[2010/12/30 12:04:26 | 000,133,632 | ---- | M] () -- C:\Users\JEFF\Desktop\RKUnhookerLE 123010.EXE
[2010/12/30 12:01:25 | 000,607,406 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/12/30 12:01:25 | 000,105,014 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/12/30 11:54:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/30 11:54:00 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/30 11:10:57 | 000,003,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/30 11:10:57 | 000,003,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/30 09:47:18 | 069,513,401 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/12/30 08:06:46 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{60BD1D28-97A3-4DAE-927E-189F6E6A9474}.job
[2010/12/29 20:01:33 | 000,000,472 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for JEFF.job
[2010/12/29 17:10:40 | 000,000,396 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Program Check.job
[2010/12/29 17:09:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/18 19:32:41 | 000,058,821 | ---- | M] () -- C:\Users\JEFF\Desktop\Untitled.jpg
[2010/12/16 03:15:31 | 000,409,552 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/12/14 21:54:38 | 000,001,942 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010/12/14 17:30:24 | 000,001,725 | ---- | M] () -- C:\Users\JEFF\Desktop\Update Checker.lnk
[2010/12/14 17:26:46 | 000,001,858 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

========== Files Created - No Company Name ==========

[2010/12/30 12:00:18 | 000,133,632 | ---- | C] () -- C:\Users\JEFF\Desktop\RKUnhookerLE 123010.EXE
[2010/12/18 19:32:41 | 000,058,821 | ---- | C] () -- C:\Users\JEFF\Desktop\Untitled.jpg
[2009/08/22 16:22:27 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/31 16:44:17 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/04/18 23:26:10 | 000,000,034 | ---- | C] () -- C:\Users\JEFF\AppData\Roaming\pcouffin.log
[2009/04/18 23:25:23 | 000,087,608 | ---- | C] () -- C:\Users\JEFF\AppData\Roaming\inst.exe
[2009/04/18 23:25:23 | 000,007,887 | ---- | C] () -- C:\Users\JEFF\AppData\Roaming\pcouffin.cat
[2009/04/18 23:25:23 | 000,001,144 | ---- | C] () -- C:\Users\JEFF\AppData\Roaming\pcouffin.inf
[2009/02/16 12:43:44 | 000,000,022 | ---- | C] () -- C:\Users\JEFF\AppData\Local\iTunes Transfer Fail
[2009/02/16 12:38:21 | 004,347,712 | ---- | C] () -- C:\Users\JEFF\AppData\Local\tcmediatemp.m4a
[2009/02/16 12:37:07 | 000,000,625 | ---- | C] () -- C:\Users\JEFF\AppData\Local\.ipc_copyrecord
[2009/02/15 20:09:43 | 000,000,191 | ---- | C] () -- C:\Users\JEFF\AppData\Roaming\smartpathdb.ini
[2009/02/15 20:09:15 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/02/15 18:06:47 | 006,109,184 | ---- | C] () -- C:\Users\JEFF\AppData\Local\tcmediatemp.mp3
[2009/02/15 18:06:24 | 000,001,232 | ---- | C] () -- C:\Users\JEFF\AppData\Local\iTunesPrefs
[2009/02/15 18:06:12 | 000,000,024 | ---- | C] () -- C:\Users\JEFF\AppData\Local\84756-11986-27475-00TC1-94865
[2008/12/21 07:03:06 | 000,000,021 | ---- | C] () -- C:\Windows\atid.ini
[2008/02/11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008/01/25 13:59:29 | 000,000,067 | ---- | C] () -- C:\Windows\swupdate.INI
[2007/12/08 17:20:55 | 000,000,530 | ---- | C] () -- C:\Users\JEFF\AppData\Roaming\wklnhst.dat
[2007/11/24 15:25:10 | 000,009,728 | ---- | C] () -- C:\Users\JEFF\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/05/24 11:47:37 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007/05/23 19:37:03 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2007/05/23 19:37:03 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2007/05/23 19:37:03 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2007/05/23 19:37:03 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2006/11/29 01:12:18 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1132.dll
[2006/11/24 09:48:44 | 000,036,864 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/10/31 19:37:00 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/08/10 17:00:52 | 000,094,208 | ---- | C] () -- C:\Windows\System32\TosBtHcrpAPI.dll
[2006/03/09 13:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/11/23 16:55:42 | 000,024,576 | ---- | C] () -- C:\Windows\System32\SPCtl.dll
[2005/07/22 23:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

========== LOP Check ==========

[2007/11/24 14:04:40 | 000,000,000 | ---D | M] -- C:\Users\JEFF\AppData\Roaming\acccore
[2010/06/21 12:27:31 | 000,000,000 | ---D | M] -- C:\Users\JEFF\AppData\Roaming\CallingID
[2007/11/26 00:11:20 | 000,000,000 | ---D | M] -- C:\Users\JEFF\AppData\Roaming\Canon
[2009/02/15 20:09:43 | 000,000,000 | ---D | M] -- C:\Users\JEFF\AppData\Roaming\cucusoft
[2009/02/16 12:11:14 | 000,000,000 | ---D | M] -- C:\Users\JEFF\AppData\Roaming\Cucusoft,inc
[2009/04/19 20:26:44 | 000,000,000 | ---D | M] -- C:\Users\JEFF\AppData\Roaming\InterVideo
[2009/02/15 18:21:26 | 000,000,000 | ---D | M] -- C:\Users\JEFF\AppData\Roaming\iPodtoComputerSender Data
[2008/07/04 16:04:59 | 000,000,000 | ---D | M] -- C:\Users\JEFF\AppData\Roaming\Leadertech
[2008/05/26 17:57:00 | 000,000,000 | ---D | M] -- C:\Users\JEFF\AppData\Roaming\LimeWire
[2008/12/21 11:34:18 | 000,000,000 | ---D | M] -- C:\Users\JEFF\AppData\Roaming\QQ Games Plugin
[2010/09/20 20:23:46 | 000,000,000 | ---D | M] -- C:\Users\JEFF\AppData\Roaming\Registry Mechanic
[2008/08/12 07:35:32 | 000,000,000 | ---D | M] -- C:\Users\JEFF\AppData\Roaming\setup_1096_MTUxNXwzNXww_[1]
[2007/12/08 17:21:21 | 000,000,000 | ---D | M] -- C:\Users\JEFF\AppData\Roaming\Template
[2008/12/21 07:03:46 | 000,000,000 | ---D | M] -- C:\Users\JEFF\AppData\Roaming\Tencent
[2009/04/19 00:12:21 | 000,000,000 | ---D | M] -- C:\Users\JEFF\AppData\Roaming\Vso
[2010/10/03 22:13:32 | 000,000,000 | ---D | M] -- C:\Users\JEFF\AppData\Roaming\W Photo Studio
[2010/01/26 23:43:00 | 000,000,000 | ---D | M] -- C:\Users\JEFF\AppData\Roaming\W Photo Studio Viewer
[2010/01/26 23:37:17 | 000,000,000 | ---D | M] -- C:\Users\JEFF\AppData\Roaming\Walgreens
[2008/04/29 21:47:53 | 000,000,000 | ---D | M] -- C:\Users\JEFF\AppData\Roaming\WeatherBug
[2007/11/24 15:24:28 | 000,000,000 | ---D | M] -- C:\Users\JEFF\AppData\Roaming\WildTangent
[2007/11/24 14:37:46 | 000,000,000 | ---D | M] -- C:\Users\JEFF\AppData\Roaming\WinBatch
[2010/12/16 03:12:38 | 000,032,590 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/12/29 17:10:40 | 000,000,396 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC Program Check.job
[2010/08/03 10:32:15 | 000,000,332 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC.job
[2010/12/30 08:06:46 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{60BD1D28-97A3-4DAE-927E-189F6E6A9474}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

---------------------------------------------------------------------------------------------------------------------------------------------------

OTL Extras logfile created on: 12/30/2010 12:01:34 PM - Run 1
OTL by OldTimer - Version 3.2.18.2 Folder = E:\BLEEPING COMPUTER FILES
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 48.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 73.06 Gb Total Space | 25.13 Gb Free Space | 34.39% Space Free | Partition Type: NTFS
Drive E: | 1.89 Gb Total Space | 0.10 Gb Free Space | 5.36% Space Free | Partition Type: FAT

Computer Name: JEFF-PC | User Name: JEFF | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-1710541107-1961418799-3693963291-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- ()


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{55CB8423-9B7A-46A5-AE54-F9BF16BAE370}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{55CCAA81-9D5C-4872-96C4-92EF9A73D9DD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{757453F2-BE9E-44BC-AF9E-7CB04E71E823}" = lport=10243 | protocol=6 | dir=in | app=system |
"{767D4F34-3442-4B00-8F0F-D0A7969DB019}" = rport=10243 | protocol=6 | dir=out | app=system |
"{802DEFF4-FB6B-4DAA-9A8A-15E9C4882F1E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{81CF6894-A39C-4175-B4DC-7E0B875DE814}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8A32D118-A84A-4414-8E64-B1684B65CD39}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{972DA94C-5DF8-4D0B-9041-01500C86A2ED}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E4C6BF77-F6DB-46AA-837C-6AC271BA3CAE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F7649E5E-9991-42D8-A30F-14455E5C7279}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06812E2A-048D-471C-9BDC-0D84F9807776}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{09557353-EFED-4298-969C-3C4C6C8EA901}" = protocol=17 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |
"{12DB9470-4CB9-47C2-83A0-832F76F3F15B}" = protocol=6 | dir=out | app=system |
"{1A493E17-6130-4512-AC98-E6AD831D8939}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1CFA771D-E628-4BA1-9871-AA44D6008393}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2184FDB6-5F6B-4C6F-9E94-860FA3D00035}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{23FBE63F-5076-4354-88BC-9E8A0268205E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{27A50E4E-31E1-4371-92B2-B8A16608EF48}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3E192209-257F-471D-B11F-590001FBB190}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{3E42713B-67D8-404A-9626-7C33CBD37B6A}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{4308E124-144F-4AE7-99BF-B8AB5AB7AF0C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4462714B-6D6B-4E2E-A0E4-0DD3265BF836}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{4812E43B-04AC-4CA9-8B4C-F9F1B5D6094B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4ACD5C8B-59A0-4F76-BB0A-8A09C658EFFD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4CE3DC8B-3594-4B6B-A440-14235F86C68F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{51375B5B-690D-4823-94D6-957A8D395B9A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{55DDF728-8222-4463-A783-ABA504891F5D}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{5F543502-B4CF-42F1-B84F-3EB6B4873260}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{6863B944-6DB2-427C-8B52-CE7957BF963D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{718FD01F-7537-4220-B89D-4BE71D6CA998}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{7D3CB284-4E49-4721-8F74-4B6F48642398}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{87E5CC34-A1C5-4776-8C58-571BB4DA6391}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{8F2127A1-FED2-419E-BBEE-CDB1F9C0DA08}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{ACD01424-0718-47C9-A987-0E484F548C71}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{B0D8B065-FD49-4F57-AA8C-9921B954E2FA}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |
"{BB3418D9-D7AE-4F2D-AA12-4C66F665742A}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{BE72CEC1-CAAF-493B-B075-5EBBA76BF2A2}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{BF32CA2F-E684-4A3F-A30A-88742D1490D5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C116E19A-60C0-47F9-9BAB-6C6BDEF5E836}" = protocol=6 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |
"{C873B69D-5958-43BB-A791-9B5289EA3503}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CF788F17-9AC3-4DF2-89B1-750B638FDD42}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D8C4F121-DD2C-4DB9-8D89-1D720AC162B8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EA33C5D5-2537-4E2D-B46C-5E9B176E7F93}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{FA06F0E5-3D61-43DE-AC3D-48D7576BF791}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{FA46008E-65A4-46F9-9088-41F4E01B8DA4}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{FDBAA667-DDCB-42DF-A66D-E58AB0F6A6A0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{4298D34C-8B95-4C52-BAFC-1163451E2416}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{F249B8B5-89FB-43B3-B9CD-6F25D5E8D676}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{FD4166A9-1ABA-4B21-8E9F-D91F5C839EA1}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{3A6CC86E-783C-4E06-9633-0D60EDE20334}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{3F060563-1720-46BE-8EA1-1A291A711BB1}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{F1AAF06C-58D8-400B-8B60-5F9E204EDDE3}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0E9C4531-58C4-4349-AD2F-A4D999E451EC}" = TOSHIBA Music
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series" = Canon MP210 series
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for TOSHIBA
"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 20
"{2B322F4F-F403-4975-AB54-530459472148}" = Skype Toolbars
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{3B095ED6-8631-4E2A-9F75-3EAD0AA37850}" = ATC Voicepack SDK
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{48A25E19-D9AE-4BBE-9411-6F4C5D328B39}" = Skype™ Beta 5.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C2690CF-5B74-4F93-8139-7B5644CD6A3B}" = MobileMe Control Panel
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{CBF3C503-946E-45EA-B347-EACC41781989}" = W Photo Studio
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F05A5232-CE5E-4274-AB27-44EB8105898D}" = CA Pest Patrol Realtime Protection
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7B05784-334C-4F76-8BAB-30ABEB7FD534}" = TIPCI
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"1Click DVD Copy Pro_is1" = 1Click DVD Copy Pro 3.0.0.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"Agere Systems Soft Modem" = TOSHIBA Software Modem
"AIM_6" = AIM 6
"AIMTunes" = AIMTunes
"Audacity_is1" = Audacity 1.2.6
"AVG9Uninstall" = AVG Free 9.0
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"Canon MP210 series User Registration" = Canon MP210 series User Registration
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"comcasttb" = Comcast Toolbar 3.5
"Cucusoft iPhone/iTouch/iPod to Computer Transfer_is1" = iPhone/iTouch/iPod to Computer Transfer 3.9.7
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD43_is1" = DVD43 v4.4.0
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ENTERPRISER" = Microsoft Office Enterprise 2007
"filehippo.com" = FileHippo.com Update Checker
"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.1
"Google Chrome" = Google Chrome
"HDMI" = Intel® Graphics Media Accelerator Driver
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for TOSHIBA
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{F7B05784-334C-4F76-8BAB-30ABEB7FD534}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"iPod to Computer Sender_is1" = iPod to Computer Sender 1.2.2.3150
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"NSS" = Norton Security Scan
"oggcodecs" = oggcodecs 0.71.0946
"RealPlayer 6.0" = RealPlayer
"Registry Mechanic_is1" = Registry Mechanic 9.0
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SpeedyPC" = SpeedyPC
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Game Console" = TOSHIBA Game Console
"Uninstall_is1" = Uninstall 1.0.0.1
"ViewpointMediaPlayer" = Viewpoint Media Player
"WinRAR archiver" = WinRAR archiver
"Yahoo! Companion" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1710541107-1961418799-3693963291-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/19/2010 3:57:43 PM | Computer Name = JEFF-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9687

Error - 12/19/2010 3:57:44 PM | Computer Name = JEFF-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/19/2010 3:57:44 PM | Computer Name = JEFF-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 11123

Error - 12/19/2010 3:57:44 PM | Computer Name = JEFF-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11123

Error - 12/19/2010 4:39:18 PM | Computer Name = JEFF-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/19/2010 4:39:18 PM | Computer Name = JEFF-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2504487

Error - 12/19/2010 4:39:18 PM | Computer Name = JEFF-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2504487

Error - 12/19/2010 4:39:19 PM | Computer Name = JEFF-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/19/2010 4:39:19 PM | Computer Name = JEFF-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2506405

Error - 12/19/2010 4:39:19 PM | Computer Name = JEFF-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2506405

[ OSession Events ]
Error - 10/13/2009 10:41:48 PM | Computer Name = JEFF-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9760
seconds with 6600 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 12/23/2010 10:32:09 PM | Computer Name = JEFF-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 12/25/2010 5:56:04 PM | Computer Name = JEFF-PC | Source = DCOM | ID = 10010
Description =

Error - 12/25/2010 10:29:03 PM | Computer Name = JEFF-PC | Source = DCOM | ID = 10010
Description =

Error - 12/25/2010 10:29:34 PM | Computer Name = JEFF-PC | Source = DCOM | ID = 10010
Description =

Error - 12/27/2010 8:20:10 PM | Computer Name = JEFF-PC | Source = DCOM | ID = 10016
Description =

Error - 12/27/2010 8:20:10 PM | Computer Name = JEFF-PC | Source = DCOM | ID = 10016
Description =

Error - 12/27/2010 8:20:10 PM | Computer Name = JEFF-PC | Source = DCOM | ID = 10016
Description =

Error - 12/29/2010 1:26:05 AM | Computer Name = JEFF-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 10:46:03 PM on 12/28/2010 was unexpected.

Error - 12/29/2010 1:26:32 AM | Computer Name = JEFF-PC | Source = Print | ID = 19
Description = The print spooler failed to share printer Canon MP210 series Printer
with shared resource name Canon MP210 series Printer. Error 2114. The printer cannot
be used by others on the network.

Error - 12/29/2010 1:26:54 AM | Computer Name = JEFF-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >



RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #1
==============================================
>Drivers
==============================================
0x8C00C000 C:\Windows\system32\DRIVERS\igdkmd32.sys 7057408 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)
0x8203E000 C:\Windows\system32\ntoskrnl.exe 3846144 bytes (Microsoft Corporation, NT Kernel & System)
0x8203E000 PnpManager 3846144 bytes
0x8203E000 RAW 3846144 bytes
0x8203E000 WMIxWDM 3846144 bytes
0x9ACB0000 Win32k 2109440 bytes
0x9ACB0000 C:\Windows\System32\win32k.sys 2109440 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8D10E000 C:\Windows\system32\drivers\RTKVHDA.sys 1642496 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0x8E00E000 C:\Windows\system32\DRIVERS\AGRSM.sys 1163264 bytes (Agere Systems, SoftModem Device Driver)
0x86EE7000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
0x86C71000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x86DE2000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)
0x87187000 C:\Windows\system32\DRIVERS\athr.sys 946176 bytes (Atheros Communications, Inc., Atheros Extensible Wireless LAN device driver)
0x828DE000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0xAB85F000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0xAB953000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x8C6C7000 C:\Windows\System32\drivers\dxgkrnl.sys 659456 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x870FA000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x829BE000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x86C00000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x82814000 C:\Windows\system32\mcupdate_GenuineIntel.dll 458752 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x8D32E000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x8727C000 C:\Windows\system32\drivers\tifm21.sys 315392 bytes (Texas Instruments, tifm21.sys)
0x82AFA000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8E243000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x82A47000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x8289D000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x87390000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x8C7A1000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8E2DB000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x86DA7000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0x8E1C3000 C:\Windows\System32\Drivers\avgtdix.sys 237568 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
0xAB80E000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x87000000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8D0C8000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x8E33E000 C:\Windows\System32\Drivers\avgldx86.sys 212992 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
0x8200B000 ACPI_HAL 208896 bytes
0x8200B000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x82BBC000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8E1FD000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x87301000 C:\Windows\system32\DRIVERS\SynTP.sys 204800 bytes (Synaptics Incorporated, Synaptics Touchpad Driver)
0x87361000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x82B59000 C:\Windows\system32\DRIVERS\pcmcia.sys 184320 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0x8D29F000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x86D7C000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8D087000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x8D2F1000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0xABA8C000 C:\Windows\System32\Drivers\fastfat.SYS 163840 bytes (Microsoft Corporation, Fast FAT File System Driver)
0x87055000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x82A9E000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x8D2CC000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x8D00E000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x8C774000 C:\Windows\system32\DRIVERS\Rtlh86.sys 139264 bytes (Realtek Corporation , Realtek 8101E/8168/8169 NDIS6 32-bit Driver )
0x8708D000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x8E15A000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x8D3C9000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x82B9E000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x86ECC000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x8E3D3000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x872C9000 C:\Windows\system32\DRIVERS\sdbus.sys 106496 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0x8D39B000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x87343000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xAB847000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8E321000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x873DC000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xABA03000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x8E294000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x8E1AD000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0x8D3B4000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8D054000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0xABA77000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 86016 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0x8D040000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8E22F000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x872E3000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0x8D31B000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8E2B8000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x8707C000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8D0FD000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x82884000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x82BEE000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x8E37B000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0x8E2CB000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x82B86000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x8C7EE000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x8D075000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x870EB000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x8E3C4000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x87046000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x82ACF000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x8D031000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8C7DF000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x82AEB000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x8726E000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0x9AF30000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x8E2AA000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8E196000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x82B4B000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x8E39A000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8E12A000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x8D0BB000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x82A3A000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0x8D069000 C:\Windows\System32\Drivers\pcouffin.sys 49152 bytes (VSO Software, low level access layer for CD/DVD/BD devices)
0xAB947000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8E14E000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8C768000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0x8E3A7000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x872F6000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x87333000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x8E18B000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x873F3000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x873D1000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x870D7000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8C796000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x82AE1000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
0x8E3BA000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x82AC5000 C:\Windows\system32\DRIVERS\LPCFilter.sys 40960 bytes (COMPAL ELECTRONIC INC., LPCFilter)
0x8D0B1000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x8E3F6000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x8E317000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0xAB93D000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x870AE000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x8E137000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x8E372000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xABAB4000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x8E1A4000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x9AED0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x870E2000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x82A8D000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x8E28B000 C:\Windows\system32\drivers\ws2ifsl.sys 36864 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0x82B96000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x82895000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8E3B2000 C:\Windows\System32\Drivers\dump_atapi.sys 32768 bytes
0x8E392000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x82A96000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8E17B000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8E183000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8703E000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x8E147000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x8E38B000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x82B44000 C:\Windows\system32\drivers\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0x8280D000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x8E140000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x8E338000 C:\Windows\System32\Drivers\avgmfx86.sys 24576 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
0x8735B000 C:\Windows\System32\Drivers\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x8733E000 C:\Windows\System32\DRIVERS\dvd43llh.sys 20480 bytes (RIF, dvd43llh.sys)
0x87039000 C:\Windows\system32\DRIVERS\TVALZ_O.SYS 20480 bytes (TOSHIBA Corporation, TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver)
0x8C000000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x8C006000 C:\Windows\system32\DRIVERS\tdcmdpst.sys 16384 bytes (TOSHIBA Corporation., Toshiba ODD Writing Driver For x86.)
0x82ADE000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0x8D085000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8C004000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================

Edited by adam12068, 30 December 2010 - 12:24 PM.


#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,208 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:56 AM

Posted 30 December 2010 - 12:31 PM

Hello again,

COMBOFIX
---------------
Please download ComboFix from one of these locations:
Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 adam12068

adam12068
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:09:56 PM

Posted 30 December 2010 - 01:55 PM

Hi there,

sorry about the delay, I've ran combofix twice now after removing my AVG antivirus program and it has frozen my system on both scans, leaving me with a black screen with only the cursor showing and unable to move it. I am rerunning it now and trying it one more time before asking for more help.

#6 adam12068

adam12068
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:09:56 PM

Posted 30 December 2010 - 02:30 PM

Ok,

I've tried running Combofix on the computer at least 3 times now, once in safe mode but it wouldn't let me, it said access denied, need administrator priveliges, even when i clicked run as administrator. Combofix also asked me if i wanted to upgrade to a newer version, I said no, and subsequently ran it again (currently)

I am currently in the process of trying to run it again but I wouldn't doubt it freezes again, what should I do?

I'll repost if/when I can get it to work, in the meantime what should I do?

Edited by adam12068, 30 December 2010 - 02:31 PM.


#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,208 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:56 AM

Posted 30 December 2010 - 02:55 PM

Try to download a fresh copy: right click on the download link and select "save target/link as". Save the file as fun.com and try to run it like that.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 adam12068

adam12068
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:09:56 PM

Posted 30 December 2010 - 09:26 PM

Try to download a fresh copy: right click on the download link and select "save target/link as". Save the file as fun.com and try to run it like that.


Same issue, the program initally works...but after several minutes it ends up freezing, i try clicking it, nothing happens, i can't move it around anymore, after a couple of clicks to try and exit it, the screen goes black and then i am forced to restart the computer.

#9 adam12068

adam12068
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:09:56 PM

Posted 30 December 2010 - 11:55 PM

I've downloaded a new copy, saved it to my desktop, updated combofix (after prompt), and let the thing scan on its own. I have uninstalled AVG (my antivirus) and turned off the firewall.

It never gets to the "Stage 1 complete" portion of the scan, (I have another computer I had to run it on and it sucessfully completed the scan). This computer on the other hand only says

"Scanning for infected files...
This typically doesn't take more than 10 minutes
However, scan times for badly infected machines may easily double"

There is a blinking underscore and that is all.

The program remains in this state until it freezes up or blackscreens.


I am continuously trying to make this work but everytime I have to manually turn off the computer after the program freezes. I am currently continuing to try to get the scan to work.

Edited by adam12068, 30 December 2010 - 11:57 PM.


#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,208 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:56 AM

Posted 31 December 2010 - 05:43 AM

Can you reboot your computer in safe mode with networking and try to run it from there. Download also a fresh copy of combofix.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 adam12068

adam12068
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:09:56 PM

Posted 31 December 2010 - 01:16 PM

Didn't work.

I downloaded a fresh copy, renamed it, ran it, got to the same point as before, froze, had to be restarted.

I downloaded another fresh copy, deleted the old one, did NOT rename it, ran it as an admin (right click, run as admin), it got to the same point as before, froze, restarted itself.

The only thing different in this situation was the screen that it gave me before it started running....

Posted Image


Thanks

Edited by adam12068, 31 December 2010 - 01:18 PM.


#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,208 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:56 AM

Posted 31 December 2010 - 02:40 PM

Lets do some more rootkit checking here.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 adam12068

adam12068
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:09:56 PM

Posted 31 December 2010 - 03:31 PM

No log is produced it only says "no threats found" after completing the scan.

Posted Image

#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,208 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:56 AM

Posted 01 January 2011 - 02:54 AM

Did combofix notify you about CA pest patrol being running? Please uninstall this program and try to run it again.

You are running Vista on a fairly low amount of RAM (1 GB is not much for Vista), so I recommend you disable any unnecessary programs from running on startup.

I notice the presence of Registry Mechanic Registry Cleaner on your pc.

I don't personally recommend the use of ANY registry cleaners for several reasons.

• Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.

• Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.

• Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.

• Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.

• The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".

Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 adam12068

adam12068
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:09:56 PM

Posted 01 January 2011 - 06:23 PM

Thank you for the tips on the registry cleaning. This computer is my father's computer and he just tries to keep the computer clean, running efficient, and smoothly. He is by no means a computer genius and tries simple things like the registry cleaner to speed up the computer when it runs slow or to free up space. I'm sure he appreciates your advice.

Secondly, Combofix notified me that AVG was present and that it was necessary to uninstall it before running combofix because AVG can cause adverse effects to the Combofix cleaning process, so I uninstalled it and tried running combofix again. Combofix then notified me that some "CA antivirus" or whatnot program was also installed and that it needed to be removed as well before combofix could run. Neither my dad nor I knew/heard of the program so I went to the add/remove programs portion of the control panel, found the only program that had a "CA" infront of it )can't remember the exact name) and removed it. I did all of this before even attempting to run combofix for the first time.

I don't know exactly what you are referring to in terms of removing the CA pest control, I looked in the Add/remove programs section and searched the computer for "CA pest control" and there were no results found or anything in the Add/remove programs section. I will uninstall registry mechanic and try running it again.

In terms of memory, the computer initially only came installed with 512 MB of ram which we upgraded to 1GB. Without spending a fortune on new ram and installation fees, I would simply like to try to fix whatever issues are on the computer/malware/viruses present. My dad only uses the computer to surf the internet to check email and whatnot, which I know doesn't require a large amount of memory such as running computer games etc.

What do you think the issue is with the Combofix program not working at all and freezing the computer everytime it starts running after it begins? I've used "Startup Lite" which was recommended by another staff member of this site after a cleaning of one of my other computers, which I've subsequently removed all the unnecessary startup programs which were present on that list Startup Lite generated.

Edited by adam12068, 01 January 2011 - 06:35 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users