I went ahead and read the malware post and I have followed the instructions to the "T". below are the logs from the EXE's. PLease help thank you.
Malwarebytes' Anti-Malware 1.42
Database version: 3350
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18865
12/12/2009 5:05:39 PM
mbam-log-2009-12-12 (17-05-39).txt
Scan type: Quick Scan
Objects scanned: 123010
Time elapsed: 10 minute(s), 49 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 17
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 4
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\webmedia.chl (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\ProgramData\50197931 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\69267434 (Rogue.Multiple) -> Quarantined and deleted successfully.
Files Infected:
C:\Windows\System32\tdlcmd.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Online Antispyware Test.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\SafetyCenter\main.ico (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\SafetyCenter\sound.wav (Trojan.FakeAlert) -> Quarantined and deleted successfully.
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/12/12 17:14
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP2
==================================================
Drivers
-------------------
Name: dump_iaStor.sys
Image Path: C:\Windows\System32\Drivers\dump_iaStor.sys
Address: 0x8D005000 Size: 815104 File Visible: No Signed: -
Status: -
Name: ebwvxx.sys
Image Path: C:\Windows\System32\drivers\ebwvxx.sys
Address: 0x805B7000 Size: 54016 File Visible: No Signed: -
Status: -
Name: rootrepeal[1].sys
Image Path: C:\Windows\system32\drivers\rootrepeal[1].sys
Address: 0x863F1000 Size: 49152 File Visible: No Signed: -
Status: -
Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!
==EOF==
OTL Extras logfile created on: 12/12/2009 5:19:44 PM - Run 1
OTL by OldTimer - Version 3.1.17.0 Folder = C:\Users\Natalie\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1014.48 Mb Total Physical Memory | 158.74 Mb Available Physical Memory | 15.65% Memory free
2.24 Gb Paging File | 1.10 Gb Available in Paging File | 49.30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 73.06 Gb Total Space | 13.51 Gb Free Space | 18.49% Space Free | Partition Type: NTFS
Unable to calculate disk information.
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: NATALIE-PC
Current User Name: Natalie
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
chm.file [open] -- "%SystemRoot%\hh.exe" %1
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3872186640-2714548340-4231497469-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 1
"EnableFirewall" = 1
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- ()
========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09342638-4FAE-4D0D-930D-D157B948BA82}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{0EA72414-3743-4209-BAD2-D1FC680DA1F8}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{141B582B-BCAF-4EF2-AE3B-072E3CA90B1E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{144C088A-C2A8-4AA7-93AF-7CF7C2D5D0C9}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{1A27A423-643B-4DB7-8CC9-C8E9E7B96DC0}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{1E4CC0C5-D488-4B34-8C4B-E7C357B19C16}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1FDF455C-B5AB-464F-B2D5-C9940715F890}" = lport=137 | protocol=17 | dir=in | app=system |
"{26185092-9731-40DD-B09F-F709A15C82BA}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{327C809E-D499-4B96-ADAE-D29E47EFFB23}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3DE371E8-45FC-49D1-AE6F-5FCD3EA6D119}" = rport=137 | protocol=17 | dir=out | app=system |
"{3EA767A2-9CE6-421D-89EC-1E5B03950AA8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{48742EE5-7A33-43B5-A6F2-BEB58DF5C128}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{61B31CC8-3221-4121-91DA-9F9BD4772A0A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{65157BF1-7274-4477-8C0B-75C5ADCDC8B9}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{6B884387-FE8E-4333-B0CF-D96C265B0429}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss |
[email protected],-28539 |
"{6E67A15F-6FAB-4DCB-BDBB-C0D3839204FB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{736F56CA-D823-4793-8317-C3B0FF947DE6}" = lport=138 | protocol=17 | dir=in | app=system |
"{82BE5F2D-CB0D-41C4-A239-71AD9C234306}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{83CB1483-F1F9-426F-B4D8-B37788A20803}" = rport=139 | protocol=6 | dir=out | app=system |
"{853AA778-0A2E-48D6-8B12-12AF2BF20011}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{86DA8134-F933-4F02-9BF0-64C22EA5D913}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{91C803F3-5961-4122-8B4E-F8363F967563}" = lport=139 | protocol=6 | dir=in | app=system |
"{99488AF8-503C-45DC-A795-40391E9BF1C9}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{9C484033-BFF7-4165-B319-4F98144B76F1}" = rport=445 | protocol=6 | dir=out | app=system |
"{B7D6AFA1-CD1D-4496-81C7-08D7A275E210}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{CA44B412-6ECE-40A4-BB61-4281AC52BC22}" = lport=445 | protocol=6 | dir=in | app=system |
"{D71EA7F6-E0E6-4D00-8A17-DF8416DD017C}" = rport=138 | protocol=17 | dir=out | app=system |
"{DBB5920F-483B-470A-BE29-82340CE0D0C8}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E1880014-4E1A-4878-88CD-E48F59C17135}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FB5D480E-9664-430B-A06E-693CDA39CB24}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{FFEDE579-B7C9-4DEE-A69A-1CACD0DE959C}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03AD7C5C-A943-4DAE-8B34-49FFE418B098}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{08130697-3E02-4A0F-BD09-5F222D0E9D9F}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{0E1FC2FB-C2E9-4BC7-8168-5A2873F3692C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{18F6B56C-8CB2-4971-8F60-D24F55482DBB}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{1EABF151-C3B3-4535-AEC6-F617FBEBBB90}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{304B71BC-0731-4600-ACB9-D687A7FE0B65}" = protocol=17 | dir=in | app=c:\program files\v cast music with rhapsody\rhapsody.exe |
"{3054D2B2-0DAC-4831-BFFF-9CD7BACF5C02}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"{3147FE09-4F7C-47A7-8ECF-AFB634AD8CBF}" = protocol=1 | dir=in |
[email protected],-28543 |
"{357ADE1C-A402-48FB-8009-84528976B18D}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{45F54DEC-EA1D-48D6-966E-2A3C77E09113}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{46A07DAA-831D-4CAD-8852-3C47699FF201}" = protocol=6 | dir=in | app=c:\program files\curse\curseclient.exe |
"{5695519F-61B5-4FDD-AB04-6619A38FFE25}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5B3F1D99-58FE-4829-8FC1-B4971AB0986A}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{5E20BC18-838D-4B66-A733-898C9EBAC91F}" = protocol=58 | dir=in |
[email protected],-28545 |
"{676FBE61-EE0D-4B7D-B51F-4CEE66E21D2E}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-enus-downloader.exe |
"{685BC3B8-29AC-4BEB-8523-6ACDACE24A6C}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.8.9506-to-3.0.9.9551-enus-downloader.exe |
"{77DFF033-2F23-42F8-B1F8-A006EBB87122}" = protocol=6 | dir=in | app=c:\program files\v cast music with rhapsody\rhapsody.exe |
"{85CD5161-ACD0-4262-AC3A-8CF23DF59A8C}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"{894E7A71-9121-4022-AFCD-1ACF04A7409A}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.8.9464-to-3.0.8.9506-enus-downloader.exe |
"{90F823DA-A5DD-4993-A1DB-8B8846E78C03}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{92100168-97AC-4580-97DA-39027AD2AB3D}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{A38B8A36-2CB8-43BA-898E-3F001288E970}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.8.9464-to-3.0.8.9506-enus-downloader.exe |
"{ABF398A6-C1D5-4C85-92E9-B0C9757A54A6}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{B35490EA-2BD6-4DF0-9097-887EF9420C57}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{B71E2C0E-434C-433C-8FF3-FB8A33F54054}" = protocol=17 | dir=in | app=c:\program files\curse\curseclient.exe |
"{CD8FB6F2-3992-472D-851B-658013EA7984}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{D84947EB-2507-4E3E-B624-2DB441018219}" = protocol=1 | dir=out |
[email protected],-28544 |
"{E22E544F-DFD2-4B1B-8792-C6B1AB8A941B}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{E47DF469-A28B-4738-A82E-AC194BEDAE19}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{F79CBD0B-82EE-4174-9E96-D5EB2D07C19F}" = protocol=58 | dir=out |
[email protected],-28546 |
"{F818E5EB-2B18-4ED8-8C29-D56C2B6A2F94}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.8.9506-to-3.0.9.9551-enus-downloader.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{2C544254-39F2-4ACA-B779-ABF7297C96CF}" = Accessibility
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java SE Runtime Environment 6
"{3560CE5A-C4EF-4DB0-9ECC-BA035FE309C5}" = MSN Toolbar
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Media Driver Vista x86 Ver.3.33.03
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EC2A8F27-4FBF-4E41-B27B-FE822511B761}" = iTunes
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.3
"EPSON Printer and Utilities" = EPSON Printer Software
"ERUNT_is1" = ERUNT 1.1j
"FXCM Trading Station" = FXCM Trading Station
"HDMI" = Intel® Graphics Media Accelerator Driver
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSC" = McAfee SecurityCenter
"Search Guard Plus" = Search Guard Plus (My Face LOL)
"Search Guard Plus Updater" = Search Guard Plus Updater (My Face LOL)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TBSB07183.TBSB07183Toolbar" = Fast Browser Search (My Face LOL)
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 3/17/2009 12:55:32 PM | Computer Name = Natalie-PC | Source = Application Error | ID = 1000
Description = Faulting application CurseClient.exe, version 0.0.0.0, time stamp
0x48efb36a, faulting module CurseClient.exe, version 0.0.0.0, time stamp 0x48efb36a,
exception code 0xc0000005, fault offset 0x00172b45, process id 0xb44, application
start time 0x01c9a72128b6a335.
Error - 3/18/2009 7:18:08 PM | Computer Name = Natalie-PC | Source = Application Hang | ID = 1002
Description = The program OUTLOOK.EXE version 11.0.8217.0 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 10ac Start Time: 01c9a81f89d87efe Termination Time: 0
Error - 3/18/2009 7:18:26 PM | Computer Name = Natalie-PC | Source = Application Error | ID = 1000
Description = Faulting application Explorer.EXE, version 6.0.6001.18164, time stamp
0x4907e242, faulting module MSMAPI32.DLL, version 11.0.8200.0, time stamp 0x472f94b0,
exception code 0xc0000005, fault offset 0x000144d8, process id 0xe0c, application
start time 0x01c9a80ef81f8b8e.
Error - 3/20/2009 7:29:41 PM | Computer Name = Natalie-PC | Source = EventSystem | ID = 4621
Description =
Error - 3/21/2009 11:06:24 AM | Computer Name = Natalie-PC | Source = Windows Search Service | ID = 3024
Description =
Error - 3/23/2009 9:32:16 PM | Computer Name = Natalie-PC | Source = Application Hang | ID = 1002
Description = The program OUTLOOK.EXE version 11.0.8217.0 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 9ec Start Time: 01c9ac20356cdb45 Termination Time: 32
Error - 3/23/2009 9:33:43 PM | Computer Name = Natalie-PC | Source = Application Hang | ID = 1002
Description = The program OUTLOOK.EXE version 11.0.8217.0 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 604 Start Time: 01c9ac205ff3aab5 Termination Time: 15
Error - 3/24/2009 1:07:54 AM | Computer Name = Natalie-PC | Source = Microsoft Office 11 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Outlook.
Error - 3/30/2009 8:47:07 PM | Computer Name = Natalie-PC | Source = EventSystem | ID = 4621
Description =
Error - 4/4/2009 12:43:17 AM | Computer Name = Natalie-PC | Source = Windows Search Service | ID = 3024
Description =
[ System Events ]
Error - 3/11/2009 9:36:13 PM | Computer Name = Natalie-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 3/11/2009 10:09:54 PM | Computer Name = Natalie-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 3/11/2009 10:10:24 PM | Computer Name = Natalie-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 3/11/2009 10:10:55 PM | Computer Name = Natalie-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 3/11/2009 10:11:26 PM | Computer Name = Natalie-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 3/11/2009 10:11:56 PM | Computer Name = Natalie-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 3/11/2009 10:12:26 PM | Computer Name = Natalie-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 3/11/2009 10:12:56 PM | Computer Name = Natalie-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 3/11/2009 10:13:26 PM | Computer Name = Natalie-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 3/11/2009 10:41:10 PM | Computer Name = Natalie-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 7:39:08 PM on 3/11/2009 was unexpected.
< End of report >
OTL logfile created on: 12/12/2009 5:19:44 PM - Run 1
OTL by OldTimer - Version 3.1.17.0 Folder = C:\Users\Natalie\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1014.48 Mb Total Physical Memory | 158.74 Mb Available Physical Memory | 15.65% Memory free
2.24 Gb Paging File | 1.10 Gb Available in Paging File | 49.30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 73.06 Gb Total Space | 13.51 Gb Free Space | 18.49% Space Free | Partition Type: NTFS
Unable to calculate disk information.
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: NATALIE-PC
Current User Name: Natalie
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ========== PRC - [2009/12/12 17:17:02 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Users\Natalie\Desktop\OTL.exe
PRC - [2009/12/12 17:13:18 | 00,472,064 | ---- | M] ( ) -- C:\Users\Natalie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7JC02BGO\RootRepeal[1].exe
PRC - [2009/11/20 22:42:38 | 00,638,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/11/12 17:06:04 | 00,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/10/29 06:54:44 | 01,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/27 11:19:46 | 00,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/09/16 09:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/09/16 08:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/09/08 20:09:42 | 00,305,440 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/09/08 20:09:30 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/07/17 19:12:12 | 00,257,440 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10c.exe
PRC - [2009/07/09 23:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/07/08 10:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 18:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/05/15 08:57:18 | 00,067,456 | ---- | M] () -- C:\Program Files\Search Guard PlusU\sgpUpdaters.exe
PRC - [2009/04/10 22:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/10 22:27:20 | 00,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2009/03/30 16:28:36 | 01,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009/03/30 16:28:36 | 00,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/02/11 20:13:10 | 00,256,536 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe
PRC - [2008/02/11 20:13:08 | 00,133,656 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe
PRC - [2008/02/11 20:13:02 | 00,166,424 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe
PRC - [2008/01/18 23:33:39 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008/01/18 23:33:19 | 00,192,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\p2phost.exe
PRC - [2007/07/26 15:20:02 | 00,077,824 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2007/07/20 19:45:16 | 01,372,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2007/07/06 10:06:52 | 04,669,440 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/06/22 18:37:22 | 00,894,248 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2007/06/19 14:28:32 | 00,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2007/04/24 15:00:10 | 00,225,280 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\HControl.exe
PRC - [2007/03/22 16:09:28 | 02,420,736 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe
PRC - [2007/03/21 12:00:04 | 00,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/03/21 12:00:00 | 00,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/02/05 17:13:14 | 00,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe
PRC - [2007/01/25 16:50:26 | 00,063,096 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
PRC - [2007/01/25 16:47:50 | 00,136,816 | ---- | M] () -- C:\TOSHIBA\IVP\ISM\pinger.exe
PRC - [2006/12/15 03:01:00 | 00,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
PRC - [2006/11/14 19:33:10 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2006/10/05 11:10:12 | 00,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/05/25 17:30:16 | 00,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
========== Modules (SafeList) ========== MOD - [2009/12/12 17:17:02 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Users\Natalie\Desktop\OTL.exe
MOD - [2009/11/23 10:38:10 | 00,014,544 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2009/04/10 22:21:38 | 01,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
========== Win32 Services (SafeList) ========== SRV - [2009/11/12 17:06:04 | 00,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/10/27 11:19:46 | 00,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/09/24 17:27:04 | 00,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/09/16 10:23:32 | 00,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/16 09:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 08:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/09/08 20:09:30 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/07/09 23:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/07/08 10:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 18:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/03/30 16:28:36 | 01,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/09/29 08:06:14 | 00,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2008/01/18 23:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/07/26 15:20:02 | 00,077,824 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2007/03/21 12:00:04 | 00,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/02/05 17:13:14 | 00,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2007/01/25 16:50:26 | 00,063,096 | ---- | M] () [Auto | Running] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2007/01/25 16:47:50 | 00,136,816 | ---- | M] () [Auto | Running] -- C:\TOSHIBA\IVP\ISM\pinger.exe -- (pinger)
SRV - [2006/12/15 03:01:00 | 00,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2006/11/14 19:33:10 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/10/05 11:10:12 | 00,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/05/25 17:30:16 | 00,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL =
http://www.google.com/IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch =
http://us.rd.yahoo.c...rch/search.htmlIE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\w, =
http://www.google.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://www.google.com/IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL =
http://www.google.com/IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/11/24 21:26:54 | 00,000,000 | ---D | M]
O1 HOSTS File: (27 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Fast Browser Search Toolbar Helper) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll File not found
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Fast Browser Search Toolbar) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll File not found
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKCU\..\Toolbar\WebBrowser: (Fast Browser Search Toolbar) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [CollaborationHost] C:\Windows\System32\p2phost.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Natalie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: 4 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83}
http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134}
http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968}
http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 13:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/08/21 07:57:00 | 00,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
OTL cannot create restorepoints on Vista OSs!
========== Files/Folders - Created Within 14 Days ========== [2009/12/12 17:16:49 | 00,538,112 | ---- | C] (OldTimer Tools) -- C:\Users\Natalie\Desktop\OTL.exe
[2009/12/12 16:53:39 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/12/12 16:53:37 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/12/12 16:53:37 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/12 16:52:08 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/12/12 16:51:28 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Natalie\Desktop\erunt_setup.exe
[2009/12/12 16:31:14 | 00,343,040 | ---- | C] (OldTimer Tools) -- C:\Users\Natalie\Desktop\TFC.exe
[2009/12/10 23:29:35 | 00,000,000 | ---D | C] -- C:\Users\Natalie\AppData\Local\temp
[2009/12/10 22:40:16 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009/12/10 22:40:16 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2009/12/10 22:40:16 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2009/12/10 22:40:16 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2009/12/10 22:39:44 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/12/10 22:31:09 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/12/10 22:06:22 | 00,000,000 | ---D | C] -- C:\Users\Natalie\Desktop\GooredFix Backups
[2009/12/10 22:05:58 | 00,071,848 | ---- | C] (jpshortstuff) -- C:\Users\Natalie\Desktop\GooredFix.exe
[2009/12/03 21:03:19 | 00,000,000 | ---D | C] -- C:\Program Files\Search Guard PlusU
[2009/12/03 21:03:19 | 00,000,000 | ---D | C] -- C:\Program Files\Search Guard Plus
[2 C:\Users\Natalie\Documents\*.tmp files -> C:\Users\Natalie\Documents\*.tmp -> ]
========== Files - Modified Within 14 Days ========== [2009/12/12 17:27:57 | 02,883,584 | -HS- | M] () -- C:\Users\Natalie\ntuser.dat
[2009/12/12 17:17:02 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Users\Natalie\Desktop\OTL.exe
[2009/12/12 17:13:29 | 00,000,000 | ---- | M] () -- C:\Users\Natalie\Desktop\settings.dat
[2009/12/12 17:13:05 | 00,026,624 | ---- | M] () -- C:\Windows\System32\tdlcmd.dll
[2009/12/12 17:09:56 | 00,046,319 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2009/12/12 17:08:15 | 00,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/12/12 17:08:15 | 00,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/12/12 17:08:14 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/12/12 17:07:59 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/12/12 17:06:37 | 00,524,288 | -HS- | M] () -- C:\Users\Natalie\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000002.regtrans-ms
[2009/12/12 17:06:37 | 00,065,536 | -HS- | M] () -- C:\Users\Natalie\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf
[2009/12/12 17:06:34 | 06,291,456 | -H-- | M] () -- C:\Users\Natalie\AppData\Local\IconCache.db
[2009/12/12 16:53:43 | 00,000,789 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/12 16:52:12 | 00,000,884 | ---- | M] () -- C:\Users\Natalie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/12/12 16:52:09 | 00,000,704 | ---- | M] () -- C:\Users\Natalie\Desktop\NTREGOPT.lnk
[2009/12/12 16:52:09 | 00,000,685 | ---- | M] () -- C:\Users\Natalie\Desktop\ERUNT.lnk
[2009/12/12 16:51:40 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Natalie\Desktop\erunt_setup.exe
[2009/12/12 16:31:29 | 00,343,040 | ---- | M] (OldTimer Tools) -- C:\Users\Natalie\Desktop\TFC.exe
[2009/12/12 16:30:36 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/12/12 16:30:36 | 00,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/12/12 16:30:36 | 00,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/12/10 23:14:37 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2009/12/10 23:13:52 | 00,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009/12/10 22:06:08 | 00,071,848 | ---- | M] (jpshortstuff) -- C:\Users\Natalie\Desktop\GooredFix.exe
[2009/12/09 22:54:07 | 00,261,632 | ---- | M] () -- C:\Windows\PEV.exe
[2009/12/04 18:16:15 | 00,018,944 | ---- | M] () -- C:\Users\Natalie\Desktop\Our Christmas Budget.xls
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2 C:\Users\Natalie\Documents\*.tmp files -> C:\Users\Natalie\Documents\*.tmp -> ]
========== Files Created - No Company Name ========== [2009/12/12 17:13:29 | 00,000,000 | ---- | C] () -- C:\Users\Natalie\Desktop\settings.dat
[2009/12/12 17:13:05 | 00,026,624 | ---- | C] () -- C:\Windows\System32\tdlcmd.dll
[2009/12/12 16:53:43 | 00,000,789 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/12 16:52:12 | 00,000,884 | ---- | C] () -- C:\Users\Natalie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/12/12 16:52:09 | 00,000,704 | ---- | C] () -- C:\Users\Natalie\Desktop\NTREGOPT.lnk
[2009/12/12 16:52:09 | 00,000,685 | ---- | C] () -- C:\Users\Natalie\Desktop\ERUNT.lnk
[2009/12/10 22:40:16 | 00,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2009/12/10 22:40:16 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/12/10 22:40:16 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/12/10 22:40:16 | 00,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2009/12/10 22:40:16 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/12/04 16:52:50 | 00,018,944 | ---- | C] () -- C:\Users\Natalie\Desktop\Our Christmas Budget.xls
[2009/11/25 19:53:08 | 00,000,680 | ---- | C] () -- C:\Users\Natalie\AppData\Local\d3d9caps.dat
[2009/11/17 23:18:59 | 00,003,584 | ---- | C] () -- C:\Users\Natalie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/18 18:38:45 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/04/30 21:39:36 | 00,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2008/12/23 19:29:12 | 00,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI
[2008/09/29 08:06:14 | 00,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2008/02/11 19:55:18 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008/01/20 13:48:48 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/01/02 15:57:36 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/01/02 15:47:22 | 01,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/01/02 15:47:22 | 01,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/01/02 15:47:22 | 00,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/08/09 15:34:22 | 00,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007/08/09 15:09:24 | 00,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2007/08/09 15:09:24 | 00,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2007/08/09 15:09:24 | 00,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2007/08/09 15:09:23 | 00,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2007/05/31 10:14:00 | 00,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1283.dll
[2007/05/31 09:49:06 | 00,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2006/11/01 23:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 09:58:00 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2003/01/07 14:05:08 | 00,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
========== LOP Check ========== [2008/09/29 08:06:50 | 00,000,000 | ---D | M] -- C:\Users\Natalie\AppData\Roaming\DassaultSystemes
[2008/09/29 08:07:32 | 00,000,000 | ---D | M] -- C:\Users\Natalie\AppData\Roaming\EDrawings
[2009/09/06 12:53:30 | 00,000,000 | ---D | M] -- C:\Users\Natalie\AppData\Roaming\Leadertech
[2009/06/22 15:32:48 | 00,000,000 | ---D | M] -- C:\Users\Natalie\AppData\Roaming\Livestation
[2009/06/22 15:32:48 | 00,000,000 | ---D | M] -- C:\Users\Natalie\AppData\Roaming\Mchid
[2009/01/02 18:38:20 | 00,000,000 | ---D | M] -- C:\Users\Natalie\AppData\Roaming\PeerNetworking
[2008/10/23 10:25:04 | 00,000,000 | ---D | M] -- C:\Users\Natalie\AppData\Roaming\Template
[2007/12/26 11:14:50 | 00,000,000 | ---D | M] -- C:\Users\Natalie\AppData\Roaming\TOSHIBA
[2007/12/26 08:24:27 | 00,000,000 | ---D | M] -- C:\Users\Natalie\AppData\Roaming\WinBatch
[2007/08/09 15:54:53 | 00,000,356 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2009/02/01 01:00:00 | 00,000,348 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2009/12/12 17:07:04 | 00,032,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS >[2008/01/18 23:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/18 23:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/18 23:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/18 23:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 01:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\ERDNT\cache\AGP440.sys
[2006/11/02 01:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 01:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
< MD5 for: ATAPI.SYS >[2009/04/10 22:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys
[2009/04/10 22:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/10 22:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/10 22:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/18 23:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/18 23:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 01:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/02/28 17:56:41 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/02/28 17:56:41 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/02/28 17:56:40 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
< MD5 for: CNGAUDIT.DLL >[2006/11/02 01:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006/11/02 01:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 01:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
< MD5 for: IASTOR.SYS >[2007/03/21 11:58:56 | 00,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys
[2007/03/21 11:58:56 | 00,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_3a63e5a6\iaStor.sys
[2007/03/21 11:59:30 | 00,381,720 | ---- | M] (Intel Corporation) MD5=9D7ED4275702E2FC409F2CC563245740 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys
[2007/03/21 11:58:56 | 00,304,920 | ---- | M] (Intel Corporation)
Unable to obtain MD5 -- C:\Windows\System32\drivers\iaStor.sys
< MD5 for: IASTORV.SYS >[2008/01/18 23:42:51 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/18 23:42:51 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 01:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 01:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
< MD5 for: KR10N.SYS >[2006/11/09 13:31:46 | 00,211,072 | ---- | M] (TOSHIBA CORPORATION) MD5=6A4ADB9186DD0E114E623DAF57E42B31 -- C:\Windows\System32\drivers\KR10N.sys
[2006/11/09 13:31:46 | 00,211,072 | R--- | M] (TOSHIBA CORPORATION) MD5=6A4ADB9186DD0E114E623DAF57E42B31 -- C:\Windows\System32\DriverStore\FileRepository\kr10.inf_c681c175\KR10N.sys
[2005/09/27 15:57:38 | 00,207,104 | ---- | M] (TOSHIBA CORPORATION) MD5=A1963360E74931222A67356C8AD48378 -- C:\Windows\System32\DriverStore\FileRepository\kr10n.inf_f8c77270\KR10N.sys
< MD5 for: NETLOGON.DLL >[2006/11/02 01:46:11 | 00,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/10 22:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll
[2009/04/10 22:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/10 22:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/18 23:35:36 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
< MD5 for: NVSTOR.SYS >[2006/11/02 01:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 01:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/18 23:42:09 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/18 23:42:09 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
< MD5 for: SCECLI.DLL >[2008/01/18 23:36:19 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 01:46:12 | 00,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009/04/10 22:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\ERDNT\cache\scecli.dll
[2009/04/10 22:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/10 22:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
< %systemroot%\*. /mp /s >< End of report >
OTL Extras logfile created on: 12/12/2009 5:19:44 PM - Run 1
OTL by OldTimer - Version 3.1.17.0 Folder = C:\Users\Natalie\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1014.48 Mb Total Physical Memory | 158.74 Mb Available Physical Memory | 15.65% Memory free
2.24 Gb Paging File | 1.10 Gb Available in Paging File | 49.30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 73.06 Gb Total Space | 13.51 Gb Free Space | 18.49% Space Free | Partition Type: NTFS
Unable to calculate disk information.
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: NATALIE-PC
Current User Name: Natalie
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
chm.file [open] -- "%SystemRoot%\hh.exe" %1
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3872186640-2714548340-4231497469-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 1
"EnableFirewall" = 1
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- ()
========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09342638-4FAE-4D0D-930D-D157B948BA82}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{0EA72414-3743-4209-BAD2-D1FC680DA1F8}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{141B582B-BCAF-4EF2-AE3B-072E3CA90B1E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{144C088A-C2A8-4AA7-93AF-7CF7C2D5D0C9}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{1A27A423-643B-4DB7-8CC9-C8E9E7B96DC0}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{1E4CC0C5-D488-4B34-8C4B-E7C357B19C16}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1FDF455C-B5AB-464F-B2D5-C9940715F890}" = lport=137 | protocol=17 | dir=in | app=system |
"{26185092-9731-40DD-B09F-F709A15C82BA}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{327C809E-D499-4B96-ADAE-D29E47EFFB23}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3DE371E8-45FC-49D1-AE6F-5FCD3EA6D119}" = rport=137 | protocol=17 | dir=out | app=system |
"{3EA767A2-9CE6-421D-89EC-1E5B03950AA8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{48742EE5-7A33-43B5-A6F2-BEB58DF5C128}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{61B31CC8-3221-4121-91DA-9F9BD4772A0A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{65157BF1-7274-4477-8C0B-75C5ADCDC8B9}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{6B884387-FE8E-4333-B0CF-D96C265B0429}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss |
[email protected],-28539 |
"{6E67A15F-6FAB-4DCB-BDBB-C0D3839204FB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{736F56CA-D823-4793-8317-C3B0FF947DE6}" = lport=138 | protocol=17 | dir=in | app=system |
"{82BE5F2D-CB0D-41C4-A239-71AD9C234306}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{83CB1483-F1F9-426F-B4D8-B37788A20803}" = rport=139 | protocol=6 | dir=out | app=system |
"{853AA778-0A2E-48D6-8B12-12AF2BF20011}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{86DA8134-F933-4F02-9BF0-64C22EA5D913}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{91C803F3-5961-4122-8B4E-F8363F967563}" = lport=139 | protocol=6 | dir=in | app=system |
"{99488AF8-503C-45DC-A795-40391E9BF1C9}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{9C484033-BFF7-4165-B319-4F98144B76F1}" = rport=445 | protocol=6 | dir=out | app=system |
"{B7D6AFA1-CD1D-4496-81C7-08D7A275E210}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{CA44B412-6ECE-40A4-BB61-4281AC52BC22}" = lport=445 | protocol=6 | dir=in | app=system |
"{D71EA7F6-E0E6-4D00-8A17-DF8416DD017C}" = rport=138 | protocol=17 | dir=out | app=system |
"{DBB5920F-483B-470A-BE29-82340CE0D0C8}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E1880014-4E1A-4878-88CD-E48F59C17135}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FB5D480E-9664-430B-A06E-693CDA39CB24}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{FFEDE579-B7C9-4DEE-A69A-1CACD0DE959C}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03AD7C5C-A943-4DAE-8B34-49FFE418B098}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{08130697-3E02-4A0F-BD09-5F222D0E9D9F}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{0E1FC2FB-C2E9-4BC7-8168-5A2873F3692C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{18F6B56C-8CB2-4971-8F60-D24F55482DBB}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{1EABF151-C3B3-4535-AEC6-F617FBEBBB90}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{304B71BC-0731-4600-ACB9-D687A7FE0B65}" = protocol=17 | dir=in | app=c:\program files\v cast music with rhapsody\rhapsody.exe |
"{3054D2B2-0DAC-4831-BFFF-9CD7BACF5C02}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"{3147FE09-4F7C-47A7-8ECF-AFB634AD8CBF}" = protocol=1 | dir=in |
[email protected],-28543 |
"{357ADE1C-A402-48FB-8009-84528976B18D}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{45F54DEC-EA1D-48D6-966E-2A3C77E09113}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{46A07DAA-831D-4CAD-8852-3C47699FF201}" = protocol=6 | dir=in | app=c:\program files\curse\curseclient.exe |
"{5695519F-61B5-4FDD-AB04-6619A38FFE25}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5B3F1D99-58FE-4829-8FC1-B4971AB0986A}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{5E20BC18-838D-4B66-A733-898C9EBAC91F}" = protocol=58 | dir=in |
[email protected],-28545 |
"{676FBE61-EE0D-4B7D-B51F-4CEE66E21D2E}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-enus-downloader.exe |
"{685BC3B8-29AC-4BEB-8523-6ACDACE24A6C}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.8.9506-to-3.0.9.9551-enus-downloader.exe |
"{77DFF033-2F23-42F8-B1F8-A006EBB87122}" = protocol=6 | dir=in | app=c:\program files\v cast music with rhapsody\rhapsody.exe |
"{85CD5161-ACD0-4262-AC3A-8CF23DF59A8C}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"{894E7A71-9121-4022-AFCD-1ACF04A7409A}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.8.9464-to-3.0.8.9506-enus-downloader.exe |
"{90F823DA-A5DD-4993-A1DB-8B8846E78C03}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{92100168-97AC-4580-97DA-39027AD2AB3D}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{A38B8A36-2CB8-43BA-898E-3F001288E970}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.8.9464-to-3.0.8.9506-enus-downloader.exe |
"{ABF398A6-C1D5-4C85-92E9-B0C9757A54A6}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{B35490EA-2BD6-4DF0-9097-887EF9420C57}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{B71E2C0E-434C-433C-8FF3-FB8A33F54054}" = protocol=17 | dir=in | app=c:\program files\curse\curseclient.exe |
"{CD8FB6F2-3992-472D-851B-658013EA7984}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{D84947EB-2507-4E3E-B624-2DB441018219}" = protocol=1 | dir=out |
[email protected],-28544 |
"{E22E544F-DFD2-4B1B-8792-C6B1AB8A941B}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{E47DF469-A28B-4738-A82E-AC194BEDAE19}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{F79CBD0B-82EE-4174-9E96-D5EB2D07C19F}" = protocol=58 | dir=out |
[email protected],-28546 |
"{F818E5EB-2B18-4ED8-8C29-D56C2B6A2F94}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.8.9506-to-3.0.9.9551-enus-downloader.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{2C544254-39F2-4ACA-B779-ABF7297C96CF}" = Accessibility
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java SE Runtime Environment 6
"{3560CE5A-C4EF-4DB0-9ECC-BA035FE309C5}" = MSN Toolbar
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Media Driver Vista x86 Ver.3.33.03
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EC2A8F27-4FBF-4E41-B27B-FE822511B761}" = iTunes
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.3
"EPSON Printer and Utilities" = EPSON Printer Software
"ERUNT_is1" = ERUNT 1.1j
"FXCM Trading Station" = FXCM Trading Station
"HDMI" = Intel® Graphics Media Accelerator Driver
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSC" = McAfee SecurityCenter
"Search Guard Plus" = Search Guard Plus (My Face LOL)
"Search Guard Plus Updater" = Search Guard Plus Updater (My Face LOL)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TBSB07183.TBSB07183Toolbar" = Fast Browser Search (My Face LOL)
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 3/17/2009 12:55:32 PM | Computer Name = Natalie-PC | Source = Application Error | ID = 1000
Description = Faulting application CurseClient.exe, version 0.0.0.0, time stamp
0x48efb36a, faulting module CurseClient.exe, version 0.0.0.0, time stamp 0x48efb36a,
exception code 0xc0000005, fault offset 0x00172b45, process id 0xb44, application
start time 0x01c9a72128b6a335.
Error - 3/18/2009 7:18:08 PM | Computer Name = Natalie-PC | Source = Application Hang | ID = 1002
Description = The program OUTLOOK.EXE version 11.0.8217.0 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 10ac Start Time: 01c9a81f89d87efe Termination Time: 0
Error - 3/18/2009 7:18:26 PM | Computer Name = Natalie-PC | Source = Application Error | ID = 1000
Description = Faulting application Explorer.EXE, version 6.0.6001.18164, time stamp
0x4907e242, faulting module MSMAPI32.DLL, version 11.0.8200.0, time stamp 0x472f94b0,
exception code 0xc0000005, fault offset 0x000144d8, process id 0xe0c, application
start time 0x01c9a80ef81f8b8e.
Error - 3/20/2009 7:29:41 PM | Computer Name = Natalie-PC | Source = EventSystem | ID = 4621
Description =
Error - 3/21/2009 11:06:24 AM | Computer Name = Natalie-PC | Source = Windows Search Service | ID = 3024
Description =
Error - 3/23/2009 9:32:16 PM | Computer Name = Natalie-PC | Source = Application Hang | ID = 1002
Description = The program OUTLOOK.EXE version 11.0.8217.0 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 9ec Start Time: 01c9ac20356cdb45 Termination Time: 32
Error - 3/23/2009 9:33:43 PM | Computer Name = Natalie-PC | Source = Application Hang | ID = 1002
Description = The program OUTLOOK.EXE version 11.0.8217.0 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 604 Start Time: 01c9ac205ff3aab5 Termination Time: 15
Error - 3/24/2009 1:07:54 AM | Computer Name = Natalie-PC | Source = Microsoft Office 11 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Outlook.
Error - 3/30/2009 8:47:07 PM | Computer Name = Natalie-PC | Source = EventSystem | ID = 4621
Description =
Error - 4/4/2009 12:43:17 AM | Computer Name = Natalie-PC | Source = Windows Search Service | ID = 3024
Description =
[ System Events ]
Error - 3/11/2009 9:36:13 PM | Computer Name = Natalie-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 3/11/2009 10:09:54 PM | Computer Name = Natalie-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 3/11/2009 10:10:24 PM | Computer Name = Natalie-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 3/11/2009 10:10:55 PM | Computer Name = Natalie-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 3/11/2009 10:11:26 PM | Computer Name = Natalie-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 3/11/2009 10:11:56 PM | Computer Name = Natalie-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 3/11/2009 10:12:26 PM | Computer Name = Natalie-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 3/11/2009 10:12:56 PM | Computer Name = Natalie-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 3/11/2009 10:13:26 PM | Computer Name = Natalie-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 3/11/2009 10:41:10 PM | Computer Name = Natalie-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 7:39:08 PM on 3/11/2009 was unexpected.
< End of report >