thank you for your reply, here are the logs for the requested scans:
OTL logfile created on: 19/03/2012 3:28:42 PM - Run 2
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\Owner\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19190)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
2.49 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 72.29% Memory free
3.89 Gb Paging File | 3.37 Gb Available in Paging File | 86.53% Paging File free
Paging file location(s): c:\pagefile.sys 1519 1519 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 133.66 Gb Total Space | 53.60 Gb Free Space | 40.10% Space Free | Partition Type: NTFS
Drive D: | 7.29 Gb Total Space | 4.61 Gb Free Space | 63.30% Space Free | Partition Type: NTFS
Drive F: | 7.45 Gb Total Space | 2.69 Gb Free Space | 36.10% Space Free | Partition Type: FAT32
Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2012/03/19 15:22:52 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 02:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2007/02/15 05:07:16 | 004,390,912 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/02/02 00:07:14 | 000,192,512 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynToshiba.exe
========== Modules (No Company Name) ========== MOD - [2007/03/05 23:34:10 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- %systemroot%\system32\bdfdll.dll -- (UxTuneUp)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\atmeltpm.dll -- (ireike)
SRV - [2012/03/13 13:58:19 | 002,471,296 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Users\Owner\AppData\Local\LogMeIn Rescue Applet\LMIR0004.tmp\LMI_Rescue_srv.exe -- (LMIRescue_d468427f-4936-4398-9049-0cfd4cbef352) LogMeIn Rescue (d468427f-4936-4398-9049-0cfd4cbef352)
SRV - [2012/03/13 12:56:17 | 002,471,296 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Users\Owner\AppData\Local\LogMeIn Rescue Applet\LMIR0003.tmp\LMI_Rescue_srv.exe -- (LMIRescue_f5997459-0cb7-41ca-a12d-51555d771541) LogMeIn Rescue (f5997459-0cb7-41ca-a12d-51555d771541)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/04/27 20:15:46 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2006/12/20 02:15:44 | 000,428,152 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2006/11/14 07:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2006/10/04 23:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Disabled | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 19:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006/05/25 21:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\TpChoice.sys -- (TpChoice)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Owner\AppData\Local\Temp\pwloapow.sys -- (pwloapow)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Owner\AppData\Local\Temp\aswMBR.sys -- (aswMBR)
DRV - [2007/09/26 14:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/04/27 20:13:58 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2007/03/13 00:47:54 | 000,011,264 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2006/12/25 06:35:08 | 000,067,072 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006/12/18 21:12:22 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2006/11/28 02:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/10/18 14:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/10/06 01:22:14 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2006/07/28 19:25:26 | 000,019,456 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\LPCFilter.sys -- (LPCFilter)
DRV - [2006/07/06 00:44:00 | 000,168,448 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://search.live.c...ferrer:source?}IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
http://www.google.co...g}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2212598107-4082345580-151182641-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.co...ln2qUzLWhsb8PHQIE - HKU\S-1-5-21-2212598107-4082345580-151182641-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-2212598107-4082345580-151182641-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://search.live.c...Box&Form=IE8SRCIE - HKU\S-1-5-21-2212598107-4082345580-151182641-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
http://www.google.co...&rlz=1I7ADBS_enIE - HKU\S-1-5-21-2212598107-4082345580-151182641-1000\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" =
http://www.ask.com/w...il&geo=CA&ver=6IE - HKU\S-1-5-21-2212598107-4082345580-151182641-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2212598107-4082345580-151182641-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ========== FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.1: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/05/31 14:23:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/16 07:31:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/23 08:27:41 | 000,000,000 | ---D | M]
[2009/12/04 20:18:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2009/09/29 22:48:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\
[email protected][2012/03/13 10:43:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vyc4un7c.default\extensions
[2010/04/27 10:18:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vyc4un7c.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/03/13 10:43:31 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vyc4un7c.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/11/30 00:23:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/30 00:23:54 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/07/08 21:32:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\IPSFFPLGN
[2011/09/16 07:31:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/07/08 21:32:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/05/10 10:10:11 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
O1 HOSTS File: ([2012/03/15 14:25:01 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKU\.DEFAULT..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKU\S-1-5-18..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 227
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2212598107-4082345580-151182641-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2212598107-4082345580-151182641-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}
http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B}
http://kitchenplanne..._IKEA_Win32.cab (20-20 3D Viewer for IKEA)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616}
http://download.divx...owserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: CabBuilder
http://kiw.imgag.com...llerControl.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\lkapoer: DllName - (C:\Windows\system32\config\systemprofile\AppData\Local\lkapoer.dll) - C:\Windows\System32\config\systemprofile\AppData\Local\lkapoer.dll ()
O24 - Desktop WallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: sp_clamsrv - File not found
NetSvcs: rslinxng - File not found
NetSvcs: VC6SecS - File not found
NetSvcs: ireike - %systemroot%\system32\atmeltpm.dll File not found
NetSvcs: bocdrive - File not found
NetSvcs: cs429x - File not found
NetSvcs: SQLBrowser - File not found
NetSvcs: PSSdk23 - File not found
NetSvcs: SGIR - File not found
NetSvcs: UxTuneUp - %systemroot%\system32\bdfdll.dll File not found
NetSvcs: SIODRV - File not found
NetSvcs: se58obex - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
CREATERESTOREPOINT
Error creating restore point.
========== Files/Folders - Created Within 30 Days ========== [2012/03/19 15:24:44 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2012/03/15 14:31:28 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/03/15 14:31:07 | 004,437,060 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2012/03/15 14:25:00 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/03/15 14:08:41 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/03/15 14:00:30 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/03/15 13:57:45 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\temp
[2012/03/15 09:08:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/15 09:08:10 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/03/15 09:08:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/03/15 09:05:08 | 000,190,032 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
[2012/03/15 09:04:28 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Clean
[2012/03/13 15:10:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2012/03/13 15:08:48 | 127,613,016 | ---- | C] (Symantec Corporation) -- C:\Users\Owner\Desktop\N360-PREMIER-ESD-19-5-1-2-EN.exe
[2012/03/13 14:55:10 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2012/03/13 13:11:32 | 122,213,960 | ---- | C] (Symantec Corporation) -- C:\Users\Owner\Desktop\N360-PREMIER-ESD-18-6-0-29-EN.exe
[2012/03/13 10:51:37 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/03/13 10:46:03 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\LogMeIn Rescue Applet
[2012/03/13 07:36:50 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
========== Files - Modified Within 30 Days ========== [2012/03/19 15:27:04 | 000,000,392 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E51DBE8A-3A0E-4DC4-840C-9963D0DCD212}.job
[2012/03/19 15:25:30 | 000,774,076 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/03/19 15:25:30 | 000,161,920 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/03/19 15:22:52 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2012/03/19 14:57:28 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/19 14:35:30 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/19 14:35:30 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/19 11:57:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/15 14:35:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/15 14:25:01 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/03/15 13:22:44 | 000,001,356 | ---- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2012/03/15 09:08:11 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/15 09:05:08 | 000,190,032 | ---- | M] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
[2012/03/15 09:00:52 | 004,437,060 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2012/03/13 21:25:38 | 000,002,627 | ---- | M] () -- C:\Users\Owner\Desktop\Microsoft Office Word 2007 (2).lnk
[2012/03/13 15:09:51 | 127,613,016 | ---- | M] (Symantec Corporation) -- C:\Users\Owner\Desktop\N360-PREMIER-ESD-19-5-1-2-EN.exe
[2012/03/13 13:12:06 | 122,213,960 | ---- | M] (Symantec Corporation) -- C:\Users\Owner\Desktop\N360-PREMIER-ESD-18-6-0-29-EN.exe
[2012/03/13 10:56:12 | 000,000,001 | ---- | M] () -- C:\ProgramData\2jFf5J64.exe_.b
[2012/03/13 10:56:12 | 000,000,001 | ---- | M] () -- C:\ProgramData\2jFf5J64.exe.b
[2012/03/13 07:42:45 | 000,000,112 | ---- | M] () -- C:\ProgramData\1VjM2R.dat
[2012/03/12 19:09:30 | 000,001,982 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/02/28 22:31:23 | 000,000,930 | ---- | M] () -- C:\Users\Owner\Desktop\Dropbox.lnk
========== Files Created - No Company Name ========== [2012/03/15 13:37:54 | 000,000,392 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{E51DBE8A-3A0E-4DC4-840C-9963D0DCD212}.job
[2012/03/15 09:08:11 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/13 10:56:12 | 000,000,001 | ---- | C] () -- C:\ProgramData\2jFf5J64.exe_.b
[2012/03/13 10:56:12 | 000,000,001 | ---- | C] () -- C:\ProgramData\2jFf5J64.exe.b
[2012/03/12 19:25:36 | 000,000,112 | ---- | C] () -- C:\ProgramData\1VjM2R.dat
[2011/05/12 14:49:00 | 000,001,940 | ---- | C] () -- C:\Users\Owner\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/09/27 21:52:03 | 000,192,364 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/04/17 10:56:08 | 000,000,067 | ---- | C] () -- C:\Windows\wininit.ini
[2010/03/29 10:04:55 | 000,000,075 | ---- | C] () -- C:\Windows\cdplayer.ini
========== LOP Check ========== [2011/02/21 20:02:01 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Canon
[2009/09/29 20:56:44 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Coby
[2009/09/29 21:09:18 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Coby Media Manager
[2011/09/05 16:34:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\com.picaboo.Picaboo.A382D4714709B456C4E0088DFC1F7243AF9EBF75.1
[2012/03/13 10:42:59 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Dropbox
[2008/06/04 18:59:32 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\GlarySoft
[2009/09/30 08:45:52 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\LimeWire
[2008/04/17 16:14:23 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SmartDraw
[2010/06/23 07:51:20 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Tific
[2009/03/21 21:36:43 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TOSHIBA
[2007/10/24 10:40:00 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Ulead Systems
[2012/03/15 14:33:02 | 000,032,568 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/03/19 15:27:04 | 000,000,392 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{E51DBE8A-3A0E-4DC4-840C-9963D0DCD212}.job
========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: EXPLORER.EXE >[2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 23:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007/11/14 07:20:59 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007/11/14 07:20:58 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 22:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 05:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 03:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
< MD5 for: SVCHOST.EXE >[2006/11/02 05:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache\svchost.exe
[2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
< MD5 for: USERINIT.EXE >[2008/01/19 03:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008/01/19 03:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/19 03:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 05:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
< MD5 for: WINLOGON.EXE >[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 05:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 03:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
< C:\Windows\assembly\tmp\U\*.* /s > < %Temp%\smtmp\1\*.* > < %Temp%\smtmp\2\*.* > < %Temp%\smtmp\3\*.* > < %Temp%\smtmp\4\*.* > < type c:\diskreport.txt /c >Microsoft DiskPart version 6.0.6002
Copyright © 1999-2007 Microsoft Corporation.
On computer: OWNER-PC
DiskPart has encountered an error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
See the System Event Log for more information.
========== Alternate Data Streams ========== @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:03B5CC1F
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >
OTL Extras logfile created on: 15/03/2012 2:59:37 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Owner\Desktop\Clean
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19190)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
2.49 Gb Total Physical Memory | 1.86 Gb Available Physical Memory | 74.72% Memory free
3.89 Gb Paging File | 3.42 Gb Available in Paging File | 87.79% Paging File free
Paging file location(s): c:\pagefile.sys 1519 1519 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 133.66 Gb Total Space | 53.61 Gb Free Space | 40.11% Space Free | Partition Type: NTFS
Drive D: | 7.29 Gb Total Space | 4.61 Gb Free Space | 63.30% Space Free | Partition Type: NTFS
Drive F: | 7.45 Gb Total Space | 0.95 Gb Free Space | 12.77% Space Free | Partition Type: FAT32
Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Windows\TEMP\cbpgvf\setup.exe" = C:\Windows\TEMP\cbpgvf\setup.exe:*:Enabled:setup
========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{056DD2A4-96DC-4CA4-AC9F-FADB2B53F310}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AD318EC8-C7BC-4A86-AD31-0D85B4CD3E13}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D868D79A-2799-420B-881F-7A9D5911A04D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{E5A99D94-947E-4F40-8BF1-10EFFF41C871}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E71A803D-F3E9-470B-A73D-6881FFDE2ADA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00E74143-B366-4691-BD71-027A377F7F5B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{044445E0-7744-4537-80EE-3C33531D0481}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{09E79CFA-308E-42D9-806A-A7B05BCAEE51}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{102B52E1-A328-429B-96F7-408F760082E4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{18189B12-F79A-4216-A7E0-B0EA92C73ADD}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"{1CA59BE9-2909-479E-9F52-BB1BF6526923}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{20CBE00B-9012-459A-AE3E-99F2DC6705FA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2A15F4AB-E58C-46F9-8576-E29FF11B8D76}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2C9F26E1-8934-4B64-9A6F-2B9494DE3BBB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2D001FCD-97B5-4D04-B08B-491CBD273441}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2FD50436-83BD-4495-8675-EEC3E1584494}" = protocol=17 | dir=in | app=c:\users\owner\appdata\roaming\dropbox\bin\dropbox.exe |
"{310002C0-4541-4D4E-A156-6F51912A935D}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{37B2165C-2852-488B-A5E1-FA38EE7BC602}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{37CC5B23-039C-44F8-8349-33386266F52E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{40178DB8-4FCA-474A-98A5-2BFC1B93E6D9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{43BAE09E-DD29-47CF-BE6E-649186AD2EA3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4F61B097-95D8-4E7F-9603-8AA6E90CB52D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{59B4EBC9-E215-455C-8D0B-A3A7A67E51A0}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{5CD54F70-DAD2-493E-B5D9-3FB4B8B895C2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5E1CECA6-883D-432A-BED8-951C8A027E7E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{69AB3684-FF1C-4296-9AD1-71D3625832EC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7050E88A-6224-46FB-A61C-8A3BF9AFA575}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{730E707A-5524-4D93-BED1-17CC6F684897}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{734EE622-2F07-4DDA-AEFF-1E6B3DB99E1C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7A1959A0-7843-436C-8929-41AD1D65BEEF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{83094670-D168-48B3-B28E-18B29A2A6D48}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8C14E279-DEE4-433A-864F-4CF4AA926734}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9B7996D8-6E7D-4FE3-8EC5-249BB6B0C758}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A249B0AE-1216-4C19-B1DA-58DCAB61EB18}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A4595828-571B-4A14-9123-B5D35EA54322}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A888E92F-AB17-47E8-87C5-3B66C35FE2B8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AD0EBF7D-12CA-4F78-89B7-5950A22AA2D1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B8C40D53-B8AB-479A-AACD-E9D9BFAC764E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C26DD7D8-9D11-45E0-9FB4-4FEBD9373DFB}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"{C6E391A1-CA3E-4099-A81E-CF080FCE3A46}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C8FF725A-A495-4B0B-8084-DCB3C9E8083F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D8C6B937-80B3-47F5-BC4F-A039B31D44A6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E0951440-51EA-4DA5-807D-49C6193D18A6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F29A2FB0-467A-4C18-8127-84CC8A6DBD3B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F3CAE790-737E-437D-A32E-B82781E4C08F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F58105BB-8F6B-40C5-9265-87E0737306E2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F8F2B84E-ACB7-4E39-B2DA-24346A8C650A}" = protocol=6 | dir=in | app=c:\users\owner\appdata\roaming\dropbox\bin\dropbox.exe |
"{FA3391DB-0FF4-4116-B781-B1ABAA58409A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{F1A790AD-F103-4B6C-82B6-6C58B0EAFB3A}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{47D85A22-4143-4B75-99FA-EA1F5892A50B}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{0409969E-BEFB-44D3-90B9-63BE50FBAE5E}" = TIPCI
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 20
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java SE Runtime Environment 6
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{873F3340-3C79-41D1-9D2C-D0B2269CBF24}" = PowerPlugs: Template Finder for PowerPoint
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.7
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C6887F84-0895-7B5A-B0BF-8D5F9A448C7D}" = Picaboo X
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.picaboo.Picaboo.A382D4714709B456C4E0088DFC1F7243AF9EBF75.1" = Picaboo X
"DPP" = Canon Utilities Digital Photo Professional 3.8
"EOS Utility" = Canon Utilities EOS Utility
"Google Chrome" = Google Chrome
"HDMI" = Intel® Graphics Media Accelerator Driver
"InstallShield_{0409969E-BEFB-44D3-90B9-63BE50FBAE5E}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Kobo" = Kobo
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 6.0.2 (x86 en-US)" = Mozilla Firefox 6.0.2 (x86 en-US)
"Online TV Player 3_is1" = Online TV Player 4
"OnlinePlay" = OnlinePlay 1.0
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"PROHYBRIDR" = 2007 Microsoft Office system
"RealPlayer 12.0" = RealPlayer
"Sof62036Ver100DeinstKey" = First Class French: CD 1 v1.00
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TicketCreator_is1" = TicketCreator 5.1.1
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"WFTK" = Canon Utilities WFT Utility
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 15/03/2012 2:32:57 PM | Computer Name = Owner-PC | Source = LoadPerf | ID = 3011
Description =
Error - 15/03/2012 2:35:31 PM | Computer Name = Owner-PC | Source = EventSystem | ID = 4609
Description =
Error - 15/03/2012 2:36:05 PM | Computer Name = Owner-PC | Source = EventSystem | ID = 4609
Description =
Error - 15/03/2012 2:36:05 PM | Computer Name = Owner-PC | Source = VSS | ID = 19
Description =
Error - 15/03/2012 2:36:05 PM | Computer Name = Owner-PC | Source = VSS | ID = 8193
Description =
Error - 15/03/2012 2:39:33 PM | Computer Name = Owner-PC | Source = LoadPerf | ID = 3012
Description =
Error - 15/03/2012 2:39:33 PM | Computer Name = Owner-PC | Source = LoadPerf | ID = 3011
Description =
Error - 15/03/2012 2:46:09 PM | Computer Name = Owner-PC | Source = LoadPerf | ID = 3012
Description =
Error - 15/03/2012 2:46:09 PM | Computer Name = Owner-PC | Source = LoadPerf | ID = 3011
Description =
Error - 15/03/2012 2:47:01 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
Description = Faulting application j80svs3j.exe, version 1.0.15.15641, time stamp
0x4e21f2b1, faulting module j80svs3j.exe, version 1.0.15.15641, time stamp 0x4e21f2b1,
exception code 0xc0000005, fault offset 0x0000c676, process id 0x758, application
start time 0x01cd02dbd0965574.
[ Media Center Events ]
Error - 03/06/2008 8:38:32 AM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
Error - 07/06/2008 3:08:01 AM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
Error - 09/06/2008 8:16:36 AM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
Error - 28/08/2008 6:00:22 AM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 27/10/2008 7:47:37 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 09/09/2009 6:30:54 AM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 07/10/2009 5:15:46 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 11/10/2009 10:52:26 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 21/10/2009 5:44:30 AM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 17/10/2011 3:31:31 PM | Computer Name = Owner-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide
[ OSession Events ]
Error - 27/11/2007 7:41:44 PM | Computer Name = Owner-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 302
seconds with 240 seconds of active time. This session ended with a crash.
Error - 03/03/2008 9:04:10 AM | Computer Name = Owner-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3822
seconds with 300 seconds of active time. This session ended with a crash.
Error - 16/01/2011 2:44:37 PM | Computer Name = Owner-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1401
seconds with 1200 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 15/03/2012 2:36:07 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 15/03/2012 2:36:07 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7023
Description =
Error - 15/03/2012 2:37:25 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 15/03/2012 2:38:18 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 15/03/2012 2:38:22 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 15/03/2012 2:38:27 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 15/03/2012 2:57:00 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 15/03/2012 2:57:10 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 15/03/2012 2:57:15 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 15/03/2012 2:57:24 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7001
Description =
< End of report >
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-19 15:44:52
-----------------------------
15:44:52.117 OS Version: Windows 6.0.6002 Service Pack 2
15:44:52.117 Number of processors: 2 586 0xE0C
15:44:52.117 ComputerName: OWNER-PC UserName: Owner
15:44:53.225 Initialize success
15:44:58.451 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:44:58.451 Disk 0 Vendor: TOSHIBA_MK1637GSX DL030M Size: 152627MB BusType: 3
15:44:58.482 Disk 0 MBR read successfully
15:44:58.482 Disk 0 MBR scan
15:44:58.482 Disk 0 Windows VISTA default MBR code
15:44:58.498 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
15:44:58.513 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 136864 MB offset 3074048
15:44:58.529 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 7463 MB offset 283371520
15:44:58.560 Disk 0 Partition 4 00 17 Hidd HPFS/NTFS NTFS 6799 MB offset 298655744
15:44:58.560 Disk 0 scanning sectors +312580096
15:44:58.638 Disk 0 scanning C:\Windows\system32\drivers
15:45:06.937 Service scanning
15:45:28.122 Modules scanning
15:45:36.421 Disk 0 trace - called modules:
15:45:36.453 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
15:45:36.468 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8521d8a0]
15:45:36.468 3 CLASSPNP.SYS[895ee8b3] -> nt!IofCallDriver -> [0x850cd918]
15:45:36.484 5 acpi.sys[82a486bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x850cb4e0]
15:45:36.484 Scan finished successfully
15:53:43.840 Disk 0 MBR has been saved successfully to "F:\Temp\MBR.dat"
15:53:43.855 The log file has been saved successfully to "F:\Temp\aswMBR.txt"
Farbar Service Scanner Version: 01-03-2012
Ran by Owner (administrator) on 19-03-2012 at 15:56:55
Running from "C:\Users\Owner\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is set to Disabled. The default start type is Auto.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is set to Disabled. The default start type is Auto.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.
Nsi Service is not running. Checking service configuration:
The start type of Nsi service is set to Disabled. The default start type is Auto.
The ImagePath of Nsi service is OK.
The ServiceDll of Nsi service is OK.
Checking LEGACY_Nsi: Attention! Unable to open LEGACY_Nsi\0000 registry key. The key does not exist.
Connection Status:
==============
Localhost is blocked.
LAN connected.
Attempt to access Google IP returned error: Other errors
Attempt to access Yahoo IP returend error: Other errors
Windows Firewall:
=============
Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=DWORD:0
System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is set to Disabled. The default start type is 3.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.
Checking LEGACY_SDRSVC: Attention! Unable to open LEGACY_SDRSVC\0000 registry key. The key does not exist.
System Restore Disabled Policy:
========================
Security Center:
============
Windows Update:
============
BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.
Checking LEGACY_BITS: Attention! Unable to open LEGACY_BITS\0000 registry key. The key does not exist.
EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is set to Disabled. The default start type is Auto.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
**** End of log ****