Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Increasing Sloooow Laptop and Getting Suspicous Redirects and unwanted


  • Please log in to reply

#1
MsClark

MsClark

    Member

  • Member
  • PipPip
  • 24 posts
My computer has increasingly gotten slow. When booting up the computer, it takes a while before it takes me to the screen to login. After I log in, it takes a while before it is ready to allow me to begin using it. It take almost a minute for a program to open. When I go to connect to the internet thru the web stick from Tmobile, it takes a minute or so for it to connect and it tends to drop connection multiple times. While on the internet, it seems like I lose connection or something because the page will stick and it will pop up asking if I want to Recover the Page. It also asks me if I want to turn off add-ons to make it run faster but i dont have any if any add-ons. I have the Avast free version. I had Malwarebyte and felt I needed to update my version so I uninstalled it. I went to find it again to download it. I went to Malwarebytes.org to download it but ai kept getting redirected to another page that did not look familiar and looked suspicious. When I closed that page, it kept popping up saying to download the program from there. I figure my computer has a virus or malware on it but dont know exactly which one. Something has my computer moving slower so i know it is infected. I have run a bootscan with Avast and it only finds one bad file but it seems that it wont delete because it keeps finding the same thing each time I run the bootscan. I have included a OTL logfile. Please help me delete any bad malware/viruses off my computer to get it to run faster.

Thank you,

Kim CLARK

OTL logfile created on: 10/6/2012 5:46:00 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\james\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.25 Gb Available Physical Memory | 43.53% Memory free
5.95 Gb Paging File | 4.19 Gb Available in Paging File | 70.42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224.20 Gb Total Space | 143.28 Gb Free Space | 63.90% Space Free | Partition Type: NTFS
Drive E: | 58.65 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: KIMCLARK | User Name: james | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/06 17:45:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\james\Downloads\OTL.exe
PRC - [2012/10/06 17:28:10 | 000,690,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_4_402_278_ActiveX.exe
PRC - [2012/08/21 05:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2012/08/21 05:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/11/17 01:06:38 | 000,012,800 | ---- | M] (T-Mobile) -- C:\Program Files\T-Mobile\webConnect Manager\TMobileCM.exe
PRC - [2011/10/31 21:32:14 | 000,114,688 | ---- | M] (SmithMicro Inc.) -- C:\Program Files\T-Mobile\webConnect Manager\RcAppSvc.exe
PRC - [2011/10/31 21:31:52 | 000,118,784 | ---- | M] (SmithMicro Inc.) -- C:\Program Files\T-Mobile\webConnect Manager\conappssvc.exe
PRC - [2011/10/23 04:19:04 | 005,013,128 | ---- | M] () -- C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
PRC - [2011/08/04 17:08:56 | 000,593,032 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEUPDT.EXE
PRC - [2011/08/04 17:06:12 | 001,612,920 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2011/04/26 16:23:02 | 000,223,088 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2011/04/26 16:22:44 | 000,681,840 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2011/03/14 22:09:00 | 002,565,520 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009/08/17 12:58:55 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/07/18 23:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/06/02 16:26:48 | 000,505,720 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SmoothView\SmoothView.exe
PRC - [2008/05/09 14:49:30 | 000,716,800 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
PRC - [2008/04/24 16:03:12 | 000,430,080 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2008/04/17 03:21:24 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2008/04/17 03:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2008/04/17 03:19:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2008/04/15 20:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/04/15 20:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/04/08 18:14:50 | 006,037,504 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/02/06 16:52:52 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
PRC - [2008/02/06 16:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2008/01/20 22:33:00 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/12/03 20:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe
PRC - [2007/11/21 20:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2006/08/23 19:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/31 21:29:52 | 000,114,688 | ---- | M] () -- C:\Program Files\T-Mobile\webConnect Manager\Pac.dll
MOD - [2011/10/31 21:28:42 | 000,065,536 | ---- | M] () -- C:\Program Files\T-Mobile\webConnect Manager\Eap.dll
MOD - [2011/10/31 21:19:12 | 001,101,824 | ---- | M] () -- C:\Program Files\T-Mobile\webConnect Manager\NDISAPI.dll
MOD - [2011/10/31 21:14:46 | 000,229,376 | ---- | M] () -- C:\Program Files\T-Mobile\webConnect Manager\SMVPNEngine.dll
MOD - [2011/10/23 04:19:04 | 005,013,128 | ---- | M] () -- C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
MOD - [2011/10/23 04:18:40 | 000,100,352 | ---- | M] () -- C:\Program Files\Verizon V CAST Media Manager\avutil-50.dll
MOD - [2011/10/23 04:18:38 | 000,684,032 | ---- | M] () -- C:\Program Files\Verizon V CAST Media Manager\libexpat.dll
MOD - [2011/10/23 04:18:38 | 000,466,975 | ---- | M] () -- C:\Program Files\Verizon V CAST Media Manager\sqlite3.dll
MOD - [2011/04/26 16:22:44 | 000,681,840 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
MOD - [2008/03/06 13:14:54 | 005,121,912 | ---- | M] () -- C:\Program Files\Toshiba\FlashCards\BlackPng.dll
MOD - [2007/12/25 15:03:40 | 000,015,184 | ---- | M] () -- C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll
MOD - [2007/12/15 00:40:00 | 000,090,112 | ---- | M] () -- C:\Program Files\Toshiba\FlashCards\TWarnMsg\TWarnMsg.dll
MOD - [2006/10/10 14:44:16 | 000,009,728 | ---- | M] () -- C:\Program Files\Toshiba\TOSHIBA Assist\NotifyX.dll
MOD - [2006/10/07 14:57:04 | 000,053,248 | ---- | M] () -- C:\Program Files\Toshiba\TOSHIBA Disc Creator\NotifyTDC.dll


========== Services (SafeList) ==========

SRV - [2012/10/06 17:28:14 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/21 05:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/10/31 21:32:14 | 000,114,688 | ---- | M] (SmithMicro Inc.) [On_Demand | Running] -- C:\Program Files\T-Mobile\webConnect Manager\RcAppSvc.exe -- (TMobileRcAppSvc)
SRV - [2011/10/31 21:31:52 | 000,118,784 | ---- | M] (SmithMicro Inc.) [On_Demand | Running] -- C:\Program Files\T-Mobile\webConnect Manager\conappssvc.exe -- (CATmobile)
SRV - [2011/04/26 16:23:02 | 000,223,088 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2010/04/16 19:09:06 | 000,246,520 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/08/17 12:58:55 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2008/07/18 23:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/04/17 03:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/04/15 20:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/02/06 16:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2008/01/20 22:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/03 20:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/21 20:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2007/05/31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006/08/23 19:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbmodem.sys -- (USBModem)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbdiag.sys -- (UsbDiag)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbbus.sys -- (usbbus)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\SYSPREP\Drivers\ioport.sys -- (IO_Memory)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbdev.sys -- (hwusbdev)
DRV - [2012/08/21 05:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/08/21 05:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/08/21 05:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/08/21 05:13:14 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/08/21 05:13:14 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/08/21 05:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/10/31 21:17:52 | 000,009,216 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2011/10/31 21:17:44 | 000,072,832 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2011/10/31 21:17:26 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV - [2011/10/31 21:17:24 | 000,116,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2011/10/31 21:17:24 | 000,106,880 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2011/10/31 21:17:20 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2011/10/31 21:08:30 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\PCTINDIS5.sys -- (PCTINDIS5)
DRV - [2011/04/04 14:55:38 | 000,020,480 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2011/03/31 14:53:22 | 000,024,064 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2010/04/09 18:53:52 | 000,080,000 | ---- | M] (T-Mobile) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tmobile_mf691_dc_enum.sys -- (tmobile_mf691_dc_enum)
DRV - [2010/04/01 14:31:50 | 000,023,424 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Motousbnet.sys -- (Motousbnet)
DRV - [2010/01/25 19:56:44 | 000,009,472 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motusbdevice.sys -- (motusbdevice)
DRV - [2009/11/16 04:13:14 | 000,216,576 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/06/10 06:52:58 | 000,347,648 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2009/01/29 17:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2009/01/29 17:11:20 | 000,006,016 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motfilt.sys -- (BTCFilterService)
DRV - [2009/01/07 09:35:38 | 000,028,032 | ---- | M] (Susteen, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sustucau.sys -- (SUSTUCAU)
DRV - [2009/01/07 09:35:36 | 000,047,360 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sustucap.sys -- (SUSTUCAP)
DRV - [2009/01/07 09:35:36 | 000,047,360 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sustucam.sys -- (SUSTUCAM)
DRV - [2008/07/18 21:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2008/01/18 12:22:00 | 000,009,216 | ---- | M] (Inventec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\sysprep\PEDRV.SYS -- (SVRPEDRV)
DRV - [2007/12/14 14:53:24 | 000,024,200 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2007/11/09 17:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/11/02 15:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2007/04/23 13:50:50 | 000,025,896 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\RtlProt.sys -- (RtlProt)
DRV - [2006/11/20 17:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/09 02:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10I.sys -- (KR10I)
DRV - [2006/11/09 02:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10N.sys -- (KR10N)
DRV - [2006/11/02 03:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSHB&bmod=TSHB
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=TSHB&bmod=TSHB
IE - HKLM\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {443789B7-F39C-4b5c-9287-DA72D38F4FE6}
IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect...hromesbox-en-us
IE - HKLM\..\SearchScopes\{BC1383D9-01AE-4CC9-BEBC-5223028D7767}: "URL" = http://www.google.co...ng}&rlz=1I7TSHB

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie9
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {E08A9998-D98F-476f-8F5C-37C80FE0A4DA}
IE - HKCU\..\SearchScopes\{2E80422B-6D67-420D-9641-BC8FEE77ADA7}: "URL" = http://delicious.com...p={searchTerms}
IE - HKCU\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect...hromesbox-en-us
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:466...q={searchTerms}
IE - HKCU\..\SearchScopes\{BC1383D9-01AE-4CC9-BEBC-5223028D7767}: "URL" = http://www.google.co...TSHB_en___US342
IE - HKCU\..\SearchScopes\{E08A9998-D98F-476f-8F5C-37C80FE0A4DA}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{E233B837-D73B-4E17-9005-E3AC11578FC2}: "URL" = http://www.flickr.co...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*

========== FireFox ==========

FF - prefs.js..browser.search.defaultEngine: "Yahoo"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....ch?fr=ffsp1&p="
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledAddons: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10
FF - prefs.js..extensions.enabledAddons: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.4.6.20120119024823
FF - prefs.js..extensions.enabledAddons: {00725d68-069b-4095-9ff1-e7469c0e95df}:3.11.0.3
FF - prefs.js..extensions.enabledAddons: [email protected]:7.0.1466
FF - prefs.js..extensions.enabledItems: {fa1cfe8c-66b4-4469-b360-b60c79d70c28}:5.22.35.6104
FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.5
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2
FF - prefs.js..extensions.enabledItems: {00725d68-069b-4095-9ff1-e7469c0e95df}:3.3.0.19
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..keyword.URL: "http://search.yahoo....ch?fr=ffds1&p="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\james\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012/08/27 04:23:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/22 22:59:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/29 03:54:32 | 000,000,000 | ---D | M]

[2009/08/27 01:03:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\james\AppData\Roaming\mozilla\Extensions
[2012/07/13 23:57:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\james\AppData\Roaming\mozilla\Firefox\Profiles\7y7jhqp3.default\extensions
[2012/05/03 00:33:48 | 000,000,000 | ---D | M] (Software Master Community Toolbar) -- C:\Users\james\AppData\Roaming\mozilla\Firefox\Profiles\7y7jhqp3.default\extensions\{00725d68-069b-4095-9ff1-e7469c0e95df}
[2010/06/13 14:52:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\james\AppData\Roaming\mozilla\Firefox\Profiles\7y7jhqp3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/02/22 23:00:22 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\james\AppData\Roaming\mozilla\Firefox\Profiles\7y7jhqp3.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/02/13 21:47:42 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\james\AppData\Roaming\mozilla\Firefox\Profiles\7y7jhqp3.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(466)
[2012/02/22 23:00:23 | 000,000,000 | ---D | M] (AOL Mail Toolbar) -- C:\Users\james\AppData\Roaming\mozilla\Firefox\Profiles\7y7jhqp3.default\extensions\{fa1cfe8c-66b4-4469-b360-b60c79d70c28}
[2011/02/13 21:47:42 | 000,000,000 | ---D | M] (LavaFox V1-Blue) -- C:\Users\james\AppData\Roaming\mozilla\Firefox\Profiles\7y7jhqp3.default\extensions\[email protected](465).com
[2011/04/20 03:22:20 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\james\AppData\Roaming\mozilla\Firefox\Profiles\7y7jhqp3.default\extensions\[email protected]
[2012/02/22 23:00:22 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\james\AppData\Roaming\mozilla\firefox\profiles\7y7jhqp3.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2011/04/20 03:13:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/08/27 04:23:02 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF
[2012/02/22 22:59:33 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2003/01/15 20:39:16 | 000,036,864 | ---- | M] (WildTangent) -- C:\Program Files\mozilla firefox\plugins\npWTHost.dll
[2012/02/22 22:59:14 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/22 22:59:14 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2009/04/07 14:59:38 | 000,000,872 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Yahooober26600900.gif
[2010/06/13 10:50:22 | 000,000,196 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Yahooober26600900.src

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: WildTangent Netscape Webdriver Host (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npWTHost.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa3.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\james\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\james\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: DivX HiQ = C:\Users\james\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: avast! WebRep = C:\Users\james\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1374_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\james\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O2 - BHO: (Shareaza Web Download Hook) - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\RazaWebHook32.dll (Shareaza Development Team)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Zynga Toolbar) - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [cfFncEnabler.exe] cfFncEnabler.exe File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [T-Mobile webConnect Manager] C:\Program Files\T-Mobile\webConnect Manager\TMobileCM.exe (T-Mobile)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe ()
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 157
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Download with &Shareaza - C:\Program Files\Shareaza\RazaWebHook32.dll (Shareaza Development Team)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.177.0.34 10.165.228.68
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{25C2B343-FCC2-4750-A457-506198EFD09D}: DhcpNameServer = 10.177.0.34 10.165.228.68
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{47C1D77B-7811-4DD6-AF0D-3EBE14333441}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7A95D599-DF45-4407-9F7F-A31954733CA3}: DhcpNameServer = 10.177.0.34 10.161.171.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C17D507B-B946-42D9-AFD6-886D1CDB8022}: DhcpNameServer = 192.168.42.129
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\james\Pictures\I Love DST.jpg
O24 - Desktop BackupWallPaper: C:\Users\james\Pictures\I Love DST.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/11/26 07:16:31 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) - E:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2011/02/11 15:14:44 | 000,000,046 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{098d9d1b-e3e6-11e1-8586-001e33d87769}\Shell - "" = AutoRun
O33 - MountPoints2\{098d9d1b-e3e6-11e1-8586-001e33d87769}\Shell\AutoRun\command - "" = G:\TL-Bootstrap.exe
O33 - MountPoints2\{0a29d367-3de4-11e1-82ab-001e101fb45e}\Shell - "" = AutoRun
O33 - MountPoints2\{0a29d367-3de4-11e1-82ab-001e101fb45e}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{305b7511-57ad-11e1-a3e8-001e101fae32}\Shell - "" = AutoRun
O33 - MountPoints2\{305b7511-57ad-11e1-a3e8-001e101fae32}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010/11/26 07:16:31 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{39d34b5b-ca0e-11e0-b2a2-001e33d87769}\Shell - "" = AutoRun
O33 - MountPoints2\{39d34b5b-ca0e-11e0-b2a2-001e33d87769}\Shell\AutoRun\command - "" = H:\setup.exe -a
O33 - MountPoints2\{3a27881c-d679-11df-936e-001e101fe5e1}\Shell - "" = AutoRun
O33 - MountPoints2\{3a27881c-d679-11df-936e-001e101fe5e1}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010/11/26 07:16:31 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{7595fc26-36db-11e0-a2e4-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7595fc26-36db-11e0-a2e4-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010/11/26 07:16:31 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{961a4ebc-021f-11e2-8199-001e101f5224}\Shell - "" = AutoRun
O33 - MountPoints2\{961a4ebc-021f-11e2-8199-001e101f5224}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010/11/26 07:16:31 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{b9897b35-8285-11df-8b61-001e33d87769}\Shell - "" = AutoRun
O33 - MountPoints2\{b9897b35-8285-11df-8b61-001e33d87769}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010/11/26 07:16:31 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{b9897b52-8285-11df-8b61-001e101f0781}\Shell - "" = AutoRun
O33 - MountPoints2\{b9897b52-8285-11df-8b61-001e101f0781}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010/11/26 07:16:31 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{d52f4371-d142-11e1-994b-001e33d87769}\Shell - "" = AutoRun
O33 - MountPoints2\{d52f4371-d142-11e1-994b-001e33d87769}\Shell\AutoRun\command - "" = G:\setup.exe -a
O33 - MountPoints2\{d6479a15-36ad-11e1-9dfb-001e101fd271}\Shell - "" = AutoRun
O33 - MountPoints2\{d6479a15-36ad-11e1-9dfb-001e101fd271}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e11539c8-af7b-11e1-892d-001e101fc8c1}\Shell - "" = AutoRun
O33 - MountPoints2\{e11539c8-af7b-11e1-892d-001e101fc8c1}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010/11/26 07:16:31 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{f8b558a4-96d3-11df-802d-001e101f50a4}\Shell - "" = AutoRun
O33 - MountPoints2\{f8b558a4-96d3-11df-802d-001e101f50a4}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010/11/26 07:16:31 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/05 07:31:04 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/10/05 07:31:01 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/10/05 07:31:01 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/10/05 07:31:01 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/10/05 07:31:00 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/10/05 07:30:56 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/10/05 07:30:56 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/10/05 07:30:53 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/06 17:34:13 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/06 17:29:32 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/10/06 17:29:32 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/10/06 17:28:52 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/06 17:28:11 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/10/06 17:28:10 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/10/06 17:23:49 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/06 17:22:40 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2012/10/06 17:22:22 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/06 17:22:20 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/06 17:22:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/06 17:21:21 | 3080,749,056 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/05 07:32:23 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/10/05 00:07:52 | 000,001,982 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/09/19 02:02:38 | 526,160,239 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/19 02:02:38 | 526,160,239 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/10/24 11:16:42 | 000,602,112 | ---- | C] () -- C:\Windows\System32\xvid.dll
[2011/01/06 09:12:06 | 000,139,004 | ---- | C] () -- C:\Windows\hpoins15.dat.temp
[2011/01/06 09:12:06 | 000,001,039 | ---- | C] () -- C:\Windows\hpomdl15.dat.temp
[2010/12/02 00:04:54 | 000,002,983 | ---- | C] () -- C:\Users\james\.recently-used.xbel
[2010/06/26 22:11:53 | 000,000,680 | ---- | C] () -- C:\Users\james\AppData\Local\d3d9caps.dat
[2009/10/17 08:46:54 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/09/20 16:24:43 | 000,007,264 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2009/08/25 09:14:33 | 000,034,304 | ---- | C] () -- C:\Users\james\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 08:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 13:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 02:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 02:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 16 bytes -> C:\Users\james\Documents\Shareaza Downloads:Shareaza.GUID
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:21032CDA
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:0A8E2C33

< End of report >



OTL Extras logfile created on: 10/6/2012 5:46:00 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\james\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.25 Gb Available Physical Memory | 43.53% Memory free
5.95 Gb Paging File | 4.19 Gb Available in Paging File | 70.42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224.20 Gb Total Space | 143.28 Gb Free Space | 63.90% Space Free | Partition Type: NTFS
Drive E: | 58.65 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: KIMCLARK | User Name: james | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [FinePix] -- "C:\Program Files\FinePixViewer\FinePixViewer.exe" "%1" (FUJIFILM Corporation.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{217EA1F9-7DCD-4303-ACCE-08E659AF1B64}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2C58BB31-B49D-4E6D-9833-BD34BB24F6AF}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{60496572-BFCC-412B-9977-635CC9BC4E12}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{6BFC7558-8EDF-4E2D-BE3C-8ABF3102833B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{7122BD61-9B43-4B0A-88D9-73E274ED6887}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{7AF6A6CE-6A53-465C-B243-1B80047C0EDE}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{816E5153-9EA0-4159-A58B-2DFE5084369A}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{82AC8E78-1841-404C-90A6-2008050F7969}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{854F884D-1A65-4DE5-9EEC-79F2EE60D954}" = lport=26675 | protocol=6 | dir=in | [email protected]%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{8C4947A9-3522-48D5-891D-14B8D2CEC5AE}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{AC65F0A0-6523-4868-8E49-D5FF77C0D094}" = lport=26675 | protocol=6 | dir=in | [email protected]%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{ADE15FA6-98A2-4BD6-9500-F1C7BD909960}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B8699F26-568D-4387-86CB-12275171DF8B}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C96C4204-B3C5-4536-B20F-031456C1864F}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E4004678-DD82-408E-902A-BDA62502925A}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{139EEA12-F330-4B68-8A01-A5716135FC89}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1ABA0997-D79B-43DD-857D-E3427BCFA916}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{214DB7A8-C4E5-4A43-9CC7-52D2074AF6CB}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2AA21443-DAA3-4AF8-BE74-E42019D2C2E1}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{371FA601-2647-4DD1-ABEA-632C6A8B73BD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5465AE36-7204-484A-83CE-166D74F53F4F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{562D6B2B-5D55-4807-95DF-1E5E0C159108}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{586F7C66-3031-4D6F-BDC2-104E2D6BE761}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{6A86EA33-9577-453F-8256-AE328589DAEA}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{6FF923E4-38E7-4481-90FA-B711790B07FA}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{76C66A64-22CB-4E63-8F95-389EE14F4FB9}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{83982459-5CE8-4663-8014-660CCF9DD2A5}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{88A000D3-1B08-40F1-9DB4-0213F3EA87BD}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{9463DA3D-24A8-4C57-A0C1-0DEB30401851}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{95268F2B-27FE-4F73-8382-A87DAAA7212F}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9DB427CC-E289-4FED-90F8-8C219BEDE6F2}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A034FA1F-317C-449F-ACE2-8DBB3983E1A5}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A32E9282-6335-4A04-A12C-FF3DAB150AA1}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{AE86D15C-5454-43FC-B67D-D16C2DEE9142}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{B826D71B-E4AD-40EC-8500-6A4B69383E09}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{BAE5447B-A565-441A-8A81-E784C708DBDE}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{BCC47E22-F396-4A6C-B379-B7C11604993A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{BF6CE66C-4807-4397-90F8-3F7FA3FB4AF7}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C297474D-628F-40CA-9FB9-DED6C2D5E73F}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D5CAF034-17E8-491F-B129-214D59C0866B}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D7F49EF4-4076-48D9-BFE4-AD31EE895B50}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{E5C66871-C52C-425A-B7F8-A54024A07A46}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F6A21731-BAD5-4A50-A023-9B32E68E617E}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"TCP Query User{1579C113-2B40-4F30-9488-7A6C88DEE581}C:\program files\verizon v cast media manager\verizon.exe" = protocol=6 | dir=in | app=c:\program files\verizon v cast media manager\verizon.exe |
"TCP Query User{1F0E44E5-6ABD-4394-9F47-FF3D0A0A1443}C:\program files\shareaza\shareaza.exe" = protocol=6 | dir=in | app=c:\program files\shareaza\shareaza.exe |
"TCP Query User{4A8407BF-5BB4-41DF-A6F7-042DACB13B2F}C:\program files\shareaza\shareaza.exe" = protocol=6 | dir=in | app=c:\program files\shareaza\shareaza.exe |
"TCP Query User{7AEA604E-6D83-4272-AFD8-BFEE0407704C}C:\program files\yahoo! games\ancient tripeaks\tripeaks.exe" = protocol=6 | dir=in | app=c:\program files\yahoo! games\ancient tripeaks\tripeaks.exe |
"TCP Query User{83B57443-93BA-4223-8E47-DD4973425322}C:\program files\verizon v cast media manager\verizon.exe" = protocol=6 | dir=in | app=c:\program files\verizon v cast media manager\verizon.exe |
"TCP Query User{E8B57F2F-F9AF-48D6-94B0-61E8E43DCF12}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{4F5BFD6B-066A-4016-80A8-5655685ECE5F}C:\program files\verizon v cast media manager\verizon.exe" = protocol=17 | dir=in | app=c:\program files\verizon v cast media manager\verizon.exe |
"UDP Query User{5A706B1C-916A-4839-AAC5-8D35987F976B}C:\program files\shareaza\shareaza.exe" = protocol=17 | dir=in | app=c:\program files\shareaza\shareaza.exe |
"UDP Query User{66435337-C083-488D-8321-DBB47318DBAD}C:\program files\verizon v cast media manager\verizon.exe" = protocol=17 | dir=in | app=c:\program files\verizon v cast media manager\verizon.exe |
"UDP Query User{708E3314-811C-48C1-ACA7-CE04D9697968}C:\program files\shareaza\shareaza.exe" = protocol=17 | dir=in | app=c:\program files\shareaza\shareaza.exe |
"UDP Query User{CE50331D-C582-4ECE-A109-EAB861B713A5}C:\program files\yahoo! games\ancient tripeaks\tripeaks.exe" = protocol=17 | dir=in | app=c:\program files\yahoo! games\ancient tripeaks\tripeaks.exe |
"UDP Query User{F5655C21-198D-46C8-BCE5-C02A6DF4A6C3}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{02CA24DD-C8B0-4280-BE53-7862869C2EB1}" = Realtek WiFi Protected Setup Library
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2100_series" = Canon MG2100 series MP Drivers
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
"{224821ED-CADA-4A8A-AC8D-3734CC0F0931}" = Amazon Links
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.5.3
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java™ 6 Update 6
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7466712F-2C6F-40EA-BCD9-88CA3DAB459E}" = T-Mobile webConnect Manager
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{890EF3F8-742F-46BD-9E8E-084B3A1F4364}" = QuickBooks Financial Center
"{895722FE-25FE-4854-95AC-B0C42F9DBEDA}" = REALTEK RTL8187B Wireless LAN Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4
"{ACA85783-8EEA-4f0a-B2A3-A8173F30209F}" = C4200_doccd
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B09BCBF6-87EE-4403-A336-3A9510856535}" = HP Photosmart All-In-One Software 9.0
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B44529FF-501E-47CD-A06D-223C161BE058}" = FinePixViewer Resource
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{BFDE4176-5DFE-4db9-AA00-8F30CB001BDA}" = c4200_Help
"{C35CCBEB-5A54-4DD8-9EC8-110F2A8154B3}" = Motorola Mobile Drivers Installation 5.1.0
"{C39E671D-0528-4c5e-A034-8470C5BC393A}" = C4200
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D8B7A682-20DA-4797-8415-B1FB14D4D32B}" = PS_AIO_Software
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1E56B8A-1AAF-422A-91DB-625059FB9863}" = TOSHIBA Desktop Links
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E28750A2-45F2-4b63-99F7-9F81A94B1E2D}" = PS_AIO_Software_min
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3B3AB03-8ABC-46CF-8CA9-DB5581E1F368}" = FinePix Studio
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{FD7F242B-9AA0-40c3-941E-3A9821D19C09}" = PS_AIO_ProductContext
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"avast" = avast! Free Antivirus
"avast!" = avast! Antivirus
"Bejeweled 3" = Bejeweled 3
"Canon MG2100 series On-screen Manual" = Canon MG2100 series On-screen Manual
"Canon MG2100 series User Registration" = Canon MG2100 series User Registration
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Delta 2 Chants" = Delta 2 Chants Screen Saver
"Delta 5 Chants" = Delta 5 Chants Screen Saver
"Delta Chant & Tribal Music" = Delta Chant & Tribal Music Screen Saver
"Delta Silent" = Delta Silent Screen Saver
"Delta Tribal Music Only" = Delta Tribal Music Only Screen Saver
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"HPOCR" = HP OCR Software 9.0
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MotoHelper" = MotoHelper 2.0.51 Driver 5.1.0
"Mozilla Firefox 10.0.2 (x86 en-US)" = Mozilla Firefox 10.0.2 (x86 en-US)
"MP Navigator EX 5.0" = Canon MP Navigator EX 5.0
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Picasa 3" = Picasa 3
"Shareaza_is1" = Shareaza 2.5.4.0
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Verizon V CAST Media Manager" = Verizon V CAST Media Manager
"WildTangent toshiba Master Uninstall" = WildTangent Games
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Word Search Puzzles7.8" = Word Search Puzzles
"WT088869" = Marooned
"WT089002" = The Dream Voyagers
"wtwebdriver" = WildTangent Web Driver
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"YInstHelper" = Yahoo! Install Manager
"Zynga Toolbar" = Zynga Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2/8/2011 7:38:59 AM | Computer Name = KimClark | Source = Bonjour Service | ID = 100
Description =

Error - 2/8/2011 7:38:59 AM | Computer Name = KimClark | Source = Bonjour Service | ID = 100
Description =

Error - 2/8/2011 7:38:59 AM | Computer Name = KimClark | Source = Bonjour Service | ID = 100
Description =

Error - 2/8/2011 11:40:01 AM | Computer Name = KimClark | Source = Bonjour Service | ID = 100
Description =

Error - 2/8/2011 12:31:06 PM | Computer Name = KimClark | Source = Bonjour Service | ID = 100
Description =

Error - 2/8/2011 12:31:06 PM | Computer Name = KimClark | Source = Bonjour Service | ID = 100
Description =

Error - 2/8/2011 12:31:08 PM | Computer Name = KimClark | Source = Bonjour Service | ID = 100
Description =

Error - 2/8/2011 12:31:09 PM | Computer Name = KimClark | Source = Bonjour Service | ID = 100
Description =

Error - 2/8/2011 12:31:09 PM | Computer Name = KimClark | Source = Bonjour Service | ID = 100
Description =

Error - 2/8/2011 6:26:00 PM | Computer Name = KimClark | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 7/15/2012 4:01:13 AM | Computer Name = KimClark | Source = Service Control Manager | ID = 7043
Description =

Error - 7/16/2012 2:27:21 AM | Computer Name = KimClark | Source = Dhcp | ID = 1002
Description = The IP address lease 21.216.216.124 for the Network Card with network
address 001E101FE70E has been denied by the DHCP server 100.243.29.1 (The DHCP
Server sent a DHCPNACK message).

Error - 7/16/2012 3:23:39 AM | Computer Name = KimClark | Source = EventLog | ID = 6008
Description = The previous system shutdown at 3:20:44 AM on 7/16/2012 was unexpected.

Error - 7/25/2012 12:49:51 AM | Computer Name = KimClark | Source = Service Control Manager | ID = 7031
Description =

Error - 8/28/2012 2:11:42 AM | Computer Name = KimClark | Source = DCOM | ID = 10010
Description =

Error - 9/19/2012 2:03:18 AM | Computer Name = KimClark | Source = EventLog | ID = 6008
Description = The previous system shutdown at 2:00:03 AM on 9/19/2012 was unexpected.

Error - 10/5/2012 7:31:01 AM | Computer Name = KimClark | Source = DCOM | ID = 10010
Description =

Error - 10/6/2012 5:32:43 PM | Computer Name = KimClark | Source = DCOM | ID = 10016
Description =

Error - 10/6/2012 5:33:44 PM | Computer Name = KimClark | Source = DCOM | ID = 10016
Description =

Error - 10/6/2012 5:33:49 PM | Computer Name = KimClark | Source = DCOM | ID = 10016
Description =


< End of report >

Edited by MsClark, 06 October 2012 - 06:12 PM.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,798 posts
  • MVP
You have two copies of Avast:

"avast" = avast! Free Antivirus
"avast!" = avast! Antivirus

Download the latest version from here:

Get the free Avast!
http://www.avast.com...ivirus-download

Download the Avast removal tool:
http://www.avast.com/uninstall-utility

Uninstall both old versions.

Run the Avast removal tool (right click and Run As Admin)

Reboot.

Install the latest Avast (right click and Run As Admin)

Once you have it installed and it has updated:

Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows. Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. How many did it find?
Text version of the report is at: C:\ProgramData\Avast Software\Avast\report\aswboot.txt


Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml

You do not have the latest Java.
First go into Control Panel, Add/Remove Software (XP) or Programs and Features (Vista/Win 7) and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
I see:
Java™ 6 Update 6

Get the latest Java at:
http://www.java.com/en/

Save it to your PC then close all browsers and install it. Do not let it install the yahoo toolbar or other foistware.


Download the adwCleaner

  • Run the Tool
    Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select the option
    Posted Image
  • Select the Delete button.
  • When the scan completes, it will open a notepad windows.
  • Please, copy the content of this file in your next reply.



1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.


Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)

sigverif

Press Start in the new window. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a minute for things to settle down.

File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.


Get the free version of Speccy:

http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button) Download, Save and Install it. Run Speccy. When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System. (It will be near the top about 10 lines down.) Attach the file to your next post.


Ron
  • 0

#3
MsClark

MsClark

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Attached File  MSCLARKSPECCYFILE.txt   420.77KB   25 downloadsRon,

Thank you for taking the time to help me with my computer. I will list everything in the order you have requested.

1. I have deleted both copies of Avast and reinstalled the freeAvast. I ran the bootime scan and it found nothing. WoW! that was a first!
2. I removed the Java version I had and updated it to a newer version.
3. I tried to run adwCleaner and it would not load. Each time I tried it said that the SmartScreen Technology installed does not think it is safe and would not let me get around it in any way to load it.
4. Results of sfc /scannow

Windows Resource Protection found corrupt files but was unable to fix some of them.
Details are included in the CBS.Log windir\Logs\CBS\CBS.log. For example
C:\Windows\Logs\CBS\CBS.log

*I went to the log but it told me access denied*

5. Results of sigverif

Name In Folder Modified File Type Version
pedrv.sys c:\windows\system32\sysprep 1/18/2008 System File 1.0.0.5

Files found: 199. Signed files: 197. Unsigned files: 1. Files not scanned: 1.


********************************

Microsoft Signature Verification

Log file generated on 10/8/2012 at 11:21 PM
OS Platform: Windows (x86), Version: 6.0, Build: 6002, CSDVersion: Service Pack 2
Scan Results: Total Files: 199, Signed: 197, Unsigned: 1, Not Scanned: 1

File Modified Version Status Catalog Signed By
------------------ ------------ ----------- ------------ ----------- -------------------
[c:\program files\synaptics\syntp]
instnt.exe 8/14/2008 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
syncntxt.rtf 8/14/2008 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
synisdll.dll 8/14/2008 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
synmood.exe 8/14/2008 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
syntoshiba.exe 8/14/2008 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
syntpcom.dll 8/14/2008 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
syntpcpl.dll 8/14/2008 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
syntpenh.exe 8/14/2008 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
syntphelper.exe 8/14/2008 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
syntpres.dll 8/14/2008 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
synunst.ini 8/20/2008 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
synzmetr.exe 8/14/2008 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
tutorial.exe 8/14/2008 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
[c:\windows]
rthdvcpl.exe 4/8/2008 2:5.00 Signed hda32.cat Microsoft Windows Hardware Compatibility Publisher
rtlupd.exe 4/2/2008 2:5.00 Signed hda32.cat Microsoft Windows Hardware Compatibility Publisher
skytel.exe 11/20/2007 2:5.00 Signed hda32.cat Microsoft Windows Hardware Compatibility Publisher
[c:\windows\system32]
batt.dll 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
clfs.sys 4/11/2009 2:5.1,2:5.2,2:6.0 Signed Package_25_for_KB948Microsoft Windows
fmapo.dll 3/28/2008 2:5.00 Signed hda32.cat Microsoft Windows Hardware Compatibility Publisher
hal.dll 4/11/2009 2:5.1 Signed Package_25_for_KB948Microsoft Windows
halacpi.dll 4/11/2009 2:5.1 Signed Package_25_for_KB948Microsoft Windows
halmacpi.dll 4/11/2009 2:5.1 Signed Package_25_for_KB948Microsoft Windows
hccoin.dll 11/2/2006 2:5.1 Signed Package_25_for_KB948Microsoft Windows
hccutils.dll 6/12/2008 2:6.0 Signed kit14212.cat Microsoft Windows Hardware Compatibility Publisher
hcrstco.dll 1/20/2008 2:5.1 Signed Package_25_for_KB948Microsoft Windows
hkcmd.exe 6/25/2008 2:6.0 Signed kit14212.cat Microsoft Windows Hardware Compatibility Publisher
ig4dev32.dll 6/12/2008 2:6.0 Signed kit14212.cat Microsoft Windows Hardware Compatibility Publisher
ig4icd32.dll 6/12/2008 2:6.0 Signed kit14212.cat Microsoft Windows Hardware Compatibility Publisher
igcompkrng500.bin 6/12/2008 2:6.0 Signed kit14212.cat Microsoft Windows Hardware Compatibility Publisher
igd10umd32.dll 6/12/2008 2:6.0 Signed kit14212.cat Microsoft Windows Hardware Compatibility Publisher
igdumd32.dll 6/12/2008 2:6.0 Signed kit14212.cat Microsoft Windows Hardware Compatibility Publisher
igdumdx32.dll 6/12/2008 2:6.0 Signed kit14212.cat Microsoft Windows Hardware Compatibility Publisher
igfcg550.bin 6/12/2008 2:6.0 Signed kit14212.cat Microsoft Windows Hardware Compatibility Publisher
igfxcfg.exe 6/25/2008 2:6.0 Signed kit14212.cat Microsoft Windows Hardware Compatibility Publisher
igfxcoin_v1502.dll 6/12/2008 2:6.0 Signed kit14212.cat Microsoft Windows Hardware Compatibility Publisher
igfxcpl.cpl 6/12/2008 2:6.0 Signed kit14212.cat Microsoft Windows Hardware Compatibility Publisher
igfxdev.dll 6/12/2008 2:6.0 Signed kit14212.cat Microsoft Windows Hardware Compatibility Publisher
igfxdo.dll 6/12/2008 2:6.0 Signed kit14212.cat Microsoft Windows Hardware Compatibility Publisher
igfxexps.dll 6/12/2008 2:6.0 Signed kit14212.cat Microsoft Windows Hardware Compatibility Publisher
igfxext.exe 6/25/2008 2:6.0 Signed kit14212.cat Microsoft Windows Hardware Compatibility Publisher
igfxpers.exe 6/25/2008 2:6.0 Signed kit14212.cat Microsoft Windows Hardware Compatibility Publisher
igfxpph.dll 6/12/2008 2:6.0 Signed kit14212.cat Microsoft Windows Hardware Compatibility Publisher
igfxrara.lrc 6/12/2008 2:6.0 Signed kit14212.cat Microsoft Windows Hardware Compatibility Publisher
igfxrchs.lrc 6/12/2008 2:6.0 Signed kit14212.cat Microsoft Windows Hardware Compatibility Publisher
igfxrcht.lrc 6/12/2008 2:6.0 Signed kit14212.cat Microsoft Windows Hardware Compatibility Publisher
igfxrcsy.lrc 6/12/2008 2:6.0 Signed kit14212.cat Microsoft Windows Hardware Compatibility Publisher
igfxrdan.lrc 6/12/2008 2:6.0 Signed kit14212.cat Microsoft Windows Hardware Compatibility Publisher
igfxrdeu.lrc 6/12/2008 2:6.0 Signed kit14212.cat Microsoft Windows Hardware Compatibility Publisher
igfxrell.lrc 6/12/2008 2:6.0 Signed kit14212.cat Microsoft Windows Hardware Compatibility Publisher
igfxrenu.lrc 6/12/2008 2:6.0 Signed kit14212.cat Microsoft Windows Hardware Compatibility Publisher
igfxresp.lrc 6/12/2008 2:6.0 Signed kit14212.cat Microsoft Windows Hardware Compatibility Publisher
igfxress.dll 6/12/2008 2:6.0 Signed kit14212.cat Microsoft Windows Hardware Compatibility Publisher
igfxrfin.lrc 6/12/2008 2:6.0 Signed kit14212.cat Microsoft Windows Hardware Compatibility Publisher
igfxrfra.lrc 6/12/2008 2:6.0 Signed kit14212.cat Microsoft Windows Hardware Compatibility Publisher
igfxrheb.lrc 6/12/2008 2:6.0 Signed kit14212.cat Microsoft Windows Hardware Compatibility Publisher
igfxrhun.lrc 6/12/2008 2:6.0 Signed kit14212.cat Microsoft Windows Hardware Compatibility Publisher
igfxrita.lrc 6/12/2008 2:6.0 Signed kit14212.cat Microsoft Windows Hardware Compatibility Publisher
igfxrjpn.lrc 6/12/2008 2:6.0 Signed kit14212.cat Microsoft Windows Hardware Compatibility Publisher
igfxrkor.lrc 6/12/2008 2:6.0 Signed kit14212.cat Microsoft Windows Hardware Compatibility Publisher
igfxrnld.lrc 6/12/2008 2:6.0 Signed kit14212.cat Microsoft Windows Hardware Compatibility Publisher
igfxrnor.lrc 6/12/2008 2:6.0 Signed kit14212.cat Microsoft Windows Hardware Compatibility Publisher
igfxrplk.lrc 6/12/2008 2:6.0 Signed kit14212.cat Microsoft Windows Hardware Compatibility Publisher
igfxrptb.lrc 6/12/2008 2:6.0 Signed kit14212.cat Microsoft Windows Hardware Compatibility Publisher
igfxrptg.lrc 6/12/2008 2:6.0 Signed kit14212.cat Microsoft Windows Hardware Compatibility Publisher
igfxrrus.lrc 6/12/2008 2:6.0 Signed kit14212.cat Microsoft Windows Hardware Compatibility Publisher
igfxrsky.lrc 6/12/2008 2:6.0 Signed kit14212.cat Microsoft Windows Hardware Compatibility Publisher
igfxrslv.lrc 6/12/2008 2:6.0 Signed kit14212.cat Microsoft Windows Hardware Compatibility Publisher
igfxrsve.lrc 6/12/2008 2:6.0 Signed kit14212.cat Microsoft Windows Hardware Compatibility Publisher
igfxrtha.lrc 6/12/2008 2:6.0 Signed kit14212.cat Microsoft Windows Hardware Compatibility Publisher
igfxrtrk.lrc 6/12/2008 2:6.0 Signed kit14212.cat Microsoft Windows Hardware Compatibility Publisher
igfxsrvc.dll 6/12/2008 2:6.0 Signed kit14212.cat Microsoft Windows Hardware Compatibility Publisher
igfxsrvc.exe 6/25/2008 2:6.0 Signed kit14212.cat Microsoft Windows Hardware Compatibility Publisher
igfxtmm.dll 6/12/2008 2:6.0 Signed kit14212.cat Microsoft Windows Hardware Compatibility Publisher
igfxtray.exe 6/25/2008 2:6.0 Signed kit14212.cat Microsoft Windows Hardware Compatibility Publisher
igfxzoom.exe 6/25/2008 2:6.0 Signed kit14212.cat Microsoft Windows Hardware Compatibility Publisher
igkrng500.bin 6/12/2008 2:6.0 Signed kit14212.cat Microsoft Windows Hardware Compatibility Publisher
iglhxc32.vp 6/12/2008 2:6.0 Signed kit14212.cat Microsoft Windows Hardware Compatibility Publisher
iglhxo32.vp 6/12/2008 2:6.0 Signed kit14212.cat Microsoft Windows Hardware Compatibility Publisher
iglhxs32.vp 6/12/2008 2:6.0 Signed kit14212.cat Microsoft Windows Hardware Compatibility Publisher
iscsilog.dll 4/11/2009 2:5.1 Signed Package_25_for_KB948Microsoft Windows
maxxaudioapo.dll 7/30/2007 2:5.00 Signed hda32.cat Microsoft Windows Hardware Compatibility Publisher
oemdspif.dll 6/12/2008 2:6.0 Signed kit14212.cat Microsoft Windows Hardware Compatibility Publisher
pctindis5.sys 10/31/2011 None Signed N/A
rtkapo.dll 4/1/2008 2:5.00 Signed hda32.cat Microsoft Windows Hardware Compatibility Publisher
rtkapoapi.dll 3/28/2008 2:5.00 Signed hda32.cat Microsoft Windows Hardware Compatibility Publisher
rtkcoinst.dll 4/3/2008 2:5.00 Signed hda32.cat Microsoft Windows Hardware Compatibility Publisher
rtkpgext.dll 4/9/2008 2:5.00 Signed hda32.cat Microsoft Windows Hardware Compatibility Publisher
rtnicprop32.dll 3/5/2009 2:6.0 Signed netrtx32.cat Microsoft Windows Hardware Compatibility Publisher
rtnuninst32.dll 11/12/2009 2:6.0 Signed netrtx32.cat Microsoft Windows Hardware Compatibility Publisher
rtsndmgr.cpl 11/13/2007 2:5.00 Signed hda32.cat Microsoft Windows Hardware Compatibility Publisher
srshp360.dll 4/16/2007 2:5.00 Signed hda32.cat Microsoft Windows Hardware Compatibility Publisher
srstshd.dll 5/17/2007 2:5.00 Signed hda32.cat Microsoft Windows Hardware Compatibility Publisher
srstsxt.dll 12/13/2006 2:5.00 Signed hda32.cat Microsoft Windows Hardware Compatibility Publisher
srswow.dll 7/25/2007 2:5.00 Signed hda32.cat Microsoft Windows Hardware Compatibility Publisher
streamci.dll 1/20/2008 2:5.1 Signed Package_25_for_KB948Microsoft Windows
syncom.dll 8/14/2008 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
synctrl.dll 8/14/2008 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
syntpapi.dll 8/14/2008 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
syntpco4.dll 8/14/2008 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
sysfxui.dll 1/20/2008 2:5.1 Signed Package_25_for_KB948Microsoft Windows
wdfcoinstaller01007. 7/8/2008 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
wdfcoinstaller01009. 10/31/2011 2:5.1 Signed tmobile_mf691_driverMicrosoft Windows Hardware Compatibility Publisher
wmalfxgfxdsp.dll 1/20/2008 2:5.1 Signed Package_25_for_KB948Microsoft Windows
wudfcoinstaller.dll 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
[c:\windows\system32\drivers]
acpi.sys 4/11/2009 2:5.1 Signed Package_25_for_KB948Microsoft Windows
afd.sys 4/21/2011 2:5.1,2:5.2,2:6.0 Signed Package_5_for_KB2503Microsoft Windows
asyncmac.sys 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
battc.sys 1/20/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
cdrom.sys 4/11/2009 2:5.1 Signed Package_25_for_KB948Microsoft Windows
cmbatt.sys 1/20/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
compbatt.sys 1/20/2008 2:5.1 Signed Package_25_for_KB948Microsoft Windows
crcdisk.sys 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
disk.sys 4/11/2009 2:5.1 Signed Package_25_for_KB948Microsoft Windows
drmk.sys 1/20/2008 2:5.1 Signed Package_25_for_KB948Microsoft Windows
drmkaud.sys 1/20/2008 2:5.1 Signed Package_25_for_KB948Microsoft Windows
dxgkrnl.sys 1/20/2011 2:5.1,2:5.2,2:6.0 Signed Package_23_for_KB211Microsoft Windows
ew_jubusenum.sys 10/31/2011 2:5.00 Signed ew_jubusenum.cat Microsoft Windows Hardware Compatibility Publisher
ew_usbenumfilter.sys 10/31/2011 2:5.00 Signed ew_usbenumfilter.catMicrosoft Windows Hardware Compatibility Publisher
ewusbmdm.sys 10/31/2011 2:5.00 Signed ewmdm2k.cat Microsoft Windows Hardware Compatibility Publisher
ewusbnet.sys 10/31/2011 2:5.00 Signed ewusbnet.cat Microsoft Windows Hardware Compatibility Publisher
fwlnk.sys 11/20/2006 2:6.0 Signed fwlnk.cat Microsoft Windows Hardware Compatibility Publisher
hdaudbus.sys 4/11/2009 2:5.1 Signed Package_25_for_KB948Microsoft Windows
http.sys 11/3/2009 2:5.1,2:5.2,2:6.0 Signed Package_103_for_KB97Microsoft Windows
i8042prt.sys 1/20/2008 2:5.1 Signed Package_25_for_KB948Microsoft Windows
iastor.sys 4/15/2008 2:5.00 Signed iaahci.cat Microsoft Windows Hardware Compatibility Publisher
igdkmd32.sys 6/12/2008 2:6.0 Signed kit14212.cat Microsoft Windows Hardware Compatibility Publisher
intelppm.sys 1/20/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
kbdclass.sys 1/20/2008 2:5.1 Signed Package_25_for_KB948Microsoft Windows
ksecdd.sys 6/4/2012 2:5.1,2:5.2,2:6.0 Signed Package_1_for_KB2655Microsoft Windows
lltdio.sys 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
modem.sys 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
monitor.sys 1/20/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
mouclass.sys 1/20/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
mountmgr.sys 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
mpsdrv.sys 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
msisadrv.sys 1/20/2008 2:5.1 Signed Package_25_for_KB948Microsoft Windows
msiscsi.sys 4/11/2009 2:5.1 Signed Package_25_for_KB948Microsoft Windows
mskssrv.sys 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
mspclock.sys 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
mspqm.sys 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
mssmbios.sys 1/20/2008 2:5.1 Signed Package_25_for_KB948Microsoft Windows
mstee.sys 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
ndis.sys 4/11/2009 2:5.1,2:5.2,2:6.0 Signed Package_25_for_KB948Microsoft Windows
ndistapi.sys 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
ndisuio.sys 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
ndiswan.sys 4/11/2009 2:5.1,2:5.2,2:6.0 Signed Package_25_for_KB948Microsoft Windows
netbt.sys 4/11/2009 2:5.1,2:5.2,2:6.0 Signed Package_25_for_KB948Microsoft Windows
nsiproxy.sys 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
nwifi.sys 4/11/2009 2:5.1,2:5.2,2:6.0 Signed Package_16_for_KB948Microsoft Windows
pacer.sys 4/11/2009 2:5.1,2:5.2,2:6.0 Signed Package_25_for_KB948Microsoft Windows
pci.sys 4/11/2009 2:5.1 Signed Package_25_for_KB948Microsoft Windows
peauth.sys 11/2/2006 2:6.0 Signed nt5.cat Microsoft Windows
portcls.sys 4/11/2009 2:5.1 Signed Package_25_for_KB948Microsoft Windows
rasacd.sys 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
rasl2tp.sys 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
raspppoe.sys 4/11/2009 2:5.1,2:5.2,2:6.0 Signed Package_25_for_KB948Microsoft Windows
raspptp.sys 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
rassstp.sys 4/11/2009 2:5.1,2:5.2,2:6.0 Signed Package_86_for_KB948Microsoft Windows
rdpcdd.sys 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
rdpencdd.sys 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
rspndr.sys 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
rtkvhda.sys 4/9/2008 2:5.00 Signed hda32.cat Microsoft Windows Hardware Compatibility Publisher
rtl8187b.sys 6/10/2009 2:5.00 Signed net8187b.cat Microsoft Windows Hardware Compatibility Publisher
rtlh86.sys 11/16/2009 2:6.0 Signed netrtx32.cat Microsoft Windows Hardware Compatibility Publisher
rtlprot.sys 4/23/2007 2:6.0 Signed oem21.CAT Microsoft Windows Hardware Compatibility Publisher
sermouse.sys 1/20/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
smb.sys 4/11/2009 2:5.1,2:5.2,2:6.0 Signed Package_25_for_KB948Microsoft Windows
swenum.sys 1/20/2008 2:5.1 Signed Package_25_for_KB948Microsoft Windows
syntp.sys 8/14/2008 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
tcpip.sys 3/30/2012 2:5.1,2:5.2,2:6.0 Signed Package_2_for_KB2688Microsoft Windows
tcpipreg.sys 12/8/2009 2:5.1,2:5.2,2:6.0 Signed Package_1_for_KB2688Microsoft Windows
tdcmdpst.sys 12/14/2007 2:6.0 Signed tdcmdpst.cat Microsoft Windows Hardware Compatibility Publisher
tdx.sys 4/11/2009 2:5.1,2:5.2,2:6.0 Signed Package_25_for_KB948Microsoft Windows
termdd.sys 4/11/2009 2:5.1 Signed Package_25_for_KB948Microsoft Windows
tmobile_mf691_dc_enu 4/9/2010 2:5.1 Signed tmobile_mf691_driverMicrosoft Windows Hardware Compatibility Publisher
tos_sps32.sys 7/18/2008 2:6.0 Signed tos_sps32.cat Microsoft Windows Hardware Compatibility Publisher
tunmp.sys 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
tunnel.sys 2/18/2010 2:5.1,2:5.2,2:6.0 Signed Package_6_for_KB9783Microsoft Windows
tvalz_o.sys 11/9/2007 2:6.0 Signed tvalz_o.cat Microsoft Windows Hardware Compatibility Publisher
umbus.sys 1/20/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
usbccgp.sys 1/20/2008 2:5.1 Signed Package_25_for_KB948Microsoft Windows
usbd.sys 1/20/2008 2:5.1 Signed Package_25_for_KB948Microsoft Windows
usbehci.sys 4/11/2009 2:5.1 Signed Package_25_for_KB948Microsoft Windows
usbhub.sys 4/11/2009 2:5.1 Signed Package_25_for_KB948Microsoft Windows
usbport.sys 4/11/2009 2:5.1 Signed Package_25_for_KB948Microsoft Windows
usbstor.sys 4/11/2009 2:5.1 Signed Package_25_for_KB948Microsoft Windows
usbuhci.sys 1/20/2008 2:5.1 Signed Package_25_for_KB948Microsoft Windows
vga.sys 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
volmgr.sys 1/20/2008 2:5.1 Signed Package_25_for_KB948Microsoft Windows
volmgrx.sys 4/11/2009 2:5.1,2:5.2,2:6.0 Signed Package_25_for_KB948Microsoft Windows
volsnap.sys 4/11/2009 2:5.1 Signed Package_25_for_KB948Microsoft Windows
wanarp.sys 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
wdf01000.sys 7/14/2009 2:5.1,2:5.2,2:6.0 Signed Package_26_for_KB970Microsoft Windows
wudfrd.sys 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
[c:\windows\system32\drivers\umdf]
wpdfs.dll 9/30/2009 2:5.1 Signed Microsoft-Windows-WPMicrosoft Windows
[c:\windows\system32\rtcom]
rtcomdll.dll 3/26/2008 2:5.00 Signed hda32.cat Microsoft Windows Hardware Compatibility Publisher
rtlcpapi.dll 3/26/2008 2:5.00 Signed hda32.cat Microsoft Windows Hardware Compatibility Publisher
[c:\windows\system32\sysprep]
pedrv.sys 1/18/2008 1.0.0.5 Not Signed N/A

Unscanned Files:
------------------
[c:\windows\c:\windows\system32\sysprep\drivers]
ioport.sys The directory name is invalid.

6. System & Application Log Results of Event Viewer Tool by Vino Rosso

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 08/10/2012 11:31:33 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 08/10/2012 4:50:39 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The avast! iAVS4 Control Service service failed to start due to the following error: The system cannot find the path specified.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 09/10/2012 2:39:30 AM
Type: Warning Category: 0
Event: 3004 Source: Microsoft-Windows-Windows Defender
Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow. For more information please see the following: Not Applicable Scan ID: {AAA8CC16-A4C8-497E-909B-C71581B4A689} User: KIMCLARK\james Name: Unknown ID: Severity ID: Category ID: Path Found: driver:avastTestService Alert Type: Unclassified software Detection Type:

Log: 'System' Date/Time: 09/10/2012 2:39:30 AM
Type: Warning Category: 0
Event: 3004 Source: Microsoft-Windows-Windows Defender
Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow. For more information please see the following: Not Applicable Scan ID: {9BC8C5DA-6D51-49CC-BC7A-69D80ED15FD7} User: KIMCLARK\james Name: Unknown ID: Severity ID: Category ID: Path Found: service:avastTestService Alert Type: Unclassified software Detection Type:

Log: 'System' Date/Time: 08/10/2012 4:49:04 AM
Type: Warning Category: 0
Event: 1 Source: RTL8169
Realtek PCIe FE Family Controller is disconnected from network.



Vino's Event Viewer v01c run on Windows Vista in English
Report run at 08/10/2012 11:36:09 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 09/10/2012 2:36:32 AM
Type: Error Category: 0
Event: 0 Source: TOSHIBA Service Station
TSS Load: could not communicate with TMachInfo service

Log: 'Application' Date/Time: 09/10/2012 2:36:32 AM
Type: Error Category: 0
Event: 0 Source: TOSHIBA Service Station
Service TMachInfo was not found on computer '.'.

Log: 'Application' Date/Time: 08/10/2012 4:50:39 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


7. Results of Process Explorer Log

Process PID CPU Private Bytes Working Set Description Company Name Verified Signer
System Idle Process 0 56.71 0 K 24 K
svchost.exe 968 24.74 4,856 K 8,608 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
procexp.exe 5956 6.18 24,048 K 39,004 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
Interrupts n/a 4.64 0 K 0 K Hardware Interrupts and DPCs
TMobileCM.exe 6044 3.09 26,568 K 42,904 K T-Mobile Connection Manager T-Mobile (Unable to verify) T-Mobile
igfxsrvc.exe 4240 1.55 2,292 K 5,840 K igfxsrvc Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
iexplore.exe 5724 1.55 50,976 K 83,460 K Internet Explorer Microsoft Corporation (Verified) Microsoft Windows
dwm.exe 1420 1.55 40,236 K 55,608 K Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
SynTPEnh.exe 1524 < 0.01 3,256 K 7,968 K Synaptics TouchPad Enhancements Synaptics, Inc. (Verified) Microsoft Windows Hardware Compatibility Publisher
csrss.exe 692 < 0.01 2,392 K 9,064 K Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
System 4 < 0.01 0 K 31,832 K
explorer.exe 3232 < 0.01 45,120 K 60,140 K Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
NDSTray.exe 2268 < 0.01 11,404 K 7,448 K ConfigFree™ Task tray menu TOSHIBA CORPORATION (Unable to verify) TOSHIBA CORPORATION
svchost.exe 1268 < 0.01 73,472 K 82,976 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
iexplore.exe 4728 < 0.01 64,648 K 90,704 K Internet Explorer Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1072 < 0.01 3,828 K 6,864 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
wmpnetwk.exe 5804 < 0.01 4,568 K 8,876 K Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
hkcmd.exe 2760 < 0.01 1,868 K 4,948 K hkcmd Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
csrss.exe 640 < 0.01 1,780 K 6,248 K Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
AvastUI.exe 3300 < 0.01 16,704 K 5,932 K avast! Antivirus AVAST Software (Verified) AVAST Software
AvastSvc.exe 1748 < 0.01 30,068 K 2,700 K avast! Service AVAST Software (Verified) AVAST Software
services.exe 780 < 0.01 2,484 K 6,552 K Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
CNSEMAIN.EXE 172 < 0.01 43,756 K 6,680 K Canon Solution Menu EX CANON INC. (Verified) Canon Inc.
svchost.exe 1216 < 0.01 16,900 K 13,232 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
iexplore.exe 4516 < 0.01 23,144 K 37,732 K Internet Explorer Microsoft Corporation (Verified) Microsoft Windows
CNSEUPDT.EXE 5252 < 0.01 3,916 K 8,088 K Canon Solution Menu EX Updater CANON INC. (Verified) Canon Inc.
V CAST Backup Scheduler.exe 3860 < 0.01 6,244 K 9,824 K (Verified) Sakar International
SearchIndexer.exe 2316 < 0.01 40,268 K 16,276 K Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1252 < 0.01 76,008 K 78,512 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
taskeng.exe 3152 < 0.01 9,764 K 11,068 K Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
TODDSrv.exe 2084 < 0.01 2,076 K 3,520 K TDCSrv Application TOSHIBA Corporation (Verified) TOSHIBA CORPORATION
spoolsv.exe 1924 < 0.01 6,260 K 9,320 K Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
TNaviSrv.exe 644 < 0.01 864 K 3,024 K TOSHIBA Navi Support Service TOSHIBA Corporation (Verified) TOSHIBA CORPORATION
WUDFHost.exe 2560 2,856 K 4,708 K Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation (Verified) Microsoft Windows
wmpnscfg.exe 5456 1,936 K 5,512 K Windows Media Player Network Sharing Service Configuration Application Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 2340 3,312 K 6,132 K WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
wmdc.exe 3156 1,908 K 5,104 K Windows Mobile Device Center Microsoft Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
WLIDSVCM.EXE 2468 864 K 2,624 K Microsoft® Windows Live ID Service Monitor Microsoft Corp. (Verified) Microsoft Corporation
WLIDSVC.EXE 2284 5,344 K 8,132 K Microsoft® Windows Live ID Service Microsoft Corp. (Verified) Microsoft Corporation
winlogon.exe 724 1,928 K 5,320 K Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 684 1,388 K 4,056 K Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
unsecapp.exe 3236 2,460 K 5,060 K Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation (Verified) Microsoft Windows
ULCDRSvr.exe 2228 380 K 1,548 K ULCDRSvr Ulead Systems, Inc. (Unable to verify) Ulead Systems, Inc.
TPwrMain.exe 3096 4,160 K 5,920 K TOSHIBA Power Saver TOSHIBA Corporation (Verified) TOSHIBA CORPORATION
TosIPCSrv.exe 2152 728 K 2,492 K TosIPCSrv.exe TOSHIBA Corporation (Unable to verify) TOSHIBA Corporation
TosCoSrv.exe 2120 1,408 K 3,436 K TOSHIBA Power Saver TOSHIBA Corporation (Verified) TOSHIBA CORPORATION
TOSCDSPD.exe 3424 1,560 K 3,876 K CD/DVD Drive Acoustic Silencer TOSHIBA (Unable to verify) TOSHIBA
TCrdMain.exe 2144 6,372 K 8,928 K TOSHIBA Flash Cards TOSHIBA Corporation (Unable to verify) TOSHIBA Corporation
taskeng.exe 3476 2,080 K 5,900 K Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
SynTPHelper.exe 5632 940 K 3,032 K Synaptics Pointing Device Helper Synaptics, Inc. (Verified) Microsoft Windows Hardware Compatibility Publisher
svchost.exe 1612 16,264 K 14,876 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1464 6,948 K 10,784 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1112 37,908 K 41,388 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1952 10,716 K 13,456 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1412 1,880 K 4,636 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 476 2,080 K 3,244 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 648 3,592 K 6,580 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1624 2,204 K 5,112 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2000 4,188 K 6,184 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2244 544 K 2,116 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 3960 1,908 K 22,532 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 4052 3,808 K 6,516 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
smss.exe 508 256 K 704 K Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
SmoothView.exe 3640 936 K 2,764 K SmoothView TOSHIBA Corporation (Verified) TOSHIBA CORPORATION
SLsvc.exe 1432 5,424 K 8,664 K Microsoft Software Licensing Service Microsoft Corporation (Verified) Microsoft Windows
SeaPort.exe 1652 4,592 K 7,824 K Microsoft SeaPort Search Enhancement Broker Microsoft Corporation (Verified) Microsoft Corporation
RtHDVCpl.exe 4060 10,908 K 8,708 K HD Audio Control Panel Realtek Semiconductor (Verified) Microsoft Windows Hardware Compatibility Publisher
RcAppSvc.exe 6076 1,660 K 4,844 K RcAppSvc, Service Helper SmithMicro Inc. (Unable to verify) SmithMicro Inc.
PresentationFontCache.exe 1028 16,156 K 13,592 K PresentationFontCache.exe Microsoft Corporation (Verified) Microsoft Windows
MSASCui.exe 1964 7,564 K 9,608 K Windows Defender User Interface Microsoft Corporation (Verified) Microsoft Windows
MotoHelperService.exe 732 4,172 K 7,244 K MotoHelper Service (Verified) Motorola Mobility Inc.
MotoHelperAgent.exe 3184 1,804 K 6,320 K MotoHelperAgent (Verified) Motorola Mobility Inc.
lsm.exe 800 1,756 K 3,712 K Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
lsass.exe 792 3,116 K 1,924 K Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
jusched.exe 3612 1,344 K 3,684 K Java™ Update Scheduler Sun Microsystems, Inc. (Verified) Oracle America
igfxtray.exe 3204 1,544 K 4,480 K igfxTray Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
igfxpers.exe 1424 1,500 K 4,572 K persistence Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
igfxext.exe 4496 1,280 K 4,324 K igfxext Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
IAANTmon.exe 2388 2,948 K 5,540 K RAID Monitor Intel Corporation (Verified) Intel Corporation
IAAnotif.exe 1484 3,120 K 5,612 K Event Monitor User Notification Tool Intel Corporation (Verified) Intel Corporation
FlashUtil32_11_4_402_278_ActiveX.exe 4876 4,184 K 7,204 K Adobe® Flash® Player Installer/Uninstaller 11.4 r402 Adobe Systems Incorporated (Verified) Adobe Systems Incorporated
conappssvc.exe 6100 2,876 K 6,636 K ConAppsSvc SmithMicro Inc. (Unable to verify) SmithMicro Inc.
cmd.exe 5284 1,956 K 2,604 K Windows Command Processor Microsoft Corporation (Verified) Microsoft Windows
CFSwMgr.exe 4660 3,184 K 7,444 K ConfigFree Switch Manager TOSHIBA CORPORATION (Unable to verify) TOSHIBA CORPORATION
CFSvcs.exe 480 2,296 K 2,460 K Service of ConfigFree. TOSHIBA CORPORATION (Unable to verify) TOSHIBA CORPORATION
BJMYPRT.EXE 1332 1,344 K 4,084 K Canon My Printer CANON INC. (Verified) Canon Inc.
audiodg.exe 1388 15,596 K 16,140 K Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows

8. I have attached the Speccy filehippo as requested.


Should I delete all the programs you had me download?
I have also allowed my computer to defrag.

I use Yahoo as my email source. Just recently after 6 years, I started getting spam email. Is there a way to get rid of it; to stop getting it? I never open it. I mark it as spam and empty the spam folder daily nut still get the phishing emails. I never sign up for anything giving my email address like newsletter or unfamiliar websites. I get about 20 spam mails a day.

Should I reload Malwarebytes?

Can you advise me on the best freeware that I can use to make a "movie" combining pictures and video? Doing something for my organization with a short clip and slideshow of pictures.

Thank you soooooo much Ron for your help.

Kim
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,798 posts
  • MVP

3. I tried to run adwCleaner and it would not load. Each time I tried it said that the SmartScreen Technology installed does not think it is safe and would not let me get around it in any way to load it.


Open IE then click on the gear then Click the Safety button, point to SmartScreen Filter, and then click Turn Off SmartScreen Filter. In the Microsoft‌ SmartScreen Filter dialog box, click OK.

Now go to http://general-chang...de/2-adwcleaner and download and Save the file. Right click on the file and select Open Containing Folder. Then right click on the file and Run As Admin.

Windows Resource Protection found corrupt files but was unable to fix some of them.


This is common with Vista. You can do the following:

Copy the next line:


findstr /c:"[SR]" \windows\logs\cbs\cbs.log > \junk.txt



Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear. Hit Enter. Attach the file c:\junk.txt

Most likely it will just say the tcpmon.ini file is corrupt. That's usually what it complains about and nothing to worry about.

Log: 'Application' Date/Time: 09/10/2012 2:36:32 AM
Type: Error Category: 0
Event: 0 Source: TOSHIBA Service Station
TSS Load: could not communicate with TMachInfo service

Log: 'Application' Date/Time: 09/10/2012 2:36:32 AM
Type: Error Category: 0
Event: 0 Source: TOSHIBA Service Station
Service TMachInfo was not found on computer '.'.



TOSHIBA Service Station is broken and should be uninstalled. You can probably download a new copy if you use it from Toshiba. I think all it does is check the Toshiba site for updates.

Log: 'Application' Date/Time: 08/10/2012 4:50:39 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


Download the attached fix.zip file and save it. Right click on it and Extract All. This will create a folder called fix and int he folder will be fix.vbs. Right click on it and Run As Admin.

Log: 'System' Date/Time: 08/10/2012 4:50:39 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The avast! iAVS4 Control Service service failed to start due to the following error: The system cannot find the path specified.


I think this refers to an old Avast 4 service that didn't get removed correctly.

See if this will work:


Personal Message (Offline)

Re: iAVS4 failed to start (Deleting calls to services left from Avast 4)
« Reply #3 on: October 04, 2010, 07:39:39 AM »
Hi,
Right click on the Avast Icon in System Tray and choose "open Avast...", click on SETTINGS
choose Troubleshooting and remove the tick from "enable Avast Self-Defense Module"


Copy the next line:

SC DELETE aswUpdSv



Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear. Hit Enter.

Reboot and then re-enable Avast Self-Defense Module

From your Process Explorer log:

Interrupts n/a 4.64 0 K 0 K Hardware Interrupts and DPCs


This is often caused by a bad battery. Shut it down, remove the battery and boot it up while connected to AC power then run Process Explorer as before and post the new log.

You can uninstall Speccy now. Hold off removing anything else until we are done.

Run OTL again, Quickscan and post the log.


Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Right click on TDSSKiller.exe and select Run As Administrator to start the program.

If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.



Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:
http://www.malwareby...lwarebytes_free

SAVE Malwarebytes' Anti-Malware to your desktop.

* Right-click mbam-setup.exe and select Run As Administrator to start the program.
* follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP