Please HELP!

BigRedd · July 12, 2012

Merged post

I'm not sure what is going on..... Whatever 'it' is has slowed down my system to almost nothing - but only when connected to the internet. I ran multiple anti-malware and each has discovered something - then I remove it but I guess it keeps coming back (not getting the entire thing) I did run Malwarebytes and it found 11 and they were removed but did not solve the issue.

There are also multiple programs that have been added as well as my own deleted. I'm not sure what is going on. Since this pc is old I only use it a throw around pc to check the news, weather and a few blogs. This issue started on 6/21/2012 - the only thing that changed that day was auto Java update. In which I cannot uninstall - not sure if that's the problem or not.

Thanks in advance for all of your help!

DDS.txt Attach.txt

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by Laptop at 15:21:37 on 2012-07-12

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.744 [GMT -4:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\svchost.exe -k rpcss

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\Explorer.EXE

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskeng.exe

C:\Windows\system32\agrsmsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Windows\System32\fbdusb_svc.exe

C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe

C:\Toshiba\IVP\ISM\pinger.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

c:\Toshiba\IVP\swupdate\swupdtmr.exe

C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe

C:\Windows\system32\TODDSrv.exe

C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Toshiba\Power Saver\TPwrMain.exe

C:\Program Files\Toshiba\SmoothView\SmoothView.exe

C:\Program Files\Toshiba\FlashCards\TCrdMain.exe

C:\Program Files\Toshiba\ConfigFree\NDSTray.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Toshiba\Utilities\KeNotify.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Real\RealPlayer\Update\realsched.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe

C:\Program Files\Synaptics\SynTP\SynToshiba.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Users\Laptop\AppData\Local\Apps\2.0\9CG0MLEW.YV7\LA9P2C9X.DMN\dowc..tion_7fee81de1bdbff46_0001.0002_e59b47160ff646b1\Dowce.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Users\Laptop\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\rundll32.exe

C:\Users\Laptop\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\taskmgr.exe

C:\Windows\system32\Dwm.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3131886

uDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart

mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: Vgrabber1 Toolbar: {f9bbf004-6e40-4019-8214-c43a37e1d058} - c:\program files\vgrabber1\prxtbVgra.dll

mURLSearchHooks: Vgrabber1 Toolbar: {f9bbf004-6e40-4019-8214-c43a37e1d058} - c:\program files\vgrabber1\prxtbVgra.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll

BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Vgrabber1 Toolbar: {f9bbf004-6e40-4019-8214-c43a37e1d058} - c:\program files\vgrabber1\prxtbVgra.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Vgrabber1 Toolbar: {f9bbf004-6e40-4019-8214-c43a37e1d058} - c:\program files\vgrabber1\prxtbVgra.dll

uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet

uRun: [iCloudServices] c:\program files\common files\apple\internet services\iCloudServices.exe

uRun: [ApplePhotoStreams] c:\program files\common files\apple\internet services\ApplePhotoStreams.exe

uRun: [googletalk] c:\users\laptop\appdata\roaming\google\google talk\googletalk.exe /autostart

uRun: [Google Update] "c:\users\laptop\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [Dowce] c:\users\laptop\appdata\roaming\microsoft\windows\start menu\programs\dowce\Dowce.appref-ms

uRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

mRun: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe

mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe

mRun: [Apoint] c:\program files\apoint2k\Apoint.exe

mRun: [jswtrayutil] "c:\program files\jumpstart\jswtrayutil.exe"

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [iTSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START

mRun: [NDSTray.exe] NDSTray.exe

mRun: [HWSetup] \HWSetup.exe hwSetUP

mRun: [sVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL

mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe

mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [skytel] Skytel.exe

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1 71.242.0.12

TCP: Interfaces\{38345E4D-9E2C-42F5-AC8A-C5DAC44F2AD7} : DhcpNameServer = 172.22.220.1

TCP: Interfaces\{F9C9F66D-16C5-4A01-90F0-18F3B4C72DEC} : DhcpNameServer = 192.168.1.1 71.242.0.12

Notify: igfxcui - igfxdev.dll

AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]

R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2011-9-17 20352]

R1 MpKsl0f4fe379;MpKsl0f4fe379;c:\programdata\microsoft\microsoft antimalware\definition updates\{0a370d10-14f4-461c-b0ca-dc15cb6d8dfb}\MpKsl0f4fe379.sys [2012-7-12 29904]

R1 MpKsldbe1714f;MpKsldbe1714f;c:\programdata\microsoft\microsoft antimalware\definition updates\{0a370d10-14f4-461c-b0ca-dc15cb6d8dfb}\MpKsldbe1714f.sys [2012-7-12 29904]

R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2007-12-25 40960]

R2 fbdusb_svc;MFT for USB generic mount service;c:\windows\system32\fbdusb_svc.exe [2011-12-9 115536]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\verizon\iha_messagecenter\bin\Verizon_IHAMessageCenter.exe [2011-7-1 290832]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-7-12 655944]

R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-7-12 22344]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-9-17 135664]

S3 DCamUSBNovatek;USB2.0 UVC Camera;c:\windows\system32\drivers\nvtcam.sys [2010-7-14 2696960]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-2-18 30192]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-9-17 135664]

S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe [2011-9-17 937984]

S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 74112]

S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2012-07-12 18:01:03 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{0a370d10-14f4-461c-b0ca-dc15cb6d8dfb}\MpKsl0f4fe379.sys

2012-07-12 16:54:21 -------- d-----w- c:\users\laptop\appdata\roaming\Malwarebytes

2012-07-12 16:54:05 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-12 16:54:05 -------- d-----w- c:\programdata\Malwarebytes

2012-07-12 16:54:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-07-12 16:02:31 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{0a370d10-14f4-461c-b0ca-dc15cb6d8dfb}\offreg.dll

2012-07-12 16:02:31 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{0a370d10-14f4-461c-b0ca-dc15cb6d8dfb}\MpKsldbe1714f.sys

2012-07-12 15:33:42 6762896 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{0a370d10-14f4-461c-b0ca-dc15cb6d8dfb}\mpengine.dll

2012-07-12 12:48:52 6762896 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2012-07-12 11:04:12 -------- d-----w- c:\program files\Free Window Registry Repair

2012-07-11 17:06:14 115211 -c--a-w- c:\programdata\microsoft\windows\wer\reportqueue\report03dd94c0\Uninstall.exe

2012-07-11 11:41:47 2047488 ----a-w- c:\windows\system32\win32k.sys

2012-07-11 11:24:39 115211 -c--a-w- c:\programdata\microsoft\windows\wer\reportqueue\report03da8e89\Uninstall.exe

2012-07-11 10:58:57 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-07-10 15:21:56 115211 -c--a-w- c:\programdata\microsoft\windows\wer\reportqueue\report047918df\Uninstall.exe

2012-07-03 21:26:52 713784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{00cc2233-d609-4cc4-b66a-d7ef8b104cc7}\gapaengine.dll

2012-07-01 10:56:26 -------- d-----w- c:\users\laptop\appdata\local\Vid-Saver

2012-07-01 10:53:40 -------- d-----w- c:\users\laptop\appdata\local\Conduit

2012-06-29 07:31:55 -------- d-----w- c:\users\laptop\appdata\local\Facebook

2012-06-21 04:11:23 476936 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-06-19 16:31:15 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-19 16:30:36 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-19 16:29:50 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-19 16:29:49 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-06-13 23:17:57 984064 ----a-w- c:\windows\system32\crypt32.dll

2012-06-13 23:17:57 133120 ----a-w- c:\windows\system32\cryptsvc.dll

2012-06-13 23:17:55 98304 ----a-w- c:\windows\system32\cryptnet.dll

2012-06-13 23:17:15 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys

.

==================== Find3M ====================

.

2012-06-21 04:10:30 472840 ----a-w- c:\windows\system32\deployJava1.dll

2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll

2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-05-25 20:04:29 499712 ----a-w- c:\windows\system32\msvcp71.dll

2012-05-25 20:04:29 348160 ----a-w- c:\windows\system32\msvcr71.dll

.

============= FINISH: 15:38:12.56 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 9/17/2011 8:15:19 AM

System Uptime: 7/12/2012 1:48:46 PM (2 hours ago)

.

Motherboard: TOSHIBA | | ISKAA

Processor: Intel® Celeron® CPU 540 @ 1.86GHz | U2E1 | 1862/mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 110 GiB total, 65.963 GiB free.

D: is CDROM ()

E: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP482: 7/11/2012 8:36:13 AM - Removed Google Talk Plugin

RP483: 7/11/2012 9:41:06 AM - Removed Java™ 6 Update 33

RP484: 7/11/2012 9:44:54 AM - Removed Java™ 6 Update 33

RP485: 7/11/2012 11:19:55 AM - Windows Update

RP486: 7/11/2012 11:43:04 AM - Windows Update

RP487: 7/12/2012 - Scheduled Checkpoint

RP488: 7/12/2012 8:00:26 AM - Removed Facebook Messenger 2.1.4570.0

RP489: 7/12/2012 8:31:08 AM - Restore Operation

RP490: 7/12/2012 11:16:56 AM - Removed Facebook Messenger 2.1.4570.0

.

==== Installed Programs ======================

.

Activation Assistant for the 2007 Microsoft Office suites

Adobe Reader 8.3.1

ALPS Touch Pad Driver

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Atheros Driver Installation Program

Atheros Wi-Fi Protected Setup Library

Bluetooth Stack for Windows by Toshiba

Bonjour

CD/DVD Drive Acoustic Silencer

Compatibility Pack for the 2007 Office system

DiskAid 4.63

DivX Setup

Dowce

DVD MovieFactory for TOSHIBA

FrostWire 5.3.4

GearDrvs

Google Chrome

Google Desktop

Google Talk (remove only)

Google Talk Plugin

Google Toolbar for Internet Explorer

Google Update Helper

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

iCloud

IHA_MessageCenter

Intel® Graphics Media Accelerator Driver

iTunes

Java Auto Updater

Java™ 6 Update 22

Java™ 6 Update 3

Java™ 6 Update 33

Malwarebytes Anti-Malware version 1.62.0.1300

Memeo AutoBackup

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Home and Student 2007

Microsoft Office Live Meeting 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable - KB2467175

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

Microsoft XML Parser

MSXML 4.0 SP2 (KB941833)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Napster

Napster Burn Engine

Norton 360

OpenOffice.org 3.3

OverDrive Media Console

Picasa 2

PicsAid 1.4

Premiumplay Codec-C

QuickBooks Financial Center

QuickTime

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista

Realtek High Definition Audio Driver

RealUpgrade 1.1

Safari

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

Security Update for Windows Media Encoder (KB2447961)

Synaptics Pointing Device Driver

Texas Instruments PCIxx21/x515/xx12 drivers.

TIPCI

TOSHIBA Assist

TOSHIBA ConfigFree

TOSHIBA Disc Creator

TOSHIBA DVD PLAYER

TOSHIBA Extended Tiles for Windows Mobility Center

TOSHIBA Flash Cards Support Utility

TOSHIBA Games

TOSHIBA Hardware Setup

Toshiba Registration

TOSHIBA SD Memory Utilities

TOSHIBA Software Modem

TOSHIBA Software Upgrades

TOSHIBA Speech System Applications

TOSHIBA Speech System SR Engine(U.S.) Version1.0

TOSHIBA Speech System TTS Engine(U.S.) Version1.0

TOSHIBA Supervisor Password

TOSHIBA Value Added Package

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Utility Common Driver

VC80CRTRedist - 8.0.50727.6195

Visual C++ Runtime for Dragon NaturallySpeaking

Vz In Home Agent

Windows Media Encoder 9 Series

Yahoo! Messenger

YTD YouTube Downloader & Converter 3.7

.

==== Event Viewer Messages From Past Week ========

.

7/9/2012 8:22:01 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the IHA_MessageCenter service to connect.

7/9/2012 8:22:01 PM, Error: Service Control Manager [7000] - The IHA_MessageCenter service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

7/8/2012 6:10:30 PM, Error: Service Control Manager [7034] - The Google Update Service (gupdate) service terminated unexpectedly. It has done this 1 time(s).

7/6/2012 8:25:46 AM, Error: EventLog [6008] - The previous system shutdown at 8:24:00 AM on 7/6/2012 was unexpected.

7/6/2012 3:19:04 PM, Error: EventLog [6008] - The previous system shutdown at 3:16:49 PM on 7/6/2012 was unexpected.

7/5/2012 5:25:05 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.3 for the Network Card with network address 001B9EDE3C93 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

7/12/2012 9:47:24 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.1232.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode

7/12/2012 9:47:24 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

7/12/2012 9:33:11 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

7/12/2012 9:33:10 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC jswpslwf MpFilter NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx Wanarpv6

7/12/2012 9:33:10 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

7/12/2012 9:33:10 AM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

7/12/2012 9:33:10 AM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.

7/12/2012 9:33:10 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

7/12/2012 9:33:10 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

7/12/2012 9:33:10 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

7/12/2012 9:33:10 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

7/12/2012 9:33:10 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.

7/12/2012 9:33:10 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

7/12/2012 9:33:10 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

7/12/2012 9:33:10 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

7/12/2012 9:33:10 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

7/12/2012 9:32:09 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

7/12/2012 9:32:09 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

7/12/2012 9:31:40 AM, Error: EventLog [6008] - The previous system shutdown at 9:27:27 AM on 7/12/2012 was unexpected.

7/12/2012 9:25:35 AM, Error: EventLog [6008] - The previous system shutdown at 9:20:48 AM on 7/12/2012 was unexpected.

7/12/2012 9:03:00 AM, Error: EventLog [6008] - The previous system shutdown at 8:59:25 AM on 7/12/2012 was unexpected.

7/12/2012 8:51:22 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.

7/12/2012 8:51:22 AM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

7/12/2012 8:48:52 AM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 1.129.1232.0;1.129.1232.0 Engine version: 1.1.8502.0

7/12/2012 3:25:25 PM, Error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.

7/12/2012 3:24:40 PM, Error: Microsoft Antimalware [5008] - Microsoft Antimalware engine has been terminated due to an unexpected error. Failure Type: Hang Exception code: Resource: file:C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report03da8e89\Uninstall.exe

7/12/2012 12:18:39 PM, Error: EventLog [6008] - The previous system shutdown at 12:16:55 PM on 7/12/2012 was unexpected.

7/12/2012 12:14:22 PM, Error: EventLog [6008] - The previous system shutdown at 12:12:13 PM on 7/12/2012 was unexpected.

7/12/2012 11:41:53 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.1535.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x8024001e Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

7/12/2012 1:50:48 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

7/12/2012 1:16:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

7/12/2012 1:10:58 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: MpFilter spldr Wanarpv6

7/12/2012 1:10:58 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

7/12/2012 1:10:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

7/12/2012 1:10:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

7/12/2012 1:10:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

7/12/2012 1:10:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

7/12/2012 1:09:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

7/12/2012 1:09:37 PM, Error: EventLog [6008] - The previous system shutdown at 1:08:07 PM on 7/12/2012 was unexpected.

7/12/2012 1:07:54 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Font Cache Service service to connect.

7/12/2012 1:07:54 PM, Error: Service Control Manager [7000] - The Windows Font Cache Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

7/12/2012 1:07:25 PM, Error: Service Control Manager [7022] - The Background Intelligent Transfer Service service hung on starting.

7/12/2012 1:07:25 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

7/11/2012 8:37:24 AM, Error: volsnap [20] - The shadow copies of volume C: were aborted because of a failed free space computation.

7/11/2012 8:30:01 AM, Error: EventLog [6008] - The previous system shutdown at 8:27:05 AM on 7/11/2012 was unexpected.

7/11/2012 8:01:47 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows Vista (KB2691442).

7/11/2012 7:45:27 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2691442 (Security Update) into Resolving(Resolving) state

7/11/2012 7:45:27 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2691442 (Security Update) into Absent(Absent) state

7/11/2012 7:38:11 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.1232.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

7/11/2012 7:38:11 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.1232.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

7/11/2012 7:18:46 AM, Error: Microsoft Antimalware [5008] - Microsoft Antimalware engine has been terminated due to an unexpected error. Failure Type: Hang Exception code: Resource: file:C:\Program Files\Picasa2\Uninstall.exe

7/11/2012 7:06:35 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.1232.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

7/11/2012 7:06:35 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.1232.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

7/11/2012 7:04:48 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows Vista (KB2719985).

7/11/2012 7:04:48 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows Vista (KB2698365).

7/11/2012 7:04:48 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows Vista (KB2655992).

7/11/2012 6:58:31 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2698365 (Security Update) into Resolving(Resolving) state

7/11/2012 6:58:31 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2698365 (Security Update) into Absent(Absent) state

7/11/2012 6:58:16 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2698365-9_neutral_LDR from package KB2698365(Security Update) into Resolving(Resolving) state

7/11/2012 6:58:16 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2698365-8_neutral_LDR from package KB2698365(Security Update) into Resolving(Resolving) state

7/11/2012 6:58:16 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2698365-7_neutral_LDR from package KB2698365(Security Update) into Resolving(Resolving) state

7/11/2012 6:58:16 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2698365-6_neutral_LDR from package KB2698365(Security Update) into Resolving(Resolving) state

7/11/2012 6:58:16 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2698365-5_neutral_LDR from package KB2698365(Security Update) into Resolving(Resolving) state

7/11/2012 6:58:16 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2698365-4_neutral_LDR from package KB2698365(Security Update) into Resolving(Resolving) state

7/11/2012 6:58:16 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2698365-3_neutral_LDR from package KB2698365(Security Update) into Resolving(Resolving) state

7/11/2012 6:58:16 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2698365-21_neutral_LDR from package KB2698365(Security Update) into Resolving(Resolving) state

7/11/2012 6:58:16 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2698365-20_neutral_GDR from package KB2698365(Security Update) into Resolving(Resolving) state

7/11/2012 6:58:16 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2698365-2_neutral_LDR from package KB2698365(Security Update) into Resolving(Resolving) state

7/11/2012 6:58:16 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2698365-19_neutral_LDR from package KB2698365(Security Update) into Resolving(Resolving) state

7/11/2012 6:58:16 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2698365-18_neutral_LDR from package KB2698365(Security Update) into Resolving(Resolving) state

7/11/2012 6:58:16 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2698365-17_neutral_LDR from package KB2698365(Security Update) into Resolving(Resolving) state

7/11/2012 6:58:16 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2698365-16_neutral_LDR from package KB2698365(Security Update) into Resolving(Resolving) state

7/11/2012 6:58:16 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2698365-15_neutral_LDR from package KB2698365(Security Update) into Resolving(Resolving) state

7/11/2012 6:58:16 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2698365-14_neutral_LDR from package KB2698365(Security Update) into Resolving(Resolving) state

7/11/2012 6:58:16 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2698365-13_neutral_GDR from package KB2698365(Security Update) into Resolving(Resolving) state

7/11/2012 6:58:16 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2698365-12_neutral_LDR from package KB2698365(Security Update) into Resolving(Resolving) state

7/11/2012 6:58:16 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2698365-11_neutral_LDR from package KB2698365(Security Update) into Resolving(Resolving) state

7/11/2012 6:58:16 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2698365-10_neutral_LDR from package KB2698365(Security Update) into Resolving(Resolving) state

7/11/2012 6:58:16 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2698365-1_neutral_LDR from package KB2698365(Security Update) into Resolving(Resolving) state

7/11/2012 6:57:09 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2719985 (Security Update) into Resolving(Resolving) state

7/11/2012 6:57:09 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2719985 (Security Update) into Absent(Absent) state

7/11/2012 6:56:46 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2719985-4_neutral_GDR from package KB2719985(Security Update) into Resolving(Resolving) state

7/11/2012 6:56:46 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2719985-3_neutral_LDR from package KB2719985(Security Update) into Resolving(Resolving) state

7/11/2012 6:56:46 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2719985-2_neutral_GDR from package KB2719985(Security Update) into Resolving(Resolving) state

7/11/2012 6:56:46 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2719985-1_neutral_LDR from package KB2719985(Security Update) into Resolving(Resolving) state

7/11/2012 6:55:52 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

7/11/2012 6:55:52 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

7/11/2012 6:53:07 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2655992 (Security Update) into Resolving(Resolving) state

7/11/2012 6:53:07 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2655992 (Security Update) into Absent(Absent) state

7/11/2012 6:52:47 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2655992-8_neutral_GDR from package KB2655992(Security Update) into Resolving(Resolving) state

7/11/2012 6:52:47 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2655992-7_neutral_LDR from package KB2655992(Security Update) into Resolving(Resolving) state

7/11/2012 6:52:47 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2655992-6_neutral_LDR from package KB2655992(Security Update) into Resolving(Resolving) state

7/11/2012 6:52:47 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2655992-5_neutral_GDR from package KB2655992(Security Update) into Resolving(Resolving) state

7/11/2012 6:52:47 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2655992-4_neutral_LDR from package KB2655992(Security Update) into Resolving(Resolving) state

7/11/2012 6:52:47 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2655992-3_neutral_GDR from package KB2655992(Security Update) into Resolving(Resolving) state

7/11/2012 6:52:47 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2655992-2_neutral_LDR from package KB2655992(Security Update) into Resolving(Resolving) state

7/11/2012 6:52:47 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2655992-1_neutral_LDR from package KB2655992(Security Update) into Resolving(Resolving) state

7/11/2012 6:47:22 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

7/11/2012 6:39:13 AM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 1.129.1232.0;1.129.1232.0 Engine version: 1.1.8502.0

7/11/2012 10:59:15 AM, Error: EventLog [6008] - The previous system shutdown at 10:57:57 AM on 7/11/2012 was unexpected.

7/11/2012 10:44:24 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.1232.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x8024001e Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

7/11/2012 1:01:54 PM, Error: Microsoft Antimalware [5008] - Microsoft Antimalware engine has been terminated due to an unexpected error. Failure Type: Hang Exception code: Resource: file:C:\Program Files\Picasa2\Uninstall.exe

7/11/2012 1:00:02 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.

7/10/2012 9:19:11 AM, Error: EventLog [6008] - The previous system shutdown at 9:17:13 AM on 7/10/2012 was unexpected.

7/10/2012 8:44:29 AM, Error: EventLog [6008] - The previous system shutdown at 8:42:57 AM on 7/10/2012 was unexpected.

7/10/2012 6:56:12 AM, Error: EventLog [6008] - The previous system shutdown at 6:54:32 AM on 7/10/2012 was unexpected.

7/10/2012 6:08:40 AM, Error: EventLog [6008] - The previous system shutdown at 6:06:34 AM on 7/10/2012 was unexpected.

7/10/2012 11:21:06 AM, Error: Microsoft Antimalware [5008] - Microsoft Antimalware engine has been terminated due to an unexpected error. Failure Type: Hang Exception code: Resource: file:C:\Program Files\Picasa2\Uninstall.exe

7/10/2012 11:12:24 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the fbdusb_svc service.

.

==== End Of File ===========================

Test

Maniac · July 13, 2012

Hello BigRedd! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

If you are a paying customer, you have the privilege to contact the help desk at Consumer Support or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
Make sure you read all of the instructions and fixes thoroughly before continuing with them.
Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

I would like to see what were found from Malwarebytes' Anti-Malware. Please run the program, go to Logs tab and with a double click on the line find the log file and post it for me. Thanks!

BigRedd · July 13, 2012

Malwarebytes Anti-Malware (Trial) 1.62.0.1300

www.malwarebytes.org

Database version: v2012.07.12.08

Windows Vista Service Pack 2 x86 NTFS (Safe Mode)

Internet Explorer 9.0.8112.16421

Laptop :: LAPTOP-PC [administrator]

Protection: Disabled

7/12/2012 12:55:11 PM

mbam-log-2012-07-12 (12-55-11).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 203752

Time elapsed: 4 minute(s), 38 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 29

HKCR\CLSID\{11111111-1111-1111-1111-110011041135} (PUP.Codec.PR) -> Quarantined and deleted successfully.

HKCR\TypeLib\{44444444-4444-4444-4444-440044044435} (PUP.Codec.PR) -> Quarantined and deleted successfully.

HKCR\Interface\{55555555-5555-5555-5555-550055045535} (PUP.Codec.PR) -> Quarantined and deleted successfully.

HKCR\CrossriderApp0000435.BHO.1 (PUP.Codec.PR) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011041135} (PUP.Codec.PR) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011041135} (PUP.Codec.PR) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011041135} (PUP.Codec.PR) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011041135} (PUP.Codec.PR) -> Quarantined and deleted successfully.

HKCR\CLSID\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.

HKCR\TypeLib\{44444444-4444-4444-4444-440044344491} (PUP.GamePlayLab) -> Quarantined and deleted successfully.

HKCR\Interface\{55555555-5555-5555-5555-550055345591} (PUP.GamePlayLab) -> Quarantined and deleted successfully.

HKCR\CrossriderApp0003491.BHO.1 (PUP.GamePlayLab) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.

HKCR\CrossriderApp0003491.BHO (PUP.GamePlayLab) -> Quarantined and deleted successfully.

HKCR\CrossriderApp0000435.BHO (PUP.Codec.PR) -> Quarantined and deleted successfully.

HKCR\CrossriderApp0000435.FBApi (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.

HKCR\CrossriderApp0000435.FBApi.1 (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.

HKCR\CrossriderApp0000435.Sandbox (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.

HKCR\CrossriderApp0000435.Sandbox.1 (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.

HKCR\CrossriderApp0003491.FBApi (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.

HKCR\CrossriderApp0003491.FBApi.1 (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.

HKCR\CrossriderApp0003491.Sandbox (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.

HKCR\CrossriderApp0003491.Sandbox.1 (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.

HKCU\Software\Cr_Installer\3491 (Adware.GamePlayLab) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> Quarantined and deleted successfully.

Registry Values Detected: 1

HKCU\Software\InstalledBrowserExtensions\215 Apps|3491 (PUP.CrossFire.SA) -> Data: Vid-Saver -> Quarantined and deleted successfully.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Program Files\Premiumplay Codec-C\Premiumplay Codec-C.dll (PUP.Codec.PR) -> Quarantined and deleted successfully.

(end)

BigRedd · July 13, 2012

This is after the installed protection found (and keeps finding) Opencandy and 'something'bar (don't remember)... again.. Thanks for all you guys do...

Maniac · July 13, 2012

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

BigRedd · July 13, 2012

OTL logfile created on: 7/13/2012 10:45:06 AM - Run 1

OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Laptop\Downloads

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.55 Gb Available Physical Memory | 77.95% Memory free

4.21 Gb Paging File | 3.94 Gb Available in Paging File | 93.60% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 110.32 Gb Total Space | 61.70 Gb Free Space | 55.93% Space Free | Partition Type: NTFS

Computer Name: LAPTOP-PC | User Name: Laptop | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/13 10:43:58 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Laptop\Downloads\OTL.exe

PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe

PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

========== Modules (No Company Name) ==========

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService)

SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)

SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV - [2011/12/12 12:03:40 | 000,290,832 | ---- | M] (Verizon) [Auto | Stopped] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)

SRV - [2009/11/24 16:15:52 | 000,115,536 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\fbdusb_svc.exe -- (fbdusb_svc)

SRV - [2008/01/21 19:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)

SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2008/01/17 19:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)

SRV - [2007/12/25 17:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (ConfigFree Service)

SRV - [2007/12/03 20:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)

SRV - [2007/11/21 21:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)

SRV - [2007/10/30 03:35:40 | 000,937,984 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\Jumpstart\jswpsapi.exe -- (jswpsapi)

SRV - [2007/10/23 20:27:16 | 000,066,928 | ---- | M] () [Auto | Stopped] -- c:\Toshiba\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)

SRV - [2007/09/28 20:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)

SRV - [2007/09/24 21:38:00 | 000,181,784 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)

SRV - [2007/01/25 22:47:50 | 000,136,816 | ---- | M] () [Auto | Stopped] -- C:\Toshiba\IVP\ISM\pinger.exe -- (pinger)

SRV - [2006/10/05 16:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)

SRV - [2006/08/23 20:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\TpChoice.sys -- (TpChoice)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Tosrfcom)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)

DRV - [2010/07/14 09:33:08 | 002,696,960 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvtcam.sys -- (DCamUSBNovatek)

DRV - [2008/07/29 05:05:04 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2008/01/21 18:42:24 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)

DRV - [2007/11/09 17:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)

DRV - [2007/08/31 20:43:32 | 000,020,352 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)

DRV - [2007/04/30 17:42:14 | 000,081,408 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)

DRV - [2007/01/24 18:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)

DRV - [2006/11/28 19:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2006/11/09 01:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10I.sys -- (KR10I)

DRV - [2006/11/09 01:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10N.sys -- (KR10N)

DRV - [2006/10/18 15:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)

DRV - [2006/10/04 22:42:42 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdralw2k.sys -- (Cdralw2k)

DRV - [2006/10/04 22:42:42 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)

DRV - [2006/08/30 12:35:58 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)

DRV - [2006/07/28 20:25:26 | 000,019,456 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\LPCFilter.sys -- (LPCFilter)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart

IE - HKLM\..\URLSearchHook: {f9bbf004-6e40-4019-8214-c43a37e1d058} - SOFTWARE\Classes\CLSID\{f9bbf004-6e40-4019-8214-c43a37e1d058}\InprocServer32 File not found

IE - HKLM\..\SearchScopes,DefaultScope = {9B0F0ED8-9FE7-4C36-A888-EA66E0E40841}

IE - HKLM\..\SearchScopes\{9B0F0ED8-9FE7-4C36-A888-EA66E0E40841}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage};

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2133677064-2067794076-3227740712-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart

IE - HKU\S-1-5-21-2133677064-2067794076-3227740712-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT3131886

IE - HKU\S-1-5-21-2133677064-2067794076-3227740712-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-2133677064-2067794076-3227740712-1000\..\URLSearchHook: {f9bbf004-6e40-4019-8214-c43a37e1d058} - SOFTWARE\Classes\CLSID\{f9bbf004-6e40-4019-8214-c43a37e1d058}\InprocServer32 File not found

IE - HKU\S-1-5-21-2133677064-2067794076-3227740712-1000\..\SearchScopes,DefaultScope = {9B0F0ED8-9FE7-4C36-A888-EA66E0E40841}

IE - HKU\S-1-5-21-2133677064-2067794076-3227740712-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=DAWN1aPAbZBBacfn1CIFcuHDKys?q={searchTerms}

IE - HKU\S-1-5-21-2133677064-2067794076-3227740712-1000\..\SearchScopes\{9B0F0ED8-9FE7-4C36-A888-EA66E0E40841}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TSHB_enUS449

IE - HKU\S-1-5-21-2133677064-2067794076-3227740712-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2133677064-2067794076-3227740712-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre1.6.0_22\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Laptop\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Laptop\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Laptop\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Laptop\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/07/12 08:40:09 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/07/12 08:40:05 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - homepage:

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Laptop\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Laptop\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Laptop\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Laptop\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Laptop\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll

CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

CHR - plugin: Google Update (Enabled) = C:\Users\Laptop\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll

CHR - plugin: Java Platform SE 6 U33 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll

CHR - plugin: Java Deployment Toolkit 6.0.330.3 (Enabled) = C:\Windows\system32\npdeployJava1.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll

CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpplugin.dll

CHR - plugin: Facebook Desktop (Enabled) = C:\Users\Laptop\AppData\Local\Facebook\Messenger\2.1.4570.0\npFbDesktopPlugin.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll

CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\

CHR - Extension: Vid-Saver = C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.18.26_0\crossrider

CHR - Extension: Vid-Saver = C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.18.26_0\

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_22\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.6.0_22\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Vgrabber1 Toolbar) - {f9bbf004-6e40-4019-8214-c43a37e1d058} - C:\Program Files\Vgrabber1\prxtbVgra.dll File not found

O3 - HKLM\..\Toolbar: (Vgrabber1 Toolbar) - {f9bbf004-6e40-4019-8214-c43a37e1d058} - C:\Program Files\Vgrabber1\prxtbVgra.dll File not found

O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [HWSetup] \HWSetup.exe hwSetUP File not found

O4 - HKLM..\Run: [iTSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)

O4 - HKLM..\Run: [jswtrayutil] "C:\Program Files\Jumpstart\jswtrayutil.exe" File not found

O4 - HKLM..\Run: [KeNotify] C:\Program Files\Toshiba\Utilities\KeNotify.exe ()

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [smoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [sVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)

O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-2133677064-2067794076-3227740712-1000..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)

O4 - HKU\S-1-5-21-2133677064-2067794076-3227740712-1000..\Run: [Dowce] C:\Users\Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dowce\Dowce.appref-ms ()

O4 - HKU\S-1-5-21-2133677064-2067794076-3227740712-1000..\Run: [googletalk] C:\Users\Laptop\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)

O4 - HKU\S-1-5-21-2133677064-2067794076-3227740712-1000..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)

O4 - HKU\S-1-5-21-2133677064-2067794076-3227740712-1000..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup File not found

O4 - HKU\S-1-5-21-2133677064-2067794076-3227740712-1000..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)

O4 - HKU\S-1-5-21-2133677064-2067794076-3227740712-1000..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-2133677064-2067794076-3227740712-1000\..Trusted Domains: localhost ([]http in Local intranet)

O15 - HKU\S-1-5-21-2133677064-2067794076-3227740712-1000\..Trusted Ranges: GD ([http] in Local intranet)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.242.0.12

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{38345E4D-9E2C-42F5-AC8A-C5DAC44F2AD7}: DhcpNameServer = 172.22.220.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F9C9F66D-16C5-4A01-90F0-18F3B4C72DEC}: DhcpNameServer = 192.168.1.1 71.242.0.12

O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/12 16:25:01 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Roaming\PandoraRecovery

[2012/07/12 16:23:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pandora Recovery

[2012/07/12 16:23:26 | 000,000,000 | ---D | C] -- C:\Program Files\Pandora Recovery

[2012/07/12 13:38:25 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Laptop\Desktop\dds.com

[2012/07/12 13:17:55 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee

[2012/07/12 12:54:21 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Roaming\Malwarebytes

[2012/07/12 12:54:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/07/12 12:54:05 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012/07/12 12:54:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012/07/12 12:54:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/07/12 07:04:21 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Window Registry Repair

[2012/07/12 07:04:12 | 000,000,000 | ---D | C] -- C:\Program Files\Free Window Registry Repair

[2012/07/01 06:56:26 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\Vid-Saver

[2012/07/01 06:55:28 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Video Downloader

[2012/07/01 06:53:40 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\Conduit

[2012/06/29 03:31:55 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\Facebook

[2012/06/25 07:05:48 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Roaming\Mozilla

[2012/06/22 19:23:29 | 000,000,000 | ---D | C] -- C:\Users\Laptop\Desktop\Doctors

[2012/06/22 00:58:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD YouTube Downloader & Converter

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/13 09:02:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/07/13 07:55:27 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2133677064-2067794076-3227740712-1000UA.job

[2012/07/13 07:54:10 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/07/13 07:52:12 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012/07/13 07:52:12 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012/07/13 07:51:19 | 000,000,310 | ---- | M] () -- C:\Windows\tasks\WinMaximizer-Laptop-Startup.job

[2012/07/13 07:45:39 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/07/13 07:30:42 | 000,112,238 | ---- | M] () -- C:\Users\Laptop\Desktop\21233854001_large.jpg

[2012/07/13 06:54:08 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2133677064-2067794076-3227740712-1000Core.job

[2012/07/12 16:23:33 | 000,001,802 | ---- | M] () -- C:\Users\Public\Desktop\Pandora Recovery.lnk

[2012/07/12 13:38:26 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Laptop\Desktop\dds.com

[2012/07/12 12:54:06 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/07/12 12:18:07 | 144,014,987 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2012/07/12 09:37:35 | 000,001,356 | ---- | M] () -- C:\Users\Laptop\AppData\Local\d3d9caps.dat

[2012/07/11 08:05:36 | 000,349,248 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012/07/10 14:38:14 | 000,033,844 | ---- | M] () -- C:\Users\Laptop\Desktop\5G75Ef5J83k53F33M8c7a866c6c3510521c61.jpg

[2012/07/10 14:24:54 | 000,018,583 | ---- | M] () -- C:\Users\Laptop\Desktop\396747_443154725718917_2112718480_n.jpg

[2012/07/09 16:22:37 | 000,007,680 | ---- | M] () -- C:\Users\Laptop\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/07/09 06:50:43 | 000,049,895 | ---- | M] () -- C:\Users\Laptop\Desktop\216354_1745541160765_2029234_n.jpg

[2012/07/08 04:37:17 | 000,026,322 | ---- | M] () -- C:\Users\Laptop\Desktop\553257_199555283507233_1597190042_n.jpg

[2012/07/07 23:54:42 | 000,057,513 | ---- | M] () -- C:\Users\Laptop\Desktop\19843_231908203862_4292330_n.jpg

[2012/07/06 12:38:06 | 000,606,602 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012/07/06 12:38:06 | 000,105,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012/07/06 08:20:59 | 000,002,305 | ---- | M] () -- C:\Users\Laptop\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk

[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012/07/01 11:48:20 | 000,002,058 | ---- | M] () -- C:\Users\Laptop\Desktop\Google Chrome.lnk

[2012/07/01 11:48:20 | 000,002,020 | ---- | M] () -- C:\Users\Laptop\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2012/06/30 23:47:32 | 000,143,366 | ---- | M] () -- C:\Users\Laptop\Desktop\394143_317597558287365_847860475_n.jpg

[2012/06/22 17:24:46 | 009,106,447 | ---- | M] () -- C:\Users\Laptop\Desktop\drop_it-9112786.mp4

[2012/06/22 01:35:46 | 007,342,378 | ---- | M] () -- C:\Users\Laptop\Desktop\Candy-9112787.mp4

[2012/06/22 01:05:38 | 024,192,752 | ---- | M] () -- C:\Users\Laptop\Desktop\Shower Time.flv

[2012/06/22 00:58:41 | 000,001,191 | ---- | M] () -- C:\Users\Public\Desktop\YTD YouTube Downloader & Converter.lnk

[2012/06/21 02:48:09 | 000,086,785 | ---- | M] () -- C:\Users\Laptop\Desktop\246988_207796819259198_882043_n.jpg

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/13 07:30:54 | 000,112,238 | ---- | C] () -- C:\Users\Laptop\Desktop\21233854001_large.jpg

[2012/07/12 16:23:33 | 000,001,802 | ---- | C] () -- C:\Users\Public\Desktop\Pandora Recovery.lnk

[2012/07/12 12:54:06 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/07/12 12:18:07 | 144,014,987 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2012/07/10 14:38:17 | 000,033,844 | ---- | C] () -- C:\Users\Laptop\Desktop\5G75Ef5J83k53F33M8c7a866c6c3510521c61.jpg

[2012/07/10 14:24:59 | 000,018,583 | ---- | C] () -- C:\Users\Laptop\Desktop\396747_443154725718917_2112718480_n.jpg

[2012/07/09 06:50:49 | 000,049,895 | ---- | C] () -- C:\Users\Laptop\Desktop\216354_1745541160765_2029234_n.jpg

[2012/07/08 04:37:20 | 000,026,322 | ---- | C] () -- C:\Users\Laptop\Desktop\553257_199555283507233_1597190042_n.jpg

[2012/07/07 23:54:44 | 000,057,513 | ---- | C] () -- C:\Users\Laptop\Desktop\19843_231908203862_4292330_n.jpg

[2012/07/01 07:33:16 | 000,007,680 | ---- | C] () -- C:\Users\Laptop\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/06/30 23:47:40 | 000,143,366 | ---- | C] () -- C:\Users\Laptop\Desktop\394143_317597558287365_847860475_n.jpg

[2012/06/22 01:30:09 | 007,342,378 | ---- | C] () -- C:\Users\Laptop\Desktop\Candy-9112787.mp4

[2012/06/22 01:28:47 | 009,106,447 | ---- | C] () -- C:\Users\Laptop\Desktop\drop_it-9112786.mp4

[2012/06/22 01:04:31 | 024,192,752 | ---- | C] () -- C:\Users\Laptop\Desktop\Shower Time.flv

[2012/06/22 00:58:41 | 000,001,191 | ---- | C] () -- C:\Users\Public\Desktop\YTD YouTube Downloader & Converter.lnk

[2012/06/21 02:48:14 | 000,086,785 | ---- | C] () -- C:\Users\Laptop\Desktop\246988_207796819259198_882043_n.jpg

[2012/04/06 10:59:53 | 000,002,394 | ---- | C] () -- C:\Users\Laptop\AppData\Roaming\SAS7_000.DAT

[2011/12/09 23:53:38 | 000,115,536 | ---- | C] () -- C:\Windows\System32\fbdusb_svc.exe

[2011/11/18 06:31:08 | 000,161,360 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat

[2011/10/27 01:19:04 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI

[2011/10/27 01:19:04 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI

[2011/09/30 09:56:35 | 000,001,356 | ---- | C] () -- C:\Users\Laptop\AppData\Local\d3d9caps.dat

[2011/09/26 20:24:56 | 000,000,124 | ---- | C] () -- C:\Users\Laptop\AppData\Roaming\wklnhst.dat

[2011/09/24 21:08:45 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2011/09/24 21:08:44 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2011/09/24 21:07:33 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2011/09/17 08:09:34 | 000,000,006 | RHS- | C] () -- C:\Windows\System32\drivers\taishop.sys

[2011/09/17 05:14:39 | 000,000,067 | ---- | C] () -- C:\Windows\swupdate.INI

[2011/09/17 05:07:41 | 000,000,016 | RHS- | C] () -- C:\Windows\System32\drivers\fbd.sys

========== LOP Check ==========

[2011/11/18 08:34:51 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\Azureus

[2011/09/17 16:45:30 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\CvgQuickConnect

[2011/11/24 19:53:24 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\DiskAid

[2012/04/04 08:51:57 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\Dowce

[2011/12/22 04:23:30 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\OpenOffice.org

[2011/11/30 09:07:39 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\OverDrive

[2012/07/12 16:25:02 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\PandoraRecovery

[2011/11/24 19:08:26 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\PicsAid

[2011/09/26 20:25:00 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\Template

[2012/04/03 05:27:20 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\TOSHIBA

[2012/05/01 20:40:25 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\Ulead Systems

[2011/09/24 20:40:11 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\WinBatch

[2012/07/12 13:49:35 | 000,032,598 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2012/07/13 07:51:19 | 000,000,310 | ---- | M] () -- C:\Windows\Tasks\WinMaximizer-Laptop-Startup.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Laptop\Desktop\drop_it-9112786.mp4:TOC.WMV

@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:F35A93AD

< End of report >

BigRedd · July 13, 2012

OTL Extras logfile created on: 7/13/2012 10:45:06 AM - Run 1

OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Laptop\Downloads

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.55 Gb Available Physical Memory | 77.95% Memory free

4.21 Gb Paging File | 3.94 Gb Available in Paging File | 93.60% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 110.32 Gb Total Space | 61.70 Gb Free Space | 55.93% Space Free | Partition Type: NTFS

Computer Name: LAPTOP-PC | User Name: Laptop | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine -- (TOSHIBA Corporation)

"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- ()

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{2A01E8F1-D9DF-4546-B8C6-68D8E2541D60}" = lport=138 | protocol=17 | dir=in | app=system |

"{3B2A0CF8-0A18-4414-A6FD-1B74FF42FE58}" = lport=137 | protocol=17 | dir=in | app=system |

"{61ED8263-1F6F-4F5E-A91B-954EDD367F9F}" = rport=137 | protocol=17 | dir=out | app=system |

"{63C5AD7A-DCD9-4296-806B-BD919F86AD7E}" = rport=445 | protocol=6 | dir=out | app=system |

"{7B7F2F71-B74B-458D-8F18-EE1D63F311C8}" = lport=50000 | protocol=17 | dir=in | name=iha_messagecenter |

"{901110D9-4330-4412-AAD1-8F8297850C46}" = rport=139 | protocol=6 | dir=out | app=system |

"{92C27358-4A6B-4485-8D93-13E66BA3AA3C}" = lport=445 | protocol=6 | dir=in | app=system |

"{AA702DE1-4757-406D-9B4C-8D8AA03F88F2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{B0A5B9F3-9ABC-4256-AC88-C15F9DCD3449}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{CD7C0C64-45FC-4BF3-9ACD-ECA97C28FDA7}" = lport=139 | protocol=6 | dir=in | app=system |

"{EA97639B-0C2B-4A36-B373-248F01201E17}" = lport=50000 | protocol=17 | dir=in | name=iha_messagecenter |

"{F27E6205-55F2-4C7C-83D1-7C7817D4BE9E}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{32BD779D-EBAB-4383-9995-0046085848C0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{5061DE94-5285-4382-A2F5-1FFCCC8BB6AE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{8B49324B-F948-446B-8504-2D8BFF2CFD48}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{9F0D667B-E526-4B7F-8BD3-368E7A6A4BB2}" = dir=in | app=c:\program files\itunes\itunes.exe |

"{A5810F01-53D3-4CFB-BD32-A80EC8A739B5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{A9530DFD-2A68-4B12-A6CE-56143E04677B}" = protocol=6 | dir=in | app=c:\program files\frostwire 5\frostwire.exe |

"{D17F7FC7-0B34-423C-AC98-EACEF7F50DE4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{D1D407E6-C5BB-4D60-882F-27A74617DFF4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{DAEDC1A6-891C-43D2-BBEC-111ADF4BE67C}" = protocol=17 | dir=in | app=c:\program files\frostwire 5\frostwire.exe |

"{DCB5A83C-51EA-4D07-8147-AE5C84EF4ABC}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |

"TCP Query User{0A324DBD-5E44-4273-9AA3-E6ACE018B3E6}C:\program files\frostwire 5\frostwire.exe" = protocol=6 | dir=in | app=c:\program files\frostwire 5\frostwire.exe |

"TCP Query User{157DBF48-F4E3-4123-91DA-4819705E7229}F:\qmsys\bin\qmusbsrvr.exe" = protocol=6 | dir=in | app=f:\qmsys\bin\qmusbsrvr.exe |

"TCP Query User{8EBCEB3A-EA27-41A1-B5A0-6C9DEB073667}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |

"TCP Query User{D665D33E-5A71-481E-86BD-65BB2C40AFC0}C:\users\laptop\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\laptop\appdata\roaming\spotify\spotify.exe |

"TCP Query User{F18A5492-32D8-4F63-8984-702096B73491}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

"TCP Query User{F2816A59-AFF0-4175-85C3-CCC5E3C15650}C:\users\laptop\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\laptop\appdata\roaming\spotify\spotify.exe |

"UDP Query User{14F0E4E5-367C-4469-9E10-4CCBF449AB88}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

"UDP Query User{625B19C0-6D50-4843-A181-EDE3064693B7}C:\users\laptop\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\laptop\appdata\roaming\spotify\spotify.exe |

"UDP Query User{A8CD0BB9-C99C-4639-B542-95481034D90E}C:\program files\frostwire 5\frostwire.exe" = protocol=17 | dir=in | app=c:\program files\frostwire 5\frostwire.exe |

"UDP Query User{B29632FC-EC05-479B-BA37-7A243C4A68BB}F:\qmsys\bin\qmusbsrvr.exe" = protocol=17 | dir=in | app=f:\qmsys\bin\qmusbsrvr.exe |

"UDP Query User{F2C80CAF-9B12-4C21-A389-A555914F8415}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |

"UDP Query User{F5D45837-1BE7-44CE-942B-7E2A4ABD9436}C:\users\laptop\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\laptop\appdata\roaming\spotify\spotify.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0

"{03240EBA-04F2-4652-BC7F-B055902BDCD3}" = Memeo AutoBackup

"{07FF08D2-C0CD-4B02-B9A6-E2E7E5762AA9}" = Vz In Home Agent

"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client

"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver

"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD YouTube Downloader & Converter 3.7

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java 6 Update 22

"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program

"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1

"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3

"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3

"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0

"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4A5A427F-BA39-4BF0-9A47-9999FBE60C9F}" = Visual C++ Runtime for Dragon NaturallySpeaking

"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password

"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup

"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator

"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center

"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility

"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree

"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour

"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime

"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista

"{890EF3F8-742F-46BD-9E8E-084B3A1F4364}" = QuickBooks Financial Center

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{975C3A93-2491-3D44-A071-F6CBF153E46D}" = Google Talk Plugin

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver

"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer

"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1

"{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}" = Atheros Wi-Fi Protected Setup Library

"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser

"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes

"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster

"{BE2DDF55-4C42-44CC-A56E-C8E4A65CB2FF}" = IHA_MessageCenter

"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba

"{D647F06F-2908-487E-9CDA-DE52148CBF49}" = OverDrive Media Console

"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI

"{E30E7561-A466-4393-B8BF-FD93E733EF3C}" = Microsoft Office Live Meeting 2007

"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series

"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities

"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA

"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari

"{FDB5E0F3-86EA-4379-8A2F-1BC2436543E9}" = iCloud

"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package

"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites

"DiskAid_is1" = DiskAid 4.63

"DivX Setup" = DivX Setup

"FrostWire 5" = FrostWire 5.3.4

"Google Desktop" = Google Desktop

"HDMI" = Intel® Graphics Media Accelerator Driver

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"InstallShield_{03240EBA-04F2-4652-BC7F-B055902BDCD3}" = Memeo AutoBackup

"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password

"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup

"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center

"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility

"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.

"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft Security Client" = Microsoft Security Essentials

"PandoraRecovery" = PandoraRecovery (Remove Only)

"Picasa2" = Picasa 2

"PicsAid_is1" = PicsAid 1.4

"Premiumplay Codec-C" = Premiumplay Codec-C

"RealPlayer 15.0" = RealPlayer

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"TOSHIBA Software Modem" = TOSHIBA Software Modem

"WildTangent toshiba Master Uninstall" = TOSHIBA Games

"Windows Media Encoder 9" = Windows Media Encoder 9 Series

"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2133677064-2067794076-3227740712-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)

"e1c70abc38d757d8" = Dowce

"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 6/14/2012 3:04:58 AM | Computer Name = Laptop-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 10578459

Error - 6/14/2012 3:05:03 AM | Computer Name = Laptop-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/14/2012 3:05:03 AM | Computer Name = Laptop-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 10583591

Error - 6/14/2012 3:05:03 AM | Computer Name = Laptop-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 10583591

Error - 6/14/2012 3:05:04 AM | Computer Name = Laptop-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/14/2012 3:05:04 AM | Computer Name = Laptop-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 10584839

Error - 6/14/2012 3:05:04 AM | Computer Name = Laptop-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 10584839

Error - 6/14/2012 3:05:05 AM | Computer Name = Laptop-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/14/2012 3:05:05 AM | Computer Name = Laptop-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 10586025

Error - 6/14/2012 3:05:05 AM | Computer Name = Laptop-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 10586025

[ System Events ]

Error - 7/13/2012 8:04:50 AM | Computer Name = Laptop-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 7/13/2012 9:02:12 AM | Computer Name = Laptop-PC | Source = EventLog | ID = 6008

Description = The previous system shutdown at 8:08:50 AM on 7/13/2012 was unexpected.

Error - 7/13/2012 9:02:28 AM | Computer Name = Laptop-PC | Source = DCOM | ID = 10005

Description =

Error - 7/13/2012 9:02:39 AM | Computer Name = Laptop-PC | Source = DCOM | ID = 10005

Description =

Error - 7/13/2012 9:02:42 AM | Computer Name = Laptop-PC | Source = DCOM | ID = 10005

Description =

Error - 7/13/2012 9:02:51 AM | Computer Name = Laptop-PC | Source = DCOM | ID = 10005

Description =

Error - 7/13/2012 9:02:52 AM | Computer Name = Laptop-PC | Source = DCOM | ID = 10005

Description =

Error - 7/13/2012 9:03:31 AM | Computer Name = Laptop-PC | Source = Service Control Manager | ID = 7001

Description =

Error - 7/13/2012 9:03:31 AM | Computer Name = Laptop-PC | Source = Service Control Manager | ID = 7026

Description =

Error - 7/13/2012 9:09:35 AM | Computer Name = Laptop-PC | Source = DCOM | ID = 10005

Description =

< End of report >

BigRedd · July 13, 2012

The above reports where in Safe Mode. I ran them again; see below!

BigRedd · July 13, 2012

OTL logfile created on: 7/13/2012 1:40:22 PM - Run 1

OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Laptop\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.62 Gb Available Physical Memory | 31.11% Memory free

4.22 Gb Paging File | 2.69 Gb Available in Paging File | 63.71% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 110.32 Gb Total Space | 61.65 Gb Free Space | 55.88% Space Free | Partition Type: NTFS

Drive D: | 4.08 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive E: | 968.25 Mb Total Space | 959.58 Mb Free Space | 99.10% Space Free | Partition Type: FAT

Computer Name: LAPTOP-PC | User Name: Laptop | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/13 13:39:25 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Laptop\Desktop\OTL.exe

PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012/05/25 16:04:32 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe

PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe

PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe

PRC - [2011/12/12 12:03:40 | 000,290,832 | ---- | M] (Verizon) -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe

PRC - [2009/11/24 16:15:52 | 000,115,536 | ---- | M] () -- C:\Windows\System32\fbdusb_svc.exe

PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009/03/20 07:36:58 | 000,210,216 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynToshiba.exe

PRC - [2008/01/29 22:51:52 | 004,911,104 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

PRC - [2008/01/29 20:00:40 | 000,430,080 | ---- | M] () -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe

PRC - [2008/01/22 17:25:26 | 000,712,704 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\FlashCards\TCrdMain.exe

PRC - [2008/01/21 19:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe

PRC - [2008/01/17 19:27:52 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TPwrMain.exe

PRC - [2008/01/17 19:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe

PRC - [2008/01/09 18:02:08 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe

PRC - [2007/12/25 17:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe

PRC - [2007/12/25 17:06:52 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe

PRC - [2007/12/03 20:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe

PRC - [2007/11/21 21:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe

PRC - [2007/10/23 20:27:16 | 000,066,928 | ---- | M] () -- c:\Toshiba\IVP\swupdate\swupdtmr.exe

PRC - [2007/09/28 20:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

PRC - [2007/09/28 20:03:46 | 000,075,136 | ---- | M] ( TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe

PRC - [2007/06/16 00:01:58 | 000,448,080 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SmoothView\SmoothView.exe

PRC - [2007/01/25 22:47:50 | 000,136,816 | ---- | M] () -- C:\Toshiba\IVP\ISM\pinger.exe

PRC - [2006/11/06 21:14:44 | 000,034,352 | ---- | M] () -- C:\Program Files\Toshiba\Utilities\KeNotify.exe

PRC - [2006/10/05 16:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe

PRC - [2006/08/23 20:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

========== Modules (No Company Name) ==========

MOD - [2012/07/02 17:05:33 | 004,051,456 | ---- | M] () -- C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.0.3\libGLESv2.dll

MOD - [2012/07/02 17:05:33 | 000,100,864 | ---- | M] () -- C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.0.3\libEGL.dll

MOD - [2012/06/28 06:28:56 | 000,438,296 | ---- | M] () -- C:\Users\Laptop\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppgooglenaclpluginchrome.dll

MOD - [2012/06/28 06:28:54 | 003,972,120 | ---- | M] () -- C:\Users\Laptop\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll

MOD - [2012/06/28 06:27:29 | 000,140,328 | ---- | M] () -- C:\Users\Laptop\AppData\Local\Google\Chrome\Application\20.0.1132.47\avutil-51.dll

MOD - [2012/06/28 06:27:28 | 000,262,184 | ---- | M] () -- C:\Users\Laptop\AppData\Local\Google\Chrome\Application\20.0.1132.47\avformat-54.dll

MOD - [2012/06/28 06:27:26 | 002,386,984 | ---- | M] () -- C:\Users\Laptop\AppData\Local\Google\Chrome\Application\20.0.1132.47\avcodec-54.dll

MOD - [2012/06/28 04:27:26 | 009,252,040 | ---- | M] () -- C:\Users\Laptop\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf32.dll

MOD - [2008/01/29 20:00:40 | 000,430,080 | ---- | M] () -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe

MOD - [2007/12/25 15:03:40 | 000,015,184 | ---- | M] () -- C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll

MOD - [2007/12/15 00:40:00 | 000,090,112 | ---- | M] () -- C:\Program Files\Toshiba\FlashCards\TWarnMsg\TWarnMsg.dll

MOD - [2007/12/15 00:28:38 | 004,726,784 | ---- | M] () -- C:\Program Files\Toshiba\FlashCards\BlackPng.dll

MOD - [2007/09/13 18:11:18 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll

MOD - [2006/11/06 21:14:44 | 000,034,352 | ---- | M] () -- C:\Program Files\Toshiba\Utilities\KeNotify.exe

MOD - [2006/10/10 15:44:16 | 000,009,728 | ---- | M] () -- C:\Program Files\Toshiba\TOSHIBA Assist\NotifyX.dll

MOD - [2006/10/07 15:57:04 | 000,053,248 | ---- | M] () -- C:\Program Files\Toshiba\TOSHIBA Disc Creator\NotifyTDC.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService)

SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)

SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV - [2011/12/12 12:03:40 | 000,290,832 | ---- | M] (Verizon) [Auto | Running] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)

SRV - [2009/11/24 16:15:52 | 000,115,536 | ---- | M] () [Auto | Running] -- C:\Windows\System32\fbdusb_svc.exe -- (fbdusb_svc)

SRV - [2008/01/21 19:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)

SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2008/01/17 19:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)

SRV - [2007/12/25 17:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (ConfigFree Service)

SRV - [2007/12/03 20:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)

SRV - [2007/11/21 21:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)

SRV - [2007/10/30 03:35:40 | 000,937,984 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\Jumpstart\jswpsapi.exe -- (jswpsapi)

SRV - [2007/10/23 20:27:16 | 000,066,928 | ---- | M] () [Auto | Running] -- c:\Toshiba\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)

SRV - [2007/09/28 20:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)

SRV - [2007/09/24 21:38:00 | 000,181,784 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)

SRV - [2007/01/25 22:47:50 | 000,136,816 | ---- | M] () [Auto | Running] -- C:\Toshiba\IVP\ISM\pinger.exe -- (pinger)

SRV - [2006/10/05 16:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)

SRV - [2006/08/23 20:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\TpChoice.sys -- (TpChoice)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Tosrfcom)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - [2012/07/13 05:35:48 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)

DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)

DRV - [2010/07/14 09:33:08 | 002,696,960 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvtcam.sys -- (DCamUSBNovatek)

DRV - [2008/07/29 05:05:04 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2008/01/21 18:42:24 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)

DRV - [2007/11/09 17:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)

DRV - [2007/08/31 20:43:32 | 000,020,352 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)

DRV - [2007/04/30 17:42:14 | 000,081,408 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)

DRV - [2007/01/24 18:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)

DRV - [2006/11/28 19:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2006/11/09 01:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10I.sys -- (KR10I)

DRV - [2006/11/09 01:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10N.sys -- (KR10N)

DRV - [2006/10/18 15:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)

DRV - [2006/10/04 22:42:42 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdralw2k.sys -- (Cdralw2k)

DRV - [2006/10/04 22:42:42 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)

DRV - [2006/08/30 12:35:58 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)

DRV - [2006/07/28 20:25:26 | 000,019,456 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\LPCFilter.sys -- (LPCFilter)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart

IE - HKLM\..\URLSearchHook: {f9bbf004-6e40-4019-8214-c43a37e1d058} - SOFTWARE\Classes\CLSID\{f9bbf004-6e40-4019-8214-c43a37e1d058}\InprocServer32 File not found

IE - HKLM\..\SearchScopes,DefaultScope = {9B0F0ED8-9FE7-4C36-A888-EA66E0E40841}

IE - HKLM\..\SearchScopes\{9B0F0ED8-9FE7-4C36-A888-EA66E0E40841}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage};

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2133677064-2067794076-3227740712-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart

IE - HKU\S-1-5-21-2133677064-2067794076-3227740712-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT3131886

IE - HKU\S-1-5-21-2133677064-2067794076-3227740712-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-2133677064-2067794076-3227740712-1000\..\URLSearchHook: {f9bbf004-6e40-4019-8214-c43a37e1d058} - SOFTWARE\Classes\CLSID\{f9bbf004-6e40-4019-8214-c43a37e1d058}\InprocServer32 File not found

IE - HKU\S-1-5-21-2133677064-2067794076-3227740712-1000\..\SearchScopes,DefaultScope = {9B0F0ED8-9FE7-4C36-A888-EA66E0E40841}

IE - HKU\S-1-5-21-2133677064-2067794076-3227740712-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=DAWN1aPAbZBBacfn1CIFcuHDKys?q={searchTerms}

IE - HKU\S-1-5-21-2133677064-2067794076-3227740712-1000\..\SearchScopes\{9B0F0ED8-9FE7-4C36-A888-EA66E0E40841}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TSHB_enUS449

IE - HKU\S-1-5-21-2133677064-2067794076-3227740712-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2133677064-2067794076-3227740712-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)