Resolved Help with removal of XP Antispyware 2012

It says Unzip downloaded file to your Desktop.
Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
It will show a Black screen with some data on it.
Right click on the screen and click Select All.
Press CTRL+C
Open a Notepad and press CTRL+V I pressed CTRL +V in Note Pad,but nothing showed up
Post the output back here.
 
bootkitremover.jpg
 
For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to your desktop.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your desktop.

  • Double click on downloaded file to run it.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log (FRST.txt) on your desktop.
  • Please copy and paste it to your reply.
 
Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.3.1
Ran by Valued Customer at 2012-01-02 18:54:04
Running from C:\Documents and Settings\Valued Customer\Desktop
Service Pack 3 (X86) OS Language: English(US)
Attention: Could not load system hive.
Error: The process cannot access the file because it is being used by another process.
========================== Registry (Whitelisted) =============

HKU\Administrator\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [65536 2004-12-29] (TOSHIBA)
HKU\Administrator\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-13] (Microsoft Corporation)
HKU\Default User\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [65536 2004-12-29] (TOSHIBA)
HKU\Default User\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-13] (Microsoft Corporation)
HKLM\...\Winlogon: [Userinit] [x]
HKLM\...\Winlogon: [Shell]

================================ Services (Whitelisted) ==================


========================== Drivers (Whitelisted) =============


========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-01-02 18:53 - 2012-01-02 18:54 - 0000000 ____D C:\FRST
2012-01-02 18:52 - 2012-01-02 18:52 - 0858316 ____A C:\Documents and Settings\Valued Customer\Desktop\FRST.exe
2012-01-02 18:24 - 2012-01-02 18:24 - 0000000 ____D C:\Documents and Settings\Valued Customer\Desktop\bootkit_remover
2012-01-02 14:23 - 2012-01-02 14:23 - 0044607 ____A C:\Documents and Settings\Valued Customer\Desktop\bootkit_remover.zip
2012-01-02 11:45 - 2012-01-02 18:48 - 1600638976 __ASH C:\hiberfil.sys
2012-01-02 10:20 - 2012-01-02 10:21 - 0000000 ___SD C:\learninmypc
2012-01-02 10:19 - 2012-01-02 10:21 - 0095976 ____A C:\Windows\ntbtlog.txt
2012-01-02 10:17 - 2012-01-02 10:17 - 4360898 ____R (Swearware) C:\Documents and Settings\Valued Customer\Desktop\learninmypc.exe
2012-01-02 09:32 - 2012-01-02 09:32 - 1008141 ____A C:\Documents and Settings\Valued Customer\Desktop\rkill.com
2012-01-01 20:38 - 2009-10-21 18:45 - 0000211 ____A C:\Boot.bak
2012-01-01 20:37 - 2012-01-01 20:38 - 0000000 RASHD C:\cmdcons
2012-01-01 20:37 - 2004-08-03 23:00 - 0260272 _RASH C:\cmldr
2012-01-01 20:34 - 2012-01-01 20:34 - 0000000 ____D C:\Windows\ERDNT
2012-01-01 20:34 - 2012-01-01 20:34 - 0000000 ____D C:\Qoobox
2012-01-01 20:34 - 2011-06-25 22:45 - 0256000 ____A C:\Windows\PEV.exe
2012-01-01 20:34 - 2010-11-07 09:20 - 0208896 ____A C:\Windows\MBR.exe
2012-01-01 20:34 - 2009-04-19 20:56 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-01-01 20:34 - 2000-08-30 16:00 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-01-01 20:34 - 2000-08-30 16:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-01-01 20:34 - 2000-08-30 16:00 - 0212480 ____A (SteelWerX) C:\Windows\SWXCACLS.exe
2012-01-01 20:34 - 2000-08-30 16:00 - 0098816 ____A C:\Windows\sed.exe
2012-01-01 20:34 - 2000-08-30 16:00 - 0080412 ____A C:\Windows\grep.exe
2012-01-01 20:34 - 2000-08-30 16:00 - 0068096 ____A C:\Windows\zip.exe
2012-01-01 20:11 - 2012-01-01 20:17 - 0062572 ____A C:\TDSSKiller.2.6.25.0_01.01.2012_20.11.01_log.txt
2012-01-01 20:09 - 2012-01-01 20:09 - 1578288 ____A (Kaspersky Lab ZAO) C:\Documents and Settings\Valued Customer\Desktop\tdsskiller.exe
2012-01-01 19:42 - 2012-01-01 19:42 - 4702720 ____A (AVAST Software) C:\Documents and Settings\Valued Customer\Desktop\aswMBR.exe
2012-01-01 19:12 - 2012-01-01 19:12 - 0607260 ____R (Swearware) C:\Documents and Settings\Valued Customer\Desktop\dds.scr
2012-01-01 18:16 - 2012-01-01 18:16 - 0000000 ___RD C:\Documents and Settings\Valued Customer\My Documents\My Videos
2012-01-01 18:16 - 2012-01-01 18:16 - 0000000 ___RD C:\Documents and Settings\All Users\Documents\My Videos
2012-01-01 18:14 - 2012-01-01 18:40 - 0001999 ____A C:\Documents and Settings\Valued Customer\Desktop\gmer.log
2012-01-01 18:09 - 2012-01-01 18:09 - 0302592 ____A C:\Documents and Settings\Valued Customer\Desktop\wvplgpny.exe
2011-12-31 14:45 - 2012-01-02 18:52 - 0343795 ____A C:\Windows\WindowsUpdate.log
2011-12-31 10:19 - 2011-12-31 10:46 - 0000000 ____D C:\Documents and Settings\Valued Customer\My Documents\DESKTOP PICTURES
2011-12-30 20:35 - 2011-12-30 20:35 - 0000000 ____D C:\Documents and Settings\Valued Customer\Application Data\vlc
2011-12-30 20:34 - 2011-12-30 20:34 - 0000727 ____A C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
2011-12-30 20:07 - 2011-12-30 20:07 - 0000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2011-12-30 20:07 - 2011-12-10 15:24 - 0020464 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2011-12-30 13:05 - 2011-11-17 18:02 - 0223112 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2011-12-30 13:05 - 2011-11-17 18:02 - 0173960 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2011-12-30 13:05 - 2011-11-17 18:02 - 0173960 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2011-12-30 12:56 - 2011-12-30 12:56 - 0000761 ____A C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
2011-12-29 16:51 - 2011-12-29 16:52 - 0000000 ____D C:\Program Files\QuickTime
2011-12-29 16:07 - 2011-12-29 16:08 - 0000000 ____D C:\Program Files\iTunes
2011-12-29 16:07 - 2011-12-29 16:07 - 0000000 ____D C:\Program Files\iPod
2011-12-29 12:03 - 2011-12-29 12:03 - 0001923 ____A C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
2011-12-29 11:52 - 2011-11-17 18:06 - 0637848 ____A (Oracle Corporation) C:\Windows\System32\npdeployJava1.dll
2011-12-29 11:51 - 2011-12-29 11:52 - 0004321 ____A C:\Windows\System32\jupdate-1.7.0_02-b13.log
2011-12-28 20:27 - 2012-01-02 09:38 - 0000467 ____A C:\rkill.log
2011-12-22 19:47 - 2011-12-28 18:30 - 0015558 __ASH C:\Documents and Settings\Valued Customer\Local Settings\Application Data\4u846qxj504fh484633v7ml6mw51nv02333j370
2011-12-22 19:47 - 2011-12-28 18:30 - 0015558 __ASH C:\Documents and Settings\All Users\Application Data\4u846qxj504fh484633v7ml6mw51nv02333j370
2011-12-22 19:46 - 2011-12-22 19:46 - 0000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Application Data\Sun
2011-12-22 16:08 - 2011-12-22 16:08 - 0012068 ____A C:\Documents and Settings\Valued Customer\My Documents\chris.jpg
2011-12-20 14:15 - 2011-12-22 14:40 - 1715391 ____A C:\Documents and Settings\Valued Customer\My Documents\pics 009.jpg
2011-12-20 14:14 - 2011-12-22 14:40 - 1642891 ____A C:\Documents and Settings\Valued Customer\My Documents\pics 008.jpg
2011-12-14 22:43 - 2011-12-14 22:43 - 0000000 __HDC C:\Windows\$NtUninstallKB2639417$
2011-12-14 22:42 - 2011-12-14 22:42 - 0000000 __HDC C:\Windows\$NtUninstallKB2624667$
2011-12-14 22:37 - 2011-12-14 22:37 - 0000000 __HDC C:\Windows\$NtUninstallKB2633952$
2011-12-14 22:37 - 2011-12-14 22:37 - 0000000 __HDC C:\Windows\$NtUninstallKB2619339$
2011-12-14 22:36 - 2011-12-14 22:36 - 0000000 __HDC C:\Windows\$NtUninstallKB2618451$
2011-12-14 22:35 - 2011-12-14 22:35 - 0000000 __HDC C:\Windows\$NtUninstallKB2633171$
2011-12-14 22:35 - 2011-12-14 22:35 - 0000000 __HDC C:\Windows\$NtUninstallKB2620712$

============ 3 Months Modified Files and Folders ===============

2012-01-02 18:54 - 2012-01-02 18:53 - 0000000 ____D C:\FRST
2012-01-02 18:53 - 2009-11-23 14:16 - 0000438 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{3986DB63-3B79-4C6B-9B36-EF461BFD0D72}.job
2012-01-02 18:52 - 2012-01-02 18:52 - 0858316 ____A C:\Documents and Settings\Valued Customer\Desktop\FRST.exe
2012-01-02 18:52 - 2011-12-31 14:45 - 0343795 ____A C:\Windows\WindowsUpdate.log
2012-01-02 18:49 - 2005-05-23 12:43 - 0004018 ____A C:\Windows\ModemLog_TOSHIBA Software Modem.txt
2012-01-02 18:49 - 2005-05-23 08:41 - 0001158 ____A C:\Windows\System32\wpa.dbl
2012-01-02 18:49 - 2005-05-23 02:14 - 0000159 ____A C:\Windows\wiadebug.log
2012-01-02 18:49 - 2005-05-23 02:14 - 0000000 ____A C:\Windows\wiaservc.log
2012-01-02 18:48 - 2012-01-02 11:45 - 1600638976 __ASH C:\hiberfil.sys
2012-01-02 18:48 - 2011-02-09 15:50 - 0000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-01-02 18:48 - 2005-08-10 09:43 - 0000062 __ASH C:\Documents and Settings\Valued Customer\Local Settings\desktop.ini
2012-01-02 18:48 - 2005-05-23 09:25 - 0000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2012-01-02 18:48 - 2005-05-23 09:25 - 0000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2012-01-02 18:48 - 2005-05-23 09:25 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-01-02 18:46 - 2005-08-10 09:43 - 0000278 ___SH C:\Documents and Settings\Valued Customer\ntuser.ini
2012-01-02 18:46 - 2005-05-23 09:25 - 0032400 ____A C:\Windows\SchedLgU.Txt
2012-01-02 18:28 - 2011-02-09 15:50 - 0000904 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-01-02 18:26 - 2011-02-11 17:04 - 0001018 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1047134010-2963880323-4205995052-1005UA.job
2012-01-02 18:24 - 2012-01-02 18:24 - 0000000 ____D C:\Documents and Settings\Valued Customer\Desktop\bootkit_remover
2012-01-02 14:23 - 2012-01-02 14:23 - 0044607 ____A C:\Documents and Settings\Valued Customer\Desktop\bootkit_remover.zip
2012-01-02 12:04 - 2009-11-23 12:39 - 0000442 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{B146B820-7932-492B-8581-C1B4082E2FBC}.job
2012-01-02 10:21 - 2012-01-02 10:20 - 0000000 ___SD C:\learninmypc
2012-01-02 10:21 - 2012-01-02 10:19 - 0095976 ____A C:\Windows\ntbtlog.txt
2012-01-02 10:19 - 2009-10-19 18:16 - 0000000 __SHD C:\Windows\CSC
2012-01-02 10:18 - 2005-08-10 09:43 - 0000000 ___RD C:\Documents and Settings\Valued Customer\My Documents
2012-01-02 10:17 - 2012-01-02 10:17 - 4360898 ____R (Swearware) C:\Documents and Settings\Valued Customer\Desktop\learninmypc.exe
2012-01-02 09:57 - 2005-08-10 09:43 - 0000000 __SHD C:\Documents and Settings\Valued Customer\Local Settings\Temporary Internet Files
2012-01-02 09:38 - 2011-12-28 20:27 - 0000467 ____A C:\rkill.log
2012-01-02 09:32 - 2012-01-02 09:32 - 1008141 ____A C:\Documents and Settings\Valued Customer\Desktop\rkill.com
2012-01-01 20:38 - 2012-01-01 20:37 - 0000000 RASHD C:\cmdcons
2012-01-01 20:38 - 2004-03-08 08:00 - 0000327 _RASH C:\boot.ini
2012-01-01 20:34 - 2012-01-01 20:34 - 0000000 ____D C:\Windows\ERDNT
2012-01-01 20:34 - 2012-01-01 20:34 - 0000000 ____D C:\Qoobox
2012-01-01 20:17 - 2012-01-01 20:11 - 0062572 ____A C:\TDSSKiller.2.6.25.0_01.01.2012_20.11.01_log.txt
2012-01-01 20:09 - 2012-01-01 20:09 - 1578288 ____A (Kaspersky Lab ZAO) C:\Documents and Settings\Valued Customer\Desktop\tdsskiller.exe
2012-01-01 19:42 - 2012-01-01 19:42 - 4702720 ____A (AVAST Software) C:\Documents and Settings\Valued Customer\Desktop\aswMBR.exe
2012-01-01 19:12 - 2012-01-01 19:12 - 0607260 ____R (Swearware) C:\Documents and Settings\Valued Customer\Desktop\dds.scr
2012-01-01 18:40 - 2012-01-01 18:14 - 0001999 ____A C:\Documents and Settings\Valued Customer\Desktop\gmer.log
2012-01-01 18:16 - 2012-01-01 18:16 - 0000000 ___RD C:\Documents and Settings\Valued Customer\My Documents\My Videos
2012-01-01 18:16 - 2012-01-01 18:16 - 0000000 ___RD C:\Documents and Settings\All Users\Documents\My Videos
2012-01-01 18:09 - 2012-01-01 18:09 - 0302592 ____A C:\Documents and Settings\Valued Customer\Desktop\wvplgpny.exe
2012-01-01 12:06 - 2009-11-23 12:57 - 0000000 ____D C:\Program Files\SUPERAntiSpyware
2011-12-31 14:33 - 2011-01-04 21:03 - 0000000 ____D C:\Program Files\MyDefrag v4.3.1
2011-12-31 10:50 - 2009-10-19 21:26 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2011-12-31 10:46 - 2011-12-31 10:19 - 0000000 ____D C:\Documents and Settings\Valued Customer\My Documents\DESKTOP PICTURES
2011-12-31 10:17 - 2010-09-30 19:49 - 0000000 ____D C:\Documents and Settings\Valued Customer\dwhelper
2011-12-31 09:26 - 2011-02-11 17:04 - 0000966 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1047134010-2963880323-4205995052-1005Core.job
2011-12-30 21:33 - 2009-11-23 10:41 - 0000000 __HDC C:\Windows\$NtUninstallKB960225$
2011-12-30 20:35 - 2011-12-30 20:35 - 0000000 ____D C:\Documents and Settings\Valued Customer\Application Data\vlc
2011-12-30 20:34 - 2011-12-30 20:34 - 0000727 ____A C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
2011-12-30 20:07 - 2011-12-30 20:07 - 0000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2011-12-30 13:42 - 2005-05-23 16:32 - 0000012 ____A C:\Windows\dirsaver.ini
2011-12-30 13:32 - 2005-05-23 02:05 - 0000000 ____D C:\Windows\security
2011-12-30 13:05 - 2008-03-30 21:35 - 0000000 ___HD C:\Config.Msi
2011-12-30 13:04 - 2005-05-23 13:42 - 0000000 ____D C:\Program Files\Java
2011-12-30 12:56 - 2011-12-30 12:56 - 0000761 ____A C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
2011-12-30 12:56 - 2011-01-06 20:45 - 0000000 ____D C:\Program Files\Secunia
2011-12-29 18:27 - 2009-03-27 14:38 - 0000284 ____A C:\Windows\Tasks\AppleSoftwareUpdate.job
2011-12-29 16:52 - 2011-12-29 16:51 - 0000000 ____D C:\Program Files\QuickTime
2011-12-29 16:37 - 2011-05-17 19:37 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2011-12-29 16:10 - 2009-03-31 14:51 - 0000000 ____D C:\Documents and Settings\Valued Customer\Application Data\Apple Computer
2011-12-29 16:08 - 2011-12-29 16:07 - 0000000 ____D C:\Program Files\iTunes
2011-12-29 16:07 - 2011-12-29 16:07 - 0000000 ____D C:\Program Files\iPod
2011-12-29 16:07 - 2009-03-27 14:36 - 0000000 ____D C:\Program Files\Common Files\Apple
2011-12-29 13:48 - 2007-12-07 19:11 - 1081856 __ASH C:\Documents and Settings\Valued Customer\My Documents\Thumbs.db
2011-12-29 12:31 - 2005-05-23 09:18 - 0000000 ___SD C:\Windows\Downloaded Program Files
2011-12-29 12:03 - 2011-12-29 12:03 - 0001923 ____A C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
2011-12-29 12:03 - 2005-08-10 09:43 - 0000000 ____D C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google
2011-12-29 12:03 - 2005-05-23 13:43 - 0000000 ____D C:\Program Files\Google
2011-12-29 11:52 - 2011-12-29 11:51 - 0004321 ____A C:\Windows\System32\jupdate-1.7.0_02-b13.log
2011-12-29 11:52 - 2005-05-23 13:42 - 0000000 ____D C:\Program Files\Common Files\Java
2011-12-29 11:36 - 2008-07-06 20:01 - 0000000 ____D C:\Program Files\Common Files\Adobe AIR
2011-12-29 11:34 - 2011-05-17 23:15 - 0000000 ____D C:\Documents and Settings\Valued Customer\Tracing
2011-12-29 11:32 - 2010-08-11 20:40 - 0000000 ____D C:\Program Files\CCleaner
2011-12-29 08:11 - 2005-05-23 13:28 - 0000000 ____D C:\Program Files\Notebook Maximizer
2011-12-29 08:09 - 2006-09-21 17:12 - 0000000 __HDC C:\Windows\$NtUninstallKB901017$
2011-12-29 06:41 - 2008-12-03 23:18 - 0000000 ____D C:\Program Files\Microsoft Silverlight
2011-12-28 21:26 - 2008-05-06 14:26 - 0000000 ____D C:\Program Files\Mozilla Firefox
2011-12-28 21:18 - 2010-07-08 17:21 - 0000000 ____D C:\Program Files\SpywareBlaster
2011-12-28 20:16 - 2011-05-14 16:18 - 0000000 ____D C:\Program Files\Common Files\Symantec Shared
2011-12-28 20:16 - 2011-05-14 16:17 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\Norton
2011-12-28 18:30 - 2011-12-22 19:47 - 0015558 __ASH C:\Documents and Settings\Valued Customer\Local Settings\Application Data\4u846qxj504fh484633v7ml6mw51nv02333j370
2011-12-28 18:30 - 2011-12-22 19:47 - 0015558 __ASH C:\Documents and Settings\All Users\Application Data\4u846qxj504fh484633v7ml6mw51nv02333j370
2011-12-22 19:47 - 2005-08-10 09:43 - 0000000 ___HD C:\Documents and Settings\Valued Customer\Templates
2011-12-22 19:46 - 2011-12-22 19:46 - 0000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Application Data\Sun
2011-12-22 16:08 - 2011-12-22 16:08 - 0012068 ____A C:\Documents and Settings\Valued Customer\My Documents\chris.jpg
2011-12-22 14:46 - 2010-06-10 21:09 - 0245760 __ASH C:\Documents and Settings\Valued Customer\Desktop\Thumbs.db
2011-12-22 14:40 - 2011-12-20 14:15 - 1715391 ____A C:\Documents and Settings\Valued Customer\My Documents\pics 009.jpg
2011-12-22 14:40 - 2011-12-20 14:14 - 1642891 ____A C:\Documents and Settings\Valued Customer\My Documents\pics 008.jpg
2011-12-15 07:43 - 2005-05-23 02:11 - 0318744 ____A C:\Windows\System32\FNTCACHE.DAT
2011-12-14 22:43 - 2011-12-14 22:43 - 0000000 __HDC C:\Windows\$NtUninstallKB2639417$
2011-12-14 22:43 - 2008-03-07 12:39 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2011-12-14 22:42 - 2011-12-14 22:42 - 0000000 __HDC C:\Windows\$NtUninstallKB2624667$
2011-12-14 22:42 - 2009-06-18 06:11 - 0000000 ____D C:\Windows\ie8updates
2011-12-14 22:41 - 2005-05-23 09:41 - 0000000 ___HD C:\Windows\$hf_mig$
2011-12-14 22:39 - 2006-11-29 15:34 - 52988224 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2011-12-14 22:37 - 2011-12-14 22:37 - 0000000 __HDC C:\Windows\$NtUninstallKB2633952$
2011-12-14 22:37 - 2011-12-14 22:37 - 0000000 __HDC C:\Windows\$NtUninstallKB2619339$
2011-12-14 22:37 - 2007-02-20 11:59 - 0865002 ____A C:\Windows\System32\TZLog.log
2011-12-14 22:36 - 2011-12-14 22:36 - 0000000 __HDC C:\Windows\$NtUninstallKB2618451$
2011-12-14 22:35 - 2011-12-14 22:35 - 0000000 __HDC C:\Windows\$NtUninstallKB2633171$
2011-12-14 22:35 - 2011-12-14 22:35 - 0000000 __HDC C:\Windows\$NtUninstallKB2620712$
2011-12-10 15:24 - 2011-12-30 20:07 - 0020464 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2011-12-10 12:32 - 2008-03-05 12:41 - 0000000 ____D C:\Documents and Settings\Valued Customer\Application Data\U3
2011-12-03 11:51 - 2005-05-23 09:20 - 0002626 ____A C:\Windows\System32\CONFIG.NT
2011-12-02 13:49 - 2011-07-28 21:24 - 0001046 ____A C:\Documents and Settings\Valued Customer\Desktop\magicJack.lnk
2011-12-02 13:49 - 2011-07-28 21:22 - 0000000 ____D C:\Documents and Settings\Valued Customer\Application Data\mjusbsp
2011-11-28 10:01 - 2011-01-04 12:47 - 0199816 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2011-11-28 10:01 - 2011-01-04 12:47 - 0041184 ____A (AVAST Software) C:\Windows\avastSS.scr
2011-11-28 09:53 - 2011-04-22 17:06 - 0435032 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2011-11-28 09:53 - 2011-01-04 12:48 - 0314456 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2011-11-28 09:52 - 2011-01-04 12:48 - 0111320 ____A (AVAST Software) C:\Windows\System32\Drivers\aswmon2.sys
2011-11-28 09:52 - 2011-01-04 12:48 - 0052952 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2011-11-28 09:52 - 2011-01-04 12:48 - 0034392 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
2011-11-28 09:51 - 2011-01-04 12:48 - 0105176 ____A (AVAST Software) C:\Windows\System32\Drivers\aswmon.sys
2011-11-28 09:51 - 2011-01-04 12:48 - 0020568 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2011-11-28 09:48 - 2011-01-04 12:48 - 0030808 ____A (AVAST Software) C:\Windows\System32\Drivers\aavmker4.sys
2011-11-23 13:28 - 2008-05-06 14:27 - 0000000 ____D C:\Documents and Settings\Valued Customer\Application Data\Mozilla
2011-11-23 05:25 - 2008-10-14 21:44 - 1859584 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\win32k.sys
2011-11-23 05:25 - 2005-05-23 08:41 - 1859584 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2011-11-17 18:06 - 2011-12-29 11:52 - 0637848 ____A (Oracle Corporation) C:\Windows\System32\npdeployJava1.dll
2011-11-17 18:06 - 2010-07-08 18:13 - 0567184 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2011-11-17 18:02 - 2011-12-30 13:05 - 0223112 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2011-11-17 18:02 - 2011-12-30 13:05 - 0173960 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2011-11-17 18:02 - 2011-12-30 13:05 - 0173960 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2011-11-17 17:56 - 2011-05-17 19:48 - 0141312 ____A (Oracle Corporation) C:\Windows\System32\javacpl.cpl
2011-11-11 12:10 - 2007-01-08 21:39 - 0000000 ____D C:\Documents and Settings\Valued Customer\My Documents\MY DOCUMENTS- MICAH
2011-11-10 22:35 - 2011-11-10 22:35 - 0000000 __HDC C:\Windows\$NtUninstallKB2641690$
2011-11-09 21:09 - 2011-11-09 21:09 - 0000000 __HDC C:\Windows\$NtUninstallKB2544893-v2$
2011-11-08 05:46 - 2007-01-29 00:58 - 0046080 ____N (Microsoft Corporation) C:\Windows\System32\tzchange.exe
2011-11-06 18:47 - 2005-05-23 02:11 - 0639310 ____A C:\Windows\System32\PerfStringBackup.INI
2011-11-05 17:33 - 2011-11-05 17:33 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\Protexis
2011-11-05 17:33 - 2010-08-17 12:38 - 0000000 ____D C:\Documents and Settings\Valued Customer\Application Data\Corel
2011-11-05 17:33 - 2010-08-17 12:37 - 0000000 ____D C:\Documents and Settings\Valued Customer\Corel
2011-11-04 11:20 - 2010-06-08 20:25 - 0743424 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\iedvtool.dll
2011-11-04 11:20 - 2009-06-18 05:49 - 0247808 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\ieproxy.dll
2011-11-04 11:20 - 2009-06-18 05:49 - 0012800 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\xpshims.dll
2011-11-04 11:20 - 2007-05-20 18:41 - 2000384 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\iertutil.dll
2011-11-04 11:20 - 2007-05-20 18:41 - 11081728 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\ieframe.dll
2011-11-04 11:20 - 2007-05-20 18:41 - 0602112 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\msfeeds.dll
2011-11-04 11:20 - 2007-05-20 18:41 - 0055296 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\msfeedsbs.dll
2011-11-04 11:20 - 2006-11-07 21:03 - 11081728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2011-11-04 11:20 - 2006-11-07 21:03 - 0602112 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2011-11-04 11:20 - 2006-11-07 21:03 - 0055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2011-11-04 11:20 - 2006-11-07 03:27 - 0387584 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\iedkcs32.dll
2011-11-04 11:20 - 2006-10-17 12:05 - 1469440 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\inetcpl.cpl
2011-11-04 11:20 - 2006-10-17 12:05 - 0105984 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\url.dll
2011-11-04 11:20 - 2006-10-17 12:05 - 0043520 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\licmgr10.dll
2011-11-04 11:20 - 2006-10-17 12:04 - 0206848 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\occache.dll
2011-11-04 11:20 - 2006-10-17 11:57 - 2000384 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2011-11-04 11:20 - 2006-07-28 03:28 - 5978112 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\mshtml.dll
2011-11-04 11:20 - 2006-07-25 12:33 - 1212416 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\urlmon.dll
2011-11-04 11:20 - 2006-06-23 03:02 - 0916992 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\wininet.dll
2011-11-04 11:20 - 2006-06-23 03:02 - 0611840 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\mstime.dll
2011-11-04 11:20 - 2006-06-23 03:02 - 0184320 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\iepeers.dll
2011-11-04 11:20 - 2006-06-23 03:02 - 0066560 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\mshtmled.dll
2011-11-04 11:20 - 2006-06-23 03:02 - 0025600 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\jsproxy.dll
2011-11-04 11:20 - 2005-05-23 08:41 - 0916992 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2011-11-04 11:20 - 2005-05-23 08:40 - 5978112 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2011-11-04 11:20 - 2005-05-23 08:40 - 1469440 ____N (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2011-11-04 11:20 - 2005-05-23 08:40 - 1212416 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2011-11-04 11:20 - 2005-05-23 08:40 - 0611840 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2011-11-04 11:20 - 2005-05-23 08:40 - 0387584 ____N (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2011-11-04 11:20 - 2005-05-23 08:40 - 0206848 ____N (Microsoft Corporation) C:\Windows\System32\occache.dll
2011-11-04 11:20 - 2005-05-23 08:40 - 0184320 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2011-11-04 11:20 - 2005-05-23 08:40 - 0105984 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2011-11-04 11:20 - 2005-05-23 08:40 - 0066560 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2011-11-04 11:20 - 2005-05-23 08:40 - 0043520 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2011-11-04 11:20 - 2005-05-23 08:40 - 0025600 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2011-11-04 03:24 - 2006-11-07 03:26 - 0174080 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\ie4uinit.exe
2011-11-04 03:24 - 2005-05-23 08:40 - 0174080 ____N (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2011-11-04 03:23 - 2005-05-23 08:40 - 0385024 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2011-11-01 08:07 - 2010-07-16 04:05 - 1288704 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\ole32.dll
2011-11-01 08:07 - 2005-05-23 08:40 - 1288704 ____A (Microsoft Corporation) C:\Windows\System32\ole32.dll
2011-10-29 10:55 - 2005-05-23 09:18 - 0000000 ____D C:\Windows\System32\Macromed
2011-10-27 21:31 - 2009-12-13 23:08 - 0033280 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\csrsrv.dll
2011-10-27 21:31 - 2005-05-23 08:39 - 0033280 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2011-10-26 17:14 - 2010-10-24 02:29 - 0000000 ____D C:\Documents and Settings\Valued Customer\Desktop\JOBS
2011-10-25 05:37 - 2009-04-16 16:17 - 2148864 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\ntkrnlmp.exe
2011-10-25 05:33 - 2009-04-16 16:17 - 2192768 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\ntoskrnl.exe
2011-10-25 05:33 - 2005-05-23 08:40 - 2192768 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2011-10-25 04:52 - 2009-04-16 16:17 - 2027008 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\ntkrpamp.exe
2011-10-25 04:52 - 2009-02-07 18:02 - 2069376 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\ntkrnlpa.exe
2011-10-25 04:52 - 2004-08-03 14:59 - 2069376 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2011-10-24 14:29 - 2011-10-24 14:29 - 0094208 ____A (Apple Inc.) C:\Windows\System32\QuickTimeVR.qtx
2011-10-24 14:29 - 2011-10-24 14:29 - 0069632 ____A (Apple Inc.) C:\Windows\System32\QuickTime.qts
2011-10-24 14:22 - 2011-10-14 09:33 - 0000000 ____D C:\Documents and Settings\Valued Customer\My Documents\(toshiba-user)_files
2011-10-23 18:52 - 2008-04-17 18:25 - 0002515 ____A C:\Documents and Settings\Valued Customer\Desktop\Microsoft Office Word 2007.lnk
2011-10-18 03:13 - 2011-02-09 05:53 - 0186880 ____C C:\Windows\System32\dllcache\encdec.dll
2011-10-18 03:13 - 2005-05-23 08:40 - 0186880 ____A C:\Windows\System32\encdec.dll
2011-10-15 14:43 - 2005-05-23 09:18 - 0000000 ____D C:\Windows\System32\Restore
2011-10-14 16:10 - 2011-10-14 16:10 - 0000000 ____D C:\Documents and Settings\NetworkService\Application Data\Intel
2011-10-14 16:10 - 2011-10-14 16:10 - 0000000 ____D C:\Documents and Settings\LocalService\Application Data\Intel
2011-10-14 16:10 - 2011-10-14 16:10 - 0000000 ____D C:\Documents and Settings\Default User\Application Data\Intel
2011-10-14 16:10 - 2011-10-14 16:10 - 0000000 ____D C:\Documents and Settings\Administrator\Application Data\Intel
2011-10-14 16:09 - 2011-10-14 16:09 - 0000000 ____D C:\Program Files\Common Files\Intel
2011-10-14 16:09 - 2005-05-23 12:32 - 0000000 ____D C:\Program Files\Intel
2011-10-14 16:07 - 2005-08-10 09:35 - 0000247 ____A C:\Windows\System32\results.txt
2011-10-14 16:05 - 2011-10-14 16:05 - 0000000 ____D C:\Documents and Settings\Valued Customer\Application Data\Intel
2011-10-14 16:05 - 2011-10-14 16:05 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\Intel
2011-10-14 16:02 - 2011-10-14 16:02 - 0000000 ____D C:\Program Files\SystemRequirementsLab
2011-10-14 16:01 - 2011-10-14 16:01 - 0000000 ____D C:\Documents and Settings\Valued Customer\Application Data\SystemRequirementsLab
2011-10-14 09:33 - 2011-10-14 09:33 - 0287373 ____A C:\Documents and Settings\Valued Customer\My Documents\(toshiba-user).html
2011-10-14 08:49 - 2008-10-04 20:40 - 0000000 ____D C:\Documents and Settings\Valued Customer\Application Data\Skype
2011-10-14 08:40 - 2006-05-08 13:31 - 0081896 ____A C:\Documents and Settings\Valued Customer\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2011-10-14 08:27 - 2005-05-23 09:18 - 0000000 ____D C:\Windows\System32\DirectX
2011-10-14 08:11 - 2005-05-23 09:28 - 0000000 ____D C:\Windows\Microsoft.NET
2011-10-14 08:04 - 2011-01-07 00:01 - 0000000 ___RD C:\Program Files\Skype
2011-10-14 08:03 - 2008-10-04 20:39 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\Skype
2011-10-14 07:51 - 2011-10-14 07:51 - 0000000 ____D C:\Program Files\Bonjour
2011-10-14 07:16 - 2011-10-11 16:18 - 0000000 __HDC C:\Windows\$NtUninstallKB2564958$
2011-10-14 07:08 - 2011-10-11 16:16 - 0000000 __HDC C:\Windows\$NtUninstallKB2592799$
2011-10-14 07:08 - 2011-10-11 16:10 - 0000000 __HDC C:\Windows\$NtUninstallKB2567053$
2011-10-14 06:25 - 2005-05-23 09:17 - 0000000 ____D C:\Windows\Registration
2011-10-14 06:24 - 2011-02-09 16:18 - 0000000 ____D C:\Program Files\Corel
2011-10-14 06:24 - 2011-02-09 16:18 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\Corel
2011-10-14 06:24 - 2008-07-06 20:45 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\Adobe
2011-10-14 06:24 - 2005-05-23 13:24 - 0000000 ____D C:\Program Files\Common Files\Adobe
2011-10-14 06:24 - 2005-05-23 13:24 - 0000000 ____D C:\Program Files\Adobe
2011-10-14 06:17 - 2011-10-13 20:38 - 0000000 ____D C:\Program Files\Bonjour(2)
2011-10-14 06:16 - 2011-10-13 20:42 - 0000000 ____D C:\Program Files\iTunes(2)
2011-10-14 06:16 - 2011-10-13 20:42 - 0000000 ____D C:\Program Files\iPod(2)
2011-10-13 20:46 - 2011-10-13 20:46 - 0034493 ____A C:\Documents and Settings\Valued Customer\My Documents\iTunes Software License.rtf
2011-10-11 07:54 - 2011-10-11 07:54 - 0000000 ____D C:\Program Files\ESET
2011-10-10 22:24 - 2006-06-19 00:27 - 0000000 ____D C:\Windows\Minidump
2011-10-10 22:00 - 2011-10-10 22:00 - 0000000 ____D C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Sun
2011-10-10 21:02 - 2007-06-25 21:47 - 0097792 ____A C:\Documents and Settings\Valued Customer\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-10-10 18:34 - 2005-05-23 09:27 - 0000000 ____D C:\Program Files\Microsoft Office
2011-10-10 06:22 - 2008-08-13 22:50 - 0692736 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\inetcomm.dll
2011-10-10 06:22 - 2005-05-23 09:18 - 0692736 ____A (Microsoft Corporation) C:\Windows\System32\inetcomm.dll

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points (XP) =====================


========================= Memory info ======================

Percentage of memory in use: 39%
Total physical RAM: 1526.42 MB
Available physical RAM: 930.76 MB
Total Pagefile: 2135.71 MB
Available Pagefile: 1664.23 MB
Total Virtual: 2047.88 MB
Available Virtual: 1994.82 MB

======================= Partitions =========================

1 Drive c: (SQ003665) (Fixed) (Total:92.97 GB) (Free:45.87 GB) NTFS
3 Drive e: () (Removable) (Total:0.93 GB) (Free:0.76 GB) FAT

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 93 GB 0 B

Partitions of Disk 0:

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 93 GB 32 KB

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C SQ003665 NTFS Partition 93 GB Healthy System
 
Broni, so you'll know, we're having a nasty storm right now. Just windy, no lightning/thunder. If I don't reply, hopefully I'll continue in the morning.
 
No problem.
The above log looks fine.

What are the current issues?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
OTL logfile created on: 1/2/2012 7:23:29 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Valued Customer\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.49 Gb Total Physical Memory | 0.93 Gb Available Physical Memory | 62.62% Memory free
2.09 Gb Paging File | 1.64 Gb Available in Paging File | 78.42% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 92.97 Gb Total Space | 45.87 Gb Free Space | 49.34% Space Free | Partition Type: NTFS

Computer Name: TOSHIBA-USER | User Name: Valued Customer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/02 19:21:18 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Valued Customer\Desktop\OTL.exe
PRC - [2011/11/28 10:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/11/28 10:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/11/17 18:03:50 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2011/10/13 22:01:50 | 000,994,360 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011/10/13 22:01:48 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2011/10/13 22:01:46 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2011/10/10 19:28:21 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2010/03/10 13:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009/11/03 14:48:54 | 000,874,768 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2009/11/03 14:45:48 | 001,372,160 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
PRC - [2009/11/03 14:42:00 | 000,909,312 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2009/11/03 14:35:14 | 001,202,448 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
PRC - [2009/11/03 14:33:48 | 000,473,360 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/10/10 04:45:26 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/11 16:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2006/06/15 11:36:18 | 000,229,376 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
PRC - [2006/06/05 12:59:18 | 000,174,080 | ---- | M] (Nokia.) -- C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
PRC - [2005/04/18 10:33:42 | 000,188,416 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
PRC - [2005/02/22 12:51:18 | 000,024,576 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\Accessibility\FnKeyHook.exe
PRC - [2004/12/29 23:32:20 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2004/11/29 20:06:26 | 000,053,248 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\Program Files\Toshiba\TouchPad\TPTray.exe
PRC - [2004/08/27 14:33:32 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe
PRC - [2004/05/13 12:46:02 | 000,053,248 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
PRC - [2004/05/01 13:03:48 | 000,028,672 | ---- | M] (TOSHIBA) -- C:\WINDOWS\system32\TCtrlIOHook.exe
PRC - [2002/01/28 04:48:50 | 000,885,760 | ---- | M] (Lexmark International Inc.) -- C:\WINDOWS\system32\LXSUPMON.EXE


========== Modules (No Company Name) ==========

MOD - [2012/01/02 11:02:07 | 001,660,928 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\12010201\algo.dll
MOD - [2011/12/31 07:01:54 | 000,268,808 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\12010201\aswRep.dll
MOD - [2011/11/23 23:05:40 | 000,921,600 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2011/10/14 07:43:32 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll
MOD - [2011/10/14 07:16:39 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/10/14 07:16:10 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/10/14 07:14:58 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2011/10/14 07:14:56 | 003,182,592 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2011/10/14 07:14:45 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2011/10/14 07:14:43 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2011/10/14 07:14:14 | 000,626,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2011/10/14 07:14:14 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2011/10/14 07:14:12 | 000,258,048 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
MOD - [2011/10/14 07:14:11 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2011/10/14 07:14:07 | 000,114,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MOD - [2011/10/14 07:13:56 | 005,025,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/11/03 14:35:46 | 000,200,704 | ---- | M] () -- C:\Program Files\Intel\WiFi\bin\iWMSProv.dll
MOD - [2009/04/12 00:15:31 | 001,058,304 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
MOD - [2009/04/12 00:15:26 | 000,471,040 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MOD - [2009/04/12 00:15:20 | 000,047,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
MOD - [2009/04/12 00:15:20 | 000,018,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
MOD - [2009/04/12 00:15:19 | 000,402,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
MOD - [2009/04/12 00:15:18 | 000,238,368 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.145.4__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MOD - [2009/04/12 00:15:17 | 000,120,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
MOD - [2009/04/12 00:15:16 | 000,072,992 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
MOD - [2009/04/12 00:15:15 | 000,130,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
MOD - [2009/04/08 21:59:56 | 000,755,712 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.56.0__28c9bcd4dddc48a1\System.Data.SQLite.dll
MOD - [2009/04/08 21:59:40 | 000,458,752 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Portability\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Portability.dll
MOD - [2009/04/08 21:59:39 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Logging\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Logging.dll
MOD - [2009/04/08 21:59:38 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.ExceptionHandling\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.ExceptionHandling.dll
MOD - [2009/04/08 21:59:35 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Config\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Config.dll
MOD - [2009/04/08 21:59:21 | 000,012,064 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll
MOD - [2009/04/08 21:59:20 | 000,023,840 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll
MOD - [2008/03/26 20:00:08 | 000,051,716 | ---- | M] () -- C:\WINDOWS\system32\pdf995mon.dll
MOD - [2005/03/28 10:00:06 | 000,028,672 | ---- | M] () -- C:\WINDOWS\system32\EBLib.DLL
MOD - [2005/02/25 14:44:56 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TCtrlIO.dll
MOD - [2005/02/22 11:03:50 | 000,024,576 | ---- | M] () -- C:\Program Files\Toshiba\TouchPad\TPECioctl.dll
MOD - [2004/05/13 12:46:02 | 000,053,248 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
MOD - [2002/07/04 08:38:00 | 000,053,248 | ---- | M] () -- C:\Program Files\ArcSoft\Software Suite\PhotoImpression\Share\PIHook.dll
 
========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (McSysmon)
SRV - File not found [Unknown | Stopped] -- -- (McShield)
SRV - [2011/11/28 10:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/11/17 18:03:50 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011/10/13 22:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/10/13 22:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011/10/10 19:28:21 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/06/25 22:45:56 | 000,256,000 | R--- | M] () [Auto | Stopped] -- C:\learninmypc\pev.3XE -- (PEVSystemStart)
SRV - [2010/03/10 13:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/11/03 14:48:54 | 000,874,768 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2009/11/03 14:42:00 | 000,909,312 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
SRV - [2009/11/03 14:33:48 | 000,473,360 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2008/10/10 04:45:26 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/01/11 16:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2006/06/05 12:59:18 | 000,174,080 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe -- (ServiceLayer)
SRV - [2004/08/27 14:33:32 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)
SRV - [2004/05/13 12:46:02 | 000,053,248 | ---- | M] () [Auto | Running] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)


========== Driver Services (SafeList) ==========

DRV - [2011/11/28 09:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 09:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 09:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 09:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 09:52:02 | 000,111,320 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/11/28 09:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/11/28 09:48:49 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/10/10 19:28:12 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/10/10 19:28:12 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/11/15 23:24:48 | 000,013,880 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\regi.sys -- (regi)
DRV - [2010/09/01 00:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2009/12/18 10:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/11/11 03:26:02 | 002,216,064 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R)
DRV - [2009/06/30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008/08/13 15:23:56 | 000,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2008/02/27 12:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2006/05/29 07:26:38 | 000,127,488 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (Nokia USB Phone Parent)
DRV - [2006/05/29 07:26:36 | 000,013,312 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (Nokia USB Port)
DRV - [2006/05/29 07:26:36 | 000,013,312 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (Nokia USB Modem)
DRV - [2006/05/29 07:26:36 | 000,008,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (Nokia USB Generic)
DRV - [2005/04/20 18:59:58 | 000,006,400 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SSIOMngr.sys -- (SrvcSSIOMngr)
DRV - [2005/04/20 18:59:58 | 000,006,400 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EKIOMngr.sys -- (SrvcEKIOMngr)
DRV - [2005/04/19 09:40:00 | 002,317,504 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/04/15 12:46:04 | 000,029,056 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs)
DRV - [2005/04/12 15:19:42 | 001,066,278 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/04/04 15:25:36 | 000,160,768 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/03/30 16:18:40 | 000,230,400 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2005/02/25 18:22:26 | 000,008,704 | ---- | M] (TOSHIBA ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPwSav.sys -- (TPwSav)
DRV - [2005/02/24 23:33:26 | 000,102,320 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2004/11/15 15:22:08 | 000,101,874 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004/07/30 14:05:04 | 000,006,400 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EPIOMngr.sys -- (SerTVOutCtlr)
DRV - [2004/05/17 05:04:16 | 000,041,984 | ---- | M] (DeviceGuys, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2003/10/22 19:15:02 | 000,067,024 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2003/10/22 19:15:02 | 000,024,698 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2003/09/19 14:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/06/11 07:53:22 | 000,006,867 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (TBiosDrv)
DRV - [2002/10/01 13:43:32 | 000,119,798 | ---- | M] (SP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\spca561.sys -- (CA561) ICatch (VI)
DRV - [2001/08/17 11:17:44 | 000,042,432 | ---- | M] (Digi International, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\digirlpt.sys -- (DIGIRPS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart

IE - HKU\S-1-5-21-1047134010-2963880323-4205995052-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-1047134010-2963880323-4205995052-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1047134010-2963880323-4205995052-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1047134010-2963880323-4205995052-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.kirotv.com
IE - HKU\S-1-5-21-1047134010-2963880323-4205995052-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-1047134010-2963880323-4205995052-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1047134010-2963880323-4205995052-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6E A8 81 02 82 AC CB 01 [binary data]
IE - HKU\S-1-5-21-1047134010-2963880323-4205995052-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1047134010-2963880323-4205995052-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.kirotv.com/"
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.1: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll File not found
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Valued Customer\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Valued Customer\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.8.1: C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Yahoo!\BrowserPlus\2.8.1\Plugins\npybrowserplus_2.8.1.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011/12/03 11:51:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/29 16:52:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/29 16:52:03 | 000,000,000 | ---D | M]

[2008/12/13 09:31:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Extensions
[2011/12/28 21:25:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Firefox\Profiles\jmu03848.default\extensions
[2011/11/18 15:54:22 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Firefox\Profiles\jmu03848.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/12/28 21:25:44 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Firefox\Profiles\jmu03848.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/12/30 13:05:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/14 08:06:19 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/12/30 13:05:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\VALUED CUSTOMER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JMU03848.DEFAULT\EXTENSIONS\{CE6E6E3B-84DD-4CAC-9F63-8D2AE4F30A4B}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\VALUED CUSTOMER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JMU03848.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\VALUED CUSTOMER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JMU03848.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\VALUED CUSTOMER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JMU03848.DEFAULT\EXTENSIONS\JOHN@VELVETCACHE.ORG.XPI
[2011/12/03 11:51:07 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF
[2011/12/28 21:25:32 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/08/11 18:27:24 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2008/12/11 00:40:31 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\mozilla firefox\plugins\NPTURNMED.dll
[2011/10/10 19:00:08 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/10/10 19:00:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/10/10 19:00:08 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/10/10 19:00:08 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/10/10 19:00:08 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\Valued Customer\Application Data\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\Valued Customer\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Java Deployment Toolkit 7.0.0.147 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Turner Media Plugin 1.0.0.10 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Update\1.3.21.71\npGoogleUpdate3.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.8.1 (Enabled) = C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Yahoo!\BrowserPlus\2.8.1\Plugins\npybrowserplus_2.8.1.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Java(TM) Platform SE 7 (Enabled) = C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll
CHR - plugin: Unity Player (Enabled) = C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\
CHR - Extension: WOT = C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.2.1_0\
CHR - Extension: AdBlock = C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.4.13_0\
CHR - Extension: avast! WebRep = C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1374_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: Poppit = C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2004/08/04 04:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (MCIEPlugIn Class) - {C09C9904-FD44-11D6-A711-00105AC8F168} - C:\Program Files\Metamail Inc\Metamail Reader\IEPlugIn.dll (Metamail Corp.)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1047134010-2963880323-4205995052-1005\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe (TOSHIBA CO.,LTD.)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE (Lexmark International Inc.)
O4 - HKLM..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe (Ingenuiti)
O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia)
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TCtryIOHook] C:\WINDOWS\System32\TCtrlIOHook.exe (TOSHIBA)
O4 - HKLM..\Run: [TFncKy] TFncKy.exe File not found
O4 - HKLM..\Run: [TOSHIBA Accessibility] C:\Program Files\Toshiba\Accessibility\FnKeyHook.exe (TOSHIBA)
O4 - HKLM..\Run: [TPNF] C:\Program Files\Toshiba\TouchPad\TPTray.exe (COMPAL ELECTRONIC INC.)
O4 - HKU\S-1-5-21-1047134010-2963880323-4205995052-1005..\Run: [DW6] File not found
O4 - HKU\S-1-5-21-1047134010-2963880323-4205995052-1005..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-1047134010-2963880323-4205995052-1005..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1047134010-2963880323-4205995052-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1047134010-2963880323-4205995052-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1259002519359 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (a-squared Scanner)
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D84EB4B0-BFA9-4B0C-B75A-17ABAD45ABB7} http://images.friendster.com/201005A-014/js/aurigma/FriendsterImageUploader.cab (Friendster Image Uploader Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 184.16.33.54
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{54E1A677-FBC8-4C15-B0D5-31C8A9A1C806}: DhcpNameServer = 192.168.1.1 184.16.33.54
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B9E618A2-A4FE-11D4-83C2-005004636C96} - C:\Program Files\Metamail Inc\Metamail Reader\OESHook.dll (Metamail Corp.)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{84db0188-c8e1-11dd-9eb5-0012f0c0147c}\Shell - "" = AutoRun
O33 - MountPoints2\{84db0188-c8e1-11dd-9eb5-0012f0c0147c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{84db0188-c8e1-11dd-9eb5-0012f0c0147c}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{84db018c-c8e1-11dd-9eb5-0012f0c0147c}\Shell - "" = AutoRun
O33 - MountPoints2\{84db018c-c8e1-11dd-9eb5-0012f0c0147c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{84db018c-c8e1-11dd-9eb5-0012f0c0147c}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{fe2725ad-09e3-11dd-9df0-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{fe2725ad-09e3-11dd-9df0-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fe2725ad-09e3-11dd-9df0-00038a000015}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/01/02 19:21:15 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Valued Customer\Desktop\OTL.exe
[2012/01/02 18:53:52 | 000,000,000 | ---D | C] -- C:\FRST
[2012/01/02 18:24:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Valued Customer\Desktop\bootkit_remover
[2012/01/02 10:20:42 | 000,000,000 | --SD | C] -- C:\learninmypc
[2012/01/02 10:17:39 | 004,360,898 | R--- | C] (Swearware) -- C:\Documents and Settings\Valued Customer\Desktop\learninmypc.exe
[2012/01/02 09:55:21 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Valued Customer\Recent
[2012/01/01 20:37:53 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/01/01 20:34:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/01/01 20:34:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/01/01 20:34:59 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/01/01 20:34:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/01/01 20:34:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/01/01 20:34:36 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/01 20:09:22 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Valued Customer\Desktop\tdsskiller.exe
[2012/01/01 19:42:12 | 004,702,720 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Valued Customer\Desktop\aswMBR.exe
[2012/01/01 19:12:04 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Valued Customer\Desktop\dds.scr
[2012/01/01 18:16:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Valued Customer\My Documents\My Videos
[2012/01/01 18:16:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2012/01/01 18:16:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Valued Customer\Start Menu\Programs\Administrative Tools
[2011/12/31 10:19:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Valued Customer\My Documents\DESKTOP PICTURES
[2011/12/30 20:35:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Valued Customer\Application Data\vlc
[2011/12/30 20:34:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2011/12/30 20:07:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/30 20:07:15 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/12/30 20:07:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/29 16:51:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/12/29 16:51:07 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/12/29 16:47:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Yahoo! Messenger
[2011/12/29 16:13:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Foxit Reader 5.1
[2011/12/29 16:08:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/12/29 16:07:10 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/12/29 16:07:05 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/12/29 12:03:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2011/12/22 19:46:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Sun
[11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Valued Customer\My Documents\*.tmp files -> C:\Documents and Settings\Valued Customer\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/02 19:28:14 | 000,000,904 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/02 19:28:00 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3986DB63-3B79-4C6B-9B36-EF461BFD0D72}.job
[2012/01/02 19:26:15 | 000,001,018 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1047134010-2963880323-4205995052-1005UA.job
[2012/01/02 19:21:18 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Valued Customer\Desktop\OTL.exe
[2012/01/02 18:52:57 | 000,858,316 | ---- | M] () -- C:\Documents and Settings\Valued Customer\Desktop\FRST.exe
[2012/01/02 18:49:35 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/02 18:48:53 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/02 18:48:08 | 000,002,048 | ---- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/02 18:48:07 | 1600,638,976 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/02 14:23:07 | 000,044,607 | ---- | M] () -- C:\Documents and Settings\Valued Customer\Desktop\bootkit_remover.zip
[2012/01/02 12:04:02 | 000,000,442 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B146B820-7932-492B-8581-C1B4082E2FBC}.job
[2012/01/02 10:17:40 | 004,360,898 | R--- | M] (Swearware) -- C:\Documents and Settings\Valued Customer\Desktop\learninmypc.exe
[2012/01/02 09:32:41 | 001,008,141 | ---- | M] () -- C:\Documents and Settings\Valued Customer\Desktop\rkill.com
[2012/01/01 20:38:01 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/01/01 20:09:47 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Valued Customer\Desktop\tdsskiller.exe
[2012/01/01 19:42:52 | 004,702,720 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Valued Customer\Desktop\aswMBR.exe
[2012/01/01 19:12:14 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Valued Customer\Desktop\dds.scr
[2012/01/01 18:09:05 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Valued Customer\Desktop\wvplgpny.exe
[2011/12/31 09:26:00 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1047134010-2963880323-4205995052-1005Core.job
[2011/12/30 20:34:18 | 000,000,727 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/12/30 13:42:41 | 000,000,012 | ---- | M] () -- C:\WINDOWS\dirsaver.ini
[2011/12/30 12:56:44 | 000,000,761 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011/12/29 18:27:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/12/29 16:47:48 | 000,000,838 | ---- | M] () -- C:\Documents and Settings\Valued Customer\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/12/29 16:13:10 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\Valued Customer\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader 5.1.lnk
[2011/12/29 12:03:59 | 000,001,923 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/12/28 18:30:02 | 000,015,558 | -HS- | M] () -- C:\Documents and Settings\Valued Customer\Local Settings\Application Data\4u846qxj504fh484633v7ml6mw51nv02333j370
[2011/12/28 18:30:02 | 000,015,558 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\4u846qxj504fh484633v7ml6mw51nv02333j370
[2011/12/22 16:08:36 | 000,012,068 | ---- | M] () -- C:\Documents and Settings\Valued Customer\My Documents\chris.jpg
[2011/12/22 14:40:33 | 001,715,391 | ---- | M] () -- C:\Documents and Settings\Valued Customer\My Documents\pics 009.jpg
[2011/12/22 14:40:31 | 001,642,891 | ---- | M] () -- C:\Documents and Settings\Valued Customer\My Documents\pics 008.jpg
[2011/12/15 07:43:00 | 000,318,744 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Valued Customer\My Documents\*.tmp files -> C:\Documents and Settings\Valued Customer\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/02 18:52:55 | 000,858,316 | ---- | C] () -- C:\Documents and Settings\Valued Customer\Desktop\FRST.exe
[2012/01/02 14:23:05 | 000,044,607 | ---- | C] () -- C:\Documents and Settings\Valued Customer\Desktop\bootkit_remover.zip
[2012/01/02 11:45:31 | 1600,638,976 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/02 09:32:34 | 001,008,141 | ---- | C] () -- C:\Documents and Settings\Valued Customer\Desktop\rkill.com
[2012/01/01 20:38:01 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/01/01 20:37:57 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/01/01 20:34:59 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/01/01 20:34:59 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/01/01 20:34:59 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/01/01 20:34:59 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/01/01 20:34:59 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/01/01 18:09:04 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Valued Customer\Desktop\wvplgpny.exe
[2011/12/30 20:34:18 | 000,000,727 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/12/30 12:56:44 | 000,000,761 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011/12/30 12:56:44 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Secunia PSI.lnk
[2011/12/29 16:47:48 | 000,000,838 | ---- | C] () -- C:\Documents and Settings\Valued Customer\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/12/29 16:13:10 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\Valued Customer\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader 5.1.lnk
[2011/12/29 12:03:59 | 000,001,923 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/12/22 19:47:00 | 000,015,558 | -HS- | C] () -- C:\Documents and Settings\Valued Customer\Local Settings\Application Data\4u846qxj504fh484633v7ml6mw51nv02333j370
[2011/12/22 19:47:00 | 000,015,558 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\4u846qxj504fh484633v7ml6mw51nv02333j370
[2011/12/22 16:08:33 | 000,012,068 | ---- | C] () -- C:\Documents and Settings\Valued Customer\My Documents\chris.jpg
[2011/12/20 14:15:50 | 001,715,391 | ---- | C] () -- C:\Documents and Settings\Valued Customer\My Documents\pics 009.jpg
[2011/12/20 14:14:46 | 001,642,891 | ---- | C] () -- C:\Documents and Settings\Valued Customer\My Documents\pics 008.jpg
[2011/05/28 11:49:37 | 000,065,376 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/01/05 19:30:53 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Valued Customer\Local Settings\Application Data\housecall.guid.cache
[2011/01/05 01:15:58 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2010/08/17 12:38:21 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\0F692C8679.sys
[2010/08/17 12:38:19 | 000,002,828 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/08/11 20:27:40 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2010/07/08 17:16:19 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Valued Customer\Local Settings\Application Data\prvlcl.dat
[2009/10/19 20:22:08 | 000,000,912 | ---- | C] () -- C:\WINDOWS\System32\drivers\RADIO15.bin
[2009/10/19 19:04:33 | 000,000,008 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/04/12 02:57:07 | 000,156,899 | ---- | C] () -- C:\WINDOWS\hpoins29.dat
[2009/04/12 02:57:02 | 000,000,986 | ---- | C] () -- C:\WINDOWS\hpomdl29.dat
[2009/01/06 22:36:55 | 000,157,252 | ---- | C] () -- C:\WINDOWS\hpoins27.dat.temp
[2009/01/06 22:36:55 | 000,000,932 | ---- | C] () -- C:\WINDOWS\hpomdl27.dat.temp
[2009/01/06 22:00:37 | 000,157,252 | ---- | C] () -- C:\WINDOWS\hpoins27.dat
[2009/01/06 22:00:36 | 000,000,932 | ---- | C] () -- C:\WINDOWS\hpomdl27.dat
[2008/10/04 20:41:18 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/06/01 15:27:42 | 000,109,716 | ---- | C] () -- C:\Documents and Settings\Valued Customer\Application Data\NMM-MetaData.db
[2008/05/30 19:27:49 | 000,000,468 | ---- | C] () -- C:\WINDOWS\Envoy.ini
[2008/05/30 18:37:02 | 000,000,277 | ---- | C] () -- C:\WINDOWS\CLIPARTV.INI
[2008/05/30 18:31:34 | 000,000,716 | ---- | C] () -- C:\WINDOWS\ALLETTER.INI
[2008/05/06 14:36:27 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/04/06 21:58:30 | 000,001,020 | ---- | C] () -- C:\WINDOWS\TTPlat.ini
[2008/03/26 20:00:08 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2008/03/26 20:00:08 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2008/03/18 19:33:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\TPTray.INI
[2008/02/24 22:45:53 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Valued Customer\Application Data\$_hpcst$.hpc
[2008/01/09 18:15:55 | 000,002,006 | ---- | C] () -- C:\WINDOWS\ActivStats.INI
[2007/06/25 22:02:37 | 000,000,073 | ---- | C] () -- C:\WINDOWS\APOapp.INI
[2007/06/25 21:47:16 | 000,097,792 | ---- | C] () -- C:\Documents and Settings\Valued Customer\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/06/25 21:44:50 | 000,014,385 | ---- | C] () -- C:\WINDOWS\Tw561a.ini
[2007/06/25 21:44:50 | 000,000,081 | ---- | C] () -- C:\WINDOWS\Setup8a.ini
[2007/06/25 21:44:49 | 000,118,784 | ---- | C] () -- C:\WINDOWS\ShowBmp.exe
[2006/10/21 15:16:12 | 000,000,119 | ---- | C] () -- C:\WINDOWS\Readiris.ini
[2006/10/21 15:16:09 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\irisco32.dll
[2006/10/21 15:14:35 | 000,024,576 | ---- | C] () -- C:\WINDOWS\SvcCon.exe
[2006/10/21 15:12:37 | 000,081,920 | R--- | C] () -- C:\WINDOWS\System32\WIAEH.dll
[2006/10/21 15:12:37 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\WIAIPH.dll
[2006/10/21 15:12:37 | 000,053,315 | R--- | C] () -- C:\WINDOWS\System32\Sswiadrv.dll
[2006/10/21 15:12:37 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\WIASTIIO.dll
[2006/09/18 21:31:41 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2006/09/18 21:31:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2006/05/23 16:01:05 | 000,000,058 | ---- | C] () -- C:\WINDOWS\mchguid.ini
[2006/05/23 15:58:15 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\Valued Customer\Local Settings\Application Data\fusioncache.dat
[2006/05/23 15:58:09 | 000,003,679 | ---- | C] () -- C:\WINDOWS\GrAddrBk.ini
[2006/05/23 15:58:09 | 000,000,053 | ---- | C] () -- C:\WINDOWS\PRSRVDLL.INI
[2006/05/23 15:58:08 | 000,010,875 | ---- | C] () -- C:\WINDOWS\ESOA.INI
[2006/05/23 15:58:08 | 000,000,995 | ---- | C] () -- C:\WINDOWS\GRACE.INI
[2006/05/23 15:56:58 | 000,000,569 | ---- | C] () -- C:\WINDOWS\winpoint.ini
[2006/05/03 13:32:07 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\BurnData.bin
[2005/12/07 11:31:00 | 000,202,752 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2005/12/05 23:25:04 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Valued Customer\Application Data\wklnhst.dat
[2005/08/10 09:39:07 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/08/10 09:38:47 | 000,000,718 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/05/23 16:32:36 | 000,000,012 | ---- | C] () -- C:\WINDOWS\dirsaver.ini
[2005/05/23 14:14:59 | 000,034,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\WOWXT_kern_i386.sys
[2005/05/23 14:14:59 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2005/05/23 13:55:08 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/05/23 13:55:08 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/05/23 13:55:08 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/05/23 13:55:08 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/05/23 13:55:08 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/05/23 13:55:08 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/05/23 13:52:45 | 000,004,528 | R--- | C] () -- C:\WINDOWS\System32\SETBROWS.EXE
[2005/05/23 13:48:31 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/05/23 13:30:23 | 000,000,180 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2005/05/23 12:52:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2005/05/23 12:52:15 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\EBLib.DLL
[2005/05/23 12:45:24 | 000,090,112 | ---- | C] () -- C:\WINDOWS\InstDrvr.exe
[2005/05/23 12:45:24 | 000,006,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2005/05/23 12:43:12 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2005/05/23 12:43:12 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2005/05/23 12:43:12 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2005/05/23 12:43:12 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2005/05/23 12:33:27 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005/05/23 12:33:27 | 000,001,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2005/05/23 12:33:27 | 000,000,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxhweq.dat
[2005/05/23 12:33:27 | 000,000,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxeq.dat
[2005/05/23 09:27:57 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/05/23 09:24:00 | 000,002,048 | ---- | C] () -- C:\WINDOWS\bootstat.dat
[2005/05/23 09:17:29 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/05/23 09:16:32 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/05/23 08:44:31 | 000,000,347 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/05/23 08:40:43 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/05/23 08:40:37 | 000,523,826 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/05/23 08:40:37 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/05/23 08:40:37 | 000,103,912 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/05/23 08:40:37 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/05/23 08:40:35 | 000,004,631 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/05/23 08:40:34 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/05/23 08:40:31 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/05/23 08:40:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/05/23 08:40:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/05/23 08:40:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/05/23 08:39:48 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/05/23 02:11:58 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/05/23 02:11:01 | 000,318,744 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/04/25 12:44:04 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\TPeculiarity.dll
[2005/04/20 19:38:14 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\HWS_Ctrl.dll
[2005/04/20 19:00:00 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\EKECioCtl.dll
[2005/03/30 13:50:38 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\SPCtl.dll
[2005/02/28 14:28:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/02/25 14:44:56 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2004/08/12 07:44:10 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll
[2004/07/13 13:35:56 | 000,001,650 | ---- | C] () -- C:\WINDOWS\PCWE130.ini
[2004/01/13 18:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2002/01/24 01:39:36 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\lxaxih.exe
[2002/01/24 01:29:26 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\lxaxlcnp.dll
[2002/01/24 01:09:56 | 000,174,592 | ---- | C] () -- C:\WINDOWS\System32\LEXPPS.EXE
[2002/01/24 01:05:11 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\INSTMON.EXE
[2000/02/08 00:05:36 | 000,110,080 | R--- | C] () -- C:\WINDOWS\System32\W32MKRC.DLL
[2000/02/08 00:05:34 | 000,320,512 | R--- | C] () -- C:\WINDOWS\System32\W32MKDE.EXE
[2000/02/08 00:05:34 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\NWLOCALE.DLL
[1999/03/30 07:53:50 | 000,000,793 | ---- | C] () -- C:\WINDOWS\BTI.INI
[1999/01/22 02:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2005/05/23 13:24:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterTrust
[2009/11/23 14:14:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PC Suite
[2005/05/23 13:02:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\toshiba
[2011/01/04 12:47:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2008/06/01 15:01:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2011/07/28 21:24:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\magicJack
[2008/05/07 13:00:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2008/06/01 15:07:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2008/03/26 20:00:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2008/04/02 19:38:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSH
[2008/03/26 19:55:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2011/12/28 21:18:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2005/05/23 13:49:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/03/31 14:50:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/08/11 18:15:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2005/05/23 13:24:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\InterTrust
[2005/05/23 13:02:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\toshiba
[2008/07/06 20:40:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008/06/01 15:33:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\DataLayer
[2011/06/21 10:43:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\Foxit Software
[2005/05/23 13:24:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\InterTrust
[2005/10/05 18:40:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\InterVideo
[2011/12/02 13:49:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\mjusbsp
[2008/12/07 05:35:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\MP3Rocket
[2006/09/18 22:14:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\MSNInstaller
[2008/06/01 15:33:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\Nokia
[2008/06/01 15:33:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\Nokia Multimedia Player
[2011/04/22 23:39:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\OpenOffice.org
[2008/06/01 15:07:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\PC Suite
[2008/04/30 00:56:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\Peachtree
[2011/01/05 19:26:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\QuickScan
[2008/04/09 22:26:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\SSH
[2011/10/14 16:01:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\SystemRequirementsLab
[2009/04/12 01:09:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\TaxCut
[2005/12/05 23:25:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\Template
[2005/05/23 13:02:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\toshiba
[2010/05/31 16:16:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\Unity
[2007/02/14 12:10:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\Viewpoint
[2005/08/10 09:43:20 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 1.job
[2005/08/10 09:43:21 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 2.job
[2005/08/10 09:43:22 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 3.job
[2012/01/02 19:28:00 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{3986DB63-3B79-4C6B-9B36-EF461BFD0D72}.job
[2012/01/02 12:04:02 | 000,000,442 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{B146B820-7932-492B-8581-C1B4082E2FBC}.job

========== Purity Check ==========
 
========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/12/07 22:51:40 | 000,010,920 | ---- | M] () -- C:\aolconnfix.exe
[2006/12/07 22:51:40 | 000,001,039 | ---- | M] () -- C:\aolconnfix.txt
[2008/12/03 23:14:47 | 000,030,826 | ---- | M] () -- C:\ASLog.txt
[2009/10/21 18:45:48 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2012/01/01 20:38:01 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2012/01/02 18:48:07 | 1600,638,976 | -HS- | M] () -- C:\hiberfil.sys
[2008/04/04 10:40:48 | 000,000,067 | ---- | M] () -- C:\inferno.log
[2005/05/23 09:20:31 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2002/01/05 03:48:16 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\mfc70.dll
[2002/01/05 03:36:38 | 000,964,608 | ---- | M] (Microsoft Corporation) -- C:\mfc70u.dll
[2005/05/23 09:20:31 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 04:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/11/23 10:21:17 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2012/01/02 18:48:04 | 792,723,456 | -HS- | M] () -- C:\pagefile.sys
[2012/01/02 09:38:03 | 000,000,467 | ---- | M] () -- C:\rkill.log
[2007/06/25 21:46:59 | 015,092,736 | ---- | M] () -- C:\Snap.avi
[2012/01/01 20:17:12 | 000,062,572 | ---- | M] () -- C:\TDSSKiller.2.6.25.0_01.01.2012_20.11.01_log.txt
[2008/09/10 15:38:33 | 000,000,155 | ---- | M] () -- C:\version.ini
[2008/11/25 18:24:19 | 000,055,560 | ---- | M] () -- C:\VETlog.dmp
[2008/11/25 18:24:19 | 002,303,954 | ---- | M] () -- C:\VETlog.txt
[2007/04/16 21:32:23 | 000,000,146 | ---- | M] () -- C:\YServer.txt

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2005/05/23 09:19:50 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 04:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/03/15 14:32:10 | 000,274,944 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp5ha.dll
[2007/10/20 18:21:50 | 000,278,016 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp5mu.dll
[2002/02/19 09:38:15 | 000,077,824 | ---- | M] (Lexmark International) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LXAXPP5C.DLL
[2007/04/09 12:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 02:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2011/11/28 10:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2004/12/08 15:04:46 | 000,045,056 | ---- | M] (TOSHIBA) -- C:\WINDOWS\cfdemo.scr
[2005/05/23 13:54:14 | 032,694,346 | ---- | M] (Goldshell Digital Media) -- C:\WINDOWS\sat_screensaver_30mb.scr
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2011/10/14 17:11:06 | 000,001,706 | -H-- | M] () -- C:\Documents and Settings\Valued Customer\Application Data\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2005/05/23 02:10:36 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2005/05/23 02:10:35 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2005/05/23 02:10:35 | 000,888,832 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2009/11/23 10:32:51 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >
[2005/04/29 14:33:34 | 000,004,096 | -HS- | M] () -- C:\WINDOWS\system32\Thumbs.db
[11 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2005/08/10 09:44:06 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Valued Customer\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2002/05/06 10:19:45 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Valued Customer\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2012/01/01 19:42:52 | 004,702,720 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Valued Customer\Desktop\aswMBR.exe
[2012/01/02 18:52:57 | 000,858,316 | ---- | M] () -- C:\Documents and Settings\Valued Customer\Desktop\FRST.exe
[2012/01/02 10:17:40 | 004,360,898 | R--- | M] (Swearware) -- C:\Documents and Settings\Valued Customer\Desktop\learninmypc.exe
[2012/01/02 19:21:18 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Valued Customer\Desktop\OTL.exe
[2012/01/01 20:09:47 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Valued Customer\Desktop\tdsskiller.exe
[2012/01/01 18:09:05 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Valued Customer\Desktop\wvplgpny.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >
[2008/04/06 17:54:10 | 000,007,432 | ---- | M] () -- C:\WINDOWS\Tw561a.src
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >
[2008/09/10 14:21:23 | 000,061,224 | ---- | M] () -- C:\Documents and Settings\Valued Customer\GoToAssistDownloadHelper.exe
[2007/01/24 09:51:45 | 000,439,296 | ---- | M] (Citrix Online) -- C:\Documents and Settings\Valued Customer\GoToAssist_phone__317_en.exe

< %systemroot%\ADDINS\*.* >
[2004/08/04 04:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\ADDINS\fxsext.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >
[2001/03/21 12:49:00 | 000,031,232 | ---- | M] () -- C:\WINDOWS\Driver Cache\DrvUpdt.exe
[2005/05/23 12:40:47 | 000,025,200 | ---- | M] () -- C:\WINDOWS\Driver Cache\INFCACHE.1
[2005/05/09 15:49:44 | 000,379,259 | ---- | M] () -- C:\WINDOWS\Driver Cache\lan.exe
[2005/04/01 14:01:46 | 000,031,064 | ---- | M] () -- C:\WINDOWS\Driver Cache\yk51x86.cat
[2005/03/30 16:18:40 | 000,014,962 | ---- | M] () -- C:\WINDOWS\Driver Cache\yk51x86.htm
[2005/03/30 16:18:40 | 000,332,950 | ---- | M] () -- C:\WINDOWS\Driver Cache\yk51x86.inf
[2005/05/23 12:40:47 | 000,124,680 | ---- | M] () -- C:\WINDOWS\Driver Cache\yk51x86.PNF
[2005/03/30 16:18:40 | 000,230,400 | ---- | M] (Marvell) -- C:\WINDOWS\Driver Cache\yk51x86.sys
[2005/03/30 16:18:40 | 000,012,841 | ---- | M] () -- C:\WINDOWS\Driver Cache\yk51x86.txt

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2005/08/10 09:44:05 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Valued Customer\Favorites\Desktop.ini
[2008/02/25 22:59:20 | 000,001,578 | ---- | M] () -- C:\Documents and Settings\Valued Customer\Favorites\Microsoft bCentral.lnk

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2009/11/23 14:06:15 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\Valued Customer\Cookies\desktop.ini
[2012/01/02 19:19:38 | 000,163,840 | -HS- | M] () -- C:\Documents and Settings\Valued Customer\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2003/08/05 10:41:44 | 000,053,248 | ---- | M] (Sunplus) -- C:\WINDOWS\inf\ap561.exe
[2002/11/26 15:24:58 | 000,032,768 | ---- | M] () -- C:\WINDOWS\inf\Remove561.exe
[2002/10/29 17:07:44 | 000,036,864 | ---- | M] () -- C:\WINDOWS\inf\Setup8a.exe
[2002/11/22 14:56:52 | 000,118,784 | ---- | M] () -- C:\WINDOWS\inf\ShowBmp.exe
[2009/01/30 16:40:22 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/13 16:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 00:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 00:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 06:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 09:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/13 16:12:28 | 001,695,232 | -HS- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2004/08/04 00:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2004/08/04 00:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2004/08/04 00:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 00:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 00:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >
 
OTL Extras logfile created on: 1/2/2012 7:23:29 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Valued Customer\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.49 Gb Total Physical Memory | 0.93 Gb Available Physical Memory | 62.62% Memory free
2.09 Gb Paging File | 1.64 Gb Available in Paging File | 78.42% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 92.97 Gb Total Space | 45.87 Gb Free Space | 49.34% Space Free | Partition Type: NTFS

Computer Name: TOSHIBA-USER | User Name: Valued Customer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-1047134010-2963880323-4205995052-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" = C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe:*:Enabled:McAfee Data Backup
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer
"C:\Program Files\Java\jre1.6.0_03\bin\javaw.exe" = C:\Program Files\Java\jre1.6.0_03\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Documents and Settings\Valued Customer\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\Valued Customer\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack -- (magicJack L.P.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{991D8429-CFD9-48D9-BD85-6EDD3007B5A9}" = Corel WinDVD Pro 11
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{02EED746-8C5A-43C8-BB3D-D29C8B363A4D}" = TOSHIBA Zooming Utility
"{0C2AF762-0565-4C91-9F55-B8B53BB82A38}" = Microsoft Office Accounting 2008 Equifax Addin
"{0D80391C-0A72-43BB-9BC2-143F63CC111D}" = Nokia PC Connectivity Solution
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"{192A3445-56FC-47B3-B706-17D599E3B630}" = CalyxLoanBridge11
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217000FF}" = Java(TM) 7 Update 2
"{270940EA-C235-40D9-B2AE-2D450356DF8E}" = Microsoft Office Accounting 2008
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2DBE41DD-2129-4C65-A3D3-5647236A60F3}" = Quicken 2005
"{2E5C5BC1-9285-45DA-8885-29AFEA541C52}" = Setup
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0150010}" = J2SE Runtime Environment 5.0 Update 1
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{353D20CC-719B-4A60-AD33-D03F88C10330}" = Microsoft Office Accounting PayPal Addin
"{3A57482F-BEBC-47E4-ADA1-6302403C7E50}" = TOSHIBA Accessibility
"{3CA9D105-113C-11D8-AB3E-000102B0F79A}" = Readiris Pro 9
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{44B2E182-DD85-45FC-9F51-326B81D7C7F1}" = Fax
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{46614A49-222A-48EF-87A9-BFD603E608E1}" = Microsoft Office Accounting Fixed Asset Manager
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}" = TOSHIBA SD Memory Card Format
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{531317A5-586A-4E36-87C1-CA823447B375}" = Nokia PC Suite
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{5849AFE4-802B-4C4D-A79F-F988C2BB7A7F}" = Corel WinDVD
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5B30AA25-BF39-4BE4-8FEE-51938BAB214D}" = TurboTax 2008 wcaiper
"{5BCA8D15-BCB6-421E-9654-238B43456A4F}" = TOSHIBA Controls
"{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD 2010
"{5CD4F991-BA3E-4EC4-A7A1-EFB61F4D7291}" = Setup
"{5CF6EEE9-86B1-3DB6-A07C-8F6C079C39BA}" = Google Talk Plugin
"{5D5B9E6A-344C-4976-95AB-ABBDC648E5DA}" = Microsoft IntelliType Pro 5.2
"{5D96E2B1-D9AC-46E0-9073-425C5F63E338}" = Touch and Launch
"{5FA793A6-0071-42C1-9355-8F69A428C44F}" = Microsoft Office Accounting ADP Payroll Addin
"{5FF4A578-4588-4ACF-8317-7191FC45F3E1}" = TaxCut California 2007
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64635543-70E7-436D-8D6D-4A721595029E}" = Microsoft IntelliPoint 5.2
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6882DD11-33B8-4DEA-8305-7E765BF74BD3}" = Nokia Connectivity Cable Driver
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7900D3A6-A9E8-4954-ACCB-AB15867978BF}" = TOSHIBA Hotkey Utility
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{80977342-27E8-4FF7-8B6A-D8D89461DA7F}" = TouchPad On/Off Utility
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{82A34D1B-A36C-4B53-BFC8-2F3FDB32CFD9}" = IPM
"{82CE6B7B-9665-4E29-8CE0-DD993484B38D}" = Intel(R) PROSet/Wireless WiFi Software
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile
"{8B12BA86-ADAC-4BA6-B441-FFC591087252}" = TOSHIBA Virtual Sound
"{8C711818-076E-475C-B95B-DF11CD9D8DBE}" = Microsoft Office Accounting Equifax Addin
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{91A10409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9860A9CF-7E71-43AC-888F-0B4D3EA212D1}" = Roxio Burn Engine
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{991D8429-CFD9-48D9-BD85-6EDD3007B5A9}" = ICA
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2C82F57-F312-4525-A19C-40E228E09939}" = Setup
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A38D57D1-5F29-4691-B3DD-FE4B3A7B3AFE}" = TOSHIBA Power Saver
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{B0717D5A-1976-482B-9ADF-F19631A541A4}" = Microsoft Office Accounting 2007
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B391EECE-DFEA-4FC5-9D40-47FA43E2DBE6}" = Microsoft Office Accounting 2008 PayPal Addin
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{BA561482-C49D-4687-A61C-96236C1688F0}" = ArcSoft Software Suite
"{BAFFEF7F-08B3-45b3-B215-418175C4E9DD}" = c5200_Help
"{BE3F89C0-42D5-11D5-A40A-00105AC8331A}" = Toshiba Registration and Metamail Trust Architecture
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C26B5D96-2736-4B57-81A2-6F24BCD9A0CE}" = Peachtree Complete Accounting Educational Version 2006
"{C45F4811-31D5-4786-801D-F79CD06EDD85}" = SD Secure Module
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C85D63C7-2593-466B-B400-D5972F520054}" = UWICK Tectia Client
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF9A795B-2E4A-42D3-A4C4-333D5BF39350}" = TaxCut Premium + State + Efile 2007
"{DB0BB9FA-1B60-4036-8E29-3D56D8085256}" = WOT for Internet Explorer
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E3DF6916-2472-43D9-8B3C-9F2F0AAB01B5}" = Microsoft Office Accounting 2008 Fixed Asset Manager
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{ED23E382-E5E3-4E21-B616-01FC59A40916}" = OpenOffice.org 3.3
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F05E2B98-DA04-4FFA-8D08-DA218E6A2B47}" = Point
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F47B2DF8-35EC-4B51-B5F2-0E03EF5F51DA}" = TIxx21/x515
"{F48C6EA5-3B43-11D6-86A6-0050BA0259A2}" = Philips PC Camera
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"3271E907F27C989F2C244ACB3D32020E3DD3CA6F" = Windows Driver Package - Nokia Modem (06/12/2006 6.81.0.21)
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"AT&T Connection Services Software" = AT&T Connection Services Manager
"avast" = avast! Free Antivirus
"Belarc Advisor" = Belarc Advisor 8.1
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ESET Online Scanner" = ESET Online Scanner v3
"Exploring Human Development" = Exploring Human Development
"FileHippo.com" = FileHippo.com Update Checker
"Fn-esse" = TOSHIBA Fn-esse
"Foxit Reader_is1" = Foxit Reader 5.1
"Google Chrome" = Google Chrome
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{02EED746-8C5A-43C8-BB3D-D29C8B363A4D}" = TOSHIBA Zooming Utility
"InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"InstallShield_{2DBE41DD-2129-4C65-A3D3-5647236A60F3}" = Quicken 2005
"InstallShield_{3A57482F-BEBC-47E4-ADA1-6302403C7E50}" = TOSHIBA Accessibility
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{5BCA8D15-BCB6-421E-9654-238B43456A4F}" = TOSHIBA Controls
"InstallShield_{7900D3A6-A9E8-4954-ACCB-AB15867978BF}" = TOSHIBA Hotkey Utility
"InstallShield_{80977342-27E8-4FF7-8B6A-D8D89461DA7F}" = TouchPad On/Off Utility
"InstallShield_{A38D57D1-5F29-4691-B3DD-FE4B3A7B3AFE}" = TOSHIBA Power Saver
"InstallShield_{C26B5D96-2736-4B57-81A2-6F24BCD9A0CE}" = Peachtree Complete Accounting Educational Version 2006
"InstallShield_{F47B2DF8-35EC-4B51-B5F2-0E03EF5F51DA}" = Texas Instruments PCIxx21/x515 drivers.
"Lexmark Supplies Monitor" = Lexmark Supplies Monitor
"Lexmark Z25-Z35" = Lexmark Z25-Z35
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Office Accounting 2007" = Microsoft Office Accounting 2007
"Microsoft Office Accounting 2008" = Microsoft Office Accounting 2008
"Microsoft Office Accounting Equifax Addin" = Microsoft Office Accounting Equifax Addin
"Microsoft Office Accounting PayPal Addin" = Microsoft Office Accounting PayPal Addin
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 9.0.1 (x86 en-GB)" = Mozilla Firefox 9.0.1 (x86 en-GB)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyDefrag v4.3.1_is1" = MyDefrag v4.3.1
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Notebook_Maximizer" = Notebook Maximizer
"PC Diagnostic Tool" = TOSHIBA PC Diagnostic Tool
"Pdf995" = Pdf995 (installed by TaxCut)
"PdfEdit995" = PdfEdit995 (installed by TaxCut)
"ProInst" = Intel PROSet Wireless
"PROR" = Microsoft Office Professional 2007
"Revo Uninstaller" = Revo Uninstaller 1.92
"Samsung SCX-4x21 Series" = Samsung SCX-4x21 Series
"sat_screensaver_30mb.scr" = sat_screensaver_30mb
"Secunia PSI" = Secunia PSI (2.0.0.4003)
"SpywareBlaster_is1" = SpywareBlaster 4.5
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Toshiba Tbiosdrv Driver" = Toshiba Tbiosdrv Driver
"TTPlat" = Typing Tutor Platinum
"TurboTax 2008" = TurboTax 2008
"UnityWebPlayer" = Unity Web Player
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.1.11
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows Mobile Device Handbook" = Windows Mobile® Device Handbook
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Customizations" = Yahoo! Browser Services
"Yahoo! Internet Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"YInstHelper" = Yahoo! Install Manager

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1047134010-2963880323-4205995052-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"magicJack" = magicJack
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.8.1

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/30/2011 5:28:30 PM | Computer Name = TOSHIBA-USER | Source = MsiInstaller | ID = 10005
Description = Product: Adobe Shockwave Player 11.6 -- Error 2753.The File 'swdnld.exe'
is not marked for installation.

Error - 12/30/2011 5:42:57 PM | Computer Name = TOSHIBA-USER | Source = Application Error | ID = 1000
Description = Faulting application sat_sc~1.scr, version 7.0.1.0, faulting module
, version 0.0.0.0, fault address 0x00000000.

Error - 12/30/2011 8:46:57 PM | Computer Name = TOSHIBA-USER | Source = MSSQL$MSSMLBIZ | ID = 17207
Description = FCB::Open: Operating system error 32(The process cannot access the
file because it is being used by another process.) occurred while creating or opening
file 'c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\DATA\model.mdf'. Diagnose
and correct the operating system error, and retry the operation.

Error - 12/30/2011 8:46:57 PM | Computer Name = TOSHIBA-USER | Source = MSSQL$MSSMLBIZ | ID = 17204
Description = FCB::Open failed: Could not open file c:\Program Files\Microsoft SQL
Server\MSSQL.1\MSSQL\DATA\model.mdf for file number 1. OS error: 32(The process
cannot access the file because it is being used by another process.).

[ OSession Events ]
Error - 4/25/2008 12:57:35 AM | Computer Name = TOSHIBA-USER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 28 seconds with 0 seconds of active time. This session ended with a crash.

Error - 4/25/2008 1:08:48 AM | Computer Name = TOSHIBA-USER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 151 seconds with 60 seconds of active time. This session ended with a crash.

Error - 4/25/2008 1:37:00 PM | Computer Name = TOSHIBA-USER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 53 seconds with 0 seconds of active time. This session ended with a crash.

Error - 4/25/2008 1:57:25 PM | Computer Name = TOSHIBA-USER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 1045 seconds with 180 seconds of active time. This session ended with a
crash.

Error - 4/28/2008 3:37:46 AM | Computer Name = TOSHIBA-USER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 35 seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/5/2008 1:43:45 AM | Computer Name = TOSHIBA-USER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 13
seconds with 0 seconds of active time. This session ended with a crash.

Error - 12/5/2008 3:45:46 AM | Computer Name = TOSHIBA-USER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6324.5001, Microsoft Office Version: 12.0.6215.1000. This session lasted 5542
seconds with 5340 seconds of active time. This session ended with a crash.

Error - 4/14/2009 9:14:07 PM | Computer Name = TOSHIBA-USER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 4067
seconds with 3360 seconds of active time. This session ended with a crash.

Error - 5/5/2009 1:12:11 AM | Computer Name = TOSHIBA-USER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 7557
seconds with 2280 seconds of active time. This session ended with a crash.

Error - 8/26/2011 2:50:06 PM | Computer Name = TOSHIBA-USER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 51
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 1/2/2012 4:13:00 PM | Computer Name = TOSHIBA-USER | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 1/2/2012 4:13:00 PM | Computer Name = TOSHIBA-USER | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 1/2/2012 6:17:38 PM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7000
Description = The McAfee Real-time Scanner service failed to start due to the following
error: %%3

Error - 1/2/2012 6:19:05 PM | Computer Name = TOSHIBA-USER | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 1/2/2012 6:19:06 PM | Computer Name = TOSHIBA-USER | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 1/2/2012 6:19:06 PM | Computer Name = TOSHIBA-USER | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 1/2/2012 10:49:23 PM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7000
Description = The McAfee Real-time Scanner service failed to start due to the following
error: %%3

Error - 1/2/2012 10:50:54 PM | Computer Name = TOSHIBA-USER | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 1/2/2012 10:50:55 PM | Computer Name = TOSHIBA-USER | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 1/2/2012 10:50:55 PM | Computer Name = TOSHIBA-USER | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.


< End of report >
 
Other than the post above your last one, I think this pc is better. No more security balloon saying Windows Update is turned off.
 
I'll let you know about those programs later.

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :OTL
    SRV - File not found [On_Demand | Stopped] -- -- (McSysmon)
    SRV - File not found [Unknown | Stopped] -- -- (McShield)
    O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O4 - HKU\S-1-5-21-1047134010-2963880323-4205995052-1005..\Run: [DW6] File not found
    O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Reg Error: Key error.)
    O33 - MountPoints2\{84db0188-c8e1-11dd-9eb5-0012f0c0147c}\Shell - "" = AutoRun
    O33 - MountPoints2\{84db0188-c8e1-11dd-9eb5-0012f0c0147c}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{84db0188-c8e1-11dd-9eb5-0012f0c0147c}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
    O33 - MountPoints2\{84db018c-c8e1-11dd-9eb5-0012f0c0147c}\Shell - "" = AutoRun
    O33 - MountPoints2\{84db018c-c8e1-11dd-9eb5-0012f0c0147c}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{84db018c-c8e1-11dd-9eb5-0012f0c0147c}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
    O33 - MountPoints2\{fe2725ad-09e3-11dd-9df0-00038a000015}\Shell - "" = AutoRun
    O33 - MountPoints2\{fe2725ad-09e3-11dd-9df0-00038a000015}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{fe2725ad-09e3-11dd-9df0-00038a000015}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
    O33 - MountPoints2\I\Shell - "" = AutoRun
    O33 - MountPoints2\I\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
    [2011/12/28 18:30:02 | 000,015,558 | -HS- | M] () -- C:\Documents and Settings\Valued Customer\Local Settings\Application Data\4u846qxj504fh484633v7ml6mw51nv02333j370
    [2011/12/28 18:30:02 | 000,015,558 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\4u846qxj504fh484633v7ml6mw51nv02333j370
    [2005/05/23 13:49:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2007/02/14 12:10:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\Viewpoint
    [2005/08/10 09:43:20 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 1.job
    [2005/08/10 09:43:21 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 2.job
    [2005/08/10 09:43:22 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 3.job
    @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
    
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

===============================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
All processes killed
========== OTL ==========
Service McSysmon stopped successfully!
Service McSysmon deleted successfully!
Error: No service named McShield was found to stop!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\McShield deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{BA52B914-B692-46c4-B683-905236F6F655} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA52B914-B692-46c4-B683-905236F6F655}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-1047134010-2963880323-4205995052-1005\Software\Microsoft\Windows\CurrentVersion\Run\\DW6 deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{84db0188-c8e1-11dd-9eb5-0012f0c0147c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84db0188-c8e1-11dd-9eb5-0012f0c0147c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{84db0188-c8e1-11dd-9eb5-0012f0c0147c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84db0188-c8e1-11dd-9eb5-0012f0c0147c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{84db0188-c8e1-11dd-9eb5-0012f0c0147c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84db0188-c8e1-11dd-9eb5-0012f0c0147c}\ not found.
File E:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{84db018c-c8e1-11dd-9eb5-0012f0c0147c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84db018c-c8e1-11dd-9eb5-0012f0c0147c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{84db018c-c8e1-11dd-9eb5-0012f0c0147c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84db018c-c8e1-11dd-9eb5-0012f0c0147c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{84db018c-c8e1-11dd-9eb5-0012f0c0147c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84db018c-c8e1-11dd-9eb5-0012f0c0147c}\ not found.
File E:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe2725ad-09e3-11dd-9df0-00038a000015}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fe2725ad-09e3-11dd-9df0-00038a000015}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe2725ad-09e3-11dd-9df0-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fe2725ad-09e3-11dd-9df0-00038a000015}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe2725ad-09e3-11dd-9df0-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fe2725ad-09e3-11dd-9df0-00038a000015}\ not found.
File F:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ not found.
File I:\LaunchU3.exe -a not found.
C:\Documents and Settings\Valued Customer\Local Settings\Application Data\4u846qxj504fh484633v7ml6mw51nv02333j370 moved successfully.
C:\Documents and Settings\All Users\Application Data\4u846qxj504fh484633v7ml6mw51nv02333j370 moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9Plus folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\Welcome\BH00 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\Welcome folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\AxMetaStream_Win folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.
C:\Documents and Settings\Valued Customer\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03 folder moved successfully.
C:\Documents and Settings\Valued Customer\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02 folder moved successfully.
C:\Documents and Settings\Valued Customer\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01 folder moved successfully.
C:\Documents and Settings\Valued Customer\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00 folder moved successfully.
C:\Documents and Settings\Valued Customer\Application Data\Viewpoint\Viewpoint Experience Technology\Resources folder moved successfully.
C:\Documents and Settings\Valued Customer\Application Data\Viewpoint\Viewpoint Experience Technology folder moved successfully.
C:\Documents and Settings\Valued Customer\Application Data\Viewpoint folder moved successfully.
C:\WINDOWS\Tasks\Registration reminder 1.job moved successfully.
C:\WINDOWS\Tasks\Registration reminder 2.job moved successfully.
C:\WINDOWS\Tasks\Registration reminder 3.job moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 5559127 bytes
->Temporary Internet Files folder emptied: 8268543 bytes
->Java cache emptied: 13689516 bytes
->Flash cache emptied: 405 bytes

User: All Users
->Flash cache emptied: 141 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 56475 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 6397453 bytes
->Flash cache emptied: 343 bytes

User: NetworkService
->Temp folder emptied: 2965504 bytes
->Temporary Internet Files folder emptied: 1630750 bytes

User: Valued Customer
->Temp folder emptied: 408228979 bytes
->Temporary Internet Files folder emptied: 12752083 bytes
->Java cache emptied: 22458288 bytes
->FireFox cache emptied: 57036751 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 57092 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 4980753 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 947733 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 103964464 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 134019 bytes

Total Files Cleaned = 619.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService

User: Valued Customer
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 01022012_203725

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_c20.dat not found!
C:\Documents and Settings\Valued Customer\Local Settings\Temp\WCESLog.log moved successfully.
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...
 
Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Free Antivirus
ESET Online Scanner v3
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

SpywareBlaster 4.5
Spybot - Search & Destroy
SUPERAntiSpyware
Secunia PSI (2.0.0.4003)
CCleaner
Java(TM) 6 Update 29
Java(TM) 7 Update 2
Out of date Java installed!
Adobe Flash Player 11.1.102.55
Adobe Reader X (10.1.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 avastUI.exe
``````````End of Log````````````
 
Although I did not download/install the previously mentioned MS update, I see it is no longer shown on the shutdown/reboot option.
 
Back