Solved Random sounds playing on Vista Home Premium

Arfer

Posts: 22   +0
Hi all,
Have been given a friend's Japanese Vista Home Premium to have a look at.
It plays out random sounds...
I have run Microsoft Security Essentials which comes back clean, as does Spybot.
I have attached Malwarebytes, SuperAntiSpyware and HIjackthis logs.
Really need some help on this one,
TIA for any help offered,
Arfer
 

Attachments

  • mbam-log-2011-11-12 (01-57-47).txt
    899 bytes · Views: 0
  • SUPERAntiSpyware Scan Log - 11-12-2011 - 02-48-33.log
    106.9 KB · Views: 0
  • hijackthis.log
    14.2 KB · Views: 0
Welcome aboard
yahooo.gif


Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
New - Random sounds playing on Vista Home Premium

Hi Broni,
thanks again so much for your time and expertise with this,
ps. in case you see non English in the logs, the machine is , Japanese Keyboard and Language.
As well as the random sounds, I have been trying to make restore points this morning without success, that also appears to be affected......
Have all the logs ready so here goes with Malwarebytes....

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8198

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

2011/11/20 19:48:48
mbam-log-2011-11-20 (19-48-48).txt

Scan type: Quick scan
Objects scanned: 172616
Time elapsed: 5 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
Gmer Log

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-11-20 21:31:46
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0
Running: gmer.exe; Driver: C:\Users\JONATH~1\AppData\Local\Temp\afxcykod.sys


---- Processes - GMER 1.0.15 ----

Process IMJPCMNT.EXE (*** hidden *** ) 2544

---- EOF - GMER 1.0.15 ----
 
DDS.txt Log

DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by jonathan taylor at 21:56:39 on 2011-11-20
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Fingerprint Sensor\AtService.exe
C:\Program Files\Softex\OmniPass\OmniServ.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fujitsu\NetworkPlayer\Kernel\DMP\CLHNService.exe
c:\Program Files\Fujitsu\DustSolution\FJDService.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Fujitsu\NetworkPlayer Server\NetworkPlayerServer.exe
c:\Windows\system32\o2flash.exe
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files\FUJITSU\Plugfree NETWORK\PFNService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\PSIService.exe
C:\Program Files\Fujitsu\PowerUtility\schedule\PUSCSRVC.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Fujitsu\chitose\updnvsrv.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\fjuty\sptnavi\EzSptBtn4.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
C:\Program Files\Softex\OmniPass\opvapp.exe
C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPCMNT.EXE
C:\Program Files\Fujitsu\PowerUtility\schedule\PUSCKAPLEXE.exe
C:\Program Files\Softex\OmniPass\scureapp.exe
C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\CyberLink\AVCHD Player\PCMAgent.exe
C:\Program Files\CyberLink\AVCHD Player\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Fujitsu\DustSolution\HokoriApp.exe
C:\Program Files\Fujitsu\IndicatorUtility\IndicatorUty.exe
C:\Program Files\Fujitsu\Fujitsu Quick Touch\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Fujitsu\PowerUtility\schedule\PUSCDaemon.exe
C:\Program Files\Corel\Corel MyPhoto\Corel Photo Downloader.exe
C:\Program Files\Fujitsu\NetworkPlayer Server\NetworkPlayerServerHelper.exe
C:\Program Files\Fujitsu\PowerUtility\schedule\PUSCHOOK.exe
C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Fujitsu\chitose\updatenv.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SetPoint\SetPoint.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHndHkb.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Fujitsu\Plugfree NETWORK\PFNetDm.EXE
C:\Windows\system32\wbem\wmiprvse.exe
c:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fujitsu\Plugfree NETWORK\PFNTray.EXE
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://home.bt.yahoo.com/
mStart Page = hxxp://www.yahoo.com
mDefault_Page_URL = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = about:blank
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Yahooo Search Protection: {25bc7718-0bfa-40ea-b381-4b2d9732d686} - c:\program files\yahoo!\search protection\ysp.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Toolbar Browser Helper Objects: {b37b14b8-699f-4002-9254-d1ab00fd07b5} - c:\program files\@nifty toolbar\nbho.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: AzbyClubƒc[ƒ‹ƒo[(&A): {3db1c21b-a7e0-4c3f-b39e-e00dd8792d90} - c:\program files\@nifty toolbar\ntoolbar.dll
TB: BT Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [FLAB_FirstInput]
uRun: [Sidebar] c:\program files\windows sidebar\Sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [EzSptBtn] c:\fjuty\sptnavi\EzSptBtn4.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [ATSwpNav] "c:\program files\fingerprint sensor\ATSwpNav" -run
mRun: [TvOutSwitch] c:\program files\fujitsu\dispswitch\DispSwitchLauncher.exe
mRun: [PUSCKAPLEXE] c:\program files\fujitsu\powerutility\schedule\PUSCKAPLEXE.exe
mRun: [IME JPN 2007 Migration] c:\progra~1\common~1\micros~1\ime12\imejp\IMJPKLMG.EXE /Preload
mRun: [PfNet] c:\program files\fujitsu\plugfree network\PFNet.exe /r
mRun: [OmniPass] c:\program files\softex\omnipass\scureapp.exe
mRun: [HTC Sync Loader] "c:\program files\htc\htc sync 3.0\htcUPCTLoader.exe" -startup
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [LoadFUJ02E3] c:\program files\fujitsu\fuj02e3\FUJ02E3.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [PCMAgent] "c:\program files\cyberlink\avchd player\PCMAgent.exe"
mRun: [CLMLServer] "c:\program files\cyberlink\avchd player\kernel\clml\CLMLSvc.exe"
mRun: [FJDust] c:\program files\fujitsu\dustsolution\HokoriApp.exe
mRun: [IndicatorUtility] c:\program files\fujitsu\indicatorutility\IndicatorUty.exe
mRun: [LoadFujitsuQuickTouch] c:\program files\fujitsu\fujitsu quick touch\QuickTouch.exe
mRun: [LoadBtnHnd] c:\program files\fujitsu\btnhnd\BtnHnd.exe
mRun: [LoadPUSCDaemon] c:\program files\fujitsu\powerutility\schedule\PUSCDaemon.exe
mRun: [UVS11 Preload] c:\program files\corel\dvd moviewriter for fujitsu\movie wizard\uvPL.exe
mRun: [Corel Photo Downloader] "c:\program files\corel\corel myphoto\Corel Photo Downloader.exe" -startup
mRun: [NetTVViewerAgent] "c:\program files\fujitsu\net tv viewer\NetTVViewerAgent.exe"
mRun: [NetworkPlayerServerHelper] c:\program files\fujitsu\networkplayer server\NetworkPlayerServerHelper.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [btbb_McciTrayApp] "c:\program files\bt broadband desktop help\btbb\BTHelpNotifier.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Skytel] c:\program files\realtek\audio\hda\Skytel.exe
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [FJUPDNV_Chitose] c:\program files\fujitsu\chitose\updatenv.exe
StartupFolder: c:\users\jonath~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\setpoint.lnk - c:\program files\setpoint\SetPoint.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: @nifty: @search‚ÅŒŸõ - c:\program files\@nifty toolbar\ntoolbar.dll/atsearch.htm
IE: @nifty: ƒy[ƒW‚ð“ú–{Œê‚É–|–ó - c:\program files\@nifty toolbar\ntoolbar.dll/en_to_jp.htm
IE: @nifty: ‘I‘ð”͈͂ð“ú–{Œê‚É–|–ó - c:\program files\@nifty toolbar\ntoolbar.dll/en_to_jp_txt.htm
IE: Google ƒTƒCƒhƒEƒBƒL... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Microsoft Excel ‚ɃGƒNƒXƒ|[ƒg(&X) - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{3CA30D41-91D0-4B05-BDBE-C9CACC48310C} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{8C442C9F-D794-4541-A0F1-1F6F843CA73D} : DhcpNameServer = 192.168.1.254
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\570\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
.
============= SERVICES / DRIVERS ===============
.
R0 FBIOSDRV;FBIOSDRV;c:\windows\system32\drivers\FBIOSDRV.SYS [2009-2-23 8960]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKsla2bdefda;MpKsla2bdefda;c:\programdata\microsoft\microsoft antimalware\definition updates\{05d0e893-510e-4eb4-868a-4b3976fcbbc2}\MpKsla2bdefda.sys [2011-11-20 28752]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2008-10-20 1664248]
R2 CLHNService3;CLHNService3;c:\program files\fujitsu\networkplayer\kernel\dmp\CLHNService.exe [2009-2-23 81920]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2010-10-20 821664]
R2 FjDstService;FjDstService;c:\program files\fujitsu\dustsolution\FJDService.exe [2007-11-21 62760]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 NetworkPlayer Server;NetworkPlayer Server;c:\program files\fujitsu\networkplayer server\NetworkPlayerServer.exe [2009-2-23 86016]
R2 ntk3;ntk3;c:\program files\fujitsu\networkplayer\kernel\dmp\ntk3.sys [2009-2-23 120048]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2010-9-16 80896]
R2 PFNService;PFNService;c:\program files\fujitsu\plugfree network\PFNService.exe [2009-2-23 213800]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-11-1 1153368]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2010-9-14 508264]
R2 UpdateNaviInstallService;UpdateNaviInstallService;c:\program files\fujitsu\chitose\updnvsrv.exe [2011-6-16 12800]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2008-10-20 478720]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [2009-2-23 5632]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-2-23 112128]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-2-5 47448]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2008-8-12 43808]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2010-9-14 577384]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2010-9-14 194408]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2010-9-14 21864]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2010-9-14 19304]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2010-9-14 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google ƒAƒbƒvƒf[ƒg ƒT[ƒrƒX (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-13 135664]
S3 gupdatem;Google Update ƒT[ƒrƒX (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-13 135664]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-6-10 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-23 23040]
S3 MatSvc;ƒ}ƒCƒNƒƒ\ƒtƒgf’fƒ\ƒŠƒ…[ƒVƒ‡ƒ“;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
S3 NisSrv;Microsoft ƒlƒbƒgƒ[ƒNŒŸ¸;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 putlrsrv;PowerUtility Remote Power Management Service;c:\progra~1\fujitsu\poweru~1\remote\PUTLRSRV.exe [2008-2-5 84520]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-11-1 27192]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WSDPrintDevice;UMB ‚ðŒo—R‚µ‚½ WSD ˆóüƒTƒ|[ƒg;c:\windows\system32\drivers\WSDPrint.sys [2008-1-21 16896]
.
=============== Created Last 30 ================
.
2011-11-20 11:55:17 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{05d0e893-510e-4eb4-868a-4b3976fcbbc2}\MpKsla2bdefda.sys
2011-11-20 11:55:15 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{05d0e893-510e-4eb4-868a-4b3976fcbbc2}\offreg.dll
2011-11-20 11:55:12 6668624 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{05d0e893-510e-4eb4-868a-4b3976fcbbc2}\mpengine.dll
2011-11-20 10:17:41 -------- d-----w- c:\program files\Windows Portable Devices
2011-11-20 10:14:40 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2011-11-20 10:14:40 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2011-11-20 10:14:39 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2011-11-20 10:10:53 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2011-11-20 10:10:53 252928 ----a-w- c:\windows\system32\dxdiag.exe
2011-11-20 10:10:53 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2011-11-20 10:10:52 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2011-11-20 10:10:52 519680 ----a-w- c:\windows\system32\d3d11.dll
2011-11-20 10:10:52 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2011-11-20 10:10:52 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2011-11-20 09:57:13 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-11-20 09:57:13 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-11-20 09:57:13 293376 ----a-w- c:\windows\system32\psisdecd.dll
2011-11-20 09:57:13 217088 ----a-w- c:\windows\system32\psisrndr.ax
2011-11-20 09:57:12 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-11-20 09:57:08 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-20 09:55:56 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-11-20 09:55:55 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-11-20 09:55:54 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-11-20 09:55:53 913280 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-20 09:55:53 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-11-20 09:55:53 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2011-11-20 09:55:44 231424 ----a-w- c:\windows\system32\msshsq.dll
2011-11-20 09:34:21 -------- d-----w- c:\windows\system32\vi-VN
2011-11-20 09:34:21 -------- d-----w- c:\windows\system32\eu-ES
2011-11-20 09:34:21 -------- d-----w- c:\windows\system32\ca-ES
2011-11-20 09:31:49 -------- d-----w- c:\windows\system32\SPReview
2011-11-19 21:10:27 -------- d-----w- C:\Temp
2011-11-19 18:38:15 -------- d-----w- c:\users\jonathan taylor\appdata\local\FixItCenter
2011-11-19 16:03:36 -------- d-----w- c:\users\jonathan taylor\appdata\local\•xŽm’ÊŠ”Ž®‰ïŽÐ
2011-11-11 17:54:20 388096 ----a-r- c:\users\jonathan taylor\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-11-11 17:54:19 -------- d-----w- c:\program files\Trend Micro
2011-11-11 17:02:27 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-11-11 16:50:22 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-06 18:25:02 -------- d-----w- c:\windows\Hewlett-Packard
2011-11-04 15:04:41 -------- d-----w- C:\HPAppData
2011-11-01 21:52:47 6668624 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-11-01 13:18:46 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-11-01 13:18:46 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-11-01 12:41:56 -------- d-----w- c:\program files\OpenOffice.org 3
2011-11-01 08:19:50 -------- d-----w- c:\windows\MATS
2011-11-01 08:19:49 -------- d-----w- c:\program files\Microsoft Fix it Center
2011-11-01 07:37:00 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-31 21:32:09 -------- d-----w- c:\program files\CCleaner
2011-10-31 20:33:24 703824 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{88ffea9b-adc9-41a2-987a-f293c4ae4733}\gapaengine.dll
2011-10-31 20:24:59 -------- d-----w- c:\windows\system32\EventProviders
2011-10-31 20:09:16 355832 ----a-w- c:\program files\internet explorer\pdm.dll
2011-10-31 20:09:16 265720 ----a-w- c:\program files\internet explorer\msdbg2.dll
2011-10-31 19:54:51 -------- d-----w- c:\program files\Microsoft Security Client
2011-10-31 19:54:28 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2011-10-31 18:55:58 -------- d-----w- c:\users\jonathan taylor\appdata\local\VS Revo Group
2011-10-31 18:55:52 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2011-10-31 18:55:49 -------- d-----w- c:\program files\VS Revo Group
2011-10-31 17:29:36 -------- d-----w- c:\programdata\Malwarebytes
2011-10-28 15:09:49 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{9c67d16d-d52a-4f11-a358-7d91147d82d2}\mpengine.dll
2011-10-23 10:08:52 -------- d-----w- c:\programdata\Citrix
2011-10-23 10:08:25 -------- d-----w- c:\users\jonathan taylor\appdata\local\Citrix
2011-10-23 10:08:23 103784 ----a-w- c:\users\jonathan taylor\GoToAssistDownloadHelper.exe
2011-10-23 10:08:06 -------- d-----w- c:\users\jonathan taylor\appdata\local\Deployment
2011-10-23 10:08:06 -------- d-----w- c:\users\jonathan taylor\appdata\local\Apps
.
==================== Find3M ====================
.
2011-11-20 10:10:53 4096 ----a-w- c:\windows\system32\drivers\ja-jp\dxgkrnl.sys.mui
2011-08-25 16:15:04 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-08-25 16:14:01 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-25 16:14:01 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-08-25 13:31:01 4096 ----a-w- c:\windows\system32\oleaccrc.dll
.
============= FINISH: 21:57:17.89 ===============
 
DDS Attach Log

DDS (Ver_2011-06-23.01)
.
.
Motherboard: FUJITSU | | FJNB201
Processor: Intel(R) Core(TM)2 Duo CPU P8700 @ 2.53GHz | Onboard | 2533/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 100 GiB total, 58.037 GiB free.
D: is FIXED (NTFS) - 349 GiB total, 341.767 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
.

Update for Microsoft Office 2007 (KB2508958)
—‚e‚s‚o
@nifty‚Ńuƒ[ƒhƒoƒ“ƒh
—ƒtƒHƒgƒŒƒ^ƒbƒ`
—ƒ[ƒ‹
—ƒƒjƒ…[
—‰f‘œŠÙ
32 Bit HP CIO Components Installer
3D MediaSurfing
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.1)
ALPS Touch Pad Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATLAS –|–óƒp[ƒ\ƒiƒ‹ 2008 LE
AuthenTec Fingerprint Software
AzbyClubƒKƒWƒFƒbƒgƒvƒƒOƒ‰ƒ€
AzbyClubƒc[ƒ‹ƒo[
BIBLOƒ‰ƒ“ƒvÝ’è
Big City Adventure Vancouver
Bonjour
BT Broadband Desktop Help
BT Yahoo! Toolbar
BTHomeHub
BufferChm
C309a
CardRecovery 5.30
Casino Island To Go
Catan - The Computer Game
CCleaner
CDDRV_Installer
Cribbage Quest
CyberLink AVCHD Player
Destinations
DeviceDiscovery
Direct DiscRecorder
DocProc
Drawn The Painted Tower
DVD MovieWriter for FUJITSU
Fax
FM ‚©‚ñ‚½‚ñƒoƒbƒNƒAƒbƒv
FMVƒTƒ|[ƒgƒiƒr
FMVƒXƒNƒŠ[ƒ“ƒZ[ƒo[
FMVƒ†[ƒU[“o˜^
‚e‚l‚u‰æ–Ê‚ÅŒ©‚éƒ}ƒjƒ…ƒAƒ‹
FMVŽ«‘ƒZƒbƒg(LŽ«‰‘‘æ˜Z”Å+Œ»‘ã—pŒê‚ÌŠî‘b’mŽ¯+ŠwŒ¤ƒp[ƒ\ƒiƒ‹“‡Ž«“T)
FoxTab PDF Converter
Fujitsu Display Manager
GAMEPACK2009F
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist Corporate
Governor of Poker
GPBaseService2
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 13.0
HP Imaging Device Functions 13.0
HP Photosmart C309a All-In-One Driver 14.0 Rel. 5
HP Photosmart Essential 3.5
HP Smart Web Printing 4.60
HP Solution Center 13.0
HP Update
HPDiagnosticAlert
HPPhotoGadget
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotosmartEssential
HPProductAssistant
HPSSupply
HTC BMP USB Driver
HTC Driver Installer
HTC Sync
IndicatorUtility
InspiriumŽ«‘ŒŸõƒ‰ƒCƒuƒ‰ƒŠ
Inst5671
Intel(R) Graphics Media Accelerator Driver
Internet Explorer (Enable DEP)
its-moNavi PC
iTunes
Java Auto Updater
Java(TM) 6 Update 29
KhalInstallWrapper
Luxor Quest for the Afterlife
MarketResearch
Microsoft .NET Framework 3.5 Language Pack SP1 - jpn
Microsoft .NET Framework 3.5 Language Pack SP1 - “ú–{Œê
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile JPN Language Pack
Microsoft .NET Framework 4 Client Profile Language Pack - “ú–{Œê
Microsoft Antimalware
Microsoft Antimalware Service JA-JP Language Pack
Microsoft Fix it Center
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Click-to-Run 2010
Microsoft Office Excel 2007 Help XVƒvƒƒOƒ‰ƒ€ (KB963678)
Microsoft Office Excel MUI (Japanese) 2007
Microsoft Office File Validation Add-In
Microsoft Office IME (Japanese) 2007
Microsoft Office Outlook 2007 Help XVƒvƒƒOƒ‰ƒ€ (KB963677)
Microsoft Office Outlook MUI (Japanese) 2007
Microsoft Office Personal 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (Japanese) 2007
Microsoft Office Proofing (Japanese) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (Japanese) 2007
Microsoft Office Word 2007 Help XVƒvƒƒOƒ‰ƒ€ (KB963665)
Microsoft Office Word MUI (Japanese) 2007
Microsoft Security Client
Microsoft Security Client JA-JP Language Pack
Microsoft Security Essentials
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mirror Mysteries
MovieWizard
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
muveeNow 2.2
MyBookEditor3
NBC Heads-Up Poker
Network
NetworkPlayer
NetworkPlayer ƒT[ƒo[
O2Micro Flash Memory Card Windows Driver
OCR Software by I.R.I.S. 13.0
OmniPass 6.00.28
OpenOffice.org 3.3
Pat Sajak’s Lucky Letters
PC抷ƒKƒCƒh
Plugfree NETWORK
Poker Pop
Poker Superstars III
PowerUtility - ƒXƒPƒWƒ…[ƒ‹‹@”\
PowerUtility - ƒŠƒ‚[ƒgŠÇ—‹@”\
PS_AIO_05_C309_Software_Min
QuickTime
Rainbow Web
Realtek High Definition Audio Driver
Revo Uninstaller Pro 2.5.5
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Creator LJ
Scan
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2553074)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile Language Pack - “ú–{Œê (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile Language Pack - “ú–{Œê (KB2518870)
Security Update for Microsoft Office Excel 2007 (KB2553073)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Serif DrawPlus 8
Serif DrawPlus 8 Resources
Serif ImpactPlus 5.0
Serif ImpactPlus 5.0 Resource CD-ROM
Serif PagePlus 11
Serif PagePlus 11 Resources
SetPoint
Shop for HP Supplies
Skype Toolbars
Skype? 5.3
SmartWebPrinting
SolutionCenter
Spybot - Search & Destroy
Status
Tiks Texas Hold em
Toolbox
TrayApp
Undeleter
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Outlook 2007 Junk Email Filter (KB2596560)
WebReg
WinDVD for FUJITSU
Yahoo! BrowserPlus 2.9.8
Yahoo! Messenger
Yahoo! Search Protection
Yahoo! Software Update
ƒAƒbƒvƒf[ƒgƒiƒr
‚¤‚ꂵƒŒƒVƒs
‚¨Žè“ü‚êƒiƒr
‚©‚ñ‚½‚ñ•ÒW for FUJITSU
ƒZƒLƒ…ƒŠƒeƒB‘Îôƒ\ƒtƒg‘I‘ð
‚Ä‚«‚Ï‚«‰ÆŒv•ëƒ}ƒ€‚U
ƒeƒŒƒro—̓†[ƒeƒBƒŠƒeƒB
ƒlƒbƒgƒeƒŒƒrƒrƒ…[ƒA[
ƒpƒ\ƒRƒ“€”õ‚΂Á‚¿‚èƒKƒCtƒgØ‚è‘Ö‚¦ƒc[ƒ‹
‚ä‚Á‚½‚èÝ’è‚Q
‚ç‚*‚ç‚*ƒY[ƒ€
‚ç‚*‚ç‚*Žè‘‚«“ü—Í
ƒƒ“ƒ^ƒbƒ`ƒ{ƒ^ƒ“Ý’è
ŽžŽ–’ÊMŽÐ@ˆãŠwEŒ’NƒRƒ“ƒeƒ“ƒc
抷ˆÄ“à
抷ˆÄ“à —·”︎Z
“dŽqŽ«‘
”]—̓gƒŒ[ƒi[
•xŽm’ʃfƒoƒCƒXÄŒŸoƒc[ƒ‹
•xŽm’ʃ‚ƒrƒŠƒeƒBƒZƒ“ƒ^[Šg’£
•xŽm’ÊŠg’£‹@”\ƒ†[ƒeƒBƒŠƒeƒB
•xŽm’Ê‹N“®ƒ†[ƒeƒBƒŠƒeƒB
•ÇŽ†‚©‚ñ‚½‚ñ–Í—l‘Ö‚¦
.
==== End Of File ===========================
 
Broni clearly states this:

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

Please do as asked. I am going to close this thread. He can have the 2 threads merged.
 
Reopened.

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan:


On completion of the scan click "Save log", save it to your desktop and post in your next reply:


NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

============================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
aswMBR Log

Thanks Broni, here's the aswMBR Log. I will send ComboFix ASAP, thanks again :)


aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-21 05:18:25
-----------------------------
05:18:25.986 OS Version: Windows 6.0.6002 Service Pack 2
05:18:25.986 Number of processors: 2 586 0x170A
05:18:25.987 ComputerName: JONATHANTAYL-PC UserName: jonathan taylor
05:18:26.456 Initialize success
05:20:11.293 AVAST engine defs: 11112001
05:20:50.460 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
05:20:50.463 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
05:20:50.478 Disk 0 MBR read successfully
05:20:50.481 Disk 0 MBR scan
05:20:50.495 Disk 0 Windows XP default MBR code
05:20:50.499 Disk 0 scanning sectors +976771072
05:20:50.596 Disk 0 scanning C:\Windows\system32\drivers
05:21:05.194 Service scanning
05:21:05.714 Service MpKsl929dd1cc C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6CC33874-0A86-40C3-833B-9C68E514DA80}\MpKsl929dd1cc.sys **LOCKED** 32
05:21:05.717 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
05:21:06.312 Modules scanning
05:21:13.514 Disk 0 trace - called modules:
05:21:13.542 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
05:21:13.546 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x863c4148]
05:21:13.550 3 CLASSPNP.SYS[8a5a38b3] -> nt!IofCallDriver -> [0x84f1e2f0]
05:21:13.553 5 acpi.sys[806986bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x858d7028]
05:21:14.180 AVAST engine scan C:\Windows
05:21:16.910 AVAST engine scan C:\Windows\system32
05:24:24.459 AVAST engine scan C:\Windows\system32\drivers
05:24:54.919 AVAST engine scan C:\Users\jonathan taylor
05:30:24.519 AVAST engine scan C:\ProgramData
05:32:45.503 Scan finished successfully
05:33:33.147 Disk 0 MBR has been saved successfully to "C:\Users\jonathan taylor\Desktop\MBR.dat"
05:33:33.154 The log file has been saved successfully to "C:\Users\jonathan taylor\Desktop\aswMBR.txt"
 
ComboFix Log

ComboFix 11-11-20.01 - jonathan taylor 2011/11/21 5:42.1.2 - x86
Running from: c:\users\jonathan taylor\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\HP ƒ\ƒŠƒ…[ƒVƒ‡ƒ“ ƒZƒ“ƒ^[ .lnk
c:\programdata\ntuser.dat
c:\users\jonathan taylor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore
c:\users\jonathan taylor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore\Uninstall System Restore.lnk
c:\users\jonathan taylor\GoToAssistDownloadHelper.exe
c:\windows\IsUn0411.exe
c:\windows\security\Database\tmp.edb
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_COMSysApp
.
.
((((((((((((((((((((((((( Files Created from 2011-10-20 to 2011-11-20 )))))))))))))))))))))))))))))))
.
.
2011-11-20 20:49 . 2011-11-20 20:49 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6E220197-AEA9-4DE9-8BB8-E06815C3DD3F}\offreg.dll
2011-11-20 20:47 . 2011-11-20 20:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-20 20:24 . 2011-10-17 17:28 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6E220197-AEA9-4DE9-8BB8-E06815C3DD3F}\mpengine.dll
2011-11-20 10:17 . 2011-11-20 10:17 -------- d-----w- c:\program files\Windows Portable Devices
2011-11-20 10:14 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2011-11-20 10:14 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2011-11-20 10:14 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2011-11-20 10:10 . 2011-11-20 10:10 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2011-11-20 10:10 . 2011-11-20 10:10 252928 ----a-w- c:\windows\system32\dxdiag.exe
2011-11-20 10:10 . 2011-11-20 10:10 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2011-11-20 10:10 . 2011-11-20 10:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2011-11-20 10:10 . 2011-11-20 10:10 519680 ----a-w- c:\windows\system32\d3d11.dll
2011-11-20 10:10 . 2011-11-20 10:10 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2011-11-20 10:10 . 2011-11-20 10:10 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2011-11-20 09:57 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll
2011-11-20 09:57 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax
2011-11-20 09:57 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-11-20 09:57 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-11-20 09:57 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-11-20 09:57 . 2011-07-11 13:25 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-20 09:55 . 2011-06-20 08:54 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-11-20 09:55 . 2011-06-20 08:54 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-11-20 09:55 . 2011-09-06 13:30 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-11-20 09:55 . 2011-09-20 21:02 913280 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-20 09:55 . 2011-09-20 13:44 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2011-11-20 09:55 . 2011-06-17 16:03 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-11-20 09:55 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2011-11-20 09:34 . 2011-11-20 09:34 -------- d-----w- c:\windows\system32\ca-ES
2011-11-20 09:34 . 2011-11-20 09:34 -------- d-----w- c:\windows\system32\eu-ES
2011-11-20 09:34 . 2011-11-20 09:34 -------- d-----w- c:\windows\system32\vi-VN
2011-11-20 09:31 . 2011-11-20 09:31 -------- d-----w- c:\windows\system32\SPReview
2011-11-19 21:10 . 2011-11-19 21:10 -------- d-----w- C:\Temp
2011-11-19 18:55 . 2011-11-20 20:48 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\SoftGrid Client
2011-11-19 18:55 . 2011-11-19 18:55 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Apple Computer
2011-11-19 16:03 . 2011-11-19 16:03 -------- d-----w- c:\users\jonathan taylor\AppData\Local\•xŽm’ÊŠ”Ž®‰ïŽÐ
2011-11-16 17:11 . 2011-11-16 17:11 -------- d-----w- c:\programdata\WindowsSearch
2011-11-11 17:54 . 2011-11-11 17:54 388096 ----a-r- c:\users\jonathan taylor\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-11 17:54 . 2011-11-11 17:54 -------- d-----w- c:\program files\Trend Micro
2011-11-11 17:02 . 2011-11-11 17:02 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-11-11 16:50 . 2011-11-11 16:50 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-06 18:25 . 2011-11-13 23:01 -------- d-----w- c:\users\jonathan taylor\AppData\Roaming\HpUpdate
2011-11-06 18:25 . 2011-11-06 18:25 -------- d-----w- c:\windows\Hewlett-Packard
2011-11-04 15:04 . 2011-11-04 15:04 -------- d-----w- C:\HPAppData
2011-11-01 21:52 . 2011-10-17 17:28 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-01 13:18 . 2011-11-19 13:39 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-11-01 13:18 . 2011-11-01 13:25 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-11-01 12:45 . 2011-11-01 12:45 -------- d-----w- c:\users\jonathan taylor\AppData\Roaming\OpenOffice.org
2011-11-01 12:41 . 2011-11-01 12:42 -------- d-----w- c:\program files\OpenOffice.org 3
2011-11-01 09:32 . 2011-11-20 20:35 -------- d-----w- c:\users\jonathan taylor\AppData\Roaming\U3
2011-11-01 07:37 . 2011-11-01 07:37 -------- d-----w- c:\program files\Common Files\Java
2011-11-01 07:37 . 2011-10-02 20:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-31 21:32 . 2011-10-31 21:32 -------- d-----w- c:\program files\CCleaner
2011-10-31 20:33 . 2011-10-04 08:22 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{88FFEA9B-ADC9-41A2-987A-F293C4AE4733}\gapaengine.dll
2011-10-31 20:24 . 2011-10-31 20:24 -------- d-----w- c:\windows\system32\EventProviders
2011-10-31 20:09 . 2009-01-08 01:20 355832 ----a-w- c:\program files\Internet Explorer\pdm.dll
2011-10-31 20:09 . 2009-01-08 01:20 265720 ----a-w- c:\program files\Internet Explorer\msdbg2.dll
2011-10-31 19:54 . 2011-10-31 19:55 -------- d-----w- c:\program files\Microsoft Security Client
2011-10-31 19:54 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2011-10-31 18:55 . 2011-10-31 18:55 -------- d-----w- c:\users\jonathan taylor\AppData\Local\VS Revo Group
2011-10-31 18:55 . 2009-12-30 02:21 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2011-10-31 18:55 . 2011-10-31 18:55 -------- d-----w- c:\program files\VS Revo Group
2011-10-31 17:29 . 2011-10-31 17:29 -------- d-----w- c:\users\jonathan taylor\AppData\Roaming\Malwarebytes
2011-10-31 17:29 . 2011-10-31 17:29 -------- d-----w- c:\programdata\Malwarebytes
2011-10-23 10:08 . 2011-10-23 10:08 -------- d-----w- c:\programdata\Citrix
2011-10-23 10:08 . 2011-10-23 10:08 -------- d-----w- c:\users\jonathan taylor\AppData\Local\Citrix
2011-10-23 10:08 . 2011-10-23 10:08 -------- d-----w- c:\users\jonathan taylor\AppData\Local\Deployment
2011-10-23 10:08 . 2011-10-23 10:08 -------- d-----w- c:\users\jonathan taylor\AppData\Local\Apps
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-20 10:10 . 2011-11-20 10:10 4096 ----a-w- c:\windows\system32\drivers\ja-JP\dxgkrnl.sys.mui
2011-10-07 03:48 . 2011-10-28 15:09 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9C67D16D-D52A-4F11-A358-7D91147D82D2}\mpengine.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\Sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2009-11-10 5244216]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-06-15 15141768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATSwpNav"="c:\program files\Fingerprint Sensor\ATSwpNav -run" [X]
"EzSptBtn"="c:\fjuty\sptnavi\EzSptBtn4.exe" [2008-09-25 372736]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-05 154136]
"TvOutSwitch"="c:\program files\Fujitsu\DispSwitch\DispSwitchLauncher.exe" [2008-04-02 102400]
"PUSCKAPLEXE"="c:\program files\Fujitsu\PowerUtility\schedule\PUSCKAPLEXE.exe" [2008-09-10 158248]
"IME JPN 2007 Migration"="c:\progra~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPKLMG.EXE" [2009-02-13 63856]
"PfNet"="c:\program files\FUJITSU\Plugfree NETWORK\PFNet.exe" [2009-01-09 6390568]
"OmniPass"="c:\program files\Softex\OmniPass\scureapp.exe" [2008-11-11 3153920]
"HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-01-27 585728]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-28 76304]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-05 178712]
"LoadFUJ02E3"="c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2009-01-08 29992]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-10-31 6609440]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-02-27 204800]
"PCMAgent"="c:\program files\CyberLink\AVCHD Player\PCMAgent.exe" [2009-01-23 143360]
"CLMLServer"="c:\program files\CyberLink\AVCHD Player\Kernel\CLML\CLMLSvc.exe" [2009-01-23 196608]
"FJDust"="c:\program files\Fujitsu\DustSolution\HokoriApp.exe" [2008-07-23 118784]
"IndicatorUtility"="c:\program files\Fujitsu\IndicatorUtility\IndicatorUty.exe" [2009-01-06 43304]
"LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Fujitsu Quick Touch\QuickTouch.exe" [2009-01-13 212776]
"LoadBtnHnd"="c:\program files\Fujitsu\BtnHnd\BtnHnd.exe" [2009-01-13 33576]
"LoadPUSCDaemon"="c:\program files\Fujitsu\PowerUtility\schedule\PUSCDaemon.exe" [2008-09-10 140584]
"UVS11 Preload"="c:\program files\Corel\DVD MovieWriter for FUJITSU\Movie Wizard\uvPL.exe" [2007-04-12 341488]
"Corel Photo Downloader"="c:\program files\Corel\Corel MyPhoto\Corel Photo Downloader.exe" [2009-01-09 1188680]
"NetTVViewerAgent"="c:\program files\Fujitsu\Net TV Viewer\NetTVViewerAgent.exe" [2009-02-17 222504]
"NetworkPlayerServerHelper"="c:\program files\Fujitsu\NetworkPlayer Server\NetworkPlayerServerHelper.exe" [2008-09-16 451856]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2009-12-07 1584640]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-26 421160]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2008-10-31 1833504]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-09 49208]
"FJUPDNV_Chitose"="c:\program files\Fujitsu\chitose\updatenv.exe" [2011-07-01 147456]
.
c:\users\jonathan taylor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
SetPoint.lnk - c:\program files\SetPoint\SetPoint.exe [2010-2-12 805392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2010-12-30 11:04 16680 ----a-w- c:\program files\Citrix\GoToAssist\570\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200411]
Ime File REG_SZ imjp12.ime
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R1 MpKsla0be6dd4;MpKsla0be6dd4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6E220197-AEA9-4DE9-8BB8-E06815C3DD3F}\MpKsla0be6dd4.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google ƒAƒbƒvƒf[ƒg ƒT[ƒrƒX (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 12:51 135664]
R3 gupdatem;Google Update ƒT[ƒrƒX (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 12:51 135664]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-06-09 24576]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-23 23040]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft ƒlƒbƒgƒ[ƒNŒŸ¸;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 06:39 208944]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 putlrsrv;PowerUtility Remote Power Management Service;c:\progra~1\Fujitsu\POWERU~1\remote\PUTLRSRV.exe [2008-02-05 84520]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WSDPrintDevice;UMB ‚ðŒo—R‚µ‚½ WSD ˆóüƒTƒ|[ƒg;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 02:23 16896]
S0 FBIOSDRV;FBIOSDRV;c:\windows\system32\drivers\FBIOSDRV.SYS [2006-08-28 8960]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2008-10-20 1664248]
S2 CLHNService3;CLHNService3;c:\program files\Fujitsu\NetworkPlayer\Kernel\DMP\CLHNService.exe [2008-09-24 81920]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 FjDstService;FjDstService;c:\program files\Fujitsu\DustSolution\FJDService.exe [2007-11-21 62760]
S2 NetworkPlayer Server;NetworkPlayer Server;c:\program files\Fujitsu\NetworkPlayer Server\NetworkPlayerServer.exe [2008-09-29 86016]
S2 ntk3;ntk3;c:\program files\Fujitsu\NetworkPlayer\Kernel\DMP\ntk3.sys [2008-09-24 120048]
S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896]
S2 PFNService;PFNService;c:\program files\FUJITSU\Plugfree NETWORK\PFNService.exe [2008-12-19 213800]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2010-09-13 508264]
S2 UpdateNaviInstallService;UpdateNaviInstallService;c:\program files\Fujitsu\chitose\updnvsrv.exe [2011-06-16 12800]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2008-10-20 478720]
S3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\DRIVERS\FUJ02E3.sys [2006-11-01 5632]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-09-21 112128]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2008-02-05 47448]
S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2008-08-12 43808]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2010-09-13 577384]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2010-09-13 194408]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2010-09-13 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2010-09-13 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-13 219496]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 12:51]
.
2011-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 12:51]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.bt.yahoo.com/
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
IE: @nifty: @search‚ÅŒŸõ - c:\program files\@nifty toolbar\ntoolbar.dll/atsearch.htm
IE: @nifty: ƒy[ƒW‚ð“ú–{Œê‚É–|–ó - c:\program files\@nifty toolbar\ntoolbar.dll/en_to_jp.htm
IE: @nifty: ‘I‘ð”͈͂ð“ú–{Œê‚É–|–ó - c:\program files\@nifty toolbar\ntoolbar.dll/en_to_jp_txt.htm
IE: Google ƒTƒCƒhƒEƒBƒL... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Microsoft Excel ‚ɃGƒNƒXƒ|[ƒg(&X) - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-FLAB_FirstInput - (no file)
HKCU-Run-Search Protection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe
HKLM-Run-Malwarebytes' Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
Notify-!SASWinLogon - c:\program files\SUPERAntiSpyware\SASWINLO.DLL
AddRemove-‚o‚bƒhƒLƒ…ƒƒ“ƒgƒiƒrƒQ[ƒ^ - c:\windows\IsUn0411.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-21 05:52
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Softex\OmniPass\OmniServ.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\system32\o2flash.exe
c:\windows\system32\PSIService.exe
c:\program files\Fujitsu\PowerUtility\schedule\PUSCSRVC.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\conime.exe
c:\progra~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPCMNT.EXE
c:\progra~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPCMNT.EXE
c:\program files\Softex\OmniPass\opvapp.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2011-11-21 05:57:54 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-20 20:57
.
Pre-Run: 62,117,371,904 ƒoƒCƒg‚̋󂫗̈æ
Post-Run: 61,911,494,656 ƒoƒCƒg‚̋󂫗̈æ
.
- - End Of File - - 840FD4DE68D5F9FEC0E0410BEF76F956
 
Looks good.

How is computer doing?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
It's looking good I think,start menu has reappeared,can't tell about the random sounds as they were intermittent. Am running OTL with the Custom Scan.
Could I be extra cheeky when we're done and ask you to take me through what we've done and how you've sorted it for me ?
Hope that would be ok- I love to learn..
OTL log to follow,
Thanks again ;)
 
Here's the OTL Log PART 1 Due to length !!

OTL logfile created on: 2011/11/21 6:52:53 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\jonathan taylor\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000411 | Country: 日本 | Language: JPN | Date Format: yyyy/MM/dd

2.93 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 58.07% Memory free
6.09 Gb Paging File | 4.36 Gb Available in Paging File | 71.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.00 Gb Total Space | 58.06 Gb Free Space | 58.06% Space Free | Partition Type: NTFS
Drive D: | 348.76 Gb Total Space | 341.77 Gb Free Space | 98.00% Space Free | Partition Type: NTFS
Drive F: | 14.91 Gb Total Space | 8.85 Gb Free Space | 59.33% Space Free | Partition Type: FAT32
Drive G: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: JONATHANTAYL-PC | User Name: jonathan taylor | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/20 21:48:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\jonathan taylor\Desktop\OTL.exe
PRC - [2011/07/01 11:02:42 | 000,147,456 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\chitose\updatenv.exe
PRC - [2011/06/16 14:25:08 | 000,012,800 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\chitose\updnvsrv.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/01/27 18:57:48 | 000,585,728 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
PRC - [2011/01/17 19:08:58 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 19:08:58 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/09/16 14:06:22 | 000,080,896 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2010/09/14 05:46:26 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/09/14 05:46:16 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2009/12/07 20:50:52 | 001,584,640 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
PRC - [2009/11/10 15:39:26 | 005,244,216 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2009/04/11 15:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/31 22:43:30 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\Hidfind.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/01/23 10:58:58 | 000,196,608 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\AVCHD Player\Kernel\CLML\CLMLSvc.exe
PRC - [2009/01/23 10:58:52 | 000,143,360 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\AVCHD Player\PCMAgent.exe
PRC - [2009/01/15 15:55:26 | 000,257,320 | ---- | M] (Fujitsu Limited.) -- C:\Program Files\Fujitsu\Plugfree NETWORK\PFNetDm.exe
PRC - [2009/01/13 22:26:00 | 000,033,576 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
PRC - [2009/01/13 22:26:00 | 000,017,192 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\BtnHnd\BtnHndHkb.exe
PRC - [2009/01/13 15:42:22 | 000,212,776 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\Fujitsu Quick Touch\QuickTouch.exe
PRC - [2009/01/10 02:02:00 | 001,188,680 | ---- | M] (Corel, Inc.) -- C:\Program Files\Corel\Corel MyPhoto\Corel Photo Downloader.exe
PRC - [2009/01/09 15:30:06 | 001,218,856 | ---- | M] (Fujitsu Limited.) -- C:\Program Files\Fujitsu\Plugfree NETWORK\PFNTray.exe
PRC - [2009/01/08 17:10:06 | 000,029,992 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
PRC - [2009/01/06 16:38:20 | 000,043,304 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\IndicatorUtility\IndicatorUty.exe
PRC - [2008/12/19 14:21:48 | 000,213,800 | ---- | M] () -- C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe
PRC - [2008/12/09 11:11:04 | 000,144,680 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\PowerUtility\schedule\PUSCSRVC.exe
PRC - [2008/11/11 15:34:48 | 003,153,920 | ---- | M] () -- C:\Program Files\Softex\OmniPass\scureapp.exe
PRC - [2008/11/11 14:41:18 | 000,040,960 | ---- | M] (Softex Inc.) -- C:\Program Files\Softex\OmniPass\OmniServ.exe
PRC - [2008/11/11 14:32:42 | 000,073,728 | ---- | M] () -- C:\Program Files\Softex\OmniPass\opvapp.exe
PRC - [2008/11/10 05:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/10/20 12:12:38 | 001,664,248 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\AtService.exe
PRC - [2008/10/20 12:12:38 | 000,124,152 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
PRC - [2008/09/29 17:14:34 | 000,086,016 | ---- | M] () -- C:\Program Files\Fujitsu\NetworkPlayer Server\NetworkPlayerServer.exe
PRC - [2008/09/25 19:10:00 | 000,372,736 | ---- | M] (FUJITSU LIMITED) -- C:\fjuty\sptnavi\EzSptBtn4.exe
PRC - [2008/09/24 23:02:16 | 000,081,920 | ---- | M] () -- C:\Program Files\Fujitsu\NetworkPlayer\Kernel\DMP\CLHNService.exe
PRC - [2008/09/16 20:45:44 | 000,451,856 | ---- | M] (DigiOn, Inc.) -- C:\Program Files\Fujitsu\NetworkPlayer Server\NetworkPlayerServerHelper.exe
PRC - [2008/09/10 14:37:22 | 000,140,584 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\PowerUtility\schedule\PUSCDaemon.exe
PRC - [2008/09/10 14:36:32 | 000,158,248 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\PowerUtility\schedule\PUSCKAPLEXE.exe
PRC - [2008/09/10 14:36:32 | 000,092,712 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\PowerUtility\schedule\PUSCHOOK.exe
PRC - [2008/07/23 19:26:50 | 000,118,784 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\DustSolution\HokoriApp.exe
PRC - [2008/05/02 03:52:16 | 000,805,392 | ---- | M] (Logicool, Inc.) -- C:\Program Files\SetPoint\SetPoint.exe
PRC - [2008/05/02 03:48:52 | 000,076,304 | ---- | M] (Logicool, Inc.) -- c:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2007/11/21 16:33:28 | 000,062,760 | R--- | M] (FUJITSU LIMITED) -- c:\Program Files\Fujitsu\DustSolution\FJDService.exe
PRC - [2007/06/05 13:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe
PRC - [2007/01/04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2005/09/13 15:30:14 | 000,057,344 | ---- | M] (O2Micro International) -- C:\Windows\System32\o2flash.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/20 20:13:30 | 001,301,504 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PFNTray\a99ccad677ef4e96ee2bf55b1390393c\PFNTray.ni.exe
MOD - [2011/11/20 20:13:29 | 000,323,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PFNetDm\bc4efc2f9a5054062e33c4816db0a0f5\PFNetDm.ni.exe
MOD - [2011/11/20 20:13:27 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6bc98e9b5eedaa8f71c5454d36a4b772\System.Management.ni.dll
MOD - [2011/11/20 20:13:27 | 000,223,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PFNLocSet\b423edb34bbf4f4e71b433c1e366b2ad\PFNLocSet.ni.dll
MOD - [2011/11/20 20:12:59 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011/11/20 20:12:51 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011/11/20 19:29:28 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011/11/20 19:29:21 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011/11/01 21:43:59 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2011/03/21 17:30:20 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/01/27 18:57:50 | 000,516,599 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\sqlite3.dll
MOD - [2011/01/27 18:57:48 | 000,585,728 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
MOD - [2011/01/27 18:57:48 | 000,352,256 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcDetect.dll
MOD - [2011/01/27 18:57:48 | 000,139,264 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcDisk.dll
MOD - [2011/01/27 18:57:48 | 000,139,264 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcDetectLegend.dll
MOD - [2011/01/27 18:57:46 | 000,094,208 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\fdHttpd.dll
MOD - [2009/11/10 15:39:24 | 000,929,792 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2009/01/23 10:59:00 | 000,868,352 | ---- | M] () -- C:\Program Files\CyberLink\AVCHD Player\Kernel\CLML\CLMediaLibrary.dll
MOD - [2009/01/23 10:58:56 | 000,007,680 | ---- | M] () -- C:\Program Files\CyberLink\AVCHD Player\Kernel\CLML\CLMLSvcPS.dll
MOD - [2008/11/11 15:34:48 | 003,153,920 | ---- | M] () -- C:\Program Files\Softex\OmniPass\scureapp.exe
MOD - [2008/11/11 15:27:06 | 000,544,768 | ---- | M] () -- C:\Program Files\Softex\OmniPass\userdata.dll
MOD - [2008/11/11 14:50:04 | 000,051,152 | ---- | M] () -- C:\Program Files\Softex\OmniPass\hdddrv.dll
MOD - [2008/11/11 14:32:10 | 000,065,536 | ---- | M] () -- C:\Program Files\Softex\OmniPass\scuredll.dll
MOD - [2008/11/11 14:31:30 | 001,425,408 | ---- | M] () -- C:\Program Files\Softex\OmniPass\autheng.dll
MOD - [2008/11/11 14:31:14 | 000,016,896 | ---- | M] () -- C:\Program Files\Softex\OmniPass\cryptodll.dll
MOD - [2008/11/11 14:31:12 | 000,557,056 | ---- | M] () -- C:\Program Files\Softex\OmniPass\storeng.dll
MOD - [2008/11/11 14:30:54 | 000,014,336 | ---- | M] () -- C:\Program Files\Softex\OmniPass\SSPLogon.dll
MOD - [2008/09/19 20:20:48 | 000,147,456 | ---- | M] () -- C:\Program Files\Fujitsu\NetworkPlayer Server\dixim_upnp.dll
MOD - [2008/09/19 20:20:48 | 000,143,360 | ---- | M] () -- C:\Program Files\Fujitsu\NetworkPlayer Server\dixim_av.dll
MOD - [2008/09/19 20:20:48 | 000,131,072 | ---- | M] () -- C:\Program Files\Fujitsu\NetworkPlayer Server\dixim_util.dll
MOD - [2008/09/19 20:20:48 | 000,110,592 | ---- | M] () -- C:\Program Files\Fujitsu\NetworkPlayer Server\dixim_msd.dll
MOD - [2008/09/19 20:20:48 | 000,053,248 | ---- | M] () -- C:\Program Files\Fujitsu\NetworkPlayer Server\dixim_media.dll
MOD - [2008/09/19 20:20:48 | 000,040,960 | ---- | M] () -- C:\Program Files\Fujitsu\NetworkPlayer Server\dixim_crawler_fs.dll
MOD - [2008/09/19 20:20:48 | 000,036,864 | ---- | M] () -- C:\Program Files\Fujitsu\NetworkPlayer Server\dixim_access_control.dll
MOD - [2008/09/19 20:20:48 | 000,028,672 | ---- | M] () -- C:\Program Files\Fujitsu\NetworkPlayer Server\dixim_metadata.dll
MOD - [2008/09/19 20:20:48 | 000,028,672 | ---- | M] () -- C:\Program Files\Fujitsu\NetworkPlayer Server\dixim_device_manager.dll
MOD - [2008/09/19 20:20:48 | 000,020,480 | ---- | M] () -- C:\Program Files\Fujitsu\NetworkPlayer Server\dixim_crawler.dll
MOD - [2008/09/06 03:09:36 | 000,466,975 | ---- | M] () -- C:\Program Files\Fujitsu\NetworkPlayer Server\sqlite3.dll
MOD - [2008/08/20 18:03:38 | 000,061,440 | ---- | M] () -- C:\Program Files\Fujitsu\NetworkPlayer Server\scew.dll
MOD - [2008/05/13 19:47:28 | 000,151,552 | ---- | M] () -- C:\Program Files\Fujitsu\NetworkPlayer Server\libexpat.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/06/16 14:25:08 | 000,012,800 | ---- | M] (FUJITSU LIMITED) [Auto | Running] -- C:\Program Files\Fujitsu\chitose\updnvsrv.exe -- (UpdateNaviInstallService)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/12/30 20:04:14 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist)
SRV - [2010/09/16 14:06:22 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2010/09/14 05:46:26 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/14 05:46:16 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/12/19 14:21:48 | 000,213,800 | ---- | M] () [Auto | Running] -- C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe -- (PFNService)
SRV - [2008/12/09 11:11:04 | 000,144,680 | ---- | M] (FUJITSU LIMITED) [Auto | Running] -- C:\Program Files\Fujitsu\PowerUtility\schedule\PUSCSRVC.exe -- (PUSCSRVC)
SRV - [2008/11/11 14:41:18 | 000,040,960 | ---- | M] (Softex Inc.) [Auto | Running] -- C:\Program Files\Softex\OmniPass\OmniServ.exe -- (omniserv)
SRV - [2008/11/10 05:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/10/20 12:12:38 | 001,664,248 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)
SRV - [2008/09/29 17:14:34 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Fujitsu\NetworkPlayer Server\NetworkPlayerServer.exe -- (NetworkPlayer Server)
SRV - [2008/09/24 23:02:16 | 000,081,920 | ---- | M] () [Auto | Running] -- C:\Program Files\Fujitsu\NetworkPlayer\Kernel\DMP\CLHNService.exe -- (CLHNService3)
SRV - [2008/02/05 15:20:30 | 000,084,520 | ---- | M] (FUJITSU LIMITED) [On_Demand | Stopped] -- C:\Program Files\Fujitsu\PowerUtility\remote\PUTLRSRV.exe -- (putlrsrv)
SRV - [2008/01/21 11:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/21 16:33:28 | 000,062,760 | R--- | M] (FUJITSU LIMITED) [Auto | Running] -- c:\Program Files\Fujitsu\DustSolution\FJDService.exe -- (FjDstService)
SRV - [2007/06/05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2007/01/04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2005/09/13 15:30:14 | 000,057,344 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\System32\o2flash.exe -- (O2Flash)


========== Driver Services (SafeList) ==========

DRV - [2011/11/21 06:41:37 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E14B41E5-269B-49A8-B455-16C484567653}\MpKsl2e861598.sys -- (MpKsl2e861598)
DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/09/14 05:46:26 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2010/09/14 05:46:22 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2010/09/14 05:46:18 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2010/09/14 05:46:14 | 000,577,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2010/06/23 10:23:44 | 000,023,040 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2009/12/30 11:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/12/07 20:50:48 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/12/07 20:50:46 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/06/10 00:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009/02/25 18:16:18 | 000,195,632 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009/01/13 17:45:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/10/20 15:57:06 | 000,478,720 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2008/09/24 23:02:24 | 000,120,048 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Fujitsu\NetworkPlayer\Kernel\DMP\ntk3.sys -- (ntk3)
DRV - [2008/09/22 05:49:36 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2008/08/12 11:55:00 | 000,043,808 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2sd.sys -- (O2SDRDR)
DRV - [2008/02/29 04:12:44 | 000,029,072 | ---- | M] (Logicool, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2008/02/29 04:12:32 | 000,037,008 | ---- | M] (Logicool, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 04:12:26 | 000,035,472 | ---- | M] (Logicool, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008/02/05 09:23:14 | 000,047,448 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2008/01/21 11:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/04/17 20:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2006/11/01 19:59:24 | 000,005,632 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fuj02e3.sys -- (FUJ02E3)
DRV - [2006/11/01 19:20:28 | 000,005,888 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fuj02b1.sys -- (FUJ02B1)
DRV - [2006/08/28 17:56:41 | 000,008,960 | ---- | M] (FUJITSU LIMITED) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\FBIOSDRV.SYS -- (FBIOSDRV)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-142404555-2497891713-1179873967-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.bt.yahoo.com/
IE - HKU\S-1-5-21-142404555-2497891713-1179873967-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\S-1-5-21-142404555-2497891713-1179873967-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-142404555-2497891713-1179873967-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\jonathan taylor\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/05 19:43:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/05 19:43:30 | 000,000,000 | ---D | M]

[2011/04/12 05:15:51 | 000,002,423 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml

O1 HOSTS File: ([2011/11/21 05:50:03 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Toolbar Browser Helper Objects) - {B37B14B8-699F-4002-9254-D1AB00FD07B5} - C:\Program Files\@nifty toolbar\nbho.dll (NIFTY Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (AzbyClubツールバー(&A)) - {3DB1C21B-A7E0-4C3F-B39E-E00DD8792D90} - C:\Program Files\@nifty toolbar\ntoolbar.dll (NIFTY Corporation)
O3 - HKLM\..\Toolbar: (BT Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-142404555-2497891713-1179873967-1000\..\Toolbar\WebBrowser: (AzbyClubツールバー(&A)) - {3DB1C21B-A7E0-4C3F-B39E-E00DD8792D90} - C:\Program Files\@nifty toolbar\ntoolbar.dll (NIFTY Corporation)
O4 - HKLM..\Run: [ATSwpNav] C:\Program Files\Fingerprint Sensor\ATSwpNav.exe (AuthenTec, Inc.)
O4 - HKLM..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\AVCHD Player\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel MyPhoto\Corel Photo Downloader.exe (Corel, Inc.)
O4 - HKLM..\Run: [EzSptBtn] C:\fjuty\sptnavi\EzSptBtn4.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [FJDust] c:\Program Files\Fujitsu\DustSolution\HokoriApp.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\chitose\updatenv.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\IndicatorUtility\IndicatorUty.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logicool, Inc.)
O4 - HKLM..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Fujitsu Quick Touch\QuickTouch.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadPUSCDaemon] C:\Program Files\Fujitsu\PowerUtility\schedule\PUSCDaemon.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NetTVViewerAgent] c:\Program Files\Fujitsu\Net TV Viewer\NetTVViewerAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [NetworkPlayerServerHelper] C:\Program Files\Fujitsu\NetworkPlayer Server\NetworkPlayerServerHelper.exe (DigiOn, Inc.)
O4 - HKLM..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe ()
O4 - HKLM..\Run: [PCMAgent] C:\Program Files\CyberLink\AVCHD Player\PCMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PfNet] C:\Program Files\FUJITSU\Plugfree NETWORK\PFNet.exe (Fujitsu Limited.)
O4 - HKLM..\Run: [PUSCKAPLEXE] C:\Program Files\Fujitsu\PowerUtility\schedule\PUSCKAPLEXE.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TvOutSwitch] c:\Program Files\Fujitsu\DispSwitch\DispSwitchLauncher.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [UVS11 Preload] C:\Program Files\Corel\DVD MovieWriter for FUJITSU\Movie Wizard\uvPL.exe (InterVideo Digital Technology Corporation)
O4 - HKU\S-1-5-21-142404555-2497891713-1179873967-1000..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Users\jonathan taylor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-142404555-2497891713-1179873967-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-142404555-2497891713-1179873967-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-142404555-2497891713-1179873967-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-142404555-2497891713-1179873967-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-142404555-2497891713-1179873967-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: @nifty: @searchで検索 - C:\Program Files\@nifty toolbar\ntoolbar.dll (NIFTY Corporation)
O8 - Extra context menu item: @nifty: ページを日本語に翻訳 - C:\Program Files\@nifty toolbar\ntoolbar.dll (NIFTY Corporation)
O8 - Extra context menu item: @nifty: 選択範囲を日本語に翻訳 - C:\Program Files\@nifty toolbar\ntoolbar.dll (NIFTY Corporation)
O8 - Extra context menu item: Google サイドウィキ... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3CA30D41-91D0-4B05-BDBE-C9CACC48310C}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8C442C9F-D794-4541-A0F1-1F6F843CA73D}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\570\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\jonathan taylor\Application Data\Microsoft\Windows Photo Gallery\Windows フォト ギャラリー壁紙.jpg
O24 - Desktop BackupWallPaper: C:\Users\jonathan taylor\Application Data\Microsoft\Windows Photo Gallery\Windows フォト ギャラリー壁紙.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/02/23 12:20:58 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/05/06 21:26:23 | 000,000,309 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.MPEGacm - C:\Program Files\Common Files\Ulead Systems\MPEG\MPEGACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.ulmp3acm - C:\Program Files\Common Files\Ulead Systems\MPEG\ulmp3acm.acm (Ulead systems)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FJMV - C:\Windows\System32\f1fqmven.dll (FUJITSU LIMITED)
 
OTL Log Pt2

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/11/21 06:48:31 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\jonathan taylor\Desktop\OTL.exe
[2011/11/21 05:57:55 | 000,000,000 | ---D | C] -- C:\Users\jonathan taylor\AppData\Local\temp
[2011/11/21 05:50:06 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/11/21 05:41:32 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/21 05:41:32 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/21 05:41:32 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/21 05:41:29 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/21 05:41:29 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/11/21 05:41:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/21 05:16:13 | 004,302,603 | R--- | C] (Swearware) -- C:\Users\jonathan taylor\Desktop\ComboFix.exe
[2011/11/21 05:16:09 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\jonathan taylor\Desktop\aswMBR.exe
[2011/11/20 22:29:09 | 000,000,000 | ---D | C] -- C:\Users\jonathan taylor\Desktop\Log Files
[2011/11/20 19:17:41 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2011/11/20 18:34:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2011/11/20 18:34:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2011/11/20 18:34:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2011/11/20 18:31:49 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2011/11/20 06:10:27 | 000,000,000 | ---D | C] -- C:\Temp
[2011/11/20 01:14:12 | 000,607,017 | R--- | C] (Swearware) -- C:\Users\jonathan taylor\Desktop\dds.pif
[2011/11/20 01:03:36 | 000,000,000 | ---D | C] -- C:\Users\jonathan taylor\AppData\Local\富士通株式会社
[2011/11/17 02:11:54 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2011/11/15 22:00:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/11/12 02:54:19 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/11/12 02:54:19 | 000,000,000 | ---D | C] -- C:\Users\jonathan taylor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/11/12 02:02:27 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/11/10 07:30:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\アップデートナビ
[2011/11/07 03:25:05 | 000,000,000 | ---D | C] -- C:\Users\jonathan taylor\AppData\Roaming\HpUpdate
[2011/11/07 03:25:02 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard
[2011/11/05 00:04:41 | 000,000,000 | ---D | C] -- C:\HPAppData
[2011/11/01 22:18:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/11/01 22:18:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/11/01 22:18:46 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/11/01 22:10:15 | 000,000,000 | ---D | C] -- C:\Users\jonathan taylor\Desktop\Mick Office Tests
[2011/11/01 21:45:03 | 000,000,000 | ---D | C] -- C:\Users\jonathan taylor\AppData\Roaming\OpenOffice.org
[2011/11/01 21:43:27 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.3
[2011/11/01 21:41:56 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2011/11/01 18:32:43 | 000,000,000 | ---D | C] -- C:\Users\jonathan taylor\AppData\Roaming\U3
[2011/11/01 16:37:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/11/01 16:37:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/11/01 06:32:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/11/01 06:32:09 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/11/01 05:24:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011/11/01 04:54:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/11/01 03:55:58 | 000,000,000 | ---D | C] -- C:\Users\jonathan taylor\AppData\Local\VS Revo Group
[2011/11/01 03:55:52 | 000,027,192 | ---- | C] (VS Revo Group) -- C:\Windows\System32\drivers\revoflt.sys
[2011/11/01 03:55:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2011/11/01 03:55:49 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011/11/01 02:29:45 | 000,000,000 | ---D | C] -- C:\Users\jonathan taylor\AppData\Roaming\Malwarebytes
[2011/11/01 02:29:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/10/23 19:08:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Citrix
[2011/10/23 19:08:25 | 000,000,000 | ---D | C] -- C:\Users\jonathan taylor\AppData\Local\Citrix
[2011/10/23 19:08:06 | 000,000,000 | ---D | C] -- C:\Users\jonathan taylor\AppData\Local\Deployment
[2011/10/23 19:08:06 | 000,000,000 | ---D | C] -- C:\Users\jonathan taylor\AppData\Local\Apps

========== Files - Modified Within 30 Days ==========

[2011/11/21 06:51:14 | 000,601,444 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/21 06:51:14 | 000,385,782 | ---- | M] () -- C:\Windows\System32\perfh011.dat
[2011/11/21 06:51:14 | 000,106,200 | ---- | M] () -- C:\Windows\System32\perfc011.dat
[2011/11/21 06:51:14 | 000,106,100 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/21 06:38:03 | 000,001,024 | ---- | M] () -- C:\Users\jonathan taylor\.rnd
[2011/11/21 06:38:01 | 000,001,024 | ---- | M] () -- C:\.rnd
[2011/11/21 06:37:58 | 000,000,692 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/21 06:37:46 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/21 06:37:46 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/21 06:37:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/21 06:37:37 | 3149,803,520 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/21 05:58:10 | 000,000,696 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/21 05:50:03 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/11/21 05:33:33 | 000,000,512 | ---- | M] () -- C:\Users\jonathan taylor\Desktop\MBR.dat
[2011/11/20 21:48:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\jonathan taylor\Desktop\OTL.exe
[2011/11/20 20:14:48 | 004,302,603 | R--- | M] (Swearware) -- C:\Users\jonathan taylor\Desktop\ComboFix.exe
[2011/11/20 20:13:44 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\jonathan taylor\Desktop\aswMBR.exe
[2011/11/20 19:22:13 | 000,000,937 | ---- | M] () -- C:\Users\jonathan taylor\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/11/20 19:20:32 | 000,523,920 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/11/20 19:17:33 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011/11/20 19:17:27 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/11/20 19:12:00 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011/11/20 19:12:00 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011/11/20 19:11:51 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/11/20 10:39:56 | 000,684,297 | ---- | M] () -- C:\Users\jonathan taylor\Desktop\unhide.exe
[2011/11/20 01:02:49 | 000,006,756 | ---- | M] () -- C:\Users\jonathan taylor\AppData\Local\d3d9caps.dat
[2011/11/19 12:39:12 | 000,607,017 | R--- | M] (Swearware) -- C:\Users\jonathan taylor\Desktop\dds.pif
[2011/11/18 07:09:42 | 000,020,361 | ---- | M] () -- C:\Users\jonathan taylor\Application Data\Microsoft\Internet Explorer\Quick Launch\610533_main[2].jpg
[2011/11/15 22:00:21 | 000,002,029 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/11/12 02:54:19 | 000,001,970 | ---- | M] () -- C:\Users\jonathan taylor\Desktop\HiJackThis.lnk
[2011/11/08 03:15:16 | 000,176,388 | ---- | M] () -- C:\Windows\hpoins35.dat
[2011/11/08 03:08:29 | 000,002,112 | ---- | M] () -- C:\Users\Public\Desktop\Add a Device - Photosmart C309a series.lnk
[2011/11/01 22:25:46 | 000,437,862 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.old
[2011/11/01 22:24:26 | 000,437,862 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20111101-222546.backup
[2011/11/01 22:19:01 | 000,001,073 | ---- | M] () -- C:\Users\jonathan taylor\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/11/01 22:19:01 | 000,001,055 | ---- | M] () -- C:\Users\jonathan taylor\Desktop\Spybot - Search & Destroy.lnk
[2011/11/01 21:46:23 | 000,001,028 | ---- | M] () -- C:\Users\jonathan taylor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
[2011/11/01 21:43:27 | 000,000,985 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk
[2011/11/01 04:55:41 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/11/01 04:33:09 | 000,000,616 | RHS- | M] () -- C:\Users\jonathan taylor\ntuser.pol
[2011/10/29 23:14:29 | 000,000,456 | ---- | M] () -- C:\ProgramData\1kAlMiG2Kb7FzP
[2011/10/29 23:13:14 | 000,000,192 | ---- | M] () -- C:\ProgramData\~1kAlMiG2Kb7FzP
[2011/10/29 23:13:14 | 000,000,088 | ---- | M] () -- C:\ProgramData\~1kAlMiG2Kb7FzPr

========== Files Created - No Company Name ==========

[2011/11/21 06:38:01 | 000,001,024 | ---- | C] () -- C:\Users\jonathan taylor\.rnd
[2011/11/21 06:37:40 | 000,001,024 | ---- | C] () -- C:\.rnd
[2011/11/21 05:41:32 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/21 05:41:32 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/21 05:41:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/21 05:41:32 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/21 05:41:32 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/21 05:33:33 | 000,000,512 | ---- | C] () -- C:\Users\jonathan taylor\Desktop\MBR.dat
[2011/11/20 22:40:01 | 3149,803,520 | -HS- | C] () -- C:\hiberfil.sys
[2011/11/20 19:57:23 | 000,684,297 | ---- | C] () -- C:\Users\jonathan taylor\Desktop\unhide.exe
[2011/11/20 19:17:33 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011/11/20 19:17:27 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/11/20 19:11:51 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/11/20 02:24:03 | 000,302,592 | ---- | C] () -- C:\Users\jonathan taylor\Desktop\gmer.exe
[2011/11/18 07:10:05 | 000,020,361 | ---- | C] () -- C:\Users\jonathan taylor\Application Data\Microsoft\Internet Explorer\Quick Launch\610533_main[2].jpg
[2011/11/15 22:00:21 | 000,002,029 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/11/12 02:54:19 | 000,001,970 | ---- | C] () -- C:\Users\jonathan taylor\Desktop\HiJackThis.lnk
[2011/11/08 03:08:29 | 000,002,112 | ---- | C] () -- C:\Users\Public\Desktop\Add a Device - Photosmart C309a series.lnk
[2011/11/01 22:19:01 | 000,001,073 | ---- | C] () -- C:\Users\jonathan taylor\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/11/01 22:19:01 | 000,001,055 | ---- | C] () -- C:\Users\jonathan taylor\Desktop\Spybot - Search & Destroy.lnk
[2011/11/01 21:46:23 | 000,001,028 | ---- | C] () -- C:\Users\jonathan taylor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
[2011/11/01 21:43:27 | 000,000,985 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk
[2011/11/01 05:21:37 | 000,000,937 | ---- | C] () -- C:\Users\jonathan taylor\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/11/01 04:55:41 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/11/01 04:55:01 | 000,001,808 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/11/01 04:33:09 | 000,000,616 | RHS- | C] () -- C:\Users\jonathan taylor\ntuser.pol
[2011/10/29 18:19:55 | 000,000,192 | ---- | C] () -- C:\ProgramData\~1kAlMiG2Kb7FzP
[2011/10/29 18:19:55 | 000,000,088 | ---- | C] () -- C:\ProgramData\~1kAlMiG2Kb7FzPr
[2011/10/29 18:19:51 | 000,000,456 | ---- | C] () -- C:\ProgramData\1kAlMiG2Kb7FzP
[2011/04/12 05:15:53 | 000,098,304 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2010/05/12 20:30:15 | 000,585,728 | ---- | C] () -- C:\Windows\System32\SerifVideo0.dll
[2010/05/12 20:30:15 | 000,393,216 | ---- | C] () -- C:\Windows\System32\SerifVideoDX0.dll
[2010/05/12 20:30:15 | 000,126,976 | ---- | C] () -- C:\Windows\System32\SerifAnimation0.dll
[2010/05/12 20:30:14 | 000,049,152 | ---- | C] () -- C:\Windows\System32\SerifDSFiltEnum0.dll
[2010/04/05 19:43:04 | 000,023,220 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/04/05 05:30:13 | 000,213,826 | ---- | C] () -- C:\Windows\hpoins35.dat.temp
[2010/04/05 05:30:13 | 000,001,062 | ---- | C] () -- C:\Windows\hpomdl35.dat.temp
[2010/04/05 03:18:17 | 000,176,388 | ---- | C] () -- C:\Windows\hpoins35.dat
[2010/02/20 10:26:31 | 000,005,120 | ---- | C] () -- C:\Users\jonathan taylor\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/15 12:08:22 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/02/15 12:08:22 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/02/13 21:57:10 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/02/12 17:13:06 | 000,006,756 | ---- | C] () -- C:\Users\jonathan taylor\AppData\Local\d3d9caps.dat
[2009/06/24 19:01:10 | 000,001,062 | ---- | C] () -- C:\Windows\hpomdl35.dat
[2009/03/09 19:53:56 | 000,209,040 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2009/03/09 19:53:56 | 000,204,944 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2009/03/09 19:53:56 | 000,196,752 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2009/03/09 19:53:56 | 000,196,752 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2009/03/09 19:53:56 | 000,192,656 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2009/03/09 19:53:56 | 000,024,720 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2009/03/09 19:52:22 | 000,000,020 | ---- | C] () -- C:\Windows\Ulead32.ini
[2009/02/23 12:41:48 | 000,000,256 | ---- | C] () -- C:\Windows\System32\LTAP8FNR.BIN
[2009/02/23 11:43:49 | 000,013,824 | ---- | C] () -- C:\Windows\System32\vchannel.dll
[2009/02/23 11:08:31 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2009/02/23 11:08:29 | 002,026,604 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2009/02/23 11:08:29 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1591.dll
[2009/02/23 11:08:27 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2009/02/23 11:08:26 | 000,445,796 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2009/02/02 17:35:24 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/01/29 11:43:48 | 000,001,602 | ---- | C] () -- C:\Windows\System32\FMVSaver.ini
[2008/01/21 16:26:54 | 000,385,782 | ---- | C] () -- C:\Windows\System32\perfh011.dat
[2008/01/21 16:26:54 | 000,139,030 | ---- | C] () -- C:\Windows\System32\perfi011.dat
[2008/01/21 16:26:54 | 000,106,200 | ---- | C] () -- C:\Windows\System32\perfc011.dat
[2008/01/21 16:26:54 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd011.dat
[2007/06/05 13:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2006/11/02 21:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 21:47:37 | 000,523,920 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 21:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 19:33:01 | 000,601,444 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 19:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 19:33:01 | 000,106,100 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 19:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 19:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 17:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 17:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 16:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 16:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2009/02/23 11:45:34 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Fujitsu
[2009/02/23 12:22:03 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\MyBookEditor3
[2009/02/23 11:56:12 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\PowerCinema
[2009/03/09 19:59:23 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Ulead Systems
[2009/02/23 11:45:34 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Fujitsu
[2009/02/23 12:22:03 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\MyBookEditor3
[2009/02/23 11:56:12 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\PowerCinema
[2009/03/09 19:59:23 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Ulead Systems
[2010/02/21 21:35:59 | 000,000,000 | ---D | M] -- C:\Users\jonathan taylor\AppData\Roaming\Big Fish Games
[2011/06/06 03:56:11 | 000,000,000 | ---D | M] -- C:\Users\jonathan taylor\AppData\Roaming\Blitware
[2010/03/04 18:35:56 | 000,000,000 | ---D | M] -- C:\Users\jonathan taylor\AppData\Roaming\DATT JAPAN
[2010/02/20 10:59:37 | 000,000,000 | ---D | M] -- C:\Users\jonathan taylor\AppData\Roaming\EA
[2011/08/31 15:07:14 | 000,000,000 | ---D | M] -- C:\Users\jonathan taylor\AppData\Roaming\Fujitsu
[2010/02/20 10:25:46 | 000,000,000 | ---D | M] -- C:\Users\jonathan taylor\AppData\Roaming\funkitron
[2011/06/06 03:41:25 | 000,000,000 | ---D | M] -- C:\Users\jonathan taylor\AppData\Roaming\HTC
[2011/05/10 03:46:47 | 000,000,000 | ---D | M] -- C:\Users\jonathan taylor\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2010/02/13 09:48:39 | 000,000,000 | ---D | M] -- C:\Users\jonathan taylor\AppData\Roaming\InterVideo
[2009/02/23 12:22:03 | 000,000,000 | ---D | M] -- C:\Users\jonathan taylor\AppData\Roaming\MyBookEditor3
[2011/11/01 21:45:03 | 000,000,000 | ---D | M] -- C:\Users\jonathan taylor\AppData\Roaming\OpenOffice.org
[2010/02/20 13:09:17 | 000,000,000 | ---D | M] -- C:\Users\jonathan taylor\AppData\Roaming\PlayFirst
[2009/02/23 11:56:12 | 000,000,000 | ---D | M] -- C:\Users\jonathan taylor\AppData\Roaming\PowerCinema
[2010/05/12 21:15:25 | 000,000,000 | ---D | M] -- C:\Users\jonathan taylor\AppData\Roaming\Serif
[2011/09/18 18:51:34 | 000,000,000 | ---D | M] -- C:\Users\jonathan taylor\AppData\Roaming\SoftGrid Client
[2011/06/18 17:48:50 | 000,000,000 | ---D | M] -- C:\Users\jonathan taylor\AppData\Roaming\TP
[2009/03/09 19:59:23 | 000,000,000 | ---D | M] -- C:\Users\jonathan taylor\AppData\Roaming\Ulead Systems
[2010/11/21 07:58:20 | 000,000,000 | ---D | M] -- C:\Users\jonathan taylor\AppData\Roaming\Uniblue
[2011/11/21 06:19:26 | 000,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2011/11/21 06:38:01 | 000,001,024 | ---- | M] () -- C:\.rnd
[2009/02/23 12:20:58 | 000,000,074 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 15:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2009/02/02 17:24:56 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/19 06:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011/11/21 06:37:37 | 3149,803,520 | -HS- | M] () -- C:\hiberfil.sys
[2009/02/09 21:14:38 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/02/09 21:14:38 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/11/21 06:37:36 | 3463,405,568 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\Fonts\*.com >
[2006/11/02 21:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 21:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 21:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2011/11/20 18:29:27 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/19 06:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/10/17 14:55:18 | 000,321,536 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\hpzpp696.dll
[2006/11/02 21:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/21 11:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/01/21 12:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/21 12:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/21 12:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 19:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 19:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/11/18 07:09:42 | 000,020,361 | ---- | M] () -- C:\Users\jonathan taylor\Application Data\Microsoft\Internet Explorer\Quick Launch\610533_main[2].jpg
[2011/11/20 19:22:13 | 000,000,097 | -HS- | M] () -- C:\Users\jonathan taylor\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/11/20 20:13:44 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\jonathan taylor\Desktop\aswMBR.exe
[2011/11/20 20:14:48 | 004,302,603 | R--- | M] (Swearware) -- C:\Users\jonathan taylor\Desktop\ComboFix.exe
[2011/11/20 03:32:44 | 000,450,352 | ---- | M] (Microsoft Corporation) -- C:\Users\jonathan taylor\Desktop\FixitCenter_Run.exe
[2011/07/16 22:21:04 | 000,302,592 | ---- | M] () -- C:\Users\jonathan taylor\Desktop\gmer.exe
[2011/11/20 21:48:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\jonathan taylor\Desktop\OTL.exe
[2011/11/20 10:39:56 | 000,684,297 | ---- | M] () -- C:\Users\jonathan taylor\Desktop\unhide.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >
[2011/10/07 19:29:50 | 000,000,698 | ---- | M] () -- C:\Windows\AppPatch\Custom\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >
[2010/12/13 14:23:32 | 000,029,184 | ---- | M] () -- C:\Users\jonathan taylor\rebasegui.exe

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2011/11/20 18:39:59 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
[2011/11/20 18:39:29 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
[2011/11/20 18:39:29 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
[2011/11/20 18:39:29 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
[2011/11/20 18:39:29 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbtmp.log

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/02/12 17:13:23 | 000,000,402 | -HS- | M] () -- C:\Users\jonathan taylor\Favorites\desktop.ini
[2011/11/20 19:24:31 | 000,001,740 | ---- | M] () -- C:\Users\jonathan taylor\Favorites\muveeNow.lnk

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011/10/29 23:14:29 | 000,000,456 | ---- | M] () -- C:\ProgramData\1kAlMiG2Kb7FzP
[2011/11/08 03:15:17 | 000,003,516 | ---- | M] () -- C:\ProgramData\hpzinstall.log
[2011/10/29 23:13:14 | 000,000,192 | ---- | M] () -- C:\ProgramData\~1kAlMiG2Kb7FzP
[2011/10/29 23:13:14 | 000,000,088 | ---- | M] () -- C:\ProgramData\~1kAlMiG2Kb7FzPr

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:73933431
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:AA7BE830
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:82C50600
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:C5F7BBCF
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:1E3397DC
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:1A60DE96
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:5F15D632
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:1DF79F4B
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:DD160B0D
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:8BBD1F9A
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:52DBE86F
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:91EA783C
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:F7862839
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:322EAACD

< End of report >
 
OTL Extras

OTL Extras logfile created on: 2011/11/21 6:52:53 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\jonathan taylor\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000411 | Country: 日本 | Language: JPN | Date Format: yyyy/MM/dd

2.93 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 58.07% Memory free
6.09 Gb Paging File | 4.36 Gb Available in Paging File | 71.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.00 Gb Total Space | 58.06 Gb Free Space | 58.06% Space Free | Partition Type: NTFS
Drive D: | 348.76 Gb Total Space | 341.77 Gb Free Space | 98.00% Space Free | Partition Type: NTFS
Drive F: | 14.91 Gb Total Space | 8.85 Gb Free Space | 59.33% Space Free | Partition Type: FAT32
Drive G: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: JONATHANTAYL-PC | User Name: jonathan taylor | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-142404555-2497891713-1179873967-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{722A5E7C-B1D8-4FF4-8407-3E4ABF69CB0D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{7A42B9B9-2646-4184-ABF7-A717BD6B3A87}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0580B5AA-7915-45DD-8B11-406FFB3955E0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{08E0333A-DAC5-4A97-B7B0-4EEF3A24A0CC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{0E95F6A6-A370-4971-8EBD-1463A8C0F266}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{0EBDDAA1-949D-4304-9B61-B8674A227C23}" = dir=in | app=c:\program files\fujitsu\net tv viewer\kernel\dmp\clbrowserengine.exe |
"{12107CC3-AA1D-466B-A405-9A6B4A9E975D}" = protocol=6 | dir=in | app=e:\x86\ibiscont.exe |
"{127C1D9C-8EF7-40DA-815A-55211F64E180}" = protocol=17 | dir=in | app=c:\users\jonathan taylor\appdata\local\microsoft\windows\temporary internet files\content.ie5\7hfjy5hk\pdfconvertersetup[1].exe |
"{13A97BBA-0F39-4D38-9831-0A29C04AE29E}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{238EF0FD-9308-48D4-96A6-DEDFCCF6508C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{262D146F-7195-47DB-ACFE-A6AFB0AE378B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
"{2C9C896E-6762-4FA1-89BD-E2398A5380DF}" = dir=in | app=c:\program files\cyberlink\avchd player\kernel\dms\clmsservice.exe |
"{2D22BC62-0DFD-4DB7-874C-C730E12FE547}" = protocol=6 | dir=in | app=c:\program files\fujitsu\nrs\wizardezweb.exe |
"{2D3103E8-F952-4FC6-BDA3-22C0C7322A5B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{2F410451-321C-456D-94A7-FAB656199478}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{3449C796-08ED-4897-9C25-93B2CC85B7F5}" = protocol=17 | dir=in | app=c:\program files\fujitsu\nrs\wizardezweb.exe |
"{382B6BFE-1EC8-46C6-B1E7-2EA139783C7E}" = protocol=17 | dir=in | app=c:\program files\fujitsu\nrs\wizardhtml.exe |
"{39E27FBA-A916-43FB-9F7D-8249089E61D7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{39FE975C-FD0A-4A60-817C-64776F77FFF8}" = protocol=17 | dir=in | app=c:\program files\fujitsu\networkplayer server\fmvsttool.exe |
"{43E2E33E-DC71-424D-92C2-CD2588C21367}" = protocol=6 | dir=in | app=c:\program files\fujitsu\nrs\wizardjskyweb.exe |
"{46D581E2-0200-427D-BD8E-D12CD01298BC}" = protocol=6 | dir=in | app=c:\program files\fujitsu\powerutility\remote\putlradm.exe |
"{4988C05D-14F9-4C49-A067-A2F534BC4DA8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{5187009D-5255-4EC9-9214-9A408F4E121F}" = protocol=6 | dir=in | app=c:\program files\fujitsu\nrs\wizardhtml.exe |
"{5C614522-E797-43BC-A93B-DC0BA4591B9A}" = protocol=6 | dir=in | app=c:\program files\fujitsu\nrs\wizardchtml.exe |
"{61FC6B1C-F9B8-48BC-9524-1FBDD0F0A6D8}" = protocol=6 | dir=in | app=c:\program files\fujitsu\networkplayer server\fmvsttool.exe |
"{63EEEB8C-4B7A-4D7F-8DED-BFA4DF262EC6}" = dir=in | app=c:\program files\cyberlink\avchd player\kernel\dmp\clbrowserengine.exe |
"{694270BD-99A3-4E55-852F-24479929B7B2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{70560FCD-64DD-4607-92A2-6086A107CB8E}" = protocol=6 | dir=in | app=c:\program files\fujitsu\networkplayer server\networkplayerservertool.exe |
"{74A39943-0DBA-4556-9161-F0BE9BBD9B8B}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{7F2200BB-A478-42F3-84D3-112226ED3BCB}" = protocol=17 | dir=in | app=c:\program files\fujitsu\networkplayer server\networkplayerserver.exe |
"{7F7E553C-D4D7-4E39-8005-8C088AD1DB22}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{8192C213-D838-48DE-9DA0-8F8F91845621}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{82C1DFE1-3DD1-44A3-B0CE-BB34A405417D}" = protocol=17 | dir=in | app=c:\program files\fujitsu\networkplayer server\networkplayerservertool.exe |
"{83E04812-7DF3-4DCB-8910-EB0582B5FD19}" = protocol=17 | dir=in | app=c:\program files\fujitsu\networkplayer server\networkplayerserverhelper.exe |
"{88AE392D-6FA3-426D-8646-C88CFE8C82BC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{88E51FCA-8A6F-4422-B376-C25509CE0CCD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{91D5D1A3-047A-4355-B7CA-97946F8B72C3}" = dir=in | app=c:\program files\fujitsu\networkplayer\networkplayer.exe |
"{92DA881F-5003-4D6C-839E-CC3A3E221D7A}" = protocol=6 | dir=in | app=c:\program files\fujitsu\networkplayer server\networkplayerserverhelper.exe |
"{96EC4057-9E87-480D-94F4-53FC9BB975FD}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{99664AFC-7FCB-434E-947E-A6E847D602AC}" = dir=in | app=c:\users\jonath~1\appdata\local\temp\7zs46fc\setup\hpznui01.exe |
"{9DC4C0BB-649F-455C-BC87-E9BCDFBD6B9C}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{A133C643-4CB7-40F8-BB60-CC248C55CAF0}" = protocol=6 | dir=in | app=c:\users\jonathan taylor\appdata\local\microsoft\windows\temporary internet files\content.ie5\7hfjy5hk\pdfconvertersetup[1].exe |
"{A1E7EE77-B514-409D-8E48-5E4C500D97E9}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{A3AF0EEE-5950-498F-8D4F-51DD4F9F8B76}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{A704D367-FCDF-435F-A67B-A4C41F87A084}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{AB63BE67-D336-40AA-97E8-A2EC75C8A0EB}" = protocol=17 | dir=in | app=e:\x86\ibiscont.exe |
"{B0D51A6B-FFD5-4783-9B7D-C7ACFD0C719A}" = dir=in | app=c:\program files\cyberlink\avchd player\powercinema.exe |
"{B27F7668-C51F-4FDF-96C5-C049667F2B82}" = dir=in | app=c:\program files\fujitsu\net tv viewer\powercinema.exe |
"{B44205A9-8D4B-4865-9384-B459A64A2165}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BE769E90-B571-4A07-AA49-1EFADD990831}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{C17F3C2F-CCA5-4823-A2E0-5FFE69AC4BB9}" = dir=in | app=c:\users\jonath~1\appdata\local\temp\7zs46fc\setup\hpznui01.exe |
"{C281A4BA-D955-4F95-BD79-992DDA09C017}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{D148CFDA-E369-4563-B840-32A3DB05D764}" = protocol=17 | dir=in | app=c:\program files\fujitsu\nrs\wizardchtml.exe |
"{D29DBF03-64A0-459F-A9A9-E062F6A265E8}" = dir=in | app=c:\program files\hp\digital imaging\{71c4f928-136a-4222-a191-310e081fb96b}\setup\hpznui01.exe |
"{D4019292-3E77-4776-ABEF-A0A0E3E241D7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe |
"{D849D474-DBEC-416F-8E4E-837B8896D5F1}" = dir=in | app=c:\program files\cyberlink\avchd player\pcmservice.exe |
"{E2C83C08-321B-4E02-88BB-4CB9F6166DC5}" = protocol=17 | dir=in | app=c:\program files\fujitsu\nrs\wizardjskyweb.exe |
"{E365E2F8-85AC-4B1D-B21C-9C616A189D35}" = protocol=6 | dir=in | app=c:\program files\fujitsu\networkplayer server\networkplayerserver.exe |
"{E5B222A3-5E39-4A9C-8570-9637A6ED3F1A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{E8DD9AC9-B34A-4B8E-9411-5DCA1746AED9}" = dir=in | app=c:\program files\fujitsu\net tv viewer\pcmservice.exe |
"{F12A4378-EC65-45B2-B5A6-CC73952ED506}" = dir=in | app=c:\program files\fujitsu\net tv viewer\kernel\dms\clmsservice.exe |
"{F1A441DF-5E46-4B62-B6A9-7C312C67BB0A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{F7B7DFFB-7771-4184-882F-3FAF0CE24C0D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F90D8987-D455-431E-BD82-C463F6B6A764}" = protocol=17 | dir=in | app=c:\program files\fujitsu\powerutility\remote\putlradm.exe |
"TCP Query User{3420CBFE-D246-44C6-A1CE-B80ACBEE36B1}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{89A127E1-2889-46EF-98D8-B4A89BB19BB0}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{9F50E035-E00E-4C25-B833-80E652EC7E4E}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{FCE60B52-A753-44C0-902E-D0710B74C58C}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{041417B9-EE0C-4BC2-8B2E-79C44037E2DF}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{4B1DED1D-8D5D-4BD6-830A-0218F00DF13B}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{9455DE7D-5BA6-4781-B703-DDBF95523186}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{A6E2A854-D708-49BD-862B-EFBF02B42049}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{071961C7-72B3-4BFF-A864-FFC69694C170}" = GAMEPACK2009F
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{0B884C9B-5D85-4461-88EE-826E1BB33008}" = Serif PagePlus 11
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0EF12FF9-80B8-4E43-A279-7F218CE27393}" = FMV辞書セット(広辞苑第六版+現代用語の基礎知識+学研パーソナル統合辞典)
"{106845DF-461C-46F6-B0B4-E940CF929623}" = 
"{14B79826-8E53-30C2-8D88-28B8726C90FF}" = Microsoft .NET Framework 4 Client Profile JPN Language Pack
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1928F447-569E-4238-8E37-A4156A4F838C}" = らくらくズーム
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1A20AFF1-8171-49B0-A2F9-3205939DA176}" = @フォトレタッチ
"{1D21451D-9C36-42A1-BD21-4A68410C9F2C}" = 壁紙かんたん模様替え
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for FUJITSU
"{20EFC9AA-BBC1-4DFD-81FF-99654F71CBF8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{224F03EA-8DA5-4413-9B80-FD3B7EABAF9B}" = 富士通モビリティセンター拡張
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink AVCHD Player
"{26876AA9-86C6-4E6B-99E6-0FE449DF1971}" = メールソフト切り替えツール
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 29
"{283BDB6B-DA47-436B-BD6E-29CF78E5EB9C}" = FMV画面で見るマニュアル
"{29276E3F-15EF-49FC-9793-B07811C8059D}" = PC乗換ガイド
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{353020C6-8E88-4F5B-B174-BE0BA12255D0}" = 脳力トレーナー
"{378C547F-7AE3-467D-9E11-C888B026F62D}" = NetworkPlayer サーバー
"{38508400-4782-4721-8648-32BD0D676E40}" = ネットテレビビューアー
"{3B1E1F4C-031D-410F-A93A-1220236608C8}" = Microsoft Antimalware Service JA-JP Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C569633-C8DE-46E2-BB8F-F65198681C2F}" = マイフォト
"{3F605785-48E5-49AC-846B-DE63AA957032}" = らくらく手書き入力
"{41938788-1E1C-4A8B-A1CD-F34C7A4D3E0D}" = セキュリティ対策ソフト選択
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{44193AE6-D871-473C-8D1F-D55FBCB45552}" = Inst5671
"{44BC6B79-CAD2-491B-9793-71A46ED02083}" = AuthenTec Fingerprint Software
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{47BC37A3-35C8-484A-8CBD-851914EB095E}" = アップデートナビ
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{4EC9E702-4FCF-4C63-B840-42C8A559C9C4}" = ゆったり設定2
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client JA-JP Language Pack
"{50F68032-B5B7-4513-9116-C978DBD8F27A}" = DVD MovieWriter for FUJITSU
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{60DAE067-F470-4FFC-9FEC-F67914FE2AEC}" = @映像館
"{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = ワンタッチボタン設定
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.5
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6A1110AB-79A2-4316-A0F3-D95525931FDC}_is1" = Undeleter
"{6AACA25A-8C8A-4511-9B83-9B3858A4210F}" = MovieWizard
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71C4F928-136A-4222-A191-310E081FB96B}" = HP Photosmart C309a All-In-One Driver 14.0 Rel. 5
"{723D1614-0571-4628-BC3E-B8AD9318143C}" = @FTP
"{732FD072-CEFB-4F46-AF16-C537130CFDCB}" = Plugfree NETWORK
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{77DBFD53-F57D-4D0B-A70D-6D454AB7B6D2}" = MyBookEditor3
"{77E46779-1EF3-4ED9-8D55-5BE365AF13CE}" = パソコン準備ばっちりガイド
"{7BA0ECC1-2636-4169-9BF0-F49A1F7AAD87}" = 富士通起動ユーティリティ
"{82AF3E91-57E1-4754-84D0-40A46E2479AB}" = OpenOffice.org 3.3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110246513}" = Catan - The Computer Game
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110422467}" = Tiks Texas Hold em
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110554843}" = Pat Sajak痴 Lucky Letters
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111125700}" = Rainbow Web
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111208880}" = Casino Island To Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}" = Poker Pop
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112866767}" = NBC Heads-Up Poker
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112935120}" = Cribbage Quest
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113766567}" = Poker Superstars III
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115364873}" = Governor of Poker
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-1156157}" = Luxor Quest for the Afterlife
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118186583}" = Drawn The Painted Tower
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118203740}" = Mirror Mysteries
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118341103}" = Big City Adventure Vancouver
"{838E3304-69BE-4537-8297-1760E36A2DA5}" = Serif DrawPlus 8
"{83F00304-550B-4652-A12C-E301CB8B1EE4}" = FMVスクリーンセーバー
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{888F0154-4AAA-4719-BFAE-01C3066B8408}" = C309a
"{88D68A69-D247-466B-90DD-575F6BE16230}_is1" = CardRecovery 5.30
"{8E38F042-3863-43D6-9430-04B3610298C3}" = FM かんたんバックアップ
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0016-0411-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Japanese) 2007
"{90120000-0016-0411-0000-0000000FF1CE}_PERSONALR_{2B20F8FF-CEDB-49F3-B00E-94B8E93F35A1}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0411-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Japanese) 2007
"{90120000-001A-0411-0000-0000000FF1CE}_PERSONALR_{2B20F8FF-CEDB-49F3-B00E-94B8E93F35A1}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0411-0000-0000000FF1CE}" = Microsoft Office Word MUI (Japanese) 2007
"{90120000-001B-0411-0000-0000000FF1CE}_PERSONALR_{2B20F8FF-CEDB-49F3-B00E-94B8E93F35A1}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PERSONALR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0411-0000-0000000FF1CE}" = Microsoft Office Proof (Japanese) 2007
"{90120000-001F-0411-0000-0000000FF1CE}_PERSONALR_{09FD8ECF-B585-47FD-8E53-68BB8741DA65}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0028-0411-0000-0000000FF1CE}" = Microsoft Office IME (Japanese) 2007
"{90120000-0028-0411-0000-0000000FF1CE}_PERSONALR_{85644C8B-569F-4998-9A4F-0845AA579E9E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0411-0000-0000000FF1CE}" = Microsoft Office Proofing (Japanese) 2007
"{90120000-006E-0411-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Japanese) 2007
"{90120000-006E-0411-0000-0000000FF1CE}_PERSONALR_{B780C954-17E3-41D7-902B-94D21B349E08}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9044384C-1D53-4DEA-B257-0A0C7D6C7452}" = Serif DrawPlus 8 Resources
"{91120000-0033-0000-0000-0000000FF1CE}" = Microsoft Office Personal 2007
"{91120000-0033-0000-0000-0000000FF1CE}_PERSONALR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0033-0000-0000-0000000FF1CE}_PERSONALR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{923E3957-F939-453A-BD55-41CFB8D7F211}" = HTC Sync
"{932245FB-2F3B-3E2E-B8AB-BDE96E434F21}" = Microsoft .NET Framework 3.5 Language Pack SP1 - jpn
"{9A472982-E1B5-4504-8E2A-43E9C2E44F99}" = 3D MediaSurfing
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C665D73-1F28-470A-AB62-5A45B8B4172C}" = 時事通信社 医学・健康コンテンツ
"{9F367848-4A9C-4400-A17C-DCDF5C5537B8}" = Serif ImpactPlus 5.0 Resource CD-ROM
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A33E457B-5369-481F-8B53-71108AE2EB5B}" = Roxio Creator LJ
"{A54F5CD3-317A-483B-99AE-B5100208902D}" = お手入れナビ
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = NetworkPlayer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B28635AB-1DF3-4F07-BFEA-975D911B549B}" = hpphotosmartdisclabelplugin
"{B351DC34-2758-492A-ADEE-66C17A61860E}" = PowerUtility - スケジュール機能
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B931A76E-3CBE-453F-A196-154DBAEA1B47}" = Inspirium辞書検索ライブラリ
"{BA0CC975-682B-4678-A35C-05E607F36387}" = IndicatorUtility
"{BBB567E6-73B5-40B1-B46C-9B13DA13A3A5}" = Serif ImpactPlus 5.0
"{BBF08789-06CB-4D2F-9330-CD617AFDE528}" = Fax
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BF42FB05-6C5B-4BB7-A024-741D7E3DFD80}" = FMVユーザー登録
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C24447C3-CACD-4ce3-BA95-1BE092E0C4F8}" = AzbyClubガジェットプログラム
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C768790F-04FB-11E0-9B2C-001AA037B01E}" = Google Earth
"{C99E6F22-FD0E-4D6E-925A-268AD1C050D6}" = its-moNavi PC
"{C9A391A7-E3C0-45B3-9A8E-1D878C9A3997}" = Serif PagePlus 11 Resources
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0038B10-4B2C-49D3-9C66-8B0A1518F1B9}" = muveeNow 2.2
"{D1666DE7-C83C-4711-8AF8-D58004811F28}" = O2Micro Flash Memory Card Windows Driver
"{D18E639E-0B65-4FC1-9065-78926EE90958}" = PowerUtility - リモート管理機能
"{D1A1B85E-328C-47C0-80EB-3AF2C567114E}" = 電子辞書
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D9D8F2CF-FE2D-4644-9762-01F916FE90A9}" = HPPhotoSmartDiscLabel_PaperLabel
"{DAB5C521-80B2-48C3-B0DA-326A1B331F55}" = GoToAssist Corporate
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DDB64FC6-9298-4F6E-B8B4-896D71754741}" = Fujitsu Display Manager
"{DFAC6623-5DE9-48A3-8F7C-44134D3B8194}" = 乗換案内
"{E40CCCFF-E52F-49FC-8215-88B9F4D40227}" = ATLAS 翻訳パーソナル 2008 LE
"{E440FCB2-6CA6-46A4-BA67-CEF6C009165F}" = @メール
"{E868C148-D80D-4EB7-A3CD-42CF98A1AC89}" = 富士通デバイス再検出ツール
"{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = 富士通拡張機能ユーティリティ
"{E902DA50-B519-4820-81C2-694226E23B2E}" = @niftyでブロードバンド
"{E9327EB0-7209-4E47-8EE2-999D5E567CAE}" = テレビ出力ユーティリティ
"{EA44B14D-DE9B-41EF-BFEE-11CD240CE40F}" = BIBLOランプ設定
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = SetPoint
"{F41DAAD0-58A1-4A9D-B0E8-304D3748D555}" = うれしレシピ
"{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}" = OmniPass 6.00.28
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"{F7F60AC4-4B4B-48bd-A536-381F43DAED0E}" = AzbyClubツールバー
"{F96D9B35-8713-49CC-910A-9742D7EB5F8E}" = FMVサポートナビ
"{FA0E7183-6B11-4899-B25F-2C490543967E}" = PS_AIO_05_C309_Software_Min
"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Creator LJ
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"BT Broadband Desktop Help" = BT Broadband Desktop Help
"BTHomeHub" = BTHomeHub
"CCleaner" = CCleaner
"FoxTab PDF Converter" = FoxTab PDF Converter
"Google Chrome" = Google Chrome
"GoToAssist" = GoToAssist Corporate
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"InstallShield_{1928F447-569E-4238-8E37-A4156A4F838C}" = らくらくズーム
"InstallShield_{1A20AFF1-8171-49B0-A2F9-3205939DA176}" = @フォトレタッチ
"InstallShield_{1C725459-5053-42A5-B22A-F3E91484DF65}" = @メニュー
"InstallShield_{1D21451D-9C36-42A1-BD21-4A68410C9F2C}" = 壁紙かんたん模様替え
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for FUJITSU
"InstallShield_{224F03EA-8DA5-4413-9B80-FD3B7EABAF9B}" = 富士通モビリティセンター拡張
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink AVCHD Player
"InstallShield_{29276E3F-15EF-49FC-9793-B07811C8059D}" = PC乗換ガイド
"InstallShield_{38508400-4782-4721-8648-32BD0D676E40}" = ネットテレビビューアー
"InstallShield_{41938788-1E1C-4A8B-A1CD-F34C7A4D3E0D}" = セキュリティ対策ソフト選択
"InstallShield_{4EC9E702-4FCF-4C63-B840-42C8A559C9C4}" = ゆったり設定2
"InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = DVD MovieWriter for FUJITSU
"InstallShield_{60DAE067-F470-4FFC-9FEC-F67914FE2AEC}" = @映像館
"InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = ワンタッチボタン設定
"InstallShield_{6AACA25A-8C8A-4511-9B83-9B3858A4210F}" = かんたん編集 for FUJITSU
"InstallShield_{723D1614-0571-4628-BC3E-B8AD9318143C}" = @FTP
"InstallShield_{77E46779-1EF3-4ED9-8D55-5BE365AF13CE}" = パソコン準備ばっちりガイド
"InstallShield_{7BA0ECC1-2636-4169-9BF0-F49A1F7AAD87}" = 富士通起動ユーティリティ
"InstallShield_{83F00304-550B-4652-A12C-E301CB8B1EE4}" = FMVスクリーンセーバー
"InstallShield_{9A472982-E1B5-4504-8E2A-43E9C2E44F99}" = 3D MediaSurfing
"InstallShield_{A54F5CD3-317A-483B-99AE-B5100208902D}" = お手入れナビ
"InstallShield_{B351DC34-2758-492A-ADEE-66C17A61860E}" = PowerUtility - スケジュール機能
"InstallShield_{BA0CC975-682B-4678-A35C-05E607F36387}" = IndicatorUtility
"InstallShield_{BF42FB05-6C5B-4BB7-A024-741D7E3DFD80}" = FMVユーザー登録
"InstallShield_{D1666DE7-C83C-4711-8AF8-D58004811F28}" = O2Micro Flash Memory Card Windows Driver
"InstallShield_{D18E639E-0B65-4FC1-9065-78926EE90958}" = PowerUtility - リモート管理機能
"InstallShield_{D1A1B85E-328C-47C0-80EB-3AF2C567114E}" = 電子辞書
"InstallShield_{DDB64FC6-9298-4F6E-B8B4-896D71754741}" = Fujitsu Display Manager
"InstallShield_{E868C148-D80D-4EB7-A3CD-42CF98A1AC89}" = 富士通デバイス再検出ツール
"InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = 富士通拡張機能ユーティリティ
"InstallShield_{E9327EB0-7209-4E47-8EE2-999D5E567CAE}" = テレビ出力ユーティリティ
"InstallShield_{EA44B14D-DE9B-41EF-BFEE-11CD240CE40F}" = BIBLOランプ設定
"InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"Microsoft .NET Framework 3.5 Language Pack SP1 - jpn" = Microsoft .NET Framework 3.5 Language Pack SP1 - 日本語
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile JPN Language Pack" = Microsoft .NET Framework 4 Client Profile Language Pack - 日本語
"Microsoft Security Client" = Microsoft Security Essentials
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"PERSONALR" = Microsoft Office Personal 2007
"Shop for HP Supplies" = Shop for HP Supplies
"Yahoo! Companion" = BT Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update
"てきぱき家計簿マム6" = てきぱき家計簿マム6
"乗換案内 旅費精算_is1" = 乗換案内 旅費精算

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-142404555-2497891713-1179873967-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2011/11/20 9:45:55 | Computer Name = jonathantayl-PC | Source = System Restore | ID = 8193
Description =

Error - 2011/11/20 9:46:04 | Computer Name = jonathantayl-PC | Source = System Restore | ID = 8193
Description =

Error - 2011/11/20 9:46:08 | Computer Name = jonathantayl-PC | Source = System Restore | ID = 8193
Description =

Error - 2011/11/20 12:08:02 | Computer Name = jonathantayl-PC | Source = WinMgmt | ID = 10
Description =

Error - 2011/11/20 16:12:56 | Computer Name = jonathantayl-PC | Source = WinMgmt | ID = 10
Description =

Error - 2011/11/20 16:24:24 | Computer Name = jonathantayl-PC | Source = System Restore | ID = 8193
Description =

Error - 2011/11/20 16:41:35 | Computer Name = jonathantayl-PC | Source = System Restore | ID = 8193
Description =

Error - 2011/11/20 16:49:26 | Computer Name = jonathantayl-PC | Source = WinMgmt | ID = 10
Description =

Error - 2011/11/20 17:14:53 | Computer Name = jonathantayl-PC | Source = WinMgmt | ID = 10
Description =

Error - 2011/11/20 17:37:51 | Computer Name = jonathantayl-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 2011/11/20 16:47:34 | Computer Name = jonathantayl-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 2011/11/20 16:47:40 | Computer Name = jonathantayl-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 2011/11/20 16:49:26 | Computer Name = jonathantayl-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2011/11/20 16:50:27 | Computer Name = jonathantayl-PC | Source = DCOM | ID = 10016
Description =

Error - 2011/11/20 16:55:45 | Computer Name = jonathantayl-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 2011/11/20 17:14:53 | Computer Name = jonathantayl-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2011/11/20 17:15:54 | Computer Name = jonathantayl-PC | Source = DCOM | ID = 10016
Description =

Error - 2011/11/20 17:17:24 | Computer Name = jonathantayl-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 2011/11/20 17:37:52 | Computer Name = jonathantayl-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2011/11/20 17:38:52 | Computer Name = jonathantayl-PC | Source = DCOM | ID = 10016
Description =


< End of report >
 
Goodnight

Broni I have to go for the evening here, will get back to your reply in the morning but once again THANK YOU SO SO MUCH :)
 
You're very welcome
smiley_says_hello.gif


Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :OTL
    O8 - Extra context menu item: Google サイドウィキ... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
    [2011/10/29 23:14:29 | 000,000,456 | ---- | M] () -- C:\ProgramData\1kAlMiG2Kb7FzP
    [2011/10/29 23:13:14 | 000,000,192 | ---- | M] () -- C:\ProgramData\~1kAlMiG2Kb7FzP
    [2011/10/29 23:13:14 | 000,000,088 | ---- | M] () -- C:\ProgramData\~1kAlMiG2Kb7FzPr
    [2010/11/21 07:58:20 | 000,000,000 | ---D | M] -- C:\Users\jonathan taylor\AppData\Roaming\Uniblue
    @Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:73933431
    @Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:AA7BE830
    @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:82C50600
    @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:C5F7BBCF
    @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:1E3397DC
    @Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:1A60DE96
    @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:5F15D632
    @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:1DF79F4B
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:DD160B0D
    @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:8BBD1F9A
    @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:52DBE86F
    @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:91EA783C
    @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:F7862839
    @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:322EAACD
    
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

===========================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
OTL Log

All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google ??????...\ not found.
C:\ProgramData\1kAlMiG2Kb7FzP moved successfully.
C:\ProgramData\~1kAlMiG2Kb7FzP moved successfully.
C:\ProgramData\~1kAlMiG2Kb7FzPr moved successfully.
C:\Users\jonathan taylor\AppData\Roaming\Uniblue\RegistryBooster\_temp folder moved successfully.
C:\Users\jonathan taylor\AppData\Roaming\Uniblue\RegistryBooster\history folder moved successfully.
C:\Users\jonathan taylor\AppData\Roaming\Uniblue\RegistryBooster\backup folder moved successfully.
C:\Users\jonathan taylor\AppData\Roaming\Uniblue\RegistryBooster folder moved successfully.
C:\Users\jonathan taylor\AppData\Roaming\Uniblue folder moved successfully.
ADS C:\ProgramData\Temp:73933431 deleted successfully.
ADS C:\ProgramData\Temp:AA7BE830 deleted successfully.
ADS C:\ProgramData\Temp:82C50600 deleted successfully.
ADS C:\ProgramData\Temp:C5F7BBCF deleted successfully.
ADS C:\ProgramData\Temp:1E3397DC deleted successfully.
ADS C:\ProgramData\Temp:1A60DE96 deleted successfully.
ADS C:\ProgramData\Temp:5F15D632 deleted successfully.
ADS C:\ProgramData\Temp:1DF79F4B deleted successfully.
ADS C:\ProgramData\Temp:DD160B0D deleted successfully.
ADS C:\ProgramData\Temp:8BBD1F9A deleted successfully.
ADS C:\ProgramData\Temp:52DBE86F deleted successfully.
ADS C:\ProgramData\Temp:91EA783C deleted successfully.
ADS C:\ProgramData\Temp:F7862839 deleted successfully.
ADS C:\ProgramData\Temp:322EAACD deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: jonathan taylor
->Temp folder emptied: 298616 bytes
->Temporary Internet Files folder emptied: 9616738 bytes
->Java cache emptied: 10278 bytes
->Flash cache emptied: 5208468 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 43993 bytes
RecycleBin emptied: 200900 bytes

Total Files Cleaned = 15.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: jonathan taylor
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 11212011_174913

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
 
Security Check Log

Results of screen317's Security Check version 0.99.24
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Microsoft Security Essentials
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:

Spybot - Search & Destroy
CCleaner
Java(TM) 6 Update 29
Out of date Java installed!
Adobe Flash Player ( 10.2.153.1) Flash Player Out of Date!
Adobe Reader X (10.1.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Spybot Teatimer.exe is disabled!
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````
 
Broni, looking GOOD my friend....

Have also ran as directed Temp File Cleaner (TFC) and then ESET Online Scanner which came back clean.
I eagerly await your reply, ps still have MBR.dat on the desktop am very careful to follow to the letter your instructions ;)
 
Good news :)
You can delete MBR.dat file now.


Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.
 
Last OTL Log

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: jonathan taylor
->Temp folder emptied: 6609658 bytes
->Temporary Internet Files folder emptied: 111468831 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 6713819 bytes
->Flash cache emptied: 58162 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 95679 bytes
RecycleBin emptied: 2305081 bytes

Total Files Cleaned = 121.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: jonathan taylor
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb



OTL by OldTimer - Version 3.2.31.0 log created on 11222011_063139

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
 
Thanks Broni

Thanks Broni,
have completed the rest of your instructions and had the machine running for 12 hrs with none of the original problems that you have so kindly helped out with so, HUGE THANKS and GRATITUDE and RESPECT to you.
If you wouldn't mind giving me a guide as to how you found and treated the issues I would love to learn !!
Thanks again Broni
:)
 
Learning

Hi Broni,
thanks for the pointer,I have a free day tomorrow so I will make a start on that !
Thank you again,
All the very best to you,
:)
 
Back