Solved No Windows sounds

OK. Back after ComboFix is done.

 

OH OH ... Part two!

After a LONG time running ComboFix, I got my second BSOD of the day:

Plug and Play ... likely ... faulty driver.

Technical Information:

*** STOP: 0x000000CA (0x00000004, 0x825EA798, 0x00000000, 0x00000000)​

I don't believe ComboFix had completed, but it was up into the late 20's somewhere.

Laptop has rebooted (actually still is as I type on a different computer).

What do I do next?

OH WAIT !

I just got a pop-up window:

TOSHIBA Power Saver

A Fatal error has occurred. This program will be terminated. code:0x0​

with an "OK" button.

ALSO - No icons down at the clock.

AND just poped up an avast! pop-up, as the file located at "C;\ComboFix\pev.3XE" wants to open.

 

More info:

CPU Usage again spiked for about 1 or 2 minutes.

2nd avast! pop-up, for "Suspicious Files Found ". 2 files in the Temporary Internet Files section, both "dds[1].scr ".

Q: I assume I should select "Ignor" on this 2nd pop-up...

I have also manually turned off the laptops Wi-Fi connection.

Awaiting instructions...

 

Got it.... Here goes!

more info...

Can't just click on the "Start" button due to hour glass... Will try "Ctrl - Alt - Del" method.

 

1 Question:

Enter under "Administrator" account or under my Name account?

(or does it not matter?)

 

I think I already have my answer....

I went in under "Administrator" and almost no icons are on the desktop...

Rebooting now.

 

ACK!

Can't get Internet Access in Safe Mode...

 

Tried "Diagnose Connection Problems" button.

Network Diagnostics says "Windows cannot troubleshoot your network connection because an error has occurred. "

 

OK, re-read instructions...

Tried to run ComboFix in Safe Mode, however I can't shut off the real time scanner(s) in avast!

Now what???

 

OK, I give up for tonight. It's midnight here on the East Coast, and sleep is fast overtaking me.

I've shut down the laptop. Really not sure what to do next.

Goodnight, kind sir. I'll check to see if you've had any ideas in the morning.

 

And finally......

---------------------------------------

ComboFix 11-11-06.02 - Arthur 11/07/2011 10:28:30.2.1 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.702.522 [GMT -5:00]
Running from: c:\documents and settings\Arthur\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\tmp135.tmp
c:\documents and settings\All Users\Application Data\tmp159.tmp
c:\documents and settings\All Users\Start Menu\HP Image Zone .lnk
c:\documents and settings\Arthur\g2mdlhlpx.exe
c:\documents and settings\Arthur\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\windows\iun6002.exe
c:\windows\system32\bszip.dll
c:\windows\system32\config\systemprofile\WINDOWS
.
.
((((((((((((((((((((((((( Files Created from 2011-10-07 to 2011-11-07 )))))))))))))))))))))))))))))))
.
.
2011-11-07 04:03 . 2011-11-07 04:03 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-11-04 13:42 . 2011-11-04 13:42 -------- d-----w- c:\windows\system32\wbem\Repository
2011-11-04 13:39 . 2011-11-04 13:39 -------- d-----w- c:\program files\Bonjour
2011-11-04 13:32 . 2011-11-04 13:33 -------- d-----w- c:\program files\iTunes
2011-11-04 13:32 . 2011-11-04 13:32 -------- d-----w- c:\program files\iPod
2011-11-04 13:28 . 2011-11-04 13:28 -------- d-----w- c:\program files\Common Files\xing shared
2011-11-03 21:33 . 2011-11-03 21:33 -------- d-----w- c:\documents and settings\Arthur\Application Data\ElevatedDiagnostics
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-03 09:06 . 2010-04-22 20:28 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 06:37 . 2010-04-22 20:28 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-26 15:41 . 2008-07-29 23:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2005-04-20 18:44 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2005-04-20 18:44 220160 ----a-w- c:\windows\system32\oleacc(2)(2).dll
2011-09-26 15:41 . 2005-04-20 18:44 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 15:41 . 2005-04-20 18:44 20480 ----a-w- c:\windows\system32\oleaccrc(2)(2).dll
2011-09-09 09:12 . 2005-04-20 18:44 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-09 09:12 . 2005-04-20 18:44 599040 ----a-w- c:\windows\system32\crypt32(2)(2).dll
2011-09-06 20:45 . 2010-06-29 23:48 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:45 . 2010-02-20 03:57 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-06 20:38 . 2011-02-25 22:12 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-06 20:37 . 2010-02-20 03:57 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:36 . 2010-02-20 03:57 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2010-02-20 03:57 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2010-02-20 03:57 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-09-06 20:36 . 2010-02-20 03:57 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-09-06 20:36 . 2010-02-20 03:57 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-06 20:33 . 2010-02-20 03:57 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-09-06 13:20 . 2005-04-20 18:45 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-09-06 13:20 . 2005-04-20 18:45 1858944 ----a-w- c:\windows\system32\win32k(2)(2).sys
2011-09-03 10:17 . 2005-04-20 18:44 599040 ----a-w- c:\windows\system32\crypt32(4).dll
2011-08-31 21:00 . 2011-05-13 01:39 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-23 21:48 . 2006-10-27 20:09 11081728 ----a-w- c:\windows\system32\ieframe(2)(3).dll
2011-08-22 23:48 . 2005-04-20 18:45 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2005-04-20 18:45 916480 ----a-w- c:\windows\system32\wininet(2)(3).dll
2011-08-22 23:48 . 2005-04-20 18:45 1212416 ----a-w- c:\windows\system32\urlmon(2)(3).dll
2011-08-22 23:48 . 2005-04-20 18:45 105984 ----a-w- c:\windows\system32\url(2)(2).dll
2011-08-22 23:48 . 2006-10-17 17:57 2000384 ----a-w- c:\windows\system32\iertutil(2)(3).dll
2011-08-22 23:48 . 2005-04-20 18:44 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2005-04-20 18:44 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2005-04-20 18:44 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 16:57 . 2011-05-13 17:31 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-17 13:49 . 2005-04-20 18:44 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2003-08-27 21:19 . 2005-04-20 21:52 36963 ----a-r- c:\program files\Common Files\SM1updtr.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@= "{472083B0-C522-11CF-8763-00608CC02F24} "
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD "= "c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"mount.exe "= "c:\program files\GiPo@Utilities\FileUtilities.3\mount.exe" [2008-04-11 374272]
"SUPERAntiSpyware "= "c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-05 4615552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"THotkey "= "c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2005-04-25 339968]
"LtMoh "= "c:\program files\ltmoh\Ltmoh.exe" [2005-04-12 184320]
"AGRSMMSG "= "AGRSMMSG.exe" [2005-04-12 88358]
"Tvs "= "c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-04-05 73728]
"SmoothView "= "c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-15 122880]
"dla "= "c:\windows\system32\dla\tfswctrl.exe" [2005-01-14 122939]
"SynTPLpr "= "c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-14 98394]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-14 688218]
"TPSMain "= "TPSMain.exe" [2004-12-28 270336]
"PadTouch "= "c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-09-07 1077301]
"Adobe Photo Downloader "= "c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]
"avast "= "c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-09-06 3722416]
"TkBellExe "= "c:\program files\real\realplayer\update\realsched.exe" [2011-05-22 273544]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2011-07-05 421888]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\documents and settings\Arthur\Start Menu\Programs\Startup\
Microsoft Office Shortcut Bar.Lnk - c:\program files\Microsoft Office\Office\MSOFFICE.EXE [1997-7-11 333824]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-7-11 51984]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-9-16 972064]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-05 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-05 14:00 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=" "
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Find Fast.lnk]
backup=c:\windows\pss\Microsoft Find Fast.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pad39A-HtEHL
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\X-Cleaner Freeware
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 21:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-08-19 05:07 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pinger]
2005-03-17 23:37 151552 ----a-w- c:\toshiba\IVP\ISM\pinger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 22:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe "=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe "= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Intuit\\QuickBooks 2005\\QBDBMgrN.exe "=
"c:\\z\\ftp\\WS_FTP95.exe "=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
.
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [7/1/2010 5:05 PM 116608]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2/25/2011 5:12 PM 442200]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2/19/2010 10:57 PM 320856]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [5/26/2009 9:05 AM 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 9:05 AM 67664]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/19/2010 10:57 PM 20568]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 9:05 AM 12872]
S4 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [10/7/2007 6:12 PM 1872320]
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2011-11-07 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2431177171-1448187429-1888287071-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-11-07 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2431177171-1448187429-1888287071-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-11-07 c:\windows\Tasks\User_Feed_Synchronization-{D2179124-48AA-4E42-AB66-FA4A02815026}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.toshiba.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
TCP: DhcpNameServer = 192.168.2.1
DPF: Microsoft XML Parser for Java
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://71.37.180.29/activex/AMC.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-Notebook_Maximizer - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-07 10:49
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2431177171-1448187429-1888287071-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(204)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2011-11-07 10:58:28
ComboFix-quarantined-files.txt 2011-11-07 15:58
.
Pre-Run: 11,262,877,696 bytes free
Post-Run: 11,251,888,128 bytes free
.
- - End Of File - - DC4B290C349220F0BF795D810181983E

 

It took about half an hour to run ComboFix in Safe Mode.

Laptop is slow loading this morning, as I expected from running all these tests. I have not run any cleaners or deleted anything. I did update avast! before going on-line this morning and turned the firewall back on, of course. Other than that, nothing is changed.

Also, I did get a pop-up when I went on-line, telling me that Internet Explorer is not currently my default browser. I did not change browsers, so I'm not sure what did. For now, I answered "No" to changing it back to my default browser.

 

Evening, broni !

Just fired up the laptop and will report back shortly!

 

Here is about half of the OTL.txt file:

-------------------------------------

OTL logfile created on: 11/7/2011 8:38:46 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Arthur\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

702.23 Mb Total Physical Memory | 273.90 Mb Available Physical Memory | 39.00% Memory free
1.30 Gb Paging File | 0.88 Gb Available in Paging File | 67.81% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 9.69 Gb Free Space | 13.00% Space Free | Partition Type: NTFS

Computer Name: TOSHIBA | User Name: Arthur | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/07 20:35:46 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Arthur\Desktop\OTL.exe
PRC - [2011/11/04 23:34:55 | 004,615,552 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2011/09/06 15:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/09/06 15:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/08/17 11:57:40 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/05/22 00:44:58 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2009/09/16 19:33:46 | 000,972,064 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2009/09/16 18:22:08 | 000,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/06/06 23:46:24 | 000,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
PRC - [2005/04/25 11:15:26 | 000,034,816 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
PRC - [2005/04/25 11:15:18 | 000,339,968 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe
PRC - [2005/04/15 18:51:48 | 000,122,880 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
PRC - [2005/04/12 18:18:46 | 000,184,320 | ---- | M] (Agere Systems) -- C:\Program Files\ltmoh\ltmoh.exe
PRC - [2005/04/05 18:25:34 | 000,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
PRC - [2005/01/17 18:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2004/12/30 02:32:20 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2004/12/28 18:02:46 | 000,270,336 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe
PRC - [2004/12/28 18:02:28 | 000,036,864 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2004/12/22 19:50:04 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe
PRC - [2004/10/14 17:28:02 | 000,098,394 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2004/08/27 17:33:32 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe
PRC - [2004/05/13 15:46:02 | 000,053,248 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
PRC - [1997/07/11 00:00:00 | 000,333,824 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
PRC - [1997/07/11 00:00:00 | 000,051,984 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\OSA.EXE


========== Modules (No Company Name) ==========

MOD - [2011/11/07 18:45:29 | 001,609,216 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11110800\algo.dll
MOD - [2011/11/07 11:13:19 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2011/11/07 10:19:30 | 000,240,992 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11110800\aswRep.dll
MOD - [2011/11/07 04:25:19 | 001,608,192 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11110700\algo.dll
MOD - [2011/11/05 22:13:34 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll
MOD - [2011/11/04 23:17:36 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/11/04 23:17:17 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/11/03 12:42:38 | 000,239,432 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11110700\aswRep.dll
MOD - [2011/08/15 12:22:55 | 000,063,488 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2011/08/15 12:22:54 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011/08/05 17:10:41 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2009/09/04 22:15:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2008/05/01 23:15:37 | 000,010,240 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll
MOD - [2005/12/15 23:26:54 | 003,792,896 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\MSO97.DLL
MOD - [2004/12/22 19:50:04 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe
MOD - [2004/11/05 20:24:54 | 000,090,112 | ---- | M] () -- C:\Program Files\TOSHIBA\ConfigFree\CFShlExt.dll
MOD - [2004/05/13 15:46:02 | 000,053,248 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
MOD - [1997/07/11 00:00:00 | 000,051,984 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\OSA.EXE


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/09/06 15:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/08/17 11:57:40 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2010/06/22 07:23:18 | 001,872,320 | ---- | M] (Emsi Software GmbH) [Disabled | Stopped] -- c:\program files\a-squared free\a2service.exe -- (a2free)
SRV - [2009/09/16 18:22:08 | 000,020,480 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/05/24 06:08:44 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2005/04/25 11:15:26 | 000,034,816 | ---- | M] (TOSHIBA Corp.) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV)
SRV - [2005/01/17 18:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2004/12/22 19:50:04 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2004/08/27 17:33:32 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)
SRV - [2004/05/13 15:46:02 | 000,053,248 | ---- | M] () [Auto | Running] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)


========== Driver Services (SafeList) ==========

DRV - [2011/09/06 15:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/09/06 15:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/09/06 15:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/09/06 15:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/09/06 15:36:23 | 000,110,552 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/09/06 15:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/09/06 15:33:11 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/08/05 17:07:10 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/08/05 17:07:10 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/02/19 10:31:11 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/03/25 06:29:52 | 000,130,432 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/08/26 21:33:50 | 000,044,288 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2006/03/22 17:27:10 | 000,488,992 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SHP5211.sys -- (AR5211)
DRV - [2005/11/12 14:25:58 | 000,015,890 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2005/08/10 14:22:10 | 000,114,464 | ---- | M] (McAfee Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\naiavf5x.sys -- (NaiAvFilter1)
DRV - [2005/04/15 15:46:04 | 000,029,056 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs)
DRV - [2005/04/12 18:19:42 | 001,066,278 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/04/11 15:33:52 | 001,035,264 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/03/25 15:04:40 | 002,314,560 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/03/15 10:33:30 | 000,004,992 | ---- | M] (Toshiba Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NBSMI.sys -- (TVALD)
DRV - [2005/02/25 02:33:26 | 000,102,320 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2004/08/03 17:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/10/22 22:15:02 | 000,024,698 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2003/09/19 17:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/06/11 10:53:22 | 000,006,867 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (TBiosDrv)
DRV - [2003/01/29 16:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2431177171-1448187429-1888287071-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2431177171-1448187429-1888287071-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-2431177171-1448187429-1888287071-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.toshiba.com/
IE - HKU\S-1-5-21-2431177171-1448187429-1888287071-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2431177171-1448187429-1888287071-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2431177171-1448187429-1888287071-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.647: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.647: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/11/04 08:28:35 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/11/07 10:49:36 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (no name) - {656EC4B7-072B-4698-B504-2A414C1F0037} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKU\S-1-5-21-2431177171-1448187429-1888287071-1006\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe (TOSHIBA)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [THotkey] C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe (TOSHIBA)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKU\S-1-5-21-2431177171-1448187429-1888287071-1006..\Run: [mount.exe] C:\Program Files\GiPo@Utilities\FileUtilities.3\mount.exe (Gibin Software House (http://www.gibinsoft.net))
O4 - HKU\S-1-5-21-2431177171-1448187429-1888287071-1006..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-2431177171-1448187429-1888287071-1006..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\Arthur\Start Menu\Programs\Startup\Microsoft Office Shortcut Bar.Lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2431177171-1448187429-1888287071-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2431177171-1448187429-1888287071-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2431177171-1448187429-1888287071-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2431177171-1448187429-1888287071-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {00130000-B1BA-11CE-ABC6-F5B2E79D9E3F} http://aceonline.asicentral.com/ace/ltocx13n.cab (LEAD Main Control (13.0))
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/Dcode/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com/pcpitstop/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-40e1-a617-af65a72a0465/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1132037644234 (WUWebControl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238553774015 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (a-squared Scanner)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://71.37.180.29/activex/AMC.cab (AxisMediaControlEmb Class)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://thepromotioncoach.webex.com/client/T27LD/nbr/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://driveragent.com/files/driveragent.cab (Driver Agent ActiveX Control)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5C1744ED-0990-40D8-BAC2-D49727A6960F}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2005\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Toshiba.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Toshiba.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/04/20 15:34:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\AC3ACM.acm (fccHandler)
Drivers32: msacm.alf2cd - C:\WINDOWS\System32\alf2cd.acm (NCT Company)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.scg726 - C:\WINDOWS\System32\Scg726.acm (SHARP Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\divx.dll (DivXNetworks, Inc.)
Drivers32: vidc.dvsd - C:\WINDOWS\System32\mcdvd_32.dll (MainConcept)
Drivers32: vidc.I420 - C:\WINDOWS\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/11/07 20:35:38 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Arthur\Desktop\OTL.exe
[2011/11/07 10:58:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/11/06 22:01:36 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/11/06 21:55:49 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/11/06 21:55:49 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/11/06 21:55:49 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/11/06 21:55:49 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/11/06 21:55:03 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/06 21:47:17 | 004,285,061 | R--- | C] (Swearware) -- C:\Documents and Settings\Arthur\Desktop\ComboFix.exe
[2011/11/06 14:02:56 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Arthur\Desktop\dds.scr
[2011/11/06 13:08:44 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Arthur\Desktop\aswMBR.exe
[2011/11/05 23:41:52 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Arthur\Recent
[2011/11/05 00:38:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Arthur\Desktop\audio fix 110411
[2011/11/04 08:39:06 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/11/04 08:33:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/11/04 08:32:45 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/11/04 08:32:45 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/11/04 08:31:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Arthur\Desktop\Paige Duke
[2011/11/04 08:28:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2011/11/04 08:07:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2011/11/03 16:33:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Arthur\Application Data\ElevatedDiagnostics
[2011/11/03 16:32:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2011/10/18 08:42:09 | 000,000,000 | ---D | C] -- C:\Program Files\iPod(3)
[2011/10/18 08:41:37 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes(3)
[2011/10/18 08:30:51 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour(3)
[2011/10/12 15:58:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Arthur\Desktop\bhmf
[2005/11/12 14:25:55 | 000,028,672 | ---- | C] ( ) -- C:\WINDOWS\System32\ControlACS.exe
[2005/04/20 16:52:13 | 000,036,963 | R--- | C] (Cypress Semiconductor) -- C:\Program Files\Common Files\SM1updtr.dll
[2005/04/20 16:26:07 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 

and here is the other half of the OTL.txt file

-------------------------------------------------


========== Files - Modified Within 30 Days ==========

[2011/11/07 20:46:00 | 000,000,394 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{D2179124-48AA-4E42-AB66-FA4A02815026}.job
[2011/11/07 20:36:35 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2431177171-1448187429-1888287071-1006.job
[2011/11/07 20:36:34 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2431177171-1448187429-1888287071-1006.job
[2011/11/07 20:35:46 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Arthur\Desktop\OTL.exe
[2011/11/07 11:24:11 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/11/07 11:03:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/07 11:03:48 | 736,415,744 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/07 10:49:36 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/11/06 22:27:22 | 149,762,048 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2011/11/06 22:01:57 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/11/06 21:47:24 | 004,285,061 | R--- | M] (Swearware) -- C:\Documents and Settings\Arthur\Desktop\ComboFix.exe
[2011/11/06 21:37:46 | 000,000,470 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2011/11/06 21:18:01 | 000,044,607 | ---- | M] () -- C:\Documents and Settings\Arthur\Desktop\bootkit_remover.zip
[2011/11/06 20:54:38 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Arthur\Desktop\RKUnhookerLE.EXE
[2011/11/06 15:24:17 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Arthur\Desktop\dds.scr
[2011/11/06 14:21:37 | 000,503,578 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/06 14:21:36 | 000,097,142 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/06 13:08:51 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Arthur\Desktop\aswMBR.exe
[2011/11/06 10:27:54 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Arthur\Desktop\84cnvueh.exe
[2011/11/06 08:41:28 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/11/05 23:44:11 | 000,019,868 | ---- | M] () -- C:\Documents and Settings\Arthur\My Documents\cc_20111106_004406.reg
[2011/11/05 11:01:43 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/05 01:19:44 | 000,283,020 | ---- | M] () -- C:\Documents and Settings\Arthur\Desktop\result.cab
[2011/11/04 23:23:17 | 000,745,400 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/11/04 15:51:05 | 000,005,160 | ---- | M] () -- C:\Documents and Settings\Arthur\My Documents\cc_20111104_165101.reg
[2011/11/04 11:46:20 | 000,000,856 | ---- | M] () -- C:\Documents and Settings\Arthur\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/11/04 07:37:39 | 000,068,635 | ---- | M] () -- C:\Documents and Settings\Arthur\Desktop\msg0003.WAV
[2011/11/03 22:08:19 | 000,024,628 | ---- | M] () -- C:\Documents and Settings\Arthur\My Documents\cc_20111103_230814.reg
[2011/11/03 16:36:11 | 000,001,826 | ---- | M] () -- C:\Documents and Settings\Arthur\My Documents\cc_20111103_173607.reg
[2011/11/03 15:52:44 | 000,001,204 | ---- | M] () -- C:\Documents and Settings\Arthur\My Documents\cc_20111103_165240.reg
[2011/11/03 15:21:51 | 000,001,438 | ---- | M] () -- C:\Documents and Settings\Arthur\My Documents\cc_20111103_162146.reg
[2011/11/01 12:25:12 | 000,069,173 | ---- | M] () -- C:\Documents and Settings\Arthur\Desktop\aaa_texas_500.jpg
[2011/10/30 23:00:32 | 000,001,626 | ---- | M] () -- C:\Documents and Settings\Arthur\My Documents\cc_20111031_000027.reg
[2011/10/28 08:43:48 | 010,112,862 | ---- | M] () -- C:\Documents and Settings\Arthur\Desktop\Newsboys.zip
[2011/10/25 16:14:23 | 000,069,090 | ---- | M] () -- C:\Documents and Settings\Arthur\Desktop\msg0002.WAV
[2011/10/25 12:52:08 | 000,433,105 | ---- | M] () -- C:\Documents and Settings\Arthur\Desktop\nascar_sprint_cup.JPG
[2011/10/25 11:08:38 | 000,068,443 | ---- | M] () -- C:\Documents and Settings\Arthur\Desktop\Tums500Graphic.jpg
[2011/10/20 16:10:12 | 000,067,219 | ---- | M] () -- C:\Documents and Settings\Arthur\Desktop\Ricky on track Busch North 1991.jpg
[2011/10/20 16:05:43 | 000,053,464 | ---- | M] () -- C:\Documents and Settings\Arthur\Desktop\Ricky Busch North Win 19xx.jpg
[2011/10/20 15:58:01 | 000,039,332 | ---- | M] () -- C:\Documents and Settings\Arthur\Desktop\RC Busch North 19xx.jpg
[2011/10/19 17:16:26 | 028,989,205 | ---- | M] () -- C:\Documents and Settings\Arthur\Desktop\show_2446781.mp3
[2011/10/18 12:44:11 | 000,243,275 | ---- | M] () -- C:\Documents and Settings\Arthur\Desktop\dan_wheldon_indy_family_2011.jpg
[2011/10/18 12:39:23 | 001,332,144 | ---- | M] () -- C:\Documents and Settings\Arthur\Desktop\dan_wheldon_family_indy_2011.jpg
[2011/10/18 08:26:48 | 003,282,252 | ---- | M] () -- C:\Documents and Settings\Arthur\Desktop\Amazing Grace - Royal Scot Draggoon.mp3
[2011/10/18 08:21:55 | 002,818,946 | ---- | M] () -- C:\Documents and Settings\Arthur\Desktop\aEZgloIuZdgMiImLwTAA_xcsJquyHczFRxuLtb9J5zyshkE8DAjBiY-4qGfFFl-p000vIn8Ijj5KDSP_0oDntQ==[1].mp3
[2011/10/17 23:03:47 | 000,043,188 | ---- | M] () -- C:\Documents and Settings\Arthur\Desktop\good_sam_club_500.jpg
[2011/10/12 16:48:39 | 000,018,404 | ---- | M] () -- C:\Documents and Settings\Arthur\My Documents\cc_20111012_174833.reg
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/07 11:03:48 | 736,415,744 | -HS- | C] () -- C:\hiberfil.sys
[2011/11/06 22:01:57 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/11/06 22:01:53 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/11/06 21:55:49 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/11/06 21:55:49 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/11/06 21:55:49 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/11/06 21:55:49 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/11/06 21:55:49 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/11/06 21:17:56 | 000,044,607 | ---- | C] () -- C:\Documents and Settings\Arthur\Desktop\bootkit_remover.zip
[2011/11/06 20:54:13 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Arthur\Desktop\RKUnhookerLE.EXE
[2011/11/06 10:27:52 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Arthur\Desktop\84cnvueh.exe
[2011/11/05 23:44:08 | 000,019,868 | ---- | C] () -- C:\Documents and Settings\Arthur\My Documents\cc_20111106_004406.reg
[2011/11/05 01:20:26 | 000,283,020 | ---- | C] () -- C:\Documents and Settings\Arthur\Desktop\result.cab
[2011/11/04 15:51:03 | 000,005,160 | ---- | C] () -- C:\Documents and Settings\Arthur\My Documents\cc_20111104_165101.reg
[2011/11/04 07:37:38 | 000,068,635 | ---- | C] () -- C:\Documents and Settings\Arthur\Desktop\msg0003.WAV
[2011/11/03 22:08:16 | 000,024,628 | ---- | C] () -- C:\Documents and Settings\Arthur\My Documents\cc_20111103_230814.reg
[2011/11/03 16:36:10 | 000,001,826 | ---- | C] () -- C:\Documents and Settings\Arthur\My Documents\cc_20111103_173607.reg
[2011/11/03 15:52:43 | 000,001,204 | ---- | C] () -- C:\Documents and Settings\Arthur\My Documents\cc_20111103_165240.reg
[2011/11/03 15:21:48 | 000,001,438 | ---- | C] () -- C:\Documents and Settings\Arthur\My Documents\cc_20111103_162146.reg
[2011/11/01 12:25:31 | 000,069,173 | ---- | C] () -- C:\Documents and Settings\Arthur\Desktop\aaa_texas_500.jpg
[2011/11/01 12:14:27 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2431177171-1448187429-1888287071-1006.job
[2011/10/30 23:00:30 | 000,001,626 | ---- | C] () -- C:\Documents and Settings\Arthur\My Documents\cc_20111031_000027.reg
[2011/10/28 08:43:43 | 010,112,862 | ---- | C] () -- C:\Documents and Settings\Arthur\Desktop\Newsboys.zip
[2011/10/25 16:14:23 | 000,069,090 | ---- | C] () -- C:\Documents and Settings\Arthur\Desktop\msg0002.WAV
[2011/10/25 12:52:08 | 000,433,105 | ---- | C] () -- C:\Documents and Settings\Arthur\Desktop\nascar_sprint_cup.JPG
[2011/10/25 12:50:04 | 001,207,395 | ---- | C] () -- C:\Documents and Settings\Arthur\Desktop\100_2600.JPG
[2011/10/25 11:08:58 | 000,068,443 | ---- | C] () -- C:\Documents and Settings\Arthur\Desktop\Tums500Graphic.jpg
[2011/10/20 16:12:59 | 000,067,219 | ---- | C] () -- C:\Documents and Settings\Arthur\Desktop\Ricky on track Busch North 1991.jpg
[2011/10/20 16:06:43 | 000,053,464 | ---- | C] () -- C:\Documents and Settings\Arthur\Desktop\Ricky Busch North Win 19xx.jpg
[2011/10/20 16:00:09 | 000,039,332 | ---- | C] () -- C:\Documents and Settings\Arthur\Desktop\RC Busch North 19xx.jpg
[2011/10/19 17:16:22 | 028,989,205 | ---- | C] () -- C:\Documents and Settings\Arthur\Desktop\show_2446781.mp3
[2011/10/18 12:44:11 | 000,243,275 | ---- | C] () -- C:\Documents and Settings\Arthur\Desktop\dan_wheldon_indy_family_2011.jpg
[2011/10/18 12:40:06 | 001,332,144 | ---- | C] () -- C:\Documents and Settings\Arthur\Desktop\dan_wheldon_family_indy_2011.jpg
[2011/10/18 08:32:16 | 003,282,252 | ---- | C] () -- C:\Documents and Settings\Arthur\Desktop\Amazing Grace - Royal Scot Draggoon.mp3
[2011/10/18 08:30:38 | 002,818,946 | ---- | C] () -- C:\Documents and Settings\Arthur\Desktop\aEZgloIuZdgMiImLwTAA_xcsJquyHczFRxuLtb9J5zyshkE8DAjBiY-4qGfFFl-p000vIn8Ijj5KDSP_0oDntQ==[1].mp3
[2011/10/17 23:04:28 | 000,043,188 | ---- | C] () -- C:\Documents and Settings\Arthur\Desktop\good_sam_club_500.jpg
[2011/10/12 16:48:35 | 000,018,404 | ---- | C] () -- C:\Documents and Settings\Arthur\My Documents\cc_20111012_174833.reg
[2011/10/01 20:02:35 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/09/06 19:15:41 | 000,034,136 | ---- | C] () -- C:\WINDOWS\System32\RegHero.exe
[2009/09/06 19:15:40 | 000,028,504 | ---- | C] () -- C:\WINDOWS\System32\PopWait.exe
[2009/01/09 17:54:37 | 000,006,912 | ---- | C] () -- C:\Documents and Settings\Arthur\Application Data\PrimoPDFSet.xml
[2009/01/09 17:46:33 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2008/11/01 15:45:03 | 000,000,272 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/07/21 15:14:10 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2007/06/09 10:09:01 | 000,217,073 | ---- | C] () -- C:\WINDOWS\meta4.exe
[2007/06/09 10:09:01 | 000,066,560 | ---- | C] () -- C:\WINDOWS\MOTA113.exe
[2007/06/09 10:09:00 | 000,502,784 | ---- | C] () -- C:\WINDOWS\x2.64.exe
[2007/06/09 10:09:00 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2007/06/09 10:08:59 | 000,240,128 | ---- | C] () -- C:\WINDOWS\System32\x.264.exe
[2007/06/09 10:08:58 | 000,471,552 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2007/06/09 00:23:26 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/06/09 00:23:26 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/04/10 21:47:05 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\imlictbl.dat
[2007/04/10 21:42:58 | 000,110,950 | ---- | C] () -- C:\WINDOWS\System32\zlimclnup.exe
[2006/11/02 21:06:10 | 000,088,397 | ---- | C] () -- C:\WINDOWS\hpoins06.dat.temp
[2006/11/02 21:06:10 | 000,005,389 | ---- | C] () -- C:\WINDOWS\hpomdl06.dat.temp
[2006/09/21 01:02:19 | 000,087,959 | ---- | C] () -- C:\WINDOWS\hpoins06.dat
[2006/09/21 01:02:19 | 000,005,389 | ---- | C] () -- C:\WINDOWS\hpomdl06.dat
[2006/09/20 19:34:22 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/09/20 19:33:07 | 000,000,234 | ---- | C] () -- C:\WINDOWS\PrnHlpLogConfig.ini
[2006/09/20 19:32:38 | 000,000,228 | ---- | C] () -- C:\WINDOWS\HP_ISRegionListUpdatelog_HPSU.ini
[2006/09/20 19:32:30 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2006/09/20 19:32:12 | 000,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
[2006/09/20 19:30:57 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/09/20 19:29:42 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2006/09/19 18:49:12 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2006/09/19 18:48:27 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2006/09/19 18:47:46 | 000,000,691 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2006/08/26 22:14:22 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2006/08/01 11:49:39 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\fusioncache.dat
[2006/05/24 21:49:09 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Arthur\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/05/07 20:30:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\webica.ini
[2006/02/28 13:57:44 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2006/02/17 02:17:55 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/02/07 23:15:06 | 000,000,069 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2006/01/29 22:39:21 | 000,000,097 | ---- | C] () -- C:\WINDOWS\TaxACT05.ini
[2005/12/26 17:34:41 | 000,001,653 | ---- | C] () -- C:\WINDOWS\yahtzee.ini
[2005/12/15 23:26:57 | 000,000,210 | ---- | C] () -- C:\WINDOWS\System32\sr2spec.ini
[2005/11/17 01:29:44 | 000,040,960 | ---- | C] () -- C:\WINDOWS\delexe.exe
[2005/11/17 01:13:40 | 000,000,470 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2005/11/17 00:25:35 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Arthur\Local Settings\Application Data\fusioncache.dat
[2005/11/12 21:06:05 | 000,000,012 | ---- | C] () -- C:\WINDOWS\dirsaver.ini
[2005/11/12 14:25:55 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\ControlWZCS.exe
[2005/11/12 14:25:55 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2005/11/12 14:25:55 | 000,081,342 | ---- | C] () -- C:\WINDOWS\atiicdxx.dat
[2005/11/12 14:25:55 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\acs.exe
[2005/11/12 14:25:42 | 000,270,336 | ---- | C] () -- C:\WINDOWS\System32\PlugPlayPCIDevice.exe
[2005/11/12 14:25:42 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\MFCFirstRemove.exe
[2005/05/18 12:34:13 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/05/04 18:34:54 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\MousePage.dll
[2005/05/04 18:21:15 | 000,034,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\WOWXT_kern_i386.sys
[2005/05/04 18:21:15 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2005/05/04 18:12:33 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2005/05/04 18:12:33 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2005/05/04 18:12:33 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2005/05/04 18:12:33 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2005/05/04 18:00:15 | 000,000,032 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/04/20 17:11:13 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/04/20 16:55:46 | 000,000,172 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2005/04/20 16:39:01 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/04/20 16:39:01 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/04/20 16:39:01 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/04/20 16:39:01 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/04/20 16:39:01 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/04/20 16:39:01 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/04/20 16:36:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2005/04/20 16:35:46 | 000,090,112 | ---- | C] () -- C:\WINDOWS\InstDrvr.exe
[2005/04/20 16:35:46 | 000,006,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2005/04/20 16:26:07 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2005/04/20 16:21:50 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2005/04/20 16:21:47 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005/04/20 16:21:47 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2005/04/20 16:21:46 | 000,001,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2005/04/20 15:36:37 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/04/20 15:32:20 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/04/20 15:31:06 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/04/20 13:47:43 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/04/20 13:45:01 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/04/20 13:44:57 | 000,503,578 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/04/20 13:44:57 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/04/20 13:44:57 | 000,097,142 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/04/20 13:44:57 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/04/20 13:44:56 | 000,004,631 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/04/20 13:44:54 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/04/20 13:44:52 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/04/20 13:44:45 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/04/20 13:44:45 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/04/20 13:44:31 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/04/20 13:44:23 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/04/20 08:26:49 | 000,004,346 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/04/20 08:25:57 | 000,745,400 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/03/17 15:29:58 | 000,081,342 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2004/12/07 19:40:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2002/11/22 14:49:18 | 000,036,864 | ---- | C] () -- C:\WINDOWS\hpfsched.exe
[2002/11/22 14:48:32 | 000,004,760 | ---- | C] () -- C:\WINDOWS\hphmdl11.dat
[2002/03/14 12:00:26 | 000,038,567 | ---- | C] () -- C:\WINDOWS\System32\pcpbios.exe
[2001/07/06 14:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1998/08/16 05:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
[1997/07/11 00:00:00 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\WRKGADM.EXE
[1997/07/11 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1997/07/11 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/07/11 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== LOP Check ==========

[2005/04/20 17:08:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterTrust
[2005/04/20 17:26:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterVideo
[2005/04/20 16:42:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\toshiba
[2011/08/05 17:07:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
[2010/02/19 22:56:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2007/11/08 13:45:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg7
[2008/05/21 07:58:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2007/09/21 11:54:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2006/05/07 00:10:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MVTLogs
[2009/01/31 21:37:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2007/06/18 18:29:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/03/31 22:49:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/03/31 19:21:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/09 19:54:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/05/13 19:02:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2007/07/10 15:17:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Arthur\Application Data\AVG7
[2007/06/09 00:32:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Arthur\Application Data\AVSMedia
[2007/03/21 23:00:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Arthur\Application Data\BitTorrent
[2011/11/03 16:33:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Arthur\Application Data\ElevatedDiagnostics
[2007/06/08 23:57:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Arthur\Application Data\Eltima Software
[2006/05/07 20:56:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Arthur\Application Data\ICAClient
[2009/03/11 16:07:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Arthur\Application Data\ieSpell
[2005/04/20 17:08:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Arthur\Application Data\InterTrust
[2005/04/20 17:26:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Arthur\Application Data\InterVideo
[2006/08/01 09:54:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Arthur\Application Data\Leadertech
[2007/01/22 23:47:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Arthur\Application Data\OfficeUpdate12
[2009/09/06 19:45:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Arthur\Application Data\ScamBlocker
[2010/05/15 23:29:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Arthur\Application Data\scriptocean
[2010/03/11 20:37:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Arthur\Application Data\Softland
[2006/05/10 21:32:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Arthur\Application Data\toshiba
[2008/05/22 12:20:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Arthur\Application Data\Uniblue
[2007/06/18 18:29:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Arthur\Application Data\Viewpoint
[2009/10/10 22:59:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Arthur\Application Data\Windows Live Writer
[2007/03/11 13:55:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Arthur\Application Data\WinPatrol
[2005/04/20 17:08:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\InterTrust
[2005/04/20 17:26:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\InterVideo
[2005/04/20 16:42:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\toshiba
[2007/09/13 16:31:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVG7
[2010/03/11 20:37:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Softland
[2011/11/07 20:46:00 | 000,000,394 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{D2179124-48AA-4E42-AB66-FA4A02815026}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2005/04/20 15:34:37 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2006/08/26 21:40:50 | 012,288,463 | ---- | M] () -- C:\AVG7QT.DAT
[2009/06/24 18:44:59 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/11/06 22:01:57 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/11/07 10:58:29 | 000,015,336 | ---- | M] () -- C:\ComboFix.txt
[2005/04/20 15:34:37 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2003/08/06 12:33:14 | 000,019,456 | ---- | M] () -- C:\Customer ID.doc
[2007/06/08 23:47:19 | 000,011,733 | ---- | M] () -- C:\debug.log
[2006/05/23 00:45:03 | 000,005,037 | -H-- | M] () -- C:\ffastun.ffa
[2006/05/23 00:45:02 | 000,565,248 | -H-- | M] () -- C:\ffastun.ffl
[2006/05/23 00:45:03 | 000,237,568 | -H-- | M] () -- C:\ffastun.ffo
[2006/05/23 00:45:02 | 001,634,304 | -H-- | M] () -- C:\ffastun0.ffx
[2011/11/07 11:03:48 | 736,415,744 | -HS- | M] () -- C:\hiberfil.sys
[2006/04/27 23:55:09 | 000,000,000 | ---- | M] () -- C:\hpfr5550.xml
[2006/04/27 23:55:19 | 000,001,680 | ---- | M] () -- C:\hph7550.log
[2005/04/20 15:34:37 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2005/04/20 17:12:36 | 000,000,895 | -H-- | M] () -- C:\IPH.PH
[2005/04/20 15:34:37 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/08/29 22:54:27 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/11/07 11:02:59 | 704,643,072 | -HS- | M] () -- C:\pagefile.sys
[2009/01/09 19:10:20 | 000,000,512 | ---- | M] () -- C:\updatedatfix.log

< %systemroot%\Fonts\*.com >
[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >
[2005/05/11 22:36:48 | 000,012,288 | ---- | M] (Hewlett-Packard Co.) -- C:\WINDOWS\Fonts\RandFont.dll

< %systemroot%\Fonts\*.ini >
[2005/04/20 15:34:03 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2005/05/05 07:48:54 | 000,067,072 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp3xu.dll
[2003/06/18 19:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2011/09/06 15:45:29 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2004/12/08 18:04:46 | 000,045,056 | ---- | M] (TOSHIBA) -- C:\WINDOWS\cfdemo.scr
[2005/05/12 12:18:33 | 032,694,346 | ---- | M] (Goldshell Digital Media) -- C:\WINDOWS\sat_screensaver_30mb.scr
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2006/09/09 14:07:09 | 000,001,514 | -H-- | M] () -- C:\Documents and Settings\Arthur\Application Data\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2005/04/20 08:25:26 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2005/04/20 08:25:26 | 000,634,880 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2005/04/20 08:25:26 | 000,872,448 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/08/29 23:03:35 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2005/11/12 14:27:31 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Arthur\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2002/05/06 13:19:45 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Arthur\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/11/06 10:27:54 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Arthur\Desktop\84cnvueh.exe
[2011/11/06 13:08:51 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Arthur\Desktop\aswMBR.exe
[2011/09/20 03:02:40 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Documents and Settings\Arthur\Desktop\boot_cleaner.exe
[2011/11/06 21:47:24 | 004,285,061 | R--- | M] (Swearware) -- C:\Documents and Settings\Arthur\Desktop\ComboFix.exe
[2011/11/07 20:35:46 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Arthur\Desktop\OTL.exe
[2011/11/06 20:54:38 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Arthur\Desktop\RKUnhookerLE.EXE

< %PROGRAMFILES%\Common Files\*.* >
[2003/08/27 16:19:18 | 000,036,963 | R--- | M] (Cypress Semiconductor) -- C:\Program Files\Common Files\SM1updtr.dll

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2011/01/25 09:22:29 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Arthur\My Documents\ATF-Cleaner.exe

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2004/08/04 07:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\ADDINS\fxsext.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >
[2005/04/20 08:27:34 | 000,004,128 | ---- | M] () -- C:\WINDOWS\Driver Cache\INFCACHE.1

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2005/11/12 14:27:30 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Arthur\Favorites\Desktop.ini
[2006/02/12 23:08:27 | 000,000,460 | ---- | M] () -- C:\Documents and Settings\Arthur\Favorites\My Documents.lnk

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011/11/07 20:36:33 | 000,147,456 | -HS- | M] () -- C:\Documents and Settings\Arthur\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 21:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/13 19:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 03:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 03:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 09:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 12:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/13 19:12:28 | 001,695,232 | -HS- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2004/08/04 03:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2004/08/04 03:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2004/08/04 03:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 03:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 03:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< End of report >

 

Here is the Extras.txt file

----------------------------------

OTL Extras logfile created on: 11/7/2011 8:38:46 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Arthur\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

702.23 Mb Total Physical Memory | 273.90 Mb Available Physical Memory | 39.00% Memory free
1.30 Gb Paging File | 0.88 Gb Available in Paging File | 67.81% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 9.69 Gb Free Space | 13.00% Space Free | Partition Type: NTFS

Computer Name: TOSHIBA | User Name: Arthur | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabledxpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- (TOSHIBA Corporation)
"C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe" = C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe:*:Enabled:ConfigFree SUMMIT Engine -- (TOSHIBA CORPORATION)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Intuit\QuickBooks 2005\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2005\QBDBMgrN.exe:*:Enabled:QuickBooks 2008 Data Manager -- (iAnywhere Solutions, Inc.)
"C:\z\ftp\WS_FTP95.exe" = C:\z\ftp\WS_FTP95.exe:*:Enabled:WS_FTP 95 -- (Ipswitch, Inc. 81 Hartwell Ave. Lexington, MA)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery
"{05832D65-6EDB-4D32-BA78-BCD0E2B91C02}" = Atheros Wireless LAN MiniPCI card Driver
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{1330F885-F8E4-4c36-9B88-E19F82042C06}" = 3100_3200_3300trb
"{15CCBC5D-66A7-4131-8D36-E05F27B0E68F}" = Sibelius Scorch (ActiveX Only)
"{172975EB-9465-4861-95B5-C7BB6D3DE62A}" = DocumentViewer
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1E1D37D7-7FBE-4CAC-94F4-EA4DA366A2D2}" = IdeaSource
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK
"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 29
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{2DBE41DD-2129-4C65-A3D3-5647236A60F3}" = Quicken 2005
"{2E0695EE-ED29-4D96-BD77-2A9A17EDF0D6}" = Cypress USB Mass Storage Driver Installation
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3248F0A8-6813-11D6-A77B-00B0D0150010}" = J2SE Runtime Environment 5.0 Update 1
"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3E386744-10FA-44b2-98C9-DF7A270DECB3}" = HP PSC & OfficeJet 5.3.A
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{4ED47439-5232-4BBC-93F2-7BC895B56246}" = 3300
"{50E7BB78-02B4-469a-9D8B-B2F42835F90E}" = ProductContextNPI
"{51F96AEC-D902-4434-A0DC-B9692A21AE7C}" = MobileMe Control Panel
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade
"{567C23E1-7580-4185-B8C2-30805677297C}" = NewCopy_CDA
"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5D96E2B1-D9AC-46E0-9073-425C5F63E338}" = Touch and Launch
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility
"{64DD71BC-3109-4C88-9AD3-D5422644B722}" = TOSHIBA Hotkey Utility
"{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
"{69BE47C2-36FE-4397-8199-85D8EAE69982}" = TOSHIBA TouchPad ON/Off Utility
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71D658CF-4E0D-4DA8-AA67-8C0B6F1C01FE}" = Atheros Client Utility
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78C68CB9-3DF5-44F3-AB9D-FA305C5EB85C}" = TOSHIBA Utilities
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B12BA86-ADAC-4BA6-B441-FFC591087252}" = TOSHIBA Virtual Sound
"{8ECB8220-F422-4BEB-9596-97033C533702}" = QuickBooks Pro 2008
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{92B00901-52C8-476A-AF34-490880DF077D}" = Portfolio Browser
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9860A9CF-7E71-43AC-888F-0B4D3EA212D1}" = Roxio Burn Engine
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B276997E-4367-4b1b-A39C-4CAE7464337A}" = AiO_Scan_CDA
"{B2AE44CB-2AAB-4C08-A54B-D264BD604DA8}" = Citrix Presentation Server Client
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone
"{B60E7826-F117-4d26-8165-D2DC5A494AB0}" = Fax_CDA
"{B64E3AFC-59EF-4f18-BF11-E751462450D3}" = AiOSoftwareNPI
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BA561482-C49D-4687-A61C-96236C1688F0}" = ArcSoft Software Suite
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFE78643-3CDB-46EF-9677-795415937ABB}" = CorelDRAW ESSENTIALS
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{E2B64929-B616-4235-B10E-D26D686296F9}" = GiPo@FileUtilities 3.2
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F1931CAB-C7DD-4825-8A58-BC5278805200}" = 3100_3200_3300_Help
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F6C405D2-C50D-4D10-B89E-73A233A14D74}" = Toshiba Registration
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"avast" = avast! Free Antivirus
"AXIS Media Control Embedded" = AXIS Media Control Embedded
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"DHTML News Ticker Wizard" = DHTML News Ticker Wizard 1.0
"doPDF 7 printer_is1" = doPDF 7.1 printer
"Easy Thumbnails_is1" = Easy Thumbnails (Remove only)
"Finale NotePad 2007" = Finale NotePad 2007
"HP Document Viewer" = HP Document Viewer 5.3
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP LaserJet 1200 Uninstaller" = HP LaserJet 1200 Uninstaller
"HP Photo & Imaging" = HP Image Zone 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ieSpell" = ieSpell
"InstallShield_{2DBE41DD-2129-4C65-A3D3-5647236A60F3}" = Quicken 2005
"Jetcast" = Jetcast 3.2.4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"MetaFrame Presentation Server Web Client for Win32" = MetaFrame Presentation Server Web Client for Win32
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Office8.0" = Microsoft Office 97, Professional Edition
"PC Diagnostic Tool" = TOSHIBA PC Diagnostic Tool
"Power Saver" = TOSHIBA Power Saver
"PropFix" = Microsoft Office 97 Unique Identifier Removal Tool
"RealPlayer 12.0" = RealPlayer
"sat_screensaver_30mb.scr" = sat_screensaver_30mb
"SM1FX_AT" = USB Storage Adapter FX (SM1)
"SpywareBlaster_is1" = SpywareBlaster 4.4
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Toshiba Tbiosdrv Driver" = Toshiba Tbiosdrv Driver
"Trillian" = Trillian
"Unlocker" = Unlocker 1.8.7
"ViewpointMediaPlayer" = Viewpoint Media Player
"WinAce Archiver" = WinAce Archiver
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahtzeev1" = Yahtzee

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2431177171-1448187429-1888287071-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.8.0.723
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/5/2011 12:15:54 AM | Computer Name = TOSHIBA | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 16804, the bogus index value is the first DWORD in Data section
while the last valid index values are the second and third DWORD in Data section.

Error - 11/5/2011 12:15:54 AM | Computer Name = TOSHIBA | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service aspnet_state
(ASP.NET State Service) failed. The Error code is the first DWORD in Data section.

Error - 11/5/2011 12:15:56 AM | Computer Name = TOSHIBA | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 16804, the bogus index value is the first DWORD in Data section
while the last valid index values are the second and third DWORD in Data section.

Error - 11/5/2011 11:52:21 AM | Computer Name = TOSHIBA | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/5/2011 11:52:28 AM | Computer Name = TOSHIBA | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 11/5/2011 12:06:30 PM | Computer Name = TOSHIBA | Source = QuickBooks | ID = 4
Description =

Error - 11/5/2011 12:06:30 PM | Computer Name = TOSHIBA | Source = QuickBooks | ID = 4
Description =

Error - 11/5/2011 12:06:30 PM | Computer Name = TOSHIBA | Source = QuickBooks | ID = 4
Description =

Error - 11/5/2011 9:13:07 PM | Computer Name = TOSHIBA | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/5/2011 9:13:14 PM | Computer Name = TOSHIBA | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

[ System Events ]
Error - 11/7/2011 11:20:40 AM | Computer Name = TOSHIBA | Source = Service Control Manager | ID = 7001
Description = The Apple Mobile Device service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 11/7/2011 11:20:40 AM | Computer Name = TOSHIBA | Source = Service Control Manager | ID = 7001
Description = The Bonjour Service service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 11/7/2011 11:20:40 AM | Computer Name = TOSHIBA | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 11/7/2011 11:20:40 AM | Computer Name = TOSHIBA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aavmker4 AFD aswRdr aswSnx aswSP aswTdi Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss
SASDIFSV
SASKUTIL
Tcpip
WS2IFSL

Error - 11/7/2011 11:20:52 AM | Computer Name = TOSHIBA | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 11/7/2011 11:21:02 AM | Computer Name = TOSHIBA | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments " " in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 11/7/2011 11:49:43 AM | Computer Name = TOSHIBA | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_UNLOCKERDRIVER5\0000 disappeared from the system
without first being prepared for removal.

Error - 11/7/2011 11:59:32 AM | Computer Name = TOSHIBA | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments " " in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 11/7/2011 12:01:17 PM | Computer Name = TOSHIBA | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 11/7/2011 12:10:57 PM | Computer Name = TOSHIBA | Source = Service Control Manager | ID = 7022
Description = The avast! Antivirus service hung on starting.


< End of report >