Solved Rootkit Help

broni, I am up to running MBAM, which I have on both computers. For this post I am on my Window 7. MBAM updated and ran on XP. It found two instances that I removed, Registry Keys. I removed them and exported logs to post later. Then, I had to shut down. Sometimes MBAM has updates available after it runs; but this time I noticed I lost my Internet connection. Hopefully it will reconnect when I power up again, the least drastic means of fixing it. If there are any updates, then I will run it again. What should I do in case I cannot reconnect on that computer? When I powered up, I remembered that closing down my firewall, Private Firewall, subsequently caused my disconnection, not remembering this time around. It reconnected, then disconnected with my closing my firewall, then reconnected when I highlighted the name of my computer in Device Manager and clicked Scan For Hardware Changes. That RAS Async Adapter is still disabled. I could not believe that RogueKiller flagged a Dropbox component since I thought that was a reputable program. After AdwCleaner ran, I thought it would reboot automatically. It didn't; so I rebooted. It took an unusually long time for Windows to come back up. When Junkware Removal ran, I thought it would never end! During the phase of shortcut scanning, an error box kept coming up saying "Shortcut Exception" with options "Try Again," "Continue" or "Cancel." I don't think any option I took was of any consequence. Logs are forthcoming. With installing or updating programs, I try to avoid both downloaders and toolbars; but that does not mean that they can't get into my systems.

 

RogueKiller V10.9.4.0 [Jul 30 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Louis Paul Toscano [Administrator]
Started from : C:\Documents and Settings\Louis Paul Toscano\Desktop\RogueKiller.exe
Mode : Delete -- Date : 07/31/2015 21:05:40

¤¤¤ Processes : 1 ¤¤¤
[Proc.Injected] Dropbox.exe(4400) -- C:\Documents and Settings\Louis Paul Toscano\Application Data\Dropbox\bin\Dropbox.exe[7] -> Killed [TermProc]

¤¤¤ Registry : 7 ¤¤¤
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BdApiUtil (\??\C:\Program Files\Baidu Security\Baidu Antivirus\5.6.3.186847.0\BdApiUtil.sys) -> Not selected
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BdCameraProtect (\??\C:\Program Files\Baidu Security\Baidu Antivirus\5.6.3.186847.0\BdCameraProtect.sys) -> Not selected
[PUM.HomePage] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.toshibadirect.com/dpdstart -> Not selected
[PUM.HomePage] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.toshibadirect.com/dpdstart -> Not selected
[PUM.HomePage] HKEY_USERS\S-1-5-21-1019493958-4142826306-2034615594-1005\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.dailysignal.com/ -> Not selected
[PUM.SearchPage] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main | Search Bar : http://www.toshiba.com/search -> Not selected
[PUM.SearchPage] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main | Search Bar : http://www.toshiba.com/search -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\WINDOWS\system32\drivers\etc\hosts] 127.0.0.1 localhost

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] dy4ezcg3.default-1424457505890 : user_pref( "browser.startup.homepage ", "http://forecast.weather.gov/MapClick.php?CityName=Hackettstown&state=NJ&site=PHI&lat=40.8538&lon=-74.8254#.VOeVfCzwvXh "); -> Not selected

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: HTS541080G9SA00 +++++
--- User ---
[MBR] 1e42ee5747735502ddc8d8f990959bee
[BSP] 65a02ccbdcb6d67f214cba2a91a5e9e3 : Windows XP|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 76065 MB [Windows XP Bootstrap | Windows XP Bootloader]
3 - [XXXXXX] UNKNOWN (0x88) [VISIBLE] Offset (sectors): 155782305 | Size: 251 MB
User = LL1 ... OK
User = LL2 ... OK

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/31/2015
Scan Time: 9:07:40 PM
Logfile: MBAM07312015Before.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.07.31.07
Rootkit Database: v2015.07.30.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Louis Paul Toscano

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 364862
Time Elapsed: 26 min, 43 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.Conduit.A, HKU\S-1-5-21-1019493958-4142826306-2034615594-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, , [90c3be2ae8a2ff37df04f0b6679d23dd],

Registry Values: 1
PUP.Optional.Conduit.A, HKU\S-1-5-21-1019493958-4142826306-2034615594-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, http://www.bing.com/search?pc=COSP&ptag=D071415-A166D148A50&form=CONBDF&conlogo=CT3334470&q={searchTerms}, , [90c3be2ae8a2ff37df04f0b6679d23dd]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/31/2015
Scan Time: 9:07:40 PM
Logfile: MBAM07312015After.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.07.31.07
Rootkit Database: v2015.07.30.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Louis Paul Toscano

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 364862
Time Elapsed: 26 min, 43 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.Conduit.A, HKU\S-1-5-21-1019493958-4142826306-2034615594-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Quarantined, [90c3be2ae8a2ff37df04f0b6679d23dd],

Registry Values: 1
PUP.Optional.Conduit.A, HKU\S-1-5-21-1019493958-4142826306-2034615594-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, http://www.bing.com/search?pc=COSP&ptag=D071415-A166D148A50&form=CONBDF&conlogo=CT3334470&q={searchTerms}, Quarantined, [90c3be2ae8a2ff37df04f0b6679d23dd]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

# AdwCleaner v4.111 - Logfile created 03/03/2015 at 08:50:08
# Updated 18/02/2015 by Xplode
# Database : 2015-03-02.3 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : Louis Paul Toscano - TOSHIBA-USER
# Running from : C:\Documents and Settings\Louis Paul Toscano\Desktop\adwcleaner_4.111.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found : C:\Documents and Settings\All Users\Application Data\baidu

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Baidu
Key Found : HKLM\SOFTWARE\Baidu

***** [ Web browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v36.0 (x86 en-US)


-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [829 bytes] - [03/03/2015 08:50:08]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [887 bytes] ##########
# AdwCleaner v4.208 - Logfile created 31/07/2015 at 22:08:56
# Updated 09/07/2015 by Xplode
# Database : 2015-07-26.2 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : Louis Paul Toscano - TOSHIBA-USER
# Running from : C:\Documents and Settings\Louis Paul Toscano\Desktop\adwcleaner_4.208.exe
# Option : Scan

***** [ Services ] *****

Service Found : BdSandBox

***** [ Files / Folders ] *****

Folder Found : C:\Documents and Settings\All Users\Application Data\{31ab37a7-452f-254e-31ab-b37a7452de9d}
Folder Found : C:\Documents and Settings\All Users\Application Data\{769e8d2a-d975-2be5-769e-e8d2ad9734ab}
Folder Found : C:\Documents and Settings\All Users\Application Data\{ad2a8709-82e6-c811-ad2a-a870982e1c26}
Folder Found : C:\Documents and Settings\All Users\Application Data\{d7bae219-cab7-b34a-d7ba-ae219cab8867}
Folder Found : C:\Documents and Settings\All Users\Application Data\Innovative Solutions
Folder Found : C:\Documents and Settings\Louis Paul Toscano\Application Data\download Manager
Folder Found : C:\Program Files\Innovative Solutions

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
Key Found : HKLM\SOFTWARE\13f22c15-4828-86da-ff6a-dbab7c505369
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4A0C-9753-B57B9AE272CC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SearchProtectionSetup.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SearchProtectionStub.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SetupDataMngr_iLivid.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SetupDataMngr_iMesh.exe

***** [ Web browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v39.0 (x86 en-US)


-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [3042 bytes] - [07/03/2015 18:36:50]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3101 bytes] ##########

 

# AdwCleaner v4.208 - Logfile created 31/07/2015 at 22:12:42
# Updated 09/07/2015 by Xplode
# Database : 2015-07-26.2 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : Louis Paul Toscano - TOSHIBA-USER
# Running from : C:\Documents and Settings\Louis Paul Toscano\Desktop\adwcleaner_4.208.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Innovative Solutions
Folder Deleted : C:\Documents and Settings\All Users\Application Data\{31ab37a7-452f-254e-31ab-b37a7452de9d}
Folder Deleted : C:\Documents and Settings\All Users\Application Data\{769e8d2a-d975-2be5-769e-e8d2ad9734ab}
Folder Deleted : C:\Documents and Settings\All Users\Application Data\{ad2a8709-82e6-c811-ad2a-a870982e1c26}
Folder Deleted : C:\Documents and Settings\All Users\Application Data\{d7bae219-cab7-b34a-d7ba-ae219cab8867}
Folder Deleted : C:\Program Files\Innovative Solutions
Folder Deleted : C:\Documents and Settings\Louis Paul Toscano\Application Data\download Manager

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SearchProtectionSetup.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SearchProtectionStub.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SetupDataMngr_iLivid.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SetupDataMngr_iMesh.exe
Key Deleted : HKLM\SOFTWARE\13f22c15-4828-86da-ff6a-dbab7c505369
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4A0C-9753-B57B9AE272CC}
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Web browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v39.0 (x86 en-US)


-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [3180 bytes] - [07/03/2015 18:36:50]
AdwCleaner[S0].txt - [2141 bytes] - [31/07/2015 22:12:42]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2200 bytes] ##########

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.4 (07.27.2015:1)
OS: Microsoft Windows XP x86
Ran by Louis Paul Toscano on Fri 07/31/2015 at 22:28:42.62
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Failed to delete: [Service] bavsvc
Failed to delete: [Service] bdapiutil
Failed to delete: [Service] bdcameraprotect
Failed to delete: [Service] bdsandbox
Failed to delete: [Service] bdsandboxsrv
Failed to delete: [Service] bfilter
Failed to delete: [Service] bfmon
Failed to delete: [Service] bhipssvc
Failed to delete: [Service] bnbase
Failed to delete: [Service] bndef
Failed to delete: [Service] bnmon
Failed to delete: [Service] bprotect



~~~ Tasks

Successfully deleted: [Task] C:\WINDOWS\Tasks\SparkUpdater.job



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\Documents and Settings\Louis Paul Toscano\Application Data\productdata
Successfully deleted: [Folder] C:\Documents and Settings\Louis Paul Toscano\Local Settings\Application Data\crashrpt



~~~ FireFox

Emptied folder: C:\Documents and Settings\Louis Paul Toscano\Application Data\mozilla\firefox\profiles\dy4ezcg3.default-1424457505890\minidumps [2 files]



~~~ Chrome


[C:\Documents and Settings\Louis Paul Toscano\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Documents and Settings\Louis Paul Toscano\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Documents and Settings\Louis Paul Toscano\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Documents and Settings\Louis Paul Toscano\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 07/31/2015 at 22:53:02.35
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

broni, on the last reboot, Windows XP still loads slowly. Since posting this, I realized I failed to ask something. You asked me to run Malwarebytes' Anti-Malware, which I have on both my systems. Should I carry out my routine practice of running both Baidu Antivirus and SuperAntiSpyware? I am about to do that on my Windows 7. The slow startup of my XP might justify my keeping up with maintenance commitments.

 

ComboFix 15-08-01.01 - Louis Paul Toscano 08/01/2015 13:47:05.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2550.1922 [GMT -4:00]
Running from: c:\documents and settings\Louis Paul Toscano\Desktop\ComboFix.exe
AV: Baidu Antivirus *Enabled/Updated* {4B1BC635-7555-4a6b-8503-768A266DCA61}
FW: Privatefirewall *Disabled* {AF0CFAAE-AAB5-450a-8C74-0DEEB429DF4F}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\1411494380.bdinstall.bin
c:\documents and settings\All Users\Application Data\1411665315.bdinstall.bin
c:\documents and settings\All Users\Application Data\1411665324.bdinstall.bin
c:\documents and settings\All Users\Application Data\1411667344.bdinstall.bin
c:\documents and settings\All Users\Application Data\1411667349.1424.bin
c:\documents and settings\All Users\Application Data\1411667349.1448.bin
c:\documents and settings\All Users\Application Data\1411667349.1452.bin
c:\documents and settings\All Users\Application Data\1411667349.1468.bin
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\$msi31uninstall_kb893803v2$
c:\windows\$msi31uninstall_kb893803v2$\msi.dll
c:\windows\$msi31uninstall_kb893803v2$\msiexec.exe
c:\windows\$msi31uninstall_kb893803v2$\msihnd.dll
c:\windows\$msi31uninstall_kb893803v2$\msimsg.dll
c:\windows\$msi31uninstall_kb893803v2$\msisip.dll
c:\windows\$msi31uninstall_kb893803v2$\reg00013
c:\windows\$msi31uninstall_kb893803v2$\reg00014
c:\windows\$msi31uninstall_kb893803v2$\reg00015
c:\windows\$msi31uninstall_kb893803v2$\reg00016
c:\windows\$msi31uninstall_kb893803v2$\reg00017
c:\windows\$msi31uninstall_kb893803v2$\reg00018
c:\windows\$msi31uninstall_kb893803v2$\reg00019
c:\windows\$msi31uninstall_kb893803v2$\reg00020
c:\windows\$msi31uninstall_kb893803v2$\reg00021
c:\windows\$msi31uninstall_kb893803v2$\reg00022
c:\windows\$msi31uninstall_kb893803v2$\reg00023
c:\windows\$msi31uninstall_kb893803v2$\reg00024
c:\windows\$msi31uninstall_kb893803v2$\reg00025
c:\windows\$msi31uninstall_kb893803v2$\reg00026
c:\windows\$msi31uninstall_kb893803v2$\reg00027
c:\windows\$msi31uninstall_kb893803v2$\reg00028
c:\windows\$msi31uninstall_kb893803v2$\reg00029
c:\windows\$msi31uninstall_kb893803v2$\reg00030
c:\windows\$msi31uninstall_kb893803v2$\reg00031
c:\windows\$msi31uninstall_kb893803v2$\reg00032
c:\windows\$msi31uninstall_kb893803v2$\reg00033
c:\windows\$msi31uninstall_kb893803v2$\reg00034
c:\windows\$msi31uninstall_kb893803v2$\reg00035
c:\windows\$msi31uninstall_kb893803v2$\reg00036
c:\windows\$msi31uninstall_kb893803v2$\reg00037
c:\windows\$msi31uninstall_kb893803v2$\reg00038
c:\windows\$msi31uninstall_kb893803v2$\reg00039
c:\windows\$msi31uninstall_kb893803v2$\reg00040
c:\windows\$msi31uninstall_kb893803v2$\reg00041
c:\windows\$msi31uninstall_kb893803v2$\reg00042
c:\windows\$msi31uninstall_kb893803v2$\reg00043
c:\windows\$msi31uninstall_kb893803v2$\reg00044
c:\windows\$msi31uninstall_kb893803v2$\reg00045
c:\windows\$msi31uninstall_kb893803v2$\reg00046
c:\windows\$msi31uninstall_kb893803v2$\reg00047
c:\windows\$msi31uninstall_kb893803v2$\reg00048
c:\windows\$msi31uninstall_kb893803v2$\reg00051
c:\windows\$msi31uninstall_kb893803v2$\reg00052
c:\windows\$msi31uninstall_kb893803v2$\reg00053
c:\windows\$msi31uninstall_kb893803v2$\reg00054
c:\windows\$msi31uninstall_kb893803v2$\reg00055
c:\windows\$msi31uninstall_kb893803v2$\reg00056
c:\windows\$msi31uninstall_kb893803v2$\reg00057
c:\windows\$msi31uninstall_kb893803v2$\reg00058
c:\windows\$msi31uninstall_kb893803v2$\reg00059
c:\windows\$msi31uninstall_kb893803v2$\reg00060
c:\windows\$msi31uninstall_kb893803v2$\reg00061
c:\windows\$msi31uninstall_kb893803v2$\reg00062
c:\windows\$msi31uninstall_kb893803v2$\reg00063
c:\windows\$msi31uninstall_kb893803v2$\reg00064
c:\windows\$msi31uninstall_kb893803v2$\reg00065
c:\windows\$msi31uninstall_kb893803v2$\reg00066
c:\windows\$msi31uninstall_kb893803v2$\reg00067
c:\windows\$msi31uninstall_kb893803v2$\reg00068
c:\windows\$msi31uninstall_kb893803v2$\reg00069
c:\windows\$msi31uninstall_kb893803v2$\reg00070
c:\windows\$msi31uninstall_kb893803v2$\reg00071
c:\windows\$msi31uninstall_kb893803v2$\reg00072
c:\windows\$msi31uninstall_kb893803v2$\reg00073
c:\windows\$msi31uninstall_kb893803v2$\reg00074
c:\windows\$msi31uninstall_kb893803v2$\reg00075
c:\windows\$msi31uninstall_kb893803v2$\reg00076
c:\windows\$msi31uninstall_kb893803v2$\reg00077
c:\windows\$msi31uninstall_kb893803v2$\reg00078
c:\windows\$msi31uninstall_kb893803v2$\reg00079
c:\windows\$msi31uninstall_kb893803v2$\reg00080
c:\windows\$msi31uninstall_kb893803v2$\reg00081
c:\windows\$msi31uninstall_kb893803v2$\reg00082
c:\windows\$msi31uninstall_kb893803v2$\reg00083
c:\windows\$msi31uninstall_kb893803v2$\reg00084
c:\windows\$msi31uninstall_kb893803v2$\reg00085
c:\windows\$msi31uninstall_kb893803v2$\reg00086
c:\windows\$msi31uninstall_kb893803v2$\reg00087
c:\windows\$msi31uninstall_kb893803v2$\reg00088
c:\windows\$msi31uninstall_kb893803v2$\reg00089
c:\windows\$msi31uninstall_kb893803v2$\reg00090
c:\windows\$msi31uninstall_kb893803v2$\reg00091
c:\windows\$msi31uninstall_kb893803v2$\reg00092
c:\windows\$msi31uninstall_kb893803v2$\reg00093
c:\windows\$msi31uninstall_kb893803v2$\reg00094
c:\windows\$msi31uninstall_kb893803v2$\reg00095
c:\windows\$msi31uninstall_kb893803v2$\reg00096
c:\windows\$msi31uninstall_kb893803v2$\reg00097
c:\windows\$msi31uninstall_kb893803v2$\reg00098
c:\windows\$msi31uninstall_kb893803v2$\reg00099
c:\windows\$msi31uninstall_kb893803v2$\reg00100
c:\windows\$msi31uninstall_kb893803v2$\reg00101
c:\windows\$msi31uninstall_kb893803v2$\reg00102
c:\windows\$msi31uninstall_kb893803v2$\reg00103
c:\windows\$msi31uninstall_kb893803v2$\reg00104
c:\windows\$msi31uninstall_kb893803v2$\reg00105
c:\windows\$msi31uninstall_kb893803v2$\reg00106
c:\windows\$msi31uninstall_kb893803v2$\reg00107
c:\windows\$msi31uninstall_kb893803v2$\reg00108
c:\windows\$msi31uninstall_kb893803v2$\reg00109
c:\windows\$msi31uninstall_kb893803v2$\reg00110
c:\windows\$msi31uninstall_kb893803v2$\reg00111
c:\windows\$msi31uninstall_kb893803v2$\reg00112
c:\windows\$msi31uninstall_kb893803v2$\reg00113
c:\windows\$msi31uninstall_kb893803v2$\reg00114
c:\windows\$msi31uninstall_kb893803v2$\reg00115
c:\windows\$msi31uninstall_kb893803v2$\reg00116
c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.exe
c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.inf
c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.txt
c:\windows\$msi31uninstall_kb893803v2$\spuninst\updspapi.dll
c:\windows\EventSystem.log
c:\windows\regedit.com
c:\windows\system32\regobj.dll
c:\windows\system32\SET115.tmp
c:\windows\system32\SET119.tmp
c:\windows\system32\SET11A.tmp
c:\windows\system32\SET11B.tmp
c:\windows\system32\SET11F.tmp
c:\windows\system32\SET12C.tmp
c:\windows\system32\SET131.tmp
c:\windows\system32\SET15.tmp
c:\windows\system32\SET16.tmp
c:\windows\system32\SET18.tmp
c:\windows\system32\SET19.tmp
c:\windows\system32\SET1A.tmp
c:\windows\system32\SET1B.tmp
c:\windows\system32\SET1C.tmp
c:\windows\system32\SET1D.tmp
c:\windows\system32\SET1E.tmp
c:\windows\system32\SET1F.tmp
c:\windows\system32\SET21.tmp
c:\windows\system32\SET22.tmp
c:\windows\system32\SET24.tmp
c:\windows\system32\SET29.tmp
c:\windows\system32\SET2B.tmp
c:\windows\system32\SET30.tmp
c:\windows\system32\SET31.tmp
c:\windows\system32\SET35.tmp
c:\windows\system32\SET36.tmp
c:\windows\system32\SET37.tmp
c:\windows\system32\SET39.tmp
c:\windows\system32\SET3A.tmp
c:\windows\system32\SET3B.tmp
c:\windows\system32\SET3C.tmp
c:\windows\system32\SET3F.tmp
c:\windows\system32\SET45.tmp
c:\windows\system32\SET46.tmp
c:\windows\system32\SET4A.tmp
c:\windows\system32\SET4B.tmp
c:\windows\system32\SET4F.tmp
c:\windows\system32\SET52.tmp
c:\windows\system32\SET55.tmp
c:\windows\system32\SET56.tmp
c:\windows\system32\SET59.tmp
c:\windows\system32\SET5A.tmp
c:\windows\system32\SET5E.tmp
c:\windows\system32\SET65.tmp
c:\windows\system32\SET6B.tmp
c:\windows\system32\SET9F.tmp
c:\windows\system32\SETBA.tmp
c:\windows\system32\SETBE.tmp
c:\windows\system32\SETC3.tmp
c:\windows\system32\SETC7.tmp
c:\windows\system32\SETCB.tmp
c:\windows\system32\SETCF.tmp
c:\windows\system32\SETEE.tmp
c:\windows\system32\SETF2.tmp
c:\windows\system32\SETFA.tmp
c:\windows\system32\SETFE.tmp
c:\windows\system32\taskmgr.com
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2015-07-01 to 2015-08-01 )))))))))))))))))))))))))))))))
.
.
2015-08-01 02:04 . 2015-08-01 02:04 98520 ----a-w- c:\windows\system32\drivers\6021751A.sys
2015-08-01 00:48 . 2015-08-01 00:49 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-08-01 00:48 . 2015-08-01 00:48 -------- d-----w- c:\documents and settings\All Users\Application Data\RogueKiller
2015-07-31 14:25 . 2015-07-31 14:25 -------- d-----w- c:\windows\$ESUPD_ROLLBACK$
2015-07-31 08:57 . 2015-07-31 23:24 -------- d-----w- C:\FRST
2015-07-27 03:31 . 2006-12-29 04:31 19569 ----a-w- c:\windows\000003_.tmp
2015-07-26 04:26 . 2006-12-29 04:31 19569 ----a-w- c:\windows\000002_.tmp
2015-07-26 03:52 . 2015-07-26 03:59 -------- d-----w- C:\KB2757638
2015-07-24 10:46 . 2015-07-14 04:10 81864 ----a-w- c:\windows\system32\drivers\bdark.sys
2015-07-23 07:38 . 2015-07-23 07:38 -------- d-----w- c:\documents and settings\Louis Paul Toscano\Application Data\CellularEmulator
2015-07-23 06:55 . 2015-07-23 06:55 -------- d-----w- c:\program files\Microsoft Device Emulator
2015-07-23 06:54 . 2015-07-23 06:55 -------- d-----w- c:\program files\Windows Mobile 6 SDK
2015-07-23 03:06 . 2015-07-23 03:06 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Nero_AG
2015-07-23 03:06 . 2015-07-23 03:06 -------- d-----w- c:\documents and settings\LocalService\Application Data\Nero
2015-07-22 02:53 . 2008-04-14 09:42 189440 -c--a-w- c:\windows\system32\dllcache\smtpadm.dll
2015-07-22 02:53 . 2008-04-14 09:42 10752 -c--a-w- c:\windows\system32\dllcache\smtpapi.dll
2015-07-22 02:53 . 2008-04-14 09:42 10752 ------w- c:\windows\system32\smtpapi.dll
2015-07-22 02:53 . 2008-04-14 09:42 9728 -c--a-w- c:\windows\system32\dllcache\rwnh.dll
2015-07-22 02:53 . 2008-04-14 09:42 9728 ------w- c:\windows\system32\rwnh.dll
2015-07-22 02:53 . 2008-04-14 09:42 221696 -c--a-w- c:\windows\system32\dllcache\seo.dll
2015-07-22 02:53 . 2008-04-14 09:41 81920 -c--a-w- c:\windows\system32\dllcache\ieencode.dll
2015-07-22 02:53 . 2008-04-14 09:41 81920 ------w- c:\windows\system32\ieencode.dll
2015-07-22 02:52 . 2006-12-29 04:31 19569 ----a-w- c:\windows\000001_.tmp
2015-07-17 18:33 . 2002-01-26 18:53 74304 ----a-w- c:\windows\system32\rarepair.exe
2015-07-16 18:18 . 2015-07-28 15:33 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop
2015-07-16 18:18 . 2015-07-28 15:33 -------- d-----w- c:\program files\PCPitstop
2015-07-16 18:03 . 2015-07-16 18:03 -------- d-----w- c:\documents and settings\All Users\Application Data\SystemRequirementsLab
2015-07-16 18:01 . 2015-07-16 18:01 -------- d-----w- c:\program files\Common Files\Java
2015-07-16 08:59 . 2015-07-23 02:52 -------- d-----w- c:\documents and settings\Louis Paul Toscano\LocalLow
2015-07-16 07:02 . 2015-07-16 07:03 -------- d-----w- C:\SMCLpav
2015-07-15 17:22 . 2015-07-15 17:22 -------- d-----w- c:\documents and settings\Louis Paul Toscano\Local Settings\Application Data\VS Revo Group
2015-07-15 17:20 . 2015-07-15 17:20 -------- d-----w- c:\documents and settings\All Users\Application Data\VS Revo Group
2015-07-15 17:20 . 2009-12-30 15:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2015-07-15 01:13 . 2015-07-15 01:13 -------- d-----w- c:\documents and settings\Louis Paul Toscano\Local Settings\Application Data\Lavasoft
2015-07-15 01:13 . 2015-07-15 01:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2015-07-14 19:29 . 2015-07-14 19:29 -------- d-----w- C:\ProgramData
2015-07-14 19:26 . 2015-07-14 19:26 342016 ----a-w- c:\windows\system32\LavasoftTcpService.dll
2015-07-14 14:59 . 2015-07-14 14:59 -------- d-----w- c:\documents and settings\Louis Paul Toscano\Application Data\com.wd.WDMyCloud
2015-07-14 13:33 . 2015-07-14 13:33 -------- d-----w- c:\windows\system32\wbem\Repository
2015-07-14 01:46 . 2015-07-14 13:24 -------- d-----w- c:\windows\LastGood(2)
2015-07-12 21:54 . 2015-07-14 13:25 -------- d-----w- c:\program files\Western Digital
2015-07-12 21:53 . 2015-07-14 14:58 -------- d-----w- c:\program files\Bonjour Print Services
2015-07-12 21:52 . 2015-07-14 14:58 -------- d-----w- c:\program files\Bonjour
2015-07-12 21:40 . 2015-07-14 13:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Western Digital
2015-07-12 21:30 . 2015-07-14 13:25 -------- d-----w- c:\documents and settings\Louis Paul Toscano\Local Settings\Application Data\Western Digital
2015-07-11 19:07 . 2015-07-15 04:22 -------- d-----w- c:\program files\Common Files\Nero
2015-07-11 15:20 . 2015-07-11 15:20 98520 ----a-w- c:\windows\system32\drivers\42D66E14.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-08-01 03:28 . 2015-03-24 08:03 249648 ----a-w- c:\windows\system32\HermesHelp.dll
2015-08-01 02:04 . 2014-06-16 01:31 98520 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-07-24 10:36 . 2014-10-07 05:11 52168 ----a-w- c:\windows\system32\drivers\Bnbase.sys
2015-07-24 10:36 . 2014-10-07 05:11 462152 ----a-w- c:\windows\system32\drivers\Bndef.sys
2015-07-24 10:36 . 2014-10-07 05:11 197064 ----a-w- c:\windows\system32\drivers\Bprotect.sys
2015-07-24 10:36 . 2014-10-07 05:10 31176 ----a-w- c:\windows\system32\drivers\Bfmon.sys
2015-07-24 10:36 . 2014-10-07 05:10 51144 ----a-w- c:\windows\system32\drivers\Bfilter.sys
2015-07-24 10:36 . 2014-10-07 05:10 149960 ----a-w- c:\windows\system32\drivers\BHipsEx.sys
2015-07-24 10:36 . 2014-10-07 05:10 74888 ----a-w- c:\windows\system32\drivers\Bhbase.sys
2015-07-16 17:56 . 2015-02-25 00:38 96352 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2015-07-16 17:56 . 2015-02-25 00:38 146432 ----a-w- c:\windows\system32\javacpl.cpl
2015-07-01 15:59 . 2013-03-19 22:08 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-07-01 15:59 . 2013-03-19 22:08 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-06-19 14:29 . 2015-06-19 14:29 341512 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2015-06-18 12:41 . 2014-06-16 01:30 121560 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-06-18 12:41 . 2012-11-28 06:19 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-06-08 10:44 . 2015-06-25 02:54 111704 ----a-w- c:\windows\system32\pxcpm5L.dll
2015-05-15 03:09 . 2014-10-07 05:46 75400 ----a-w- c:\windows\system32\drivers\Bnbasex.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@= "{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-24 01:44 189464 ----a-w- c:\documents and settings\Louis Paul Toscano\Application Data\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@= "{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-24 01:44 189464 ----a-w- c:\documents and settings\Louis Paul Toscano\Application Data\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@= "{FB314EDD-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-24 01:44 189464 ----a-w- c:\documents and settings\Louis Paul Toscano\Application Data\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@= "{FB314EDE-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-24 01:44 189464 ----a-w- c:\documents and settings\Louis Paul Toscano\Application Data\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@= "{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-24 01:44 189464 ----a-w- c:\documents and settings\Louis Paul Toscano\Application Data\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@= "{FB314EDF-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-24 01:44 189464 ----a-w- c:\documents and settings\Louis Paul Toscano\Application Data\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@= "{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-24 01:44 189464 ----a-w- c:\documents and settings\Louis Paul Toscano\Application Data\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@= "{FB314EE0-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-24 01:44 189464 ----a-w- c:\documents and settings\Louis Paul Toscano\Application Data\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD "= "c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"ISUSPM "= "c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-12-29 206112]
"Dropbox Update "= "c:\documents and settings\Louis Paul Toscano\Local Settings\Application Data\Dropbox\Update\DropboxUpdate.exe" [2015-06-25 134512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1343488]
"THotkey "= "c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256]
"Tvs "= "c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 73728]
"TPSMain "= "TPSMain.exe" [2005-06-01 282624]
"SmoothView "= "c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]
"Pinger "= "c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]
"ACU "= "c:\program files\Atheros\ACU.exe" [2005-12-09 323584]
"LtMoh "= "c:\program files\ltmoh\Ltmoh.exe" [2004-08-18 184320]
"AGRSMMSG "= "AGRSMMSG.exe" [2005-10-15 88203]
"QuickFinder Scheduler "= "c:\program files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [2005-12-01 77892]
"ISUSScheduler "= "c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-12-29 87328]
"PdxRegCl "= "c:\program files\Paradox\Programs\PdxRegCl.exe" [2004-06-15 49152]
"APSDaemon "= "c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-14 59720]
"Mouse Suite 98 Daemon "= "ICO.EXE" [2006-10-23 56128]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"DivXMediaServer "= "c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2015-06-24 448520]
"IntelZeroConfig "= "c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2012-04-25 1407248]
"IntelWireless "= "c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2012-04-25 1210640]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence "= "c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"DivXUpdate "= "c:\program files\DivX\DivX Update\DivXUpdate.exe" [2014-01-10 1861968]
"PSQLLauncher "= "c:\program files\Protector Suite QL\launcher.exe" [2006-01-14 30208]
"RTHDCPL "= "RTHDCPL.EXE" [2013-10-04 20145368]
"Privatefirewall "= "c:\program files\Privacyware\Privatefirewall 7.0\PFGUI.exe" [2013-12-17 3048480]
"Baidu Antivirus "= "c:\program files\Baidu Security\Baidu Antivirus\5.6.3.186847.0\BavTray.exe" [2015-07-24 2553328]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2015-06-08 334896]
.
c:\documents and settings\Louis Paul Toscano\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Louis Paul Toscano\Application Data\Dropbox\bin\Dropbox.exe /systemstartup [2015-5-4 39179912]
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE /tsr [2007-4-19 64864]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
FTP Utility.lnk - c:\program files\KONICA MINOLTA\FTP Utility\KMFtp.exe [2004-10-27 102400]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-1-19 155648]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections "= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-01-14 02:40 40448 ----a-w- c:\windows\system32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=" "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BavSvc]
@=" "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= "Driver "
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^cysec-AV.exe]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\cysec-AV.exe
backup=c:\windows\pss\cysec-AV.exeCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Secunia PSI Tray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
backup=c:\windows\pss\Secunia PSI Tray.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Louis Paul Toscano^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=c:\documents and settings\Louis Paul Toscano\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Louis Paul Toscano^Start Menu^Programs^Startup^Secunia PSI.lnk]
path=c:\documents and settings\Louis Paul Toscano\Start Menu\Programs\Startup\Secunia PSI.lnk
backup=c:\windows\pss\Secunia PSI.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2008-12-29 20:16 206112 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 13:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero BackItUp]
2015-07-07 15:38 1126392 ----a-w- c:\program files\Nero\Nero BackItUp\BackItUp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2014-10-02 18:23 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2015-07-31 06:22 6815512 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mcupdmgr.exe "=3 (0x3)
"McTskshd.exe "=2 (0x2)
"McShield "=2 (0x2)
"McDetect.exe "=2 (0x2)
"Secunia Update Agent "=2 (0x2)
"Secunia PSI Agent "=2 (0x2)
"Messenger "=2 (0x2)
"NeroBackItUpBackgroundService "=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Nero\\Nero BackItUp\\BackItUp.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP "= 3389:TCPxpsp2res.dll,-22009
.
R0 Bhbase;Baidu Hook Base;c:\windows\system32\drivers\Bhbase.sys [10/7/2014 1:10 AM 74888]
R1 Bfilter;Baidu Antivirus Minifilter Driver;c:\windows\system32\drivers\Bfilter.sys [10/7/2014 1:10 AM 51144]
R1 Bfmon;Baidu FS Monitor Driver;c:\windows\system32\drivers\Bfmon.sys [10/7/2014 1:10 AM 31176]
R1 Bnbase;Bnbase;c:\windows\system32\drivers\Bnbase.sys [10/7/2014 1:11 AM 52168]
R1 Bndef;Baidu NetDefense;c:\windows\system32\drivers\Bndef.sys [10/7/2014 1:11 AM 462152]
R1 Bprotect;Baidu Protect;c:\windows\system32\drivers\Bprotect.sys [10/7/2014 1:11 AM 197064]
R1 Hermes;Hermes Security Services;c:\windows\system32\drivers\Hermes.sys [3/24/2015 3:53 AM 273672]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [7/11/2012 2:54 PM 142648]
R2 BavSvc;Baidu Antivirus Service;c:\program files\Baidu Security\Baidu Antivirus\5.6.3.186847.0\BavSvc.exe [7/24/2015 6:35 AM 2805208]
R2 BHipsSvc;Baidu Hips Service;c:\program files\Baidu Security\Baidu Antivirus\5.6.3.186847.0\BHipsSvc.exe [7/24/2015 6:35 AM 544032]
R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [1/13/2006 10:52 PM 13568]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [1/13/2006 10:52 PM 33024]
R2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [7/15/2014 9:46 AM 786256]
R2 PFNet;Privacyware network service;c:\program files\Privacyware\Privatefirewall 7.0\pfsvc.exe [12/17/2013 8:49 AM 374600]
R2 smihlp;SMI helper driver;c:\program files\Protector Suite QL\smihlp.sys [1/13/2006 10:24 PM 3456]
R3 ADM851X;ADM851X USB To Fast Ethernet Adapter;c:\windows\system32\drivers\ADM851X.sys [11/22/2012 2:36 AM 22144]
R3 bdark;bdark;c:\windows\system32\drivers\bdark.sys [7/24/2015 6:46 AM 81864]
R3 BHipsEx;Baidu HipsEx Driver;c:\windows\system32\drivers\BHipsEx.sys [10/7/2014 1:10 AM 149960]
R3 BNmon;(BNmon);c:\program files\Baidu Security\Baidu Antivirus\5.6.3.186847.0\Bnmon.sys [7/24/2015 6:36 AM 84936]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/28/2012 2:19 AM 23256]
R3 NETwLx32; Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [11/15/2013 5:14 PM 6609920]
R3 pwipf6;Privacyware Filter Driver;c:\windows\system32\drivers\pwipf6.sys [9/4/2014 4:23 PM 135272]
R3 xpvcom;XPVCOM Port;c:\windows\system32\drivers\XPVCOM.sys [3/23/2007 2:00 AM 30032]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [6/15/2014 9:31 PM 1133880]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [11/15/2013 9:44 PM 1691480]
S3 BdSandbox;Baidu BdSandbox Driver;c:\windows\system32\drivers\BdSandbox.sys [10/7/2014 1:11 AM 186176]
S3 BdSandboxSrv;Baidu BdSandbox Virtual Service;c:\program files\Baidu Security\Baidu Antivirus\5.6.3.186847.0\BdSandboxSrv.exe --> c:\program files\Baidu Security\Baidu Antivirus\5.6.3.186847.0\BdSandboxSrv.exe [?]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [6/2/2011 3:08 PM 11336]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [7/7/2010 10:05 AM 14904]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [7/15/2015 1:20 PM 27064]
S3 wimmount;wimmount;c:\windows\system32\drivers\wimmount.sys [4/23/2013 3:11 PM 19024]
S4 NeroBackItUpBackgroundService;Nero BackItUp Background Service;c:\program files\Nero\Nero BackItUp\NBService.exe [7/7/2015 11:37 AM 279544]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - BavR3base
*Deregistered* - BdApiUtil
*Deregistered* - BdCameraProtect
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 01:57]
.
2015-07-21 c:\windows\Tasks\BackItUp_Launch.job
- c:\program files\Nero\Nero BackItUp\BackItUp.exe [2015-07-07 15:38]
.
2015-07-31 c:\windows\Tasks\Baidu Antivirus Update.job
- c:\program files\Baidu Security\Baidu Antivirus\5.6.3.186847.0\BavUpdater.exe [2015-07-24 10:35]
.
2015-08-01 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1019493958-4142826306-2034615594-1005Core.job
- c:\documents and settings\Louis Paul Toscano\Local Settings\Application Data\Dropbox\Update\DropboxUpdate.exe [2015-06-25 02:41]
.
2015-08-01 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1019493958-4142826306-2034615594-1005UA.job
- c:\documents and settings\Louis Paul Toscano\Local Settings\Application Data\Dropbox\Update\DropboxUpdate.exe [2015-06-25 02:41]
.
2015-08-01 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-03-06 01:59]
.
2015-07-08 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-03-06 01:59]
.
2015-08-01 c:\windows\Tasks\User_Feed_Synchronization-{03CF1C70-73A8-4B6C-85B0-0007F76BEBD8}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 12:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.dailysignal.com/
mStart Page = www.google.com
uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart
Trusted Zone: comcast.net\xfinity
Trusted Zone: computermail.net\www
Trusted Zone: google.com\www
Trusted Zone: localhost
Trusted Zone: microsoft.com\answers
Trusted Zone: microsoft.com\update
Trusted Zone: secunia.com
Trusted Zone: webcompanion.com
Trusted Zone: yahoo.com\www
FF - ProfilePath - c:\documents and settings\Louis Paul Toscano\Application Data\Mozilla\Firefox\Profiles\dy4ezcg3.default-1424457505890\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://forecast.weather.gov/MapClick.php?CityName=Hackettstown&state=NJ&site=PHI&lat=40.8538&lon=-74.8254#.VOeVfCzwvXh
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{0A93904A-BB1E-4a0c-9753-B57B9AE272CC} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-08-01 14:01
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f8,c1,26,c1,8b,69,b6,47,9b,e1,2d,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f8,c1,26,c1,8b,69,b6,47,9b,e1,2d,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_18_0_0_194_ActiveX.exe,-101 "
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_18_0_0_194_ActiveX.exe "
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker6 "
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1432)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\windows\system32\biologon.dll
c:\program files\Protector Suite QL\homepass.dll
c:\program files\Protector Suite QL\bio.dll
c:\program files\Protector Suite QL\remote.dll
c:\windows\system32\netprovcredman.dll
c:\program files\Protector Suite QL\mysafe.dll
c:\program files\Protector Suite QL\crypto.dll
.
- - - - - - - > 'lsass.exe'(1488)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus2.dll
.
Completion time: 2015-08-01 14:06:22
ComboFix-quarantined-files.txt 2015-08-01 18:06
.
Pre-Run: 31,088,517,120 bytes free
Post-Run: 31,864,852,480 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug= "do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 89157DADA6C2374F7C8D85B48E47CC75
09CE7397AF23D4C0B331B89D0297CC7E

broni, I must mention that my antivirus Baidu had processes running that I could not shut down.

 

broni, last time you wanted FRST run from Desktop; so that where I just ran it. Here is one log:

Additional scan result of Farbar Recovery Scan Tool (x86) Version:30-07-2015
Ran by Louis Paul Toscano (2015-08-01 18:12:06)
Running from C:\Documents and Settings\Louis Paul Toscano\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1019493958-4142826306-2034615594-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-1019493958-4142826306-2034615594-1003 - Limited - Enabled)
Guest (S-1-5-21-1019493958-4142826306-2034615594-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-1019493958-4142826306-2034615594-1004 - Limited - Disabled)
Louis Paul Toscano (S-1-5-21-1019493958-4142826306-2034615594-1005 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Louis Paul Toscano
SUPPORT_388945a0 (S-1-5-21-1019493958-4142826306-2034615594-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Baidu Antivirus (Enabled - Up to date) {4B1BC635-7555-4a6b-8503-768A266DCA61}
FW: Privatefirewall (Disabled) {AF0CFAAE-AAB5-450a-8C74-0DEEB429DF4F}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

60CulverAgentUpdate (Version: 1.00.0000 - Your Company Name) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 17.0.0.172 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.194 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.194 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
America Online (Choose which version to remove) (HKLM\...\America Online us) (Version: - )
AOL Coach Version 2.0(Build:20041026.5 en) (HKLM\...\AolCoach2_en) (Version: - )
AOL Connectivity Services (HKLM\...\AOL Connectivity Services) (Version: - )
AOL Spyware Protection (HKLM\...\AOL Spyware Protection) (Version: 1.0.76 - AOL Spyware Protection)
AOL You've Got Pictures Screensaver (HKLM\...\AOL YGP Screensaver) (Version: - )
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Software Suite (HKLM\...\{BA561482-C49D-4687-A61C-96236C1688F0}) (Version: - )
Atheros Client Utility (HKLM\...\{71D658CF-4E0D-4DA8-AA67-8C0B6F1C01FE}) (Version: 1.53.000 - )
Baidu Antivirus (HKLM\...\Baidu Antivirus) (Version: 5.6.3.186847 - Baidu, Inc.)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v4.00.23(T) - )
Bonjour (HKLM\...\{0CB9668D-F979-4F31-B8B8-67FE90F929F8}) (Version: 2.0.2.0 - Apple Inc.)
Bonjour Print Services (HKLM\...\{9D210D79-AEC5-453B-960C-4DD2C73931E1}) (Version: 2.0.2.0 - Apple Inc.)
CD/DVD Drive Acoustic Silencer (HKLM\...\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}) (Version: 1.00.008 - TOSHIBA)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.5.5666 - CDBurnerXP)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Dropbox (HKU\S-1-5-21-1019493958-4142826306-2034615594-1005\...\Dropbox) (Version: 3.8.5 - Dropbox, Inc.)
DVD-RAM Driver (HKLM\...\{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}) (Version: 5.0.2.5 - )
F5U216 Ver2.11 (HKLM\...\{EB145CEA-998F-4C9D-AEF7-B4DBBD217DAF}) (Version: - )
FTP Utility (HKLM\...\InstallShield_{A5EC243A-AAB4-4AF0-85A5-07F9F4618353}) (Version: 1.00.0000 - KONICA MINOLTA)
FTP Utility (Version: 1.00.0000 - KONICA MINOLTA) Hidden
High Definition Audio Driver Package - KB888111 (HKLM\...\KB888111WXPSP2) (Version: 20040219.000000 - Microsoft Corporation)
HP Smart Print 2.1 (HKLM\...\{8046B41C-FB30-4614-898F-57D44D0C66EB}) (Version: 2.1.0.235 - Hewlett-Packard)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: - )
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{954B463D-FC19-4855-B9FA-92A136AE7BB7}) (Version: 15.03.0000 - Intel Corporation)
InterVideo WinDVD Creator 2 (HKLM\...\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}) (Version: 2.0.14.376 - InterVideo Inc.)
InterVideo WinDVD for TOSHIBA (HKLM\...\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}) (Version: 5.0-B11.533 - InterVideo Inc.)
ISO Recorder (HKLM\...\{0F6A7971-0F11-4A79-A0E9-133D0963A570}) (Version: 1.0.0 - Alex Feinman)
Java 8 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
KONICA MINOLTA magicolor 1690MF (HKLM\...\KONICA MINOLTA magicolor 1690MF) (Version: - )
KONICA MINOLTA magicolor 1690MF Scanner (HKLM\...\InstallShield_{F7B12AB6-4B1C-4BC5-81CA-7CC42EDF4282}) (Version: 1.00.0000 - KONICA MINOLTA)
KONICA MINOLTA magicolor 1690MF Scanner (Version: 1.00.0000 - KONICA MINOLTA) Hidden
KONICA MINOLTA mc1690MF (FAX) (HKLM\...\{37599606-D472-446A-9646-B13CE8A55BB5}) (Version: - )
Lazesoft Recovery Suite version 3.3 Home Edition (HKLM\...\LS-32CB12D5-CC47-4BC8-BC97-0613CDCB0406_is1) (Version: 3.3 - Lazesoft)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Metamail (Toshiba Registration Utility) (HKLM\...\{BE3F89C0-42D5-11D5-A40A-00105AC8331A}) (Version: 4.5 - )
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office OneNote 2003 (HKLM\...\{91A10409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Publisher 2003 (HKLM\...\{91190409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (HKLM\...\{91120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
Mouse Suite (HKLM\...\{EEDBE2DF-4141-44A9-8614-9832B16637E6}) (Version: 1.2.3 - Dynex)
MozBackup 1.5.1 (HKLM\...\MozBackup) (Version: - Pavel Cvrcek)
Mozilla Firefox 39.0 (x86 en-US) (HKLM\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 32.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyConnect Special Offer (HKLM\...\{97D8751D-18A4-482B-9E9C-31DAD9BEC1EC}) (Version: 1.1.0 - TOSHIBA)
Nero BackItUp (HKLM\...\{40F2F005-FA4C-4BEA-83A6-BFD969467594}) (Version: 15.62.1.116 - Nero AG)
Nero Info (HKLM\...\{F030BFE8-8476-4C08-A553-233DE80A2BE1}) (Version: 16.0.1009 - Nero AG)
Nero MediaHome Free (HKLM\...\{E0460191-5BE9-4E14-8C44-CC2EBC435A75}) (Version: 15.0.02400 - Nero AG)
Nero Prerequisite Installer 3.0 (HKLM\...\{929FAC65-06DD-4577-882C-E8A558C47B75}) (Version: 15.0.00900 - Nero AG)
Office 2003 Trial Assistant (Version: 1.0.0 - Microsoft) Hidden
Paradox (HKLM\...\{D6540C25-6E4E-4DB0-B96D-989E257D9E5C}) (Version: 11.2.0.411 - Corel Corporation)
Paradox Runtime (HKLM\...\{C2658D01-DC92-43AB-AD6B-04852B89F3A6}) (Version: 11.00.0000 - Corel Corporation)
PDF-XChange Editor (HKLM\...\{b308d3b2-2203-41a7-95bb-16b819ef137e}) (Version: 5.5.313.1 - Tracker Software Products (Canada) Ltd.)
PDF-XChange Editor (Version: 5.5.313.1 - Tracker Software Products (Canada) Ltd.) Hidden
PDF-XChange Lite 2012 (HKLM\...\{25CFCE3C-5C95-49CB-B63A-E2861E6C0C98}_is1) (Version: 5.5.313.1 - Tracker Software Products Ltd)
Prerequisite installer (Version: 15.0.0010 - Nero AG) Hidden
Privatefirewall 7.0 (HKLM\...\{E8EA933E-03A2-4E62-9F52-812C72BE2A6B}) (Version: 7.0.30.3 - PWI, Inc.)
Protector Suite 5.4 (HKLM\...\{CDBFC424-DD00-497F-9BDC-4E4178332336}) (Version: 5.4.0.2726 - UPEK)
Pure Networks Port Magic (HKLM\...\Port Magic) (Version: 1.2.1393.0 - Pure Networks)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RealPlayer Basic (HKLM\...\RealPlayer 6.0) (Version: - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.7083 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Revo Uninstaller Pro 3.1.4 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.4 - VS Revo Group, Ltd.)
sat_screensaver_30mb (HKLM\...\sat_screensaver_30mb.scr) (Version: - )
SD Secure Module (HKLM\...\{C45F4811-31D5-4786-801D-F79CD06EDD85}) (Version: 1.0.3 - TOSHIBA Corporation)
SeaMonkey 2.33.1 (x86 en-US) (HKLM\...\SeaMonkey 2.33.1 (x86 en-US)) (Version: 2.33.1 - Mozilla)
Secunia PSI (HKLM\...\Secunia PSI) (Version: - )
Sonic RecordNow! (HKLM\...\{9541FED0-327F-4DF0-8B96-EF57EF622F19}) (Version: 7.31 - Sonic Solutions)
SpywareBlaster 5.2 (HKLM\...\SpywareBlaster_is1) (Version: 5.2.0 - BrightFort LLC)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1014 - SUPERAntiSpyware.com)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.2.4.0 - Synaptics)
System Requirements Lab (HKLM\...\{FEE1F166-EAE4-4C4B-8988-D82521F9F63F}) (Version: 6.1.5.0 - Husdawg, LLC)
System Requirements Lab for Intel (HKLM\...\{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}) (Version: 4.5.22.0 - Husdawg, LLC)
Texas Instruments PCIxx21/x515/xx12 drivers. (HKLM\...\InstallShield_{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}) (Version: 1.16.0000 - Texas Instruments Inc.)
TIPCI (Version: 1.16.0000 - Texas Instruments Inc.) Hidden
TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: - )
TOSHIBA ConfigFree (HKLM\...\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}) (Version: 5.90.05 - )
TOSHIBA Controls (HKLM\...\{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}) (Version: - )
TOSHIBA Hotkey Utility (HKLM\...\{64DD71BC-3109-4C88-9AD3-D5422644B722}) (Version: 1.00.01ST - )
TOSHIBA PC Diagnostic Tool (HKLM\...\PC Diagnostic Tool) (Version: - )
TOSHIBA Power Saver (HKLM\...\Power Saver) (Version: 7.03.07.I - )
TOSHIBA SD Memory Card Format (HKLM\...\{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}) (Version: - )
TOSHIBA Software Modem (HKLM\...\TOSHIBA Software Modem) (Version: 2.1.62 (SM2162ALD04) - )
TOSHIBA Software Upgrades (HKLM\...\{425A2BC2-AA64-4107-9C29-484245BBEA05}) (Version: - )
TOSHIBA Speech System Applications (HKLM\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version: - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version: - )
TOSHIBA TouchPad ON/Off Utility (HKLM\...\{69BE47C2-36FE-4397-8199-85D8EAE69982}) (Version: 1.00.01ST - )
TOSHIBA Utilities (HKLM\...\{78C68CB9-3DF5-44F3-AB9D-FA305C5EB85C}) (Version: 1.00.08ST - )
TOSHIBA Virtual Sound (HKLM\...\{8B12BA86-ADAC-4BA6-B441-FFC591087252}) (Version: - )
TOSHIBA Zooming Utility (HKLM\...\{64212898-097F-4F3F-AECA-6D34A7EF82DF}) (Version: - )
Universal Extractor 1.6.1 (HKLM\...\Universal Extractor_is1) (Version: 1.6.1 - Jared Breland)
Update Manager (Version: 4.60 - Corel Corporation) Hidden
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WD My Cloud (HKLM\...\{F21C4C7B-E803-4BEF-8861-C2C63A133ABB}) (Version: 1.0.4.37 - Western Digital Technologies, Inc.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Installer Clean Up (HKLM\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows Mobile 6.5 Standard Developer Tool Kit - USA (HKLM\...\{378A0ECD-324C-4727-8D25-242D42209AA6}) (Version: 6.5.0.21234 - Microsoft Corporation)
Windows PowerShell(TM) 1.0 (HKLM\...\PowerShell) (Version: 1 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WordPerfect Office X3 (HKLM\...\{83FBD495-DDF6-4C8D-92D6-10261DD6F6A3}) (Version: 13.0 - Corel Corporation)
WordPerfect OfficeReady (HKLM\...\{737D7CA8-D05C-46C7-AFED-A76616E8CA3B}) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Louis Paul Toscano\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005_Classes\CLSID\{037FB476-15E0-4ED1-B11A-E420B750B1A8}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005_Classes\CLSID\{0A368B9B-3566-4730-B40E-EAF6858A53AF}\InprocServer32 -> C:\Documents and Settings\Louis Paul Toscano\Local Settings\Application Data\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005_Classes\CLSID\{2837E0FE-686B-4CB0-BE53-0EA097EAF71B}\InprocServer32 -> C:\WINDOWS\Downloaded Program Files\isusweb.dll (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Documents and Settings\Louis Paul Toscano\Local Settings\Application Data\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005_Classes\CLSID\{5AFAFE48-7107-4FE5-B21A-86A4254541DD}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005_Classes\CLSID\{5B7524C8-2446-40E9-9474-94A779DBA224}\InprocServer32 -> C:\WINDOWS\Downloaded Program Files\isusweb.dll (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005_Classes\CLSID\{621D3650-F1D3-414C-97F9-03A02B211261}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005_Classes\CLSID\{623E415A-22EF-4DAA-A2FF-E68E77A673C9}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Documents and Settings\Louis Paul Toscano\Local Settings\Application Data\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005_Classes\CLSID\{885BB46A-3F1E-44C3-A01B-A7D9260CC98B}\InprocServer32 -> C:\WINDOWS\Downloaded Program Files\dwusplay.dll (InstallShield Software Corporation)
CustomCLSID: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005_Classes\CLSID\{915C2CEB-216B-4B7C-89E4-9ED3512D58D9}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005_Classes\CLSID\{92C5E738-7372-4CD6-BE57-15833624EBF3}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005_Classes\CLSID\{9CAAD2EA-177B-4D07-871F-47255B5D30F3}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Documents and Settings\Louis Paul Toscano\Local Settings\Application Data\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005_Classes\CLSID\{B391A1DB-28C8-4506-A43C-5BD6051F16BA}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Documents and Settings\Louis Paul Toscano\Local Settings\Application Data\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Documents and Settings\Louis Paul Toscano\Local Settings\Application Data\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}\InprocServer32 -> C:\Documents and Settings\Louis Paul Toscano\Local Settings\Application Data\Dropbox\Update\1.3.27.2 (the data entry has 20 more characters).
CustomCLSID: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005_Classes\CLSID\{E42CE23D-69F9-480A-A15F-BFF5E4D170C3}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005_Classes\CLSID\{E50C953D-311A-481B-8F8D-C55E65AF7417}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Louis Paul Toscano\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005_Classes\CLSID\{E9880553-B8A7-4960-A668-95C68BED571E}\InprocServer32 -> C:\WINDOWS\Downloaded Program Files\isusweb.dll (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005_Classes\CLSID\{E9A93328-79D4-4AED-A778-146E7191F8BC}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Documents and Settings\Louis Paul Toscano\Application Data\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005_Classes\CLSID\{F1522EC1-F84F-4CE2-A38C-F9384B0DFD41}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Louis Paul Toscano\Application Data\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Louis Paul Toscano\Application Data\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Louis Paul Toscano\Application Data\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Louis Paul Toscano\Application Data\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Louis Paul Toscano\Application Data\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Louis Paul Toscano\Application Data\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Louis Paul Toscano\Application Data\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Louis Paul Toscano\Application Data\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Documents and Settings\Louis Paul Toscano\Application Data\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Documents and Settings\Louis Paul Toscano\Local Settings\Application Data\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005_Classes\CLSID\{FFF2D28F-E4EE-44D9-8104-8E71556757F6}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)

==================== Restore Points =========================

23-07-2015 02:41:03 Removed Microsoft ActiveSync
23-07-2015 02:54:47 Installed Windows Mobile 6.5 Standard Developer Tool Kit - USA
23-07-2015 03:23:01 Software Distribution Service 3.0
23-07-2015 03:36:59 Software Distribution Service 3.0
23-07-2015 03:47:13 Software Distribution Service 3.0
23-07-2015 10:38:33 Software Distribution Service 3.0
23-07-2015 10:43:27 Software Distribution Service 3.0
23-07-2015 10:47:18 Software Distribution Service 3.0
23-07-2015 12:24:49 Software Distribution Service 3.0
23-07-2015 23:31:49 Software Distribution Service 3.0
24-07-2015 19:59:24 Software Distribution Service 3.0
24-07-2015 20:26:36 Software Distribution Service 3.0
24-07-2015 23:37:03 Software Distribution Service 3.0
24-07-2015 23:43:07 FixWindowsUpdateProblem
25-07-2015 00:19:10 Software Distribution Service 3.0
25-07-2015 09:52:31 Software Distribution Service 3.0
25-07-2015 09:55:44 Software Distribution Service 3.0
26-07-2015 00:16:29 Software Distribution Service 3.0
26-07-2015 00:27:09 Installed Windows XP Service Pack 3.
26-07-2015 00:43:31 Software Distribution Service 3.0
26-07-2015 00:49:18 Software Distribution Service 3.0
26-07-2015 20:17:17 CompatibilityToolKit
27-07-2015 01:15:04 FourCriticalUpdates
27-07-2015 01:16:09 Software Distribution Service 3.0
27-07-2015 01:19:01 Software Distribution Service 3.0
27-07-2015 01:21:19 Software Distribution Service 3.0
27-07-2015 01:37:55 Installed Windows XP KB2719985.
27-07-2015 01:40:43 Software Distribution Service 3.0
27-07-2015 01:52:50 Software Distribution Service 3.0
27-07-2015 01:58:18 Software Distribution Service 3.0
27-07-2015 02:00:29 Software Distribution Service 3.0
27-07-2015 02:08:41 Revo Uninstaller Pro's restore point - Security Update for Windows XP (KB2757638)
27-07-2015 02:13:34 Software Distribution Service 3.0
27-07-2015 02:16:08 Software Distribution Service 3.0
27-07-2015 09:52:22 Software Distribution Service 3.0
27-07-2015 12:46:50 Software Distribution Service 3.0
27-07-2015 12:50:23 Software Distribution Service 3.0
27-07-2015 15:15:16 Software Distribution Service 3.0
27-07-2015 15:17:50 Software Distribution Service 3.0
27-07-2015 15:20:01 Software Distribution Service 3.0
28-07-2015 11:33:02 RemoveDriverAlert
29-07-2015 11:41:08 System Checkpoint
29-07-2015 20:02:53 RemoveUnnecessaryNetworkAdapter
30-07-2015 20:17:18 System Checkpoint
31-07-2015 02:22:50 NewSAS
31-07-2015 22:28:52 JRT Pre-Junkware Removal

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-01-19 14:53 - 2015-08-01 14:00 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\BackItUp_Launch.job => C:\Program Files\Nero\Nero BackItUp\BackItUp.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1019493958-4142826306-2034615594-1005Core.job => C:\Documents and Settings\Louis Paul Toscano\Local Settings\Application Data\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1019493958-4142826306-2034615594-1005UA.job => C:\Documents and Settings\Louis Paul Toscano\Local Settings\Application Data\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{03CF1C70-73A8-4B6C-85B0-0007F76BEBD8}.job => C:\WINDOWS\system32\msfeedssync.exe

==================== Loaded Modules (Whitelisted) ==============

2004-07-20 21:04 - 2004-07-20 21:04 - 00094208 _____ () C:\WINDOWS\system32\TosBtHcrpAPI.dll
2015-07-24 06:36 - 2015-07-24 06:36 - 00298480 _____ () C:\Program Files\Baidu Security\Baidu Antivirus\5.6.3.186847.0\HipsLogger.dll
2015-07-24 06:36 - 2015-07-14 00:09 - 00176112 _____ () C:\Program Files\Baidu Security\Baidu Antivirus\5.6.3.186847.0\dark.dll
2015-07-24 06:36 - 2015-07-24 06:36 - 00540656 _____ () C:\Program Files\Baidu Security\Baidu Antivirus\5.6.3.186847.0\sqlite.dll
2015-07-24 06:36 - 2015-07-24 06:36 - 00197944 _____ () C:\Program Files\Baidu Security\Baidu Antivirus\5.6.3.186847.0\TinyIPC32.dll
2015-07-24 06:36 - 2015-07-24 06:36 - 00370672 _____ () C:\Program Files\Baidu Security\Baidu Antivirus\5.6.3.186847.0\BNetOp.dll
2014-06-18 02:57 - 2009-04-03 03:13 - 00091648 _____ () C:\WINDOWS\system32\M1690WDX.dll
2006-01-19 17:47 - 2005-07-12 21:14 - 00040960 _____ () c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
2012-11-22 02:18 - 2002-07-04 13:38 - 00053248 _____ () C:\Program Files\ArcSoft\Software Suite\PhotoImpression\share\pihook.dll
2006-01-19 17:30 - 2006-01-04 22:14 - 00049152 _____ () C:\Program Files\Toshiba\Toshiba Applet\TouchPad_OnOff.dll
2014-01-10 01:26 - 2014-01-10 01:26 - 01861968 _____ () C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2015-07-24 06:36 - 2015-07-24 06:36 - 00167920 _____ () C:\Program Files\Baidu Security\Baidu Antivirus\5.6.3.186847.0\Plugins\Plugin_Hips_TipsCtl\HipsTipControl.dll
2015-07-24 06:36 - 2015-07-24 06:36 - 00147952 _____ () C:\Program Files\Baidu Security\Baidu Antivirus\5.6.3.186847.0\Plugins\Plugin_User_Mon\HUMHandler\HUMAnalyzeHandler.dll
2015-07-24 06:36 - 2015-07-24 06:36 - 00158704 _____ () C:\Program Files\Baidu Security\Baidu Antivirus\5.6.3.186847.0\Plugins\Plugin_User_Mon\HUMHandler\HUMSupplementHandler.dll
2015-07-24 06:36 - 2015-07-24 06:36 - 00120304 _____ () C:\Program Files\Baidu Security\Baidu Antivirus\5.6.3.186847.0\Plugins\Plugin_User_Mon\HUMHandler\HUMUSBHandler.dll
2015-07-24 06:36 - 2015-07-24 06:36 - 00277488 _____ () C:\Program Files\Baidu Security\Baidu Antivirus\5.6.3.186847.0\Pulgin_Dark_DeleteFileTip.dll
2015-08-01 16:33 - 2015-08-01 16:33 - 00071168 _____ () c:\Documents and Settings\Louis Paul Toscano\Local Settings\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqipgiv.dll
2012-12-14 00:02 - 2015-03-23 19:48 - 00150528 _____ () C:\Program Files\SeaMonkey\NSLDAP32V60.dll
2012-12-14 00:02 - 2015-03-23 19:48 - 00014848 _____ () C:\Program Files\SeaMonkey\NSLDAPPR32V60.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\cfdemo.scr:SummaryInformation
AlternateDataStreams: C:\WINDOWS\system32\lsass.exe:SummaryInformation
AlternateDataStreams: C:\Documents and Settings\Louis Paul Toscano\Desktop\msicuu2.exe:SummaryInformation
AlternateDataStreams: C:\Documents and Settings\Louis Paul Toscano\Desktop\transactions.csv:SummaryInformation
AlternateDataStreams: C:\Documents and Settings\Louis Paul Toscano\My Documents\ETA 8429 EXP 4-30-15.pdf:SummaryInformation

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BavSvc => "Service "=" "
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => " "= "Driver "
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BavSvc => "Service "=" "
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => " "= "Driver "

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005\...\comcast.net -> hxxps://xfinity.comcast.net
IE trusted site: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005\...\computermail.net -> hxxps://www.computermail.net
IE trusted site: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005\...\google.com -> hxxps://www.google.com
IE trusted site: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005\...\microsoft.com -> hxxps://answers.microsoft.com
IE trusted site: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005\...\secunia.com -> hxxps://secunia.com
IE trusted site: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005\...\yahoo.com -> hxxps://www.yahoo.com

IE restricted site: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005\...\1001movie.com -> 1001movie.com

There are 6092 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1019493958-4142826306-2034615594-1005\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\Toshiba.bmp
DNS Servers: 75.75.75.75 - 75.75.76.76
sharedaccess Firewall Service is not running.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^cysec-AV.exe => C:\WINDOWS\pss\cysec-AV.exeCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Secunia PSI Tray.lnk => C:\WINDOWS\pss\Secunia PSI Tray.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^Louis Paul Toscano^Start Menu^Programs^Startup^HotSync Manager.lnk => C:\WINDOWS\pss\HotSync Manager.lnkStartup
MSCONFIG\startupfolder: C:^Documents and Settings^Louis Paul Toscano^Start Menu^Programs^Startup^Secunia PSI.lnk => C:\WINDOWS\pss\Secunia PSI.lnkStartup
MSCONFIG\startupreg: ISUSPM Startup => "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
MSCONFIG\startupreg: MSMSGS => "C:\Program Files\Messenger\msmsgs.exe" /background
MSCONFIG\startupreg: Nero BackItUp => "C:\Program Files\Nero\Nero BackItUp\BackItUp.exe" /WinStart
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

DomainProfile\AuthorizedApplications: [C:\Program Files\Nero\Nero BackItUp\BackItUp.exe] => Enabled:BackItUp
StandardProfile\AuthorizedApplications: [C:\Program Files\Nero\Nero BackItUp\BackItUp.exe] => Enabled:BackItUp
DomainProfile\GloballyOpenPorts: [3389:TCP] => Enabledxpsp2res.dll,-22009
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabledxpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabledxpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabledxpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabledxpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [3389:TCP] => Enabledxpsp2res.dll,-22009
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabledxpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabledxpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabledxpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabledxpsp2res.dll,-22002

==================== Faulty Device Manager Devices =============

Name: RAS Async Adapter
Description: RAS Async Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: AsyncMac
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action ", and then click "Enable Device ". This starts the Enable Device wizard. Follow the instructions.

Could not list Devices. Check "winmgmt" service or repair WMI.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/31/2015 08:37:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application FlashUtil32_18_0_0_194_ActiveX.exe, version 18.0.0.194, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/31/2015 08:37:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application FlashUtil32_18_0_0_194_ActiveX.exe, version 18.0.0.194, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/31/2015 08:21:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application pfgui.exe, version 7.0.30.3, faulting module pfgui.exe, version 7.0.30.3, fault address 0x000800bf.
Processing media-specific event for [pfgui.exe!ws!]

Error: (07/31/2015 06:09:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 39.0.0.5659, faulting module mozalloc.dll, version 39.0.0.5659, fault address 0x00001aa1.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (07/31/2015 06:09:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 39.0.0.5659, faulting module mozalloc.dll, version 39.0.0.5659, fault address 0x00001aa1.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (07/31/2015 06:08:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 39.0.0.5659, faulting module mozalloc.dll, version 39.0.0.5659, fault address 0x00001aa1.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (07/27/2015 03:08:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application QuickTimePlayer.exe, version 7.76.80.95, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/27/2015 03:07:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application QuickTimePlayer.exe, version 7.76.80.95, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/26/2015 09:51:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 39.0.0.5659, faulting module mozalloc.dll, version 39.0.0.5659, fault address 0x00001aa1.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (07/26/2015 09:51:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 39.0.0.5659, faulting module mozalloc.dll, version 39.0.0.5659, fault address 0x00001aa1.
Processing media-specific event for [plugin-container.exe!ws!]


System errors:
=============
Error: (08/01/2015 04:26:51 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error:
%%2

Error: (08/01/2015 04:26:10 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (08/01/2015 01:46:56 PM) (Source: PlugPlayManager) (EventID: 12) (User: )
Description: The device 'Privacyware Filter Miniport #6' (Root\PWIPF6MP\0005) disappeared from the system without first being prepared for removal.

Error: (08/01/2015 01:46:56 PM) (Source: PlugPlayManager) (EventID: 12) (User: )
Description: The device 'ADM851X USB To Fast Ethernet Adapter - Privacyware Filter Miniport' (Root\PWIPF6MP\0003) disappeared from the system without first being prepared for removal.

Error: (08/01/2015 01:46:55 PM) (Source: PlugPlayManager) (EventID: 12) (User: )
Description: The device 'ADM851X USB To Fast Ethernet Adapter #2 - Privacyware Filter Miniport' (Root\PWIPF6MP\0002) disappeared from the system without first being prepared for removal.

Error: (08/01/2015 01:46:55 PM) (Source: PlugPlayManager) (EventID: 12) (User: )
Description: The device 'Intel(R) PRO/100 VE Network Connection - Privacyware Filter Miniport' (Root\PWIPF6MP\0001) disappeared from the system without first being prepared for removal.

Error: (08/01/2015 01:46:55 PM) (Source: PlugPlayManager) (EventID: 12) (User: )
Description: The device 'Intel(R) PRO/Wireless 3945ABG Network Connection - Privacyware Filter Miniport' (Root\PWIPF6MP\0000) disappeared from the system without first being prepared for removal.

Error: (08/01/2015 01:46:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Swupdtmr service terminated unexpectedly. It has done this 1 time(s).

Error: (07/31/2015 11:36:06 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error:
%%2

Error: (07/31/2015 11:22:55 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error:
%%2


Microsoft Office:
=========================
Error: (07/31/2015 08:37:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FlashUtil32_18_0_0_194_ActiveX.exe18.0.0.194hungapp0.0.0.000000000

Error: (07/31/2015 08:37:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FlashUtil32_18_0_0_194_ActiveX.exe18.0.0.194hungapp0.0.0.000000000

Error: (07/31/2015 08:21:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: pfgui.exe7.0.30.3pfgui.exe7.0.30.3000800bf

Error: (07/31/2015 06:09:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe39.0.0.5659mozalloc.dll39.0.0.565900001aa1

Error: (07/31/2015 06:09:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe39.0.0.5659mozalloc.dll39.0.0.565900001aa1

Error: (07/31/2015 06:08:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe39.0.0.5659mozalloc.dll39.0.0.565900001aa1

Error: (07/27/2015 03:08:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: QuickTimePlayer.exe7.76.80.95hungapp0.0.0.000000000

Error: (07/27/2015 03:07:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: QuickTimePlayer.exe7.76.80.95hungapp0.0.0.000000000

Error: (07/26/2015 09:51:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe39.0.0.5659mozalloc.dll39.0.0.565900001aa1

Error: (07/26/2015 09:51:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe39.0.0.5659mozalloc.dll39.0.0.565900001aa1


==================== Memory info ===========================

Processor: Genuine Intel(R) CPU T2300 @ 1.66GHz
Percentage of memory in use: 44%
Total physical RAM: 2549.98 MB
Available physical RAM: 1409.17 MB
Total Virtual: 4443.05 MB
Available Virtual: 3405.34 MB

==================== Drives ================================

Drive c: (SQ004013P03) (Fixed) (Total:74.28 GB) (Free:29.71 GB) NTFS ==>[drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: 388E388D)
Partition 1: (Active) - (Size=74.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=251 MB) - (Type=88)

==================== End of log ============================

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:30-07-2015
Ran by Louis Paul Toscano (administrator) on TOSHIBA-USER (01-08-2015 18:10:35)
Running from C:\Documents and Settings\Louis Paul Toscano\Desktop
Loaded Profiles: Louis Paul Toscano (Available Profiles: Louis Paul Toscano & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
(Privacyware/PWI, Inc.) C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(America Online) C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
(America Online, Inc) C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
(Baidu, Inc.) C:\Program Files\Baidu Security\Baidu Antivirus\5.6.3.186847.0\BavSvc.exe
(America Online Inc) C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
(Baidu, Inc.) C:\Program Files\Baidu Security\Baidu Antivirus\5.6.3.186847.0\BHipsSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(Matsushita Electric Industrial Co., Ltd.) C:\WINDOWS\system32\DVDRAMSV.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\locator.exe
() C:\TOSHIBA\IVP\swupdate\swupdtmr.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA) C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynToshiba.exe
(TOSHIBA Corporation) C:\WINDOWS\system32\TPSMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
(Atheros Communications, Inc.) C:\Program Files\Atheros\ACU.exe
(Agere Systems) C:\Program Files\ltmoh\ltmoh.exe
(Agere Systems) C:\WINDOWS\agrsmmsg.exe
(TOSHIBA Corporation) C:\WINDOWS\system32\TPSBattM.exe
(Primax Electronics Ltd.) C:\WINDOWS\system32\ico.exe
(Primax Electronics Ltd.) C:\WINDOWS\system32\PELMICED.EXE
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Privacyware/PWI, Inc.) C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe
(Baidu, Inc.) C:\Program Files\Baidu Security\Baidu Antivirus\5.6.3.186847.0\BavTray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(TOSHIBA) C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
(UPEK Inc.) C:\Program Files\Protector Suite QL\psqltray.exe
(KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.) C:\Program Files\KONICA MINOLTA\FTP Utility\KMFtp.exe
(Matsushita Electric Industrial Co., Ltd.) C:\WINDOWS\system32\RAMASST.exe
(Dropbox, Inc.) C:\Documents and Settings\Louis Paul Toscano\Application Data\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(mozilla.org) C:\Program Files\SeaMonkey\seamonkey.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1343488 2008-08-14] (Synaptics, Inc.)
HKLM\...\Run: [THotkey] => C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe [352256 2006-01-05] (TOSHIBA)
HKLM\...\Run: [Tvs] => C:\Program Files\Toshiba\Tvs\TvsTray.exe [73728 2005-11-30] (TOSHIBA Corporation)
HKLM\...\Run: [TPSMain] => C:\WINDOWS\system32\TPSMain.exe [282624 2005-06-01] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [122880 2005-04-26] (TOSHIBA Corporation)
HKLM\...\Run: [Pinger] => c:\toshiba\ivp\ism\pinger.exe [151552 2005-03-17] (TOSHIBA Corporation)
HKLM\...\Run: [ACU] => C:\Program Files\Atheros\ACU.exe [323584 2005-12-08] (Atheros Communications, Inc.)
HKLM\...\Run: [LtMoh] => C:\Program Files\ltmoh\Ltmoh.exe [184320 2004-08-18] (Agere Systems)
HKLM\...\Run: [AGRSMMSG] => C:\WINDOWS\AGRSMMSG.exe [88203 2005-10-15] (Agere Systems)
HKLM\...\Run: [QuickFinder Scheduler] => C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE [77892 2005-12-01] (Corel Corporation)
HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [87328 2008-12-29] (Macrovision Corporation)
HKLM\...\Run: [PdxRegCl] => C:\Program Files\Paradox\Programs\PdxRegCl.exe [49152 2004-06-14] (Corel Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [Mouse Suite 98 Daemon] => C:\WINDOWS\system32\ICO.EXE [56128 2006-10-23] (Primax Electronics Ltd.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [448520 2015-06-24] (DivX, LLC)
HKLM\...\Run: [IntelZeroConfig] => C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe [1407248 2012-04-24] (Intel(R) Corporation)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1210640 2012-04-24] (Intel(R) Corporation)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM\...\Run: [PSQLLauncher] => C:\Program Files\Protector Suite QL\launcher.exe [30208 2006-01-13] (UPEK Inc.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20145368 2013-10-04] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Privatefirewall] => C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe [3048480 2013-12-17] (Privacyware/PWI, Inc.)
HKLM\...\Run: [Baidu Antivirus] => C:\Program Files\Baidu Security\Baidu Antivirus\5.6.3.186847.0\BavTray.exe [2553328 2015-07-24] (Baidu, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
Winlogon\Notify\psfus: C:\WINDOWS\system32\psqlpwd.dll [2006-01-13] (UPEK Inc.)
HKU\S-1-5-21-1019493958-4142826306-2034615594-1005\...\Run: [TOSCDSPD] => C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [65536 2004-12-30] (TOSHIBA)
HKU\S-1-5-21-1019493958-4142826306-2034615594-1005\...\Run: [ISUSPM] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [206112 2008-12-29] (Macrovision Corporation)
HKU\S-1-5-21-1019493958-4142826306-2034615594-1005\...\Run: [Dropbox Update] => C:\Documents and Settings\Louis Paul Toscano\Local Settings\Application Data\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-24] (Dropbox, Inc.)
Lsa: [Notification Packages] scecli psqlpwd
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\FTP Utility.lnk [2014-07-18]
ShortcutTarget: FTP Utility.lnk -> C:\Program Files\KONICA MINOLTA\FTP Utility\KMFtp.exe (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk [2006-01-19]
ShortcutTarget: RAMASST.lnk -> C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
Startup: C:\Documents and Settings\Louis Paul Toscano\Start Menu\Programs\Startup\Dropbox.lnk [2015-07-30]
ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\Louis Paul Toscano\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Documents and Settings\Louis Paul Toscano\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk [2015-05-06]
ShortcutTarget: Microsoft Office OneNote 2003 Quick Launch.lnk -> C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Louis Paul Toscano\Application Data\Dropbox\bin\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Louis Paul Toscano\Application Data\Dropbox\bin\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Louis Paul Toscano\Application Data\Dropbox\bin\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Louis Paul Toscano\Application Data\Dropbox\bin\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Louis Paul Toscano\Application Data\Dropbox\bin\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Louis Paul Toscano\Application Data\Dropbox\bin\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Louis Paul Toscano\Application Data\Dropbox\bin\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Louis Paul Toscano\Application Data\Dropbox\bin\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1019493958-4142826306-2034615594-1005\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
HKU\S-1-5-21-1019493958-4142826306-2034615594-1005\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dailysignal.com/
HKU\S-1-5-21-1019493958-4142826306-2034615594-1005\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-16] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-16] (Oracle Corporation)
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/nirvana/controls/pcmatic.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/...ls/en/x86/client/wuweb_site.cab?1353572538140
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1353572722109
DPF: {9732FB42-C321-11D1-836F-00A0C993F125} http://www.pcpitstop.com/mhLbl.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com/bin/srldetect_intel_4.5.22.0.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/da2/PCPitStop2.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-19] (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864 2010-05-18] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{8BB4F5FB-DE6F-40A9-96DE-BACD6DD3DE61}: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Louis Paul Toscano\Application Data\Mozilla\Firefox\Profiles\dy4ezcg3.default-1424457505890
FF NewTab: hxxp://forecast.weather.gov/MapClick.php?CityName=Hackettstown&state=NJ&site=PHI&lat=40.8538&lon=-74.8254#.VOeVfCzwvXh
FF DefaultSearchEngine: Bing
FF DefaultSearchEngine.US: Bing
FF SelectedSearchEngine: Bing
FF Homepage: hxxp://forecast.weather.gov/MapClick.php?CityName=Hackettstown&state=NJ&site=PHI&lat=40.8538&lon=-74.8254#.VOeVfCzwvXh
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-07-01] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll [2015-05-14] (DivX, LLC)
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-16] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-16] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @Nero.com/KM -> C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2015-04-10] (Nero AG)
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2015-06-08] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1019493958-4142826306-2034615594-1005: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2015-06-08] (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2015-01-21] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2015-01-21] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2015-01-21] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2015-01-21] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2015-01-21] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2015-01-21] (Apple Inc.)
FF Extension: IE Tab 2 (FF 3.6+) - C:\Documents and Settings\Louis Paul Toscano\Application Data\Mozilla\Firefox\Profiles\dy4ezcg3.default-1424457505890\Extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} [2015-07-21]
FF Extension: Print Edit - C:\Documents and Settings\Louis Paul Toscano\Application Data\Mozilla\Firefox\Profiles\dy4ezcg3.default-1424457505890\Extensions\printedit@DW-dev.xpi [2015-02-25]
FF Extension: Adblock Plus - C:\Documents and Settings\Louis Paul Toscano\Application Data\Mozilla\Firefox\Profiles\dy4ezcg3.default-1424457505890\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-03-02]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-11-23]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Documents and Settings\Louis Paul Toscano\Local Settings\Application Data\Google\Chrome\User Data\Default

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-08-19] (SUPERAntiSpyware.com)
R2 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [10328 2004-10-20] (America Online)
R2 AOL TopSpeedMonitor; C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe [100016 2004-10-15] (America Online, Inc)
R2 BavSvc; C:\Program Files\Baidu Security\Baidu Antivirus\5.6.3.186847.0\BavSvc.exe [2805208 2015-07-24] (Baidu, Inc.)
R2 BHipsSvc; C:\Program Files\Baidu Security\Baidu Antivirus\5.6.3.186847.0\BHipsSvc.exe [544032 2015-07-24] (Baidu, Inc.)
R2 CFSvcs; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2005-01-17] (TOSHIBA CORPORATION) [File not signed]
R2 DVD-RAM_Service; C:\WINDOWS\system32\DVDRAMSV.exe [110592 2004-08-28] (Matsushita Electric Industrial Co., Ltd.) [File not signed]
S3 LPDSVC; C:\WINDOWS\system32\tcpsvcs.exe [19456 2004-08-04] (Microsoft Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [786256 2014-07-15] (Nero AG)
S4 NeroBackItUpBackgroundService; C:\Program Files\Nero\Nero BackItUp\NBService.exe [279544 2015-07-07] (Nero AG)
R2 PFNet; C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe [374600 2013-12-17] (Privacyware/PWI, Inc.)
S4 RemoteAccess; C:\WINDOWS\system32\svchost.exe [14336 2008-04-14] (Microsoft Corporation)
R2 S24EventMonitor; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [919824 2012-04-24] (Intel(R) Corporation)
R2 Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [40960 2005-07-12] () [File not signed]
S3 BdSandboxSrv; C:\Program Files\Baidu Security\Baidu Antivirus\5.6.3.186847.0\BdSandboxSrv.exe [X]

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R2 ASCTRM; C:\WINDOWS\system32\Drivers\ASCTRM.sys [8552 2006-01-19] (Windows (R) 2000 DDK provider) [File not signed]
U3 BdApiUtil; C:\Program Files\Baidu Security\Baidu Antivirus\5.6.3.186847.0\BdApiUtil.sys [101448 2015-07-24] (Baidu, Inc.)
R3 bdark; C:\WINDOWS\system32\drivers\bdark.sys [81864 2015-07-14] ()
U3 BdCameraProtect; C:\Program Files\Baidu Security\Baidu Antivirus\5.6.3.186847.0\BdCameraProtect.sys [21384 2015-07-24] (Baidu, Inc.)
S3 BdSandbox; C:\WINDOWS\System32\drivers\BdSandbox.sys [186176 2014-12-10] (Baidu, Inc.)
R1 Bfilter; C:\WINDOWS\System32\drivers\Bfilter.sys [51144 2015-07-24] (Baidu, Inc.)
R1 Bfmon; C:\WINDOWS\System32\drivers\Bfmon.sys [31176 2015-07-24] (Baidu, Inc.)
R0 Bhbase; C:\WINDOWS\System32\drivers\Bhbase.sys [74888 2015-07-24] (Baidu, Inc.)
R3 BHipsEx; C:\WINDOWS\System32\drivers\BHipsEx.sys [149960 2015-07-24] (Baidu, Inc.)
R1 Bnbase; C:\WINDOWS\System32\drivers\bnbase.sys [52168 2015-07-24] (Baidu, Inc.)
R1 Bndef; C:\WINDOWS\System32\drivers\bndef.sys [462152 2015-07-24] (Baidu, Inc.)
R3 BNmon; C:\Program Files\Baidu Security\Baidu Antivirus\5.6.3.186847.0\Bnmon.sys [84936 2015-07-24] (Baidu, Inc.)
R1 Bprotect; C:\WINDOWS\System32\drivers\Bprotect.sys [197064 2015-07-24] (Baidu, Inc.)
S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2011-06-02] ()
R2 FdRedir; C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [13568 2006-01-13] (UPEK Inc.) [File not signed]
R2 FileDisk2; C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys [33024 2006-01-13] (UPEK Inc.) [File not signed]
R1 Hermes; C:\WINDOWS\System32\drivers\Hermes.sys [273672 2015-03-24] ()
R3 Iviaspi; C:\WINDOWS\System32\drivers\iviaspi.sys [21060 2003-09-11] (InterVideo, Inc.) [File not signed]
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
R1 meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [102384 2005-06-02] (Matsushita Electric Industrial Co.,Ltd.) [File not signed]
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
R2 Netdevio; C:\WINDOWS\System32\DRIVERS\netdevio.sys [12032 2003-01-29] (TOSHIBA Corporation.) [File not signed]
R3 NETwLx32; C:\WINDOWS\System32\DRIVERS\NETwLx32.sys [6609920 2010-10-07] (Intel Corporation)
R3 pelmouse; C:\WINDOWS\System32\DRIVERS\pelmouse.sys [18944 2007-04-18] (Primax Electronics Ltd.)
R3 pelusblf; C:\WINDOWS\System32\DRIVERS\pelusblf.sys [17920 2007-04-11] (Primax Electronics Ltd.)
R3 Pfc; C:\WINDOWS\System32\drivers\pfc.sys [21248 2003-09-19] (Padus, Inc.) [File not signed]
S3 PSI; C:\WINDOWS\System32\DRIVERS\psi_mf.sys [14904 2010-07-07] (Secunia)
R3 pwipf6; C:\WINDOWS\System32\DRIVERS\pwipf6.sys [135272 2012-05-25] (Privacyware/PWI, Inc.)
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [20640 2005-04-25] (Sonic Solutions) [File not signed]
R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [13952 2010-05-19] (Intel Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R2 smihlp; C:\Program Files\Protector Suite QL\smihlp.sys [3456 2006-01-13] (UPEK Inc.) [File not signed]
R2 StarOpen; C:\WINDOWS\system32\Drivers\StarOpen.sys [13120 2013-08-25] ()
R3 tbiosdrv; C:\WINDOWS\System32\DRIVERS\tbiosdrv.sys [9472 2005-08-24] ()
S3 tosrfec; C:\WINDOWS\System32\DRIVERS\tosrfec.sys [9344 2005-09-09] (TOSHIBA Corporation) [File not signed]
S3 trufos; C:\WINDOWS\System32\drivers\trufos.sys [343456 2014-09-26] (BitDefender S.R.L.)
R3 TVALD; C:\WINDOWS\System32\DRIVERS\NBSMI.sys [6144 2005-10-20] (Toshiba Corporation) [File not signed]
R3 Tvs; C:\WINDOWS\System32\DRIVERS\Tvs.sys [43392 2005-11-30] (TOSHIBA Corporation) [File not signed]
S3 w39n51; C:\WINDOWS\System32\DRIVERS\w39n51.sys [1428096 2005-12-04] (Intel® Corporation)
R3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
R3 xpvcom; C:\WINDOWS\System32\DRIVERS\XPVCOM.sys [30032 2007-03-23] ()
S3 catchme; \??\C:\DOCUME~1\LOUISP~1\LOCALS~1\Temp\catchme.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U5 Tosrfcom; C:\Windows\System32\Drivers\Tosrfcom.sys [64896 2005-08-01] (TOSHIBA Corporation) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-01 18:10 - 2015-08-01 18:11 - 00025985 _____ C:\Documents and Settings\Louis Paul Toscano\Desktop\FRST.txt
2015-08-01 14:06 - 2015-08-01 18:11 - 00000000 ____D C:\Documents and Settings\Louis Paul Toscano\Local Settings\temp
2015-08-01 14:06 - 2015-08-01 14:06 - 00034528 _____ C:\ComboFix.txt
2015-08-01 14:06 - 2015-08-01 14:06 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\temp
2015-08-01 14:06 - 2015-08-01 14:06 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\temp
2015-08-01 14:06 - 2015-08-01 14:06 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\temp
2015-08-01 13:44 - 2015-08-01 13:44 - 00000000 _RSHD C:\cmdcons
2015-08-01 13:44 - 2015-07-28 17:14 - 00000211 _____ C:\Boot.bak
2015-08-01 13:44 - 2004-08-03 23:00 - 00260272 __RSH C:\cmldr
2015-08-01 13:35 - 2011-06-26 02:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2015-08-01 13:35 - 2010-11-07 13:20 - 00208896 _____ C:\WINDOWS\MBR.exe

 

2015-08-01 13:35 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2015-08-01 13:35 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2015-08-01 13:35 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2015-08-01 13:35 - 2000-08-30 20:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2015-08-01 13:35 - 2000-08-30 20:00 - 00098816 _____ C:\WINDOWS\sed.exe
2015-08-01 13:35 - 2000-08-30 20:00 - 00080412 _____ C:\WINDOWS\grep.exe
2015-08-01 13:35 - 2000-08-30 20:00 - 00068096 _____ C:\WINDOWS\zip.exe
2015-08-01 13:34 - 2015-08-01 14:06 - 00000000 ____D C:\Qoobox
2015-08-01 13:29 - 2015-08-01 13:29 - 05632897 ____R (Swearware) C:\Documents and Settings\Louis Paul Toscano\Desktop\ComboFix.exe
2015-07-31 22:53 - 2015-07-31 22:53 - 00002195 _____ C:\Documents and Settings\Louis Paul Toscano\Desktop\JRT.txt
2015-07-31 22:27 - 2015-07-31 22:27 - 00002280 _____ C:\Documents and Settings\Louis Paul Toscano\Desktop\AdwCleaner[S0]07312015After.txt
2015-07-31 22:12 - 2015-07-31 22:12 - 00003180 _____ C:\Documents and Settings\Louis Paul Toscano\Desktop\AdwCleaner[R0]07312015Before.txt
2015-07-31 22:04 - 2015-07-31 22:04 - 00098520 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\6021751A.sys
2015-07-31 22:01 - 2015-07-31 22:01 - 00000000 __RSD C:\Documents and Settings\Louis Paul Toscano\My Documents\My Safe
2015-07-31 21:41 - 2015-07-31 21:41 - 00001562 _____ C:\Documents and Settings\Louis Paul Toscano\Desktop\MBAM07312015After.txt
2015-07-31 21:39 - 2015-07-31 21:39 - 00001541 _____ C:\Documents and Settings\Louis Paul Toscano\Desktop\MBAM07312015Before.txt
2015-07-31 21:06 - 2015-07-31 21:06 - 00005442 _____ C:\Documents and Settings\Louis Paul Toscano\Desktop\RogueKiller07312015.txt
2015-07-31 20:48 - 2015-07-31 20:49 - 00035064 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-07-31 20:48 - 2015-07-31 20:48 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\RogueKiller
2015-07-31 20:47 - 2015-07-31 20:47 - 02248704 _____ C:\Documents and Settings\Louis Paul Toscano\Desktop\adwcleaner_4.208.exe
2015-07-31 20:47 - 2015-07-31 20:47 - 01798176 _____ (Malwarebytes Corporation) C:\Documents and Settings\Louis Paul Toscano\Desktop\JRT.exe
2015-07-31 20:43 - 2015-07-31 20:45 - 18718280 _____ C:\Documents and Settings\Louis Paul Toscano\Desktop\RogueKiller.exe
2015-07-31 19:12 - 2015-07-31 04:56 - 01673216 _____ (Farbar) C:\Documents and Settings\Louis Paul Toscano\Desktop\FRST.exe
2015-07-31 10:25 - 2015-07-31 10:25 - 00000000 ____D C:\WINDOWS\$ESUPD_ROLLBACK$
2015-07-31 10:24 - 2015-07-31 10:25 - 47392592 _____ C:\Documents and Settings\Louis Paul Toscano\Desktop\espatch1.exe
2015-07-31 04:57 - 2015-08-01 18:10 - 00000000 ____D C:\FRST
2015-07-31 04:52 - 2015-07-31 05:30 - 00031173 _____ C:\Documents and Settings\Louis Paul Toscano\Desktop\MWAV07312015.LOG
2015-07-31 03:35 - 2015-07-31 03:35 - 00006408 _____ C:\Documents and Settings\Louis Paul Toscano\Desktop\Network Activity 07312015.txt
2015-07-31 03:25 - 2015-07-31 03:25 - 00000825 _____ C:\Documents and Settings\Louis Paul Toscano\Desktop\MWAVSCAN.lnk
2015-07-29 08:30 - 2015-07-29 08:30 - 00000139 _____ C:\Documents and Settings\Louis Paul Toscano\My Documents\Files containing text Washington (2).fnd
2015-07-28 11:53 - 2015-07-28 11:53 - 00000246 _____ C:\Documents and Settings\Louis Paul Toscano\Desktop\MBAM07282015.txt
2015-07-27 13:43 - 2015-07-27 13:43 - 00000832 _____ C:\Documents and Settings\Louis Paul Toscano\Desktop\2015_07_27_12_40_53.txt
2015-07-27 01:56 - 2012-11-02 15:35 - 00000557 _____ C:\WINDOWS\Windows6.1-KB2757638-x86-pkgProperties.txt
2015-07-27 01:56 - 2012-11-02 15:35 - 00000444 _____ C:\WINDOWS\Windows6.1-KB2757638-x86.xml
2015-07-27 01:56 - 2012-11-02 15:32 - 00595969 _____ C:\WINDOWS\Windows6.1-KB2757638-x86.cab
2015-07-26 23:31 - 2006-12-29 00:31 - 00019569 _____ C:\WINDOWS\000003_.tmp
2015-07-26 00:26 - 2006-12-29 00:31 - 00019569 _____ C:\WINDOWS\000002_.tmp
2015-07-25 23:52 - 2015-07-25 23:59 - 00000000 ____D C:\KB2757638
2015-07-25 23:38 - 2015-07-25 23:38 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2916036$
2015-07-25 10:25 - 2015-07-25 10:25 - 00934640 _____ (Microsoft Corporation) C:\Documents and Settings\Louis Paul Toscano\Desktop\WindowsXP-KB2916036-x86-ENU.exe
2015-07-25 10:19 - 2012-11-02 15:59 - 00171218 _____ C:\WINDOWS\WSUSSCAN.cab
2015-07-25 10:09 - 2015-07-25 23:02 - 00006226 _____ C:\WINDOWS\KB2916036Uninst.log
2015-07-25 00:33 - 2015-07-26 21:32 - 00000068 _____ C:\Documents and Settings\Louis Paul Toscano\Desktop\MSUpdateDifficultToRemove.txt
2015-07-25 00:32 - 2015-07-25 00:32 - 00000139 _____ C:\Documents and Settings\Louis Paul Toscano\My Documents\Files containing text Washington.fnd
2015-07-25 00:04 - 2015-07-25 00:04 - 01589208 _____ (Microsoft Corporation) C:\Documents and Settings\Louis Paul Toscano\Desktop\WindowsXP-KB2719985-x86-ENU.exe
2015-07-24 23:47 - 2015-07-27 02:09 - 00343952 _____ C:\WINDOWS\KB2757638Uninst.log
2015-07-24 23:44 - 2015-07-25 09:11 - 00347062 _____ C:\WINDOWS\KB2719985Uninst.log
2015-07-24 06:46 - 2015-07-14 00:10 - 00081864 _____ C:\WINDOWS\system32\Drivers\bdark.sys
2015-07-24 06:36 - 2015-07-24 06:36 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Baidu Antivirus
2015-07-23 03:38 - 2015-07-23 03:38 - 00000000 ____D C:\Documents and Settings\Louis Paul Toscano\Application Data\CellularEmulator
2015-07-23 02:55 - 2015-07-23 02:55 - 00000000 ____D C:\Program Files\Microsoft Device Emulator
2015-07-23 02:55 - 2015-07-23 02:55 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Windows Mobile 6 SDK
2015-07-23 02:54 - 2015-07-23 02:55 - 00000000 ____D C:\Program Files\Windows Mobile 6 SDK
2015-07-22 23:06 - 2015-07-22 23:06 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\Nero_AG
2015-07-22 23:06 - 2015-07-22 23:06 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Nero
2015-07-22 20:12 - 2015-07-22 20:12 - 00001482 _____ C:\Documents and Settings\Louis Paul Toscano\Desktop\MBAM07222015.txt
2015-07-22 19:05 - 2015-07-22 19:05 - 00001118 _____ C:\Documents and Settings\Louis Paul Toscano\Desktop\2015_07_22_16_53_44.txt
2015-07-22 16:10 - 2015-07-22 16:10 - 00002776 _____ C:\Documents and Settings\Louis Paul Toscano\null
2015-07-22 08:40 - 2015-07-31 10:29 - 00000000 ____D C:\Documents and Settings\Louis Paul Toscano\Start Menu\Programs\Dropbox
2015-07-21 22:53 - 2008-04-14 05:42 - 00221696 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\seo.dll
2015-07-21 22:53 - 2008-04-14 05:42 - 00189440 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\smtpadm.dll
2015-07-21 22:53 - 2008-04-14 05:42 - 00010752 ____N (Microsoft Corporation) C:\WINDOWS\system32\smtpapi.dll
2015-07-21 22:53 - 2008-04-14 05:42 - 00010752 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\smtpapi.dll
2015-07-21 22:53 - 2008-04-14 05:42 - 00009728 ____N (Microsoft Corporation) C:\WINDOWS\system32\rwnh.dll
2015-07-21 22:53 - 2008-04-14 05:42 - 00009728 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\rwnh.dll
2015-07-21 22:53 - 2008-04-14 05:41 - 00081920 ____N (Microsoft Corporation) C:\WINDOWS\system32\ieencode.dll
2015-07-21 22:53 - 2008-04-14 05:41 - 00081920 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieencode.dll
2015-07-21 22:52 - 2006-12-29 00:31 - 00019569 _____ C:\WINDOWS\000001_.tmp
2015-07-21 22:41 - 2015-07-29 23:48 - 00636654 _____ C:\WINDOWS\setupapi.log
2015-07-21 17:17 - 2015-07-21 17:17 - 00000380 _____ C:\WINDOWS\Tasks\BackItUp_Launch.job
2015-07-21 17:17 - 2015-07-21 17:17 - 00000000 ____D C:\Documents and Settings\Louis Paul Toscano\My Documents\Nero BackItUp Device Backup
2015-07-21 17:09 - 2015-07-21 17:09 - 00002212 _____ C:\Documents and Settings\All Users\Desktop\Nero BackItUp.lnk
2015-07-21 10:12 - 2015-07-21 10:12 - 00003400 _____ C:\Documents and Settings\Louis Paul Toscano\Desktop\VolumeC.txt
2015-07-20 20:13 - 2015-07-20 20:15 - 00005896 _____ C:\Documents and Settings\Louis Paul Toscano\RESET.TXT
2015-07-20 15:19 - 2015-07-20 15:19 - 00004282 _____ C:\Documents and Settings\Louis Paul Toscano\Desktop\20150720.txt
2015-07-17 20:14 - 2015-07-17 20:14 - 00001185 _____ C:\Documents and Settings\Louis Paul Toscano\Desktop\MBAMRun2Jul172015.txt
2015-07-17 14:33 - 2002-01-26 14:53 - 00074304 _____ (Microsoft Corporation) C:\WINDOWS\system32\rarepair.exe
2015-07-17 12:02 - 2001-08-17 13:48 - 00012800 _____ (Microsoft Corporation) C:\Documents and Settings\Louis Paul Toscano\My Documents\dhcploc.exe
2015-07-17 10:20 - 2015-07-17 10:20 - 00000851 _____ C:\WINDOWS\KB833747.log
2015-07-17 08:53 - 2015-07-17 08:53 - 00004166 _____ C:\Documents and Settings\Louis Paul Toscano\Desktop\MBAM01712015Removal.txt
2015-07-17 08:45 - 2015-07-17 08:45 - 00003961 _____ C:\Documents and Settings\Louis Paul Toscano\Desktop\MBAM07172015.txt
2015-07-17 05:30 - 2015-07-31 05:14 - 00000354 _____ C:\Documents and Settings\Louis Paul Toscano\My Documents\FindRAS07172015.txt
2015-07-16 14:18 - 2015-07-28 11:33 - 00000000 ____D C:\Program Files\PCPitstop
2015-07-16 14:18 - 2015-07-28 11:33 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\PCPitstop
2015-07-16 14:03 - 2015-07-16 14:03 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SystemRequirementsLab
2015-07-16 14:01 - 2015-07-16 14:01 - 00000000 ____D C:\Program Files\Common Files\Java
2015-07-16 08:34 - 2015-07-16 08:52 - 00000000 ____D C:\Documents and Settings\Louis Paul Toscano\Desktop\Forticlient Remover
2015-07-16 03:02 - 2015-07-16 03:03 - 00000000 ____D C:\SMCLpav
2015-07-15 13:22 - 2015-07-15 13:22 - 00000000 ____D C:\Documents and Settings\Louis Paul Toscano\Local Settings\Application Data\VS Revo Group
2015-07-15 13:20 - 2015-07-22 22:43 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Revo Uninstaller Pro
2015-07-15 13:20 - 2015-07-20 21:45 - 00000936 _____ C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
2015-07-15 13:20 - 2015-07-15 13:20 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\VS Revo Group
2015-07-15 13:20 - 2009-12-30 11:20 - 00027064 _____ (VS Revo Group) C:\WINDOWS\system32\Drivers\revoflt.sys
2015-07-15 00:23 - 2015-07-15 00:23 - 00001923 _____ C:\Documents and Settings\All Users\Desktop\Nero MediaHome.lnk
2015-07-14 21:13 - 2015-07-14 21:13 - 00000000 ____D C:\Documents and Settings\Louis Paul Toscano\Local Settings\Application Data\Lavasoft
2015-07-14 21:13 - 2015-07-14 21:13 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Lavasoft
2015-07-14 16:40 - 2015-07-20 23:58 - 00173544 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2015-07-14 15:29 - 2015-07-14 15:30 - 00003865 _____ C:\Documents and Settings\All Users\Application Data\lpm.dat
2015-07-14 15:27 - 2015-07-14 15:27 - 00002552 _____ C:\WINDOWS\system32\LavasoftTcpServiceOff.ini
2015-07-14 15:26 - 2015-07-14 15:26 - 00342016 _____ (Lavasoft Limited) C:\WINDOWS\system32\LavasoftTcpService.dll
2015-07-14 14:54 - 2015-07-21 17:09 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Nero
2015-07-14 14:09 - 2015-07-14 14:21 - 00370425 _____ C:\WINDOWS\SetupWLD.log
2015-07-14 10:59 - 2015-07-14 10:59 - 00000889 _____ C:\Documents and Settings\All Users\Desktop\WD My Cloud.lnk
2015-07-14 10:59 - 2015-07-14 10:59 - 00000000 ____D C:\Documents and Settings\Louis Paul Toscano\Application Data\com.wd.WDMyCloud
2015-07-14 10:59 - 2015-07-14 10:59 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Western Digital
2015-07-14 10:58 - 2015-07-14 10:58 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Bonjour Print Services
2015-07-14 10:57 - 2015-07-14 10:57 - 00000242 _____ C:\Documents and Settings\Louis Paul Toscano\Desktop\WD My Cloud Learning Center.url
2015-07-14 10:57 - 2015-07-14 10:57 - 00000195 _____ C:\Documents and Settings\Louis Paul Toscano\Desktop\WD My Cloud Public Share.url
2015-07-14 10:57 - 2015-07-14 10:57 - 00000191 _____ C:\Documents and Settings\Louis Paul Toscano\Desktop\WD My Cloud Dashboard.url
2015-07-13 22:47 - 2015-07-13 22:47 - 00000270 _____ C:\WINDOWS\Q311542.log
2015-07-13 21:46 - 2015-07-14 09:24 - 00000000 ____D C:\WINDOWS\LastGood(2)
2015-07-12 21:15 - 2015-07-13 21:18 - 00008192 _____ C:\WINDOWS\system32\WDPABKP.dat
2015-07-12 17:54 - 2015-07-14 09:25 - 00000000 ____D C:\Program Files\Western Digital
2015-07-12 17:53 - 2015-07-14 10:58 - 00000000 ____D C:\Program Files\Bonjour Print Services
2015-07-12 17:52 - 2015-07-14 10:58 - 00000000 ____D C:\Program Files\Bonjour
2015-07-12 17:40 - 2015-07-14 09:25 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Western Digital
2015-07-12 17:30 - 2015-07-14 09:25 - 00000000 ____D C:\Documents and Settings\Louis Paul Toscano\Local Settings\Application Data\Western Digital
2015-07-11 15:07 - 2015-07-15 00:22 - 00000000 ____D C:\Program Files\Common Files\Nero
2015-07-11 15:05 - 2015-07-11 15:05 - 00000738 _____ C:\Documents and Settings\All Users\Desktop\DivX Player.lnk
2015-07-11 15:03 - 2015-07-11 15:03 - 00000803 _____ C:\Documents and Settings\All Users\Desktop\DivX Converter.lnk
2015-07-11 14:51 - 2015-07-11 14:51 - 00043494 _____ C:\Documents and Settings\Louis Paul Toscano\Local Settings\Tempdivx6fe8
2015-07-11 11:20 - 2015-07-11 11:20 - 00098520 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\42D66E14.sys
2015-07-11 11:04 - 2015-07-11 11:04 - 00000131 _____ C:\Documents and Settings\Louis Paul Toscano\My Documents\Files containing text Philadelphia.fnd
2015-07-11 11:04 - 2015-07-11 11:04 - 00000116 _____ C:\Documents and Settings\Louis Paul Toscano\My Documents\Files containing text Circuit.fnd
2015-07-11 11:04 - 2015-07-11 11:04 - 00000107 _____ C:\Documents and Settings\Louis Paul Toscano\My Documents\Files containing text Bone.fnd
2015-07-08 02:08 - 2015-07-08 02:08 - 00253196 _____ C:\Documents and Settings\Louis Paul Toscano\Local Settings\Tempdivx75fb
2015-07-03 07:20 - 2015-08-01 16:52 - 00000000 ____D C:\Program Files\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-01 17:53 - 2015-06-24 22:42 - 00001040 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1019493958-4142826306-2034615594-1005UA.job
2015-08-01 16:35 - 2013-09-05 00:06 - 00000000 ___RD C:\Documents and Settings\Louis Paul Toscano\My Documents\Dropbox
2015-08-01 16:35 - 2013-09-05 00:01 - 00000000 ____D C:\Documents and Settings\Louis Paul Toscano\Application Data\Dropbox
2015-08-01 16:33 - 2015-03-24 04:03 - 00249648 _____ C:\WINDOWS\system32\HermesHelp.dll
2015-08-01 16:33 - 2006-01-19 16:16 - 00000000 __SHD C:\Documents and Settings\NetworkService
2015-08-01 16:32 - 2014-03-07 08:54 - 00000248 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-08-01 16:32 - 2006-01-19 14:54 - 00001158 _____ C:\WINDOWS\system32\wpa.dbl
2015-08-01 16:27 - 2015-03-23 00:36 - 00010230 _____ C:\WINDOWS\system32\HWLook.log
2015-08-01 16:27 - 2006-01-19 16:12 - 01402680 _____ C:\WINDOWS\WindowsUpdate.log
2015-08-01 16:26 - 2006-01-19 16:16 - 00000000 __SHD C:\Documents and Settings\LocalService
2015-08-01 16:26 - 2006-01-19 08:09 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-08-01 16:26 - 2006-01-19 08:09 - 00000048 _____ C:\WINDOWS\wiaservc.log
2015-08-01 16:23 - 2006-01-19 16:16 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-08-01 14:14 - 2012-11-22 02:27 - 00000278 ___SH C:\Documents and Settings\Louis Paul Toscano\ntuser.ini
2015-08-01 14:14 - 2006-01-19 16:16 - 00032546 _____ C:\WINDOWS\SchedLgU.Txt
2015-08-01 14:01 - 2006-01-19 14:54 - 00000227 _____ C:\WINDOWS\system.ini
2015-08-01 13:59 - 2012-11-23 23:09 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2015-08-01 13:56 - 2014-11-04 19:47 - 00000000 ____D C:\Documents and Settings\Louis Paul Toscano\Local Settings\Application Data\temp
2015-08-01 13:44 - 2006-01-19 14:55 - 00000327 __RSH C:\boot.ini
2015-08-01 13:32 - 2012-11-23 13:16 - 00000448 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{03CF1C70-73A8-4B6C-85B0-0007F76BEBD8}.job
2015-08-01 09:54 - 2014-10-07 01:34 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\BavSvc_exe
2015-08-01 07:52 - 2015-06-24 22:41 - 00000988 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1019493958-4142826306-2034615594-1005Core.job
2015-07-31 22:12 - 2015-03-03 09:49 - 00000000 ____D C:\AdwCleaner
2015-07-31 22:04 - 2014-06-15 21:31 - 00098520 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-07-31 21:40 - 2012-11-25 05:55 - 00000000 ____D C:\RegistryBackup
2015-07-31 18:08 - 2015-03-23 00:37 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Baidu Security
2015-07-31 10:29 - 2012-11-29 10:56 - 02219579 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1019493958-4142826306-2034615594-1005-0.dat
2015-07-31 10:29 - 2012-11-28 02:24 - 00276162 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2015-07-31 10:25 - 2014-09-26 14:30 - 00000000 ____D C:\Program Files\Common Files\MicroWorld
2015-07-31 03:31 - 2014-09-26 14:43 - 00006430 _____ C:\WINDOWS\UPDLL.LOG
2015-07-31 03:30 - 2014-09-26 14:32 - 00000056 _____ C:\WINDOWS\Lic.xxx
2015-07-31 03:29 - 2014-09-26 14:32 - 00011332 _____ C:\WINDOWS\general.log
2015-07-31 03:26 - 2014-09-26 14:33 - 00016358 _____ C:\WINDOWS\ESCAN.LOG
2015-07-31 03:26 - 2006-01-19 14:54 - 00002184 _____ C:\WINDOWS\win.ini
2015-07-31 03:01 - 2013-03-28 22:26 - 00000000 ____D C:\Documents and Settings\Louis Paul Toscano\Jewish Federation
2015-07-31 02:22 - 2012-11-28 02:21 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-07-30 20:46 - 2013-04-24 21:14 - 00000000 ____D C:\Program Files\SpywareBlaster
2015-07-29 19:42 - 2012-12-10 05:21 - 00000000 ____D C:\Documents and Settings\Louis Paul Toscano\My Documents\My Documents XP Folder
2015-07-28 17:14 - 2006-01-19 08:06 - 00243632 _____ C:\WINDOWS\setupact.log
2015-07-27 19:02 - 2012-12-05 19:48 - 00000514 _____ C:\WINDOWS\nsw.log
2015-07-27 15:20 - 2013-01-09 08:49 - 00953603 _____ C:\WINDOWS\KB2757638.log
2015-07-27 15:18 - 2006-01-19 17:12 - 00250871 _____ C:\WINDOWS\updspapi.log
2015-07-27 13:47 - 2012-11-22 02:27 - 00000000 ____D C:\Documents and Settings\Louis Paul Toscano
2015-07-27 11:30 - 2013-01-09 08:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2757638$
2015-07-27 02:09 - 2006-01-19 08:07 - 01887632 _____ C:\WINDOWS\iis6.log
2015-07-27 02:09 - 2006-01-19 08:07 - 00768549 _____ C:\WINDOWS\tsoc.log
2015-07-27 02:09 - 2006-01-19 08:07 - 00563298 _____ C:\WINDOWS\comsetup.log
2015-07-27 02:09 - 2006-01-19 08:07 - 00340154 _____ C:\WINDOWS\ntdtcsetup.log
2015-07-27 02:09 - 2006-01-19 08:07 - 00091588 _____ C:\WINDOWS\ocmsn.log
2015-07-27 02:09 - 2006-01-19 08:07 - 00084954 _____ C:\WINDOWS\tabletoc.log
2015-07-27 02:09 - 2006-01-19 08:07 - 00001374 _____ C:\WINDOWS\imsins.log
2015-07-27 02:08 - 2006-01-19 08:07 - 01682011 _____ C:\WINDOWS\FaxSetup.log
2015-07-27 02:08 - 2006-01-19 08:07 - 00807813 _____ C:\WINDOWS\ocgen.log
2015-07-27 02:08 - 2006-01-19 08:07 - 00519028 _____ C:\WINDOWS\msmqinst.log
2015-07-27 02:08 - 2006-01-19 08:07 - 00292643 _____ C:\WINDOWS\netfxocm.log
2015-07-27 02:08 - 2006-01-19 08:07 - 00117783 _____ C:\WINDOWS\MedCtrOC.log
2015-07-27 02:08 - 2006-01-19 08:07 - 00083558 _____ C:\WINDOWS\msgsocm.log
2015-07-27 02:02 - 2006-01-19 08:07 - 00001374 _____ C:\WINDOWS\imsins.BAK
2015-07-27 01:38 - 2012-11-23 13:51 - 01150169 _____ C:\WINDOWS\KB2719985.log
2015-07-27 01:17 - 2014-02-12 20:52 - 00027183 _____ C:\WINDOWS\KB2909921-IE8.log
2015-07-27 01:16 - 2012-11-23 13:58 - 00147380 _____ C:\WINDOWS\KB946648.log
2015-07-27 01:16 - 2006-01-19 16:10 - 00000000 ____D C:\Program Files\Messenger
2015-07-27 01:08 - 2013-11-10 23:17 - 00000211 _____ C:\WirelessDiagLog.csv
2015-07-27 00:55 - 2012-11-23 06:46 - 00076520 _____ C:\WINDOWS\spupdsvc.log
2015-07-27 00:55 - 2006-01-19 16:11 - 00158395 _____ C:\WINDOWS\wmsetup.log
2015-07-27 00:55 - 2006-01-19 16:11 - 00001103 _____ C:\WINDOWS\DtcInstall.log
2015-07-27 00:54 - 2012-11-23 12:00 - 00000517 _____ C:\WINDOWS\spupdsvc.log.1.log
2015-07-27 00:54 - 2012-11-23 11:59 - 00000090 _____ C:\WINDOWS\system32\spupdwxp.log
2015-07-26 23:54 - 2006-01-19 08:02 - 00000000 ____D C:\WINDOWS\security
2015-07-26 23:53 - 2012-11-23 06:35 - 00638374 _____ C:\WINDOWS\svcpack.log
2015-07-26 23:33 - 2006-01-19 16:13 - 00001574 _____ C:\Documents and Settings\All Users\Start Menu\Set Program Access and Defaults.lnk
2015-07-26 23:33 - 2006-01-19 16:11 - 00003857 _____ C:\WINDOWS\sessmgr.setup.log
2015-07-26 23:33 - 2006-01-19 16:10 - 00000892 _____ C:\WINDOWS\cmsetacl.log
2015-07-26 23:33 - 2006-01-19 16:10 - 00000000 ___RD C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
2015-07-26 23:32 - 2006-01-19 08:02 - 00000000 ____D C:\WINDOWS\Help
2015-07-26 21:55 - 2012-11-25 23:23 - 00002265 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
2015-07-26 21:38 - 2014-09-19 19:06 - 00001802 _____ C:\WINDOWS\SecuniaPackage.log
2015-07-26 00:26 - 2006-01-19 17:23 - 00000000 ____D C:\WINDOWS\system32\ReinstallBackups
2015-07-26 00:14 - 2006-01-19 18:01 - 00002409 _____ C:\Documents and Settings\All Users\Desktop\MyConnect™ Special Offer.lnk
2015-07-26 00:00 - 2006-01-19 16:16 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2015-07-25 23:39 - 2014-02-12 20:24 - 00024985 _____ C:\WINDOWS\KB2916036.log
2015-07-25 09:55 - 2006-01-19 17:11 - 00000000 ___HD C:\WINDOWS\$hf_mig$
2015-07-25 09:19 - 2012-11-23 14:27 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2719985$
2015-07-25 00:18 - 2014-02-13 23:02 - 00002353 _____ C:\Documents and Settings\Louis Paul Toscano\Start Menu\Programs\Windows Install Clean Up.lnk
2015-07-24 06:37 - 2014-10-16 04:18 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Application Data\BAVData
2015-07-24 06:36 - 2014-10-07 01:11 - 00462152 _____ (Baidu, Inc.) C:\WINDOWS\system32\Drivers\Bndef.sys
2015-07-24 06:36 - 2014-10-07 01:11 - 00197064 _____ (Baidu, Inc.) C:\WINDOWS\system32\Drivers\Bprotect.sys
2015-07-24 06:36 - 2014-10-07 01:11 - 00052168 _____ (Baidu, Inc.) C:\WINDOWS\system32\Drivers\Bnbase.sys
2015-07-24 06:36 - 2014-10-07 01:10 - 00149960 _____ (Baidu, Inc.) C:\WINDOWS\system32\Drivers\BHipsEx.sys
2015-07-24 06:36 - 2014-10-07 01:10 - 00074888 _____ (Baidu, Inc.) C:\WINDOWS\system32\Drivers\Bhbase.sys
2015-07-24 06:36 - 2014-10-07 01:10 - 00051144 _____ (Baidu, Inc.) C:\WINDOWS\system32\Drivers\Bfilter.sys
2015-07-24 06:36 - 2014-10-07 01:10 - 00031176 _____ (Baidu, Inc.) C:\WINDOWS\system32\Drivers\Bfmon.sys
2015-07-24 06:36 - 2014-10-07 01:10 - 00000685 _____ C:\Documents and Settings\All Users\Desktop\Baidu Antivirus.lnk
2015-07-23 02:41 - 2012-11-23 19:03 - 00000000 ____D C:\Program Files\Microsoft ActiveSync
2015-07-22 23:06 - 2014-12-05 00:16 - 00000000 ____D C:\Documents and Settings\Louis Paul Toscano\Application Data\ImgBurn
2015-07-22 22:50 - 2013-11-15 17:14 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Intel PROSet Wireless
2015-07-22 22:50 - 2013-04-24 21:14 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
2015-07-22 22:25 - 2006-01-19 08:02 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2015-07-22 21:25 - 2012-11-27 22:51 - 00000000 ____D C:\Documents and Settings\Louis Paul Toscano\Application Data\vlc
2015-07-21 22:13 - 2014-03-09 20:57 - 00001324 _____ C:\WINDOWS\system32\d3d9caps.dat
2015-07-21 21:09 - 2012-11-28 01:57 - 00000000 ____D C:\Documents and Settings\Louis Paul Toscano\Local Settings\Application Data\Nero
2015-07-21 20:40 - 2014-09-23 13:56 - 01558206 _____ C:\WINDOWS\setupapi.log.2.old
2015-07-21 17:10 - 2012-11-28 01:57 - 00000000 ____D C:\Documents and Settings\Louis Paul Toscano\Application Data\Nero
2015-07-21 17:09 - 2012-11-28 01:34 - 00000000 ____D C:\Program Files\Nero
2015-07-21 17:08 - 2012-11-28 01:33 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Nero
2015-07-17 20:18 - 2012-11-23 14:18 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB971513$
2015-07-17 19:25 - 2006-01-19 08:02 - 00000000 ____D C:\WINDOWS\system32\ias
2015-07-17 19:24 - 2006-01-19 08:07 - 00607402 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-07-17 14:23 - 2012-11-23 13:58 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB946648$
2015-07-17 13:29 - 2012-12-07 18:50 - 00000000 ____D C:\WINDOWS\system32\NtmsData
2015-07-16 18:22 - 2012-11-22 02:26 - 00134466 _____ C:\WINDOWS\DPINST.LOG
2015-07-16 18:20 - 2013-04-24 21:14 - 00000765 _____ C:\Documents and Settings\All Users\Desktop\SpywareBlaster.lnk
2015-07-16 14:09 - 2015-01-21 18:49 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Oracle
2015-07-16 14:03 - 2012-11-29 03:16 - 00000000 ____D C:\Program Files\SystemRequirementsLab
2015-07-16 13:56 - 2015-02-24 20:38 - 00146432 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2015-07-16 13:56 - 2015-02-24 20:38 - 00096352 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2015-07-16 13:55 - 2014-10-16 01:34 - 00000000 ____D C:\Program Files\Java
2015-07-16 13:36 - 2014-10-16 05:12 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Package Cache
2015-07-16 05:01 - 2014-01-28 22:02 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\ProductData
2015-07-16 03:03 - 2006-01-19 17:26 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2015-07-15 13:20 - 2014-09-04 14:47 - 00000000 ____D C:\Program Files\VS Revo Group
2015-07-14 15:59 - 2013-07-10 08:24 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-07-14 09:35 - 2006-01-19 16:16 - 00000000 ____D C:\Documents and Settings\Administrator
2015-07-14 09:33 - 2006-01-19 16:11 - 00000000 ____D C:\WINDOWS\Registration
2015-07-14 09:32 - 2012-11-27 22:53 - 00000000 ____D C:\Program Files\DivX
2015-07-14 09:32 - 2012-11-27 22:40 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\DivX
2015-07-14 00:48 - 2014-08-13 23:06 - 00000000 ____D C:\Documents and Settings\Louis Paul Toscano\Local Settings\Application Data\Adobe
2015-07-13 21:46 - 2006-01-19 17:23 - 00000000 ____D C:\Program Files\Intel
2015-07-11 15:05 - 2013-09-10 20:51 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\DivX
2015-07-11 11:15 - 2013-02-12 23:00 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2802968$
2015-07-08 15:00 - 2014-03-07 08:54 - 00000242 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-07-04 02:35 - 2012-12-28 14:12 - 00000000 ____D C:\Program Files\CDBurnerXP
2015-07-04 02:34 - 2013-04-26 22:18 - 00001615 _____ C:\Documents and Settings\All Users\Desktop\CDBurnerXP.lnk
2015-07-04 02:34 - 2013-04-26 22:18 - 00001567 _____ C:\Documents and Settings\All Users\Start Menu\Programs\CDBurnerXP.lnk
2015-07-03 08:49 - 2012-11-23 14:30 - 127070192 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

Some files in TEMP:
====================
C:\Documents and Settings\Louis Paul Toscano\Local Settings\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqipgiv.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of log ============================

 

OK, broni; but I just noticed that one of these programs altered my defaults. For example, it is not safe to use IE8 on Windows XP; so I use Firefox. Something we ran changed it back to IE8. FRST just shut down, so I am doing it again from the top. This time I disabled my Baidu Antivirus.

 

broni, I did that yesterday; but something changed it back. When I reopened Firefox, it gave me that option. Anyway, I expected a big, 45 page Word document for this fixlog.txt. The log that just opened is only two pages. Here it is, and thanks for trying to clean up this system:

Fix result of Farbar Recovery Scan Tool (x86) Version:30-07-2015
Ran by Louis Paul Toscano (2015-08-01 19:02:16) Run:4
Running from C:\Documents and Settings\Louis Paul Toscano\Desktop
Loaded Profiles: Louis Paul Toscano (Available Profiles: Louis Paul Toscano & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
AlternateDataStreams: C:\WINDOWS\cfdemo.scr:SummaryInformation
AlternateDataStreams: C:\WINDOWS\system32\lsass.exe:SummaryInformation
AlternateDataStreams: C:\Documents and Settings\Louis Paul Toscano\Desktop\msicuu2.exe:SummaryInformation
AlternateDataStreams: C:\Documents and Settings\Louis Paul Toscano\Desktop\transactions.csv:SummaryInformation
AlternateDataStreams: C:\Documents and Settings\Louis Paul Toscano\My Documents\ETA 8429 EXP 4-30-15.pdf:SummaryInformation
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1019493958-4142826306-2034615594-1005\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
S3 BdSandboxSrv; C:\Program Files\Baidu Security\Baidu Antivirus\5.6.3.186847.0\BdSandboxSrv.exe [X]
S3 catchme; \??\C:\DOCUME~1\LOUISP~1\LOCALS~1\Temp\catchme.sys [X]
C:\Documents and Settings\Louis Paul Toscano\Local Settings\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqipgiv.dll
*****************

"C:\WINDOWS\cfdemo.scr" => ":SummaryInformation" ADS not found.
"C:\WINDOWS\system32\lsass.exe" => ":SummaryInformation" ADS not found.
"C:\Documents and Settings\Louis Paul Toscano\Desktop\msicuu2.exe" => ":SummaryInformation" ADS not found.
"C:\Documents and Settings\Louis Paul Toscano\Desktop\transactions.csv" => ":SummaryInformation" ADS not found.
"C:\Documents and Settings\Louis Paul Toscano\My Documents\ETA 8429 EXP 4-30-15.pdf" => ":SummaryInformation" ADS not found.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
HKU\S-1-5-21-1019493958-4142826306-2034615594-1005\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
BdSandboxSrv => service could not remove
catchme => service removed successfully.
C:\Documents and Settings\Louis Paul Toscano\Local Settings\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqipgiv.dll => moved successfully.

==== End of Fixlog 19:02:16 ====