I have completed the Malware removal process and currently Malwarebytes is not finding anything. Here is the rooter and otlistit logs.
Microsoft Windows XP Home Edition (5.1.2600) Service Pack 3
C:\ [Fixed] - NTFS - (Total:38154 Mo/Free:2232 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
Wed 05/13/2009|13:54
----------------------\\ Processes..
--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
---------- C:\Program Files\Alwil Software\Avast4\ashServ.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\Program Files\Google\Update\GoogleUpdate.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
---------- C:\WINDOWS\system32\drivers\CDAC11BA.EXE
---------- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
---------- C:\WINDOWS\System32\DVDRAMSV.exe
---------- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
---------- C:\WINDOWS\system32\HPZipm12.exe
---------- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
---------- C:\Program Files\Canon\CAL\CALMAIN.exe
---------- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
---------- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
---------- C:\WINDOWS\system32\TPSMain.exe
---------- C:\WINDOWS\AGRSMMSG.exe
---------- C:\WINDOWS\system32\TFNF5.exe
---------- C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\00THotkey.exe
---------- C:\Program Files\Belkin\F5D8053\v5\Belkinwcui.exe
---------- C:\WINDOWS\system32\RAMASST.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\WINDOWS\system32\TPSBattM.exe
---------- C:\Program Files\Mozilla Firefox\firefox.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe
----------------------\\ Search..
----------------------\\ ROOTKIT !!
1 - "C:\Rooter$\Rooter_1.txt" - Wed 05/13/2009|13:55
----------------------\\ Scan completed at 13:55
OTListIt logfile created on: 5/13/2009 1:57:58 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.7 Folder = C:\Documents and Settings\John B\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
750.79 Mb Total Physical Memory | 353.42 Mb Available Physical Memory | 47.07% Memory free
1.04 Gb Paging File | 0.69 Gb Available in Paging File | 66.12% Paging File free
Paging file location(s): C:\pagefile.sys 360 720 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 10.18 Gb Free Space | 27.32% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: JOHNLAPTOP
Current User Name: John B
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On
========== Processes (SafeList) ==========
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\WINDOWS\system32\drivers\CDAC11BA.EXE (C-Dilla Ltd)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\WINDOWS\System32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.)
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)
PRC - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE (Software 2000 Limited)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\WINDOWS\system32\TPSMain.exe (TOSHIBA Corporation)
PRC - C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
PRC - C:\WINDOWS\system32\TFNF5.exe (TOSHIBA Corp.)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\00THotkey.exe (TOSHIBA Corp.)
PRC - C:\Program Files\Belkin\F5D8053\v5\Belkinwcui.exe (Belkin)
PRC - C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
PRC - C:\WINDOWS\system32\TPSBattM.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\John B\Desktop\OTListIt2.exe (OldTimer Tools)
========== Win32 Services (SafeList) ==========
SRV - (ACDaemon [Auto | Running]) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (C-DillaCdaC11BA [Auto | Running]) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE (C-Dilla Ltd)
SRV - (CCALib8 [Auto | Running]) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (CFSvcs [Auto | Running]) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (DL [Unknown | Stopped]) -- File not found
SRV - (DVD-RAM_Service [Auto | Running]) -- C:\WINDOWS\System32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.)
SRV - (gupdate1c9a0d0dfd66502 [Auto | Stopped]) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
SRV - (MSCSPTISRV [On_Demand | Stopped]) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (PACSPTISVR [On_Demand | Stopped]) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe ()
SRV - (Pml Driver HPH11 [On_Demand | Stopped]) -- C:\WINDOWS\system32\HPHipm11.exe (HP)
SRV - (Pml Driver HPZ12 [Unknown | Running]) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (rpcapd [On_Demand | Stopped]) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies)
SRV - (SonicStage Back-End Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe (Sony Corporation)
SRV - (SoundMAX Agent Service (default) [Auto | Running]) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)
SRV - (SPTISRV [On_Demand | Stopped]) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (SSScsiSV [On_Demand | Stopped]) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)
SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (Aavmker4 [System | Running]) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (aeaudio [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\aeaudio.sys (Andrea Electronics Corporation)
DRV - (AegisP [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\AegisP.sys (Cisco Systems, Inc.)
DRV - (Afc [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\Afc.sys (Arcsoft, Inc.)
DRV - (AFS2K [System | Running]) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (AgereSoftModem [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\AGRSM.sys (Agere Systems)
DRV - (ApfiltrService [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (APL531 [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\ov550i.sys (Omnivision Technologies, Inc.)
DRV - (aswFsBlk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV - (aswMon2 [Auto | Running]) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswRdr [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswSP [System | Running]) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswTdi [System | Running]) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (atksgt [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\atksgt.sys ()
DRV - (BsStor [Boot | Running]) -- C:\WINDOWS\System32\drivers\BsStor.sys (B.H.A Co.,Ltd.)
DRV - (BsUDF [Disabled | Running]) -- C:\WINDOWS\System32\drivers\BsUDF.sys (B.H.A Co.,Ltd.)
DRV - (catchme [Unknown | Stopped]) -- C:\WINDOWS\catchme.exe ()
DRV - (CdaC15BA [Auto | Running]) -- C:\WINDOWS\system32\drivers\CDAC15BA.SYS ()
DRV - (Dot4 HPH11 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\hphid411.sys (HP)
DRV - (Dot4Print HPH11 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\hphipr11.sys (HP)
DRV - (Dot4Usb HPH11 [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\hphius11.sys (HP)
DRV - (E100B [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (EAPPkt [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\EAPPkt.sys (Realtek)
DRV - (giveio [Boot | Running]) -- C:\WINDOWS\system32\giveio.sys ()
DRV - (grmnusb [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\grmnusb.sys (GARMIN Corp.)
DRV - (GWIOPM [On_Demand | Stopped]) -- c:\Program Files\LEA Digital Recorder\gwiopm.sys ()
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys (HP)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (lirsgt [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\lirsgt.sys ()
DRV - (MASPINT [Auto | Running]) -- C:\WINDOWS\System32\drivers\MASPINT.SYS (MicroStaff Co.,Ltd.)
DRV - (MDC8021X [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\mdc8021x.sys (Meetinghouse Data Communications)
DRV - (meiudf [System | Running]) -- C:\WINDOWS\System32\Drivers\meiudf.sys (Matsushita Electric Industrial Co.,Ltd.)
DRV - (Netdevio [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\netdevio.sys (TOSHIBA Corporation.)
DRV - (NETGEAR_MA111 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\MA111nd5.sys ( )
DRV - (NPF [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies)
DRV - (pciSd [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\tossdpci.sys (TOSHIBA)
DRV - (pfc [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (PRISM_A02 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\PRISMAXP.sys (GlobespanVirata, Inc.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys (Sonic Solutions)
DRV - (rt2870 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\rt2870.sys (Ralink Technology, Corp.)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sfdrv01 [Boot | Running]) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (sfhlp02 [Boot | Running]) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)
DRV - (smwdm [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (sonypvs1 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sonypvs1.sys (Sony Corporation)
DRV - (speedfan [Boot | Running]) -- C:\WINDOWS\system32\speedfan.sys (Windows ® 2000 DDK provider)
DRV - (SUSTUCAM [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sustucam.sys (Susteen, Inc.)
DRV - (TBiosDrv [Auto | Running]) -- C:\WINDOWS\System32\drivers\TBiosDrv.sys ()
DRV - (tmcomm [Auto | Running]) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (tossmbnt [Auto | Running]) -- C:\WINDOWS\System32\drivers\TOSSMBNT.sys ()
DRV - (tsdhd [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\tsdhd.sys (TOSHIBA Corporation)
DRV - (TVALZ [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\TVALZ.SYS (TOSHIBA Corporation)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (WlanUIB [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\MA111nd5.sys ( )
DRV - ({6080A529-897E-4629-A488-ABA0C29B635E} [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ialmsbw.sys (Intel Corporation)
DRV - ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ialmkchw.sys (Intel Corporation)
DRV - ({E2B953A6-195A-44F9-9BA3-3D5F4E32BB55} [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\wA301a.sys (Intel Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...&ar=msnhome
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..extensions.enabledItems: {DCBD1271-D228-4082-9FBC-36D9B7660B03}:1.1.8
FF - prefs.js..extensions.enabledItems: [email protected]:0.8.1
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.3
FF - prefs.js..extensions.enabledItems: {fffe0eac-3819-4561-8aa9-178a68450d4f}:1.9
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.0
FF - prefs.js..extensions.enabledItems: {5872365e-67d1-4afd-9480-fd293bebd20d}:1.7.2
FF - prefs.js..extensions.enabledItems: {9815d32d-08c2-42ca-a8c6-43e501a4512f}:0.3.2
FF - prefs.js..extensions.enabledItems: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.6.11
FF - prefs.js..extensions.enabledItems: {396BA20B-7E61-47EB-9095-08D70EF4D85A}:1.0
FF - prefs.js..extensions.enabledItems: {AFE5B061-B10B-4111-8C93-FE38258C5CE0}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10
FF - prefs.js..extensions.foxtor.browser.search.update: true
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/30 09:03:07 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/30 09:03:07 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Components: C:\PROGRAM FILES\MOZILLA THUNDERBIRD\COMPONENTS [2009/04/01 14:12:30 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA THUNDERBIRD\PLUGINS [2009/03/03 11:10:06 | 00,000,000 | ---D | M]
[2009/01/10 15:56:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John B\Application Data\mozilla\Extensions
[2009/01/10 15:56:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John B\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/13 10:48:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John B\Application Data\mozilla\Firefox\Profiles\ghtrl0km.default\extensions
[2008/02/10 10:04:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John B\Application Data\mozilla\Firefox\Profiles\ghtrl0km.default\extensions\{5872365e-67d1-4afd-9480-fd293bebd20d}
[2009/04/29 09:43:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John B\Application Data\mozilla\Firefox\Profiles\ghtrl0km.default\extensions\{9815d32d-08c2-42ca-a8c6-43e501a4512f}
[2008/12/03 00:29:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John B\Application Data\mozilla\Firefox\Profiles\ghtrl0km.default\extensions\{DCBD1271-D228-4082-9FBC-36D9B7660B03}
[2009/05/12 14:13:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John B\Application Data\mozilla\Firefox\Profiles\ghtrl0km.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2008/10/29 23:16:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John B\Application Data\mozilla\Firefox\Profiles\ghtrl0km.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2009/03/20 13:42:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John B\Application Data\mozilla\Firefox\Profiles\ghtrl0km.default\extensions\{fffe0eac-3819-4561-8aa9-178a68450d4f}
[2009/03/17 14:10:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John B\Application Data\mozilla\Firefox\Profiles\ghtrl0km.default\extensions\[email protected]
[2008/09/10 22:44:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John B\Application Data\mozilla\Firefox\Profiles\ghtrl0km.default\extensions\[email protected]
[2009/05/13 10:48:28 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/30 14:08:01 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{396BA20B-7E61-47EB-9095-08D70EF4D85A}
[2009/04/30 09:03:07 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/04/30 16:06:32 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{AFE5B061-B10B-4111-8C93-FE38258C5CE0}
[2007/06/10 23:13:05 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\talkback@mozilla(2).org
[2009/04/30 09:02:58 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/30 09:02:59 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/01/10 15:56:18 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/01/10 15:56:18 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/01/10 15:56:18 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/01/10 15:56:18 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/01/10 15:56:18 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/01/10 15:56:18 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [AGRSMMSG] AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [TFNF5] TFNF5.exe (TOSHIBA Corp.)
O4 - HKLM..\Run: [TPSMain] TPSMain.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\00THotkey.exe (TOSHIBA Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin N Wireless USB Adapter Client Utility.lnk = C:\Program Files\Belkin\F5D8053\v5\Belkinwcui.exe (Belkin)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: aol.com ([free] http in Trusted sites)
O15 - HKCU\..Trusted Domains: 28 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft....k/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/viewers/ipixx.cab (iPIX ActiveX Control)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.t...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} http://musicstore.co...ALStreaming.cab (MALPlaybackCtrl Class)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (Reg Error: Key error.)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} http://www.shockwave...gwebinstall.cab (Sandlot Loader Control)
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://www.shockwave...mjolauncher.cab (MJLauncherCtrl Class)
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} http://www.shockwave...bugs/axhost.cab (WildfireActiveXHost Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_16)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://acs.pandasoft...free/asinst.cab (ActiveScan Installer Class)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupd...8135.7490393519 (Reg Error: Key error.)
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} http://www.trendmicr...scan/as4web.cab (Reg Error: Key error.)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcaf...,20/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_16)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} http://download.game...inematycoon.cab (TikGames Online Control)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
========== Files/Folders - Created Within 30 Days ==========
[2099/01/01 12:00:00 | 00,006,456 | -H-- | C] () -- C:\WINDOWS\System32\vigotusa
[2009/05/13 13:54:52 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/05/13 12:00:30 | 24,699,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/05/13 11:22:16 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/05/13 10:37:06 | 78,733,7216 | -HS- | C] () -- C:\hiberfil.sys
[2009/05/13 10:34:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John B\Local Settings\Temp
[2009/05/13 10:34:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/05/13 10:34:49 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/05/13 10:27:43 | 00,370,688 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swsc.exe
[2009/05/13 10:27:43 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swxcacls.exe
[2009/05/13 10:27:43 | 00,139,776 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swreg.exe
[2009/05/13 10:27:43 | 00,104,960 | ---- | C] () -- C:\WINDOWS\catchme.exe
[2009/05/13 10:27:43 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\vfind.exe
[2009/05/13 10:27:38 | 00,000,000 | ---D | C] -- C:\ComboFix
[2009/05/12 10:19:25 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/05/12 10:19:25 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/05/07 12:39:54 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\TZWNA
[2009/05/07 12:14:45 | 00,001,743 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin N Wireless USB Adapter Client Utility.lnk
[2009/05/07 12:14:45 | 00,001,725 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Belkin N Wireless USB Adapter Client Utility.lnk
[2009/05/07 12:13:52 | 00,450,432 | ---- | C] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\drivers\rtl8192u.sys
[2009/05/07 12:13:51 | 00,450,432 | ---- | C] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System\rtl8192u.sys
[2009/05/07 12:13:29 | 00,038,144 | ---- | C] (Realtek) -- C:\WINDOWS\System32\drivers\EAPPkt.sys
[2009/05/07 12:13:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Belkin N Wireless USB Adapter Software
[2009/05/07 09:14:03 | 00,000,226 | ---- | C] () -- C:\Boot.bak
[2009/05/07 09:13:57 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/05/07 09:13:48 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/05/07 09:12:09 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/05/07 09:12:09 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/05/07 09:12:09 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/05/07 09:12:09 | 00,117,248 | ---- | C] () -- C:\WINDOWS\vFind.exe
[2009/05/07 09:12:09 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/05/07 09:12:09 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/05/07 09:12:09 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/05/06 13:42:19 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\yotxsvbh.sys
[2009/05/06 11:01:53 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/05/06 11:01:53 | 00,001,709 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\avast! Antivirus.lnk
[2009/05/06 11:01:52 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/05/06 11:01:51 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/05/06 11:01:49 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/05/06 11:01:47 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/05/06 11:01:47 | 00,094,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/05/06 11:01:47 | 00,093,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/05/06 11:01:47 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/05/06 11:01:21 | 01,256,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/05/06 11:01:21 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/05/06 11:01:16 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/04/16 16:10:25 | 00,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2009/04/16 13:36:41 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/16 13:36:41 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/16 13:36:41 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/16 13:36:41 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sc.exe
[2009/04/16 13:36:40 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/16 13:36:40 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/16 13:36:39 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/04/16 13:36:39 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/16 13:36:39 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/16 13:36:39 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/16 13:35:00 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/04/16 13:34:59 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/04/16 13:34:59 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/04/15 08:47:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ArcSoft
[2009/04/15 08:47:02 | 00,018,688 | ---- | C] (Arcsoft, Inc.) -- C:\WINDOWS\System32\drivers\afc.sys
[2009/04/15 08:47:00 | 00,001,794 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Photo Impression 6.lnk
[2009/04/15 08:46:35 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ArcSoft
[2009/04/15 08:44:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\OvtCam
[2009/04/15 08:44:24 | 00,000,000 | ---D | C] -- C:\Program Files\OVT
[2009/01/14 21:23:11 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\HPPLVS.dll
[2008/12/09 00:09:21 | 00,030,208 | ---- | C] () -- C:\WINDOWS\System32\WNASPI32.DLL
[2008/12/09 00:09:21 | 00,000,291 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
[2008/12/09 00:04:55 | 00,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2007/11/06 15:19:28 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/09/25 23:03:08 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/07/26 13:01:50 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\hppatusg01.dll
[2007/06/30 23:57:01 | 00,000,000 | ---- | C] () -- C:\WINDOWS\pestpatrol5.INI
[2007/06/18 00:34:35 | 00,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2007/04/25 00:14:14 | 00,000,052 | ---- | C] () -- C:\WINDOWS\STYLEEASEAPA.INI
[2007/04/10 00:03:22 | 00,532,480 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2007/03/05 13:34:28 | 00,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/02/19 03:25:49 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2007/02/11 04:09:33 | 00,000,059 | ---- | C] () -- C:\WINDOWS\LTDLG13N.INI
[2006/12/05 17:21:09 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Tripeaks.INI
[2006/11/02 17:03:38 | 00,002,042 | ---- | C] () -- C:\WINDOWS\tabled32.ini
[2006/10/31 12:06:03 | 00,000,128 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/09/11 09:46:53 | 00,165,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2006/09/11 09:46:52 | 00,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2005/09/04 22:53:16 | 00,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.John B.ini
[2005/08/06 09:32:12 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\MouseTrapLib.dll
[2005/06/10 10:57:39 | 00,000,034 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2005/06/02 22:37:45 | 00,004,005 | ---- | C] () -- C:\WINDOWS\hpdj3740.ini
[2005/05/28 18:50:53 | 00,005,667 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/03/01 15:30:20 | 00,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2005/02/23 21:17:54 | 00,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2005/01/16 20:42:25 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/12/17 16:34:53 | 00,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2004/10/06 19:33:37 | 00,112,128 | RH-- | C] () -- C:\WINDOWS\CdaC14BA.DLL
[2004/10/06 19:33:35 | 00,008,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\CDAC15BA.SYS
[2004/07/22 19:26:30 | 00,000,028 | ---- | C] () -- C:\WINDOWS\BTW.ini
[2004/07/22 19:26:22 | 00,000,000 | ---- | C] () -- C:\WINDOWS\autorun.INI
[2004/07/07 20:09:00 | 00,072,704 | ---- | C] () -- C:\WINDOWS\System32\GTRTST32.DLL
[2004/07/07 20:08:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\arhelper.INI
[2004/07/06 21:24:06 | 00,000,708 | ---- | C] () -- C:\WINDOWS\label.ini
[2004/07/06 21:23:54 | 00,000,052 | ---- | C] () -- C:\WINDOWS\odbcddp.ini
[2004/05/28 21:40:39 | 00,000,067 | ---- | C] () -- C:\WINDOWS\swupdate.INI
[2004/03/03 16:27:08 | 00,666,624 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\MA111nd5.sys
[2004/01/30 10:37:50 | 00,000,092 | R--- | C] () -- C:\WINDOWS\System32\FTDIUN2K.INI
[2003/11/21 16:49:44 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/11/20 20:49:20 | 00,000,908 | ---- | C] () -- C:\WINDOWS\System32\Px.ini
[2003/11/20 20:40:32 | 00,000,021 | ---- | C] () -- C:\WINDOWS\CS_SETUP.ini
[2003/11/20 20:34:03 | 00,000,906 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/11/20 20:32:41 | 00,019,607 | ---- | C] () -- C:\WINDOWS\System32\drivers\TOSSMBNT.sys
[2003/11/20 20:12:08 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2003/11/20 20:06:36 | 00,000,034 | ---- | C] () -- C:\WINDOWS\wwwbatch.ini
[2003/11/20 19:54:31 | 00,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2003/11/20 19:54:31 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2003/11/20 19:54:31 | 00,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2003/11/20 19:54:31 | 00,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2003/11/20 19:53:21 | 00,016,384 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2003/11/20 19:44:16 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/11/20 19:28:40 | 00,006,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2003/11/20 18:53:50 | 00,001,924 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/11/20 18:50:00 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/11/20 18:42:22 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/11/20 17:12:52 | 00,000,382 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/11/20 17:12:23 | 00,000,742 | ---- | C] () -- C:\WINDOWS\win.ini
[2003/11/20 17:12:16 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2002/04/04 15:04:08 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\hpodinet.dll
[2001/07/07 04:00:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1996/04/03 14:33:26 | 00,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
========== Files - Modified Within 30 Days ==========
[2009/05/13 10:37:48 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/13 10:37:23 | 00,000,314 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2009/05/13 10:37:21 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
[2009/05/13 10:37:18 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/13 10:37:11 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\John B\Local Settings\desktop.ini
[2009/05/13 10:37:08 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/13 10:37:06 | 78,733,7216 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/12 10:19:25 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/05/12 10:19:25 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/05/07 13:26:33 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/05/07 12:39:54 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\TZWNA
[2009/05/07 12:14:45 | 00,001,743 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin N Wireless USB Adapter Client Utility.lnk
[2009/05/07 12:14:45 | 00,001,725 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Belkin N Wireless USB Adapter Client Utility.lnk
[2009/05/07 09:32:44 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/05/07 09:14:03 | 00,000,296 | RHS- | M] () -- C:\boot.ini
[2009/05/07 00:16:30 | 24,699,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/05/06 13:42:19 | 00,061,440 | ---- | M] () -- C:\WINDOWS\System32\drivers\yotxsvbh.sys
[2009/05/06 11:01:53 | 00,001,709 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\avast! Antivirus.lnk
[2009/05/06 11:01:47 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/05/01 15:36:46 | 00,117,248 | ---- | M] () -- C:\WINDOWS\vFind.exe
[2009/04/30 14:16:32 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\vigotusa
[2009/04/17 08:51:13 | 00,479,920 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/17 08:51:13 | 00,407,908 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/17 08:51:13 | 00,064,398 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/17 08:41:26 | 00,247,904 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/16 16:15:27 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/04/15 08:47:00 | 00,001,794 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Photo Impression 6.lnk
< End of report >
OTListIt Extras logfile created on: 5/13/2009 1:57:58 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.7 Folder = C:\Documents and Settings\John B\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
750.79 Mb Total Physical Memory | 353.42 Mb Available Physical Memory | 47.07% Memory free
1.04 Gb Paging File | 0.69 Gb Available in Paging File | 66.12% Paging File free
Paging file location(s): C:\pagefile.sys 360 720 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 10.18 Gb Free Space | 27.32% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: JOHNLAPTOP
Current User Name: John B
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\Smart PC Solutions\Startup Booster\StartupBooster.exe:*:Enabled:Make your pc faster! (Smart PC Solutions)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{02C85EC5-E864-4847-AF55-42730861004C}" = MrvlUsgTracking
"{063E409E-3D7C-4A4A-95AB-2F124B9224B3}" = ArcSoft PhotoImpression 6
"{0C4E1AFF-779C-443A-9B96-91D0D3063061}" = ReportViewer
"{10F5D9BB-E2F2-4B18-A65D-928B73D22E6F}" = USB-IrDA Adapter
"{13E824B4-FE15-4F8D-94C6-A7F98EBF9F01}" = TaxWise Workstation Setup
"{19C64880-BBCA-11D4-9EEE-0004ACDDDB3B}" = B's CLiP
"{1B4AA674-F5CA-4BB5-831A-CD37B4021959}" = ImageMixer for Sony
"{1E38AB5D-6393-4E44-A2E2-1AA01A265441}" = LEA Digital Recorder
"{27555031-A116-4EC6-9991-7B400142A936}" = HP PSC & OfficeJet 6.1.A
"{3470FBE6-B743-420F-B5CE-0D27FA749C16}" = Touch and Launch
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{366FFC89-C800-4366-B903-B9C4314109A5}" = Garmin WebUpdater
"{3CF0858D-1AC5-4308-9DE7-AD15288A8BDC}" = TOSHIBA Console
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}" = TOSHIBA SD Memory Card Format
"{548EAC70-EE00-11DD-908C-005056806466}" = Google Earth
"{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
"{564A8DD3-70BC-4018-A5C3-7CEB10BBB6E9}" = Image Transfer
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{5B09BD67-4C99-46A1-8161-B7208CE18121}" = QuickTime
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{625BD732-ACDF-4552-BF22-98EBB413B6F3}" = McAfee Shredder
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7148F0A8-6813-11D6-A77B-00B0D0142160}" = Java 2 Runtime Environment, SE v1.4.2_16
"{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1" = Auslogics BoostSpeed
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply
"{7B02BF60-796D-4616-908B-B31A63CFDEFB}" = HPCarePackCore
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}" = URGE
"{8E240C1C-25D0-4248-BC6C-ACC3472E35CE}" = SigmaTel MSCN Audio Player
"{901B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{90327F59-EBD1-4246-A3F6-FC85C0BDD329}" = Belkin N Wireless USB Adapter Software
"{91A10409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
"{93B8C73B-C8FB-4B60-A22E-1C40AE661AB7}" = CRS Photo Scanner
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD 4
"{9AC200C3-A4C8-401C-A5A8-202BE888B165}" = TOSHIBA Fax Extension
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.3
"{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}" = Microsoft Works 6.0
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B66899F2-C58D-4CEC-9FA8-867883FFB707}" = CoffeeCup Free FTP
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{BA561482-C49D-4687-A61C-96236C1688F0}" = ArcSoft Software Suite
"{BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387}" = Works Synchronization
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C4BA56E6-3DA9-4454-AD39-81FB11810984}" = McAfee VirusScan Professional Bonus Pack
"{C6812939-B117-48E6-A3BA-1709C14A3C8C}" = Scan
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{DC19E750-988B-4005-A355-85EF66055EFE}" = Works Suite OS Pack
"{DDC146FA-73E0-4FA1-A353-841EA14BF600}" = Drag'n Drop CD+DVD
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag
"{ECA31632-C2AD-4774-A3CA-2813D47E4DD0}" = HPCarePackProducts
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F22C63FE-DBA4-4FDA-9306-55AA627CE6C7}" = Wise-FTP
"{F6C405D2-C50D-4D10-B89E-73A233A14D74}" = Toshiba Registration
"{FC88C8F6-507B-4150-B2B1-6F9A414300ED}" = TaxWise Workstation Setup
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AdobeESD" = Adobe Download Manager 2.0 (Remove Only)
"Audacity_is1" = Audacity 1.2.3
"avast!" = avast! Antivirus
"BFG-Build-a-lot" = Build-a-lot
"BFGC" = Big Fish Games Client
"Bridge Building Game" = Bridge Building Game
"Cain & Abel v4.9.23" = Cain & Abel v4.9.23
"CAL" = Canon Camera Access Library
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CCleaner" = CCleaner (remove only)
"CdaC13Ba" = Cda Product Service - shared component
"CRS Photo Scanner" = Uninstall CRS Photo Scanner
"CSCLIB" = Canon Camera Support Core Library
"EOS Utility" = Canon Utilities EOS Utility
"EPSON Printer and Utilities" = EPSON Printer Software
"ERUNT_is1" = ERUNT 1.1j
"Glary Registry Repair_is1" = Glary Registry Repair 3.0
"Glary Utilities_is1" = Glary Utilities 2.10.0.622
"Hidden Expedition Titanic" = Hidden Expedition Titanic (remove only)
"HijackThis" = HijackThis 1.99.1
"Hijackthis_is1" = Hijackthis 1.99.1
"HP LaserJet P1000 series" = HP LaserJet P1000 series
"hphuni04" = Photosmart Printer 130,230,7150,7350,7550 (Remove only)
"igLoader" = igLoader
"igLoader_is1" = igLoader 2,0,0,2
"InstallShield_{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"Luxor" = Luxor (remove only)
"Luxor AR" = Luxor Amun Rising (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10)
"Mozilla Thunderbird (2.0.0.21)" = Mozilla Thunderbird (2.0.0.21)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"MWASPI" = MicroStaff WINASPI
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"Mystery Case Files - Huntsville" = Mystery Case Files - Huntsville (remove only)
"Notebook_Maximizer" = Notebook Maximizer
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01
"Panda ActiveScan" = Panda ActiveScan
"PC Diagnostic Tool" = TOSHIBA PC Diagnostic Tool
"PDF-XChange PDF Viewer_is1" = PDF-XChange PDF Viewer
"PhotoStitch" = Canon Utilities PhotoStitch
"PokerStars" = PokerStars
"Power Saver" = TOSHIBA Power Saver
"PROSet" = Intel® PRO Network Adapters and Drivers
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 6.0" = RealPlayer
"RemoteCaptureDC" = Canon Utilities RemoteCapture DC
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Shockwave" = Shockwave
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SpeedFan" = SpeedFan (remove only)
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"SpywareBlaster_is1" = SpywareBlaster v3.5.1
"Startup Booster_is1" = Startup Booster v2.1
"StreetPlugin" = Learn2 Player (Uninstall Only)
"StyleEase for APA Style" = StyleEase for APA Style
"SysInfo" = Creative System Information
"TablEdit_is1" = TablEdit 2.64
"TcD_is1" = TcD v2.2.4
"TDspBtn" = TOSHIBA Display Devices Change Utility
"TFNF5" = TOSHIBA Hotkey Utility for Display Devices
"TOSHIBA Access" = TOSHIBA Access
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Toshiba Tbiosdrv Driver" = Toshiba Tbiosdrv Driver
"TOSHIBA Utilities" = TOSHIBA Utilities
"TouchED" = TOSHIBA TouchPad On/Off Utility V2.05.00
"UnityWebPlayer" = Unity Web Player
"ViewpointMediaPlayer" = Viewpoint Media Player
"What's Running_is1" = What's Running 2.2
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPcapInst" = WinPcap 4.0.2
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2002Setup" = Microsoft Works 2002 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"YInstHelper" = Yahoo! Install Manager
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
"Zuma Deluxe 1.0" = Zuma Deluxe 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mystery Case Files - Ravenhearst" = Mystery Case Files - Ravenhearst (remove only)
========== Last 10 Event Log Errors ==========
[ Antivirus Events ]
Error - 5/6/2009 3:14:31 PM | Computer Name = JOHNLAPTOP | Source = avast! | ID = 33554522
Description = Internal error has occurred in module aswar scan function failed!,
function A0000111.
Error - 5/6/2009 5:06:14 PM | Computer Name = JOHNLAPTOP | Source = avast! | ID = 33554522
Description = Internal error has occurred in module aswar scan function failed!,
function A0000111.
Error - 5/12/2009 4:06:30 PM | Computer Name = JOHNLAPTOP | Source = avast! | ID = 33554522
Description = Internal error has occurred in module aswar scan function failed!,
function 00000002.
[ Application Events ]
Error - 5/6/2009 9:33:56 AM | Computer Name = JOHNLAPTOP | Source = Google Update | ID = 20
Description =
Error - 5/6/2009 10:40:22 AM | Computer Name = JOHNLAPTOP | Source = Application Error | ID = 1000
Description = Faulting application gdwizrkuy.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x771d5c8e.
Error - 5/6/2009 10:40:28 AM | Computer Name = JOHNLAPTOP | Source = Application Error | ID = 1000
Description = Faulting application gdwizrkuy.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x771d5c8e.
Error - 5/6/2009 10:40:32 AM | Computer Name = JOHNLAPTOP | Source = Application Error | ID = 1000
Description = Faulting application gdwizrkuy.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x771d5c8e.
Error - 5/6/2009 11:55:42 AM | Computer Name = JOHNLAPTOP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module shlwapi.dll, version 6.0.2900.5512, fault address 0x0001a9b8.
Error - 5/6/2009 11:57:03 AM | Computer Name = JOHNLAPTOP | Source = Application Error | ID = 1000
Description = Faulting application 152297936.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x771c5796.
Error - 5/6/2009 11:59:06 AM | Computer Name = JOHNLAPTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.
Error - 5/6/2009 11:59:06 AM | Computer Name = JOHNLAPTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.
Error - 5/6/2009 2:25:39 PM | Computer Name = JOHNLAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application setup.exe, version 12.0.0.58849, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 5/13/2009 1:01:57 PM | Computer Name = JOHNLAPTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.
[ System Events ]
Error - 5/12/2009 3:58:09 PM | Computer Name = JOHNLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 5/12/2009 3:59:00 PM | Computer Name = JOHNLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
Error - 5/12/2009 3:59:00 PM | Computer Name = JOHNLAPTOP | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBT service which failed
to start because of the following error: %%31
Error - 5/12/2009 3:59:00 PM | Computer Name = JOHNLAPTOP | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31
Error - 5/12/2009 3:59:00 PM | Computer Name = JOHNLAPTOP | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD Networking Support
Environment service which failed to start because of the following error: %%31
Error - 5/12/2009 3:59:00 PM | Computer Name = JOHNLAPTOP | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31
Error - 5/12/2009 3:59:00 PM | Computer Name = JOHNLAPTOP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aavmker4 AFD aswSP aswTdi Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
Error - 5/13/2009 11:35:01 AM | Computer Name = JOHNLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
Error - 5/13/2009 11:36:07 AM | Computer Name = JOHNLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 5/13/2009 11:37:31 AM | Computer Name = JOHNLAPTOP | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2
< End of report >
The last Avast scan found the following win32:rootkit-gen, win32:trojan-gen, BV:Malware-gen
I am still having the redirect issues.
Thanks so much in advance