OTL logfile created on: 10/25/2009 11:40:43 PM - Run 1
OTL by OldTimer - Version 3.0.22.1 Folder = C:\Documents and Settings\Bob Tan\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.99 Gb Total Physical Memory | 1.25 Gb Available Physical Memory | 62.88% Memory free
3.84 Gb Paging File | 3.20 Gb Available in Paging File | 83.36% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.60 Gb Total Space | 52.17 Gb Free Space | 46.74% Space Free | Partition Type: NTFS
Drive D: | 4.20 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: BOB
Current User Name: Bob Tan
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ========== PRC - [2009/10/25 23:39:36 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bob Tan\Desktop\OTL.exe
PRC - [2009/08/26 22:18:44 | 00,634,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE
PRC - [2009/07/26 16:44:34 | 03,883,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
PRC - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/02/06 17:07:48 | 00,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/11/09 13:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 17:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2008/04/13 17:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.exe
PRC - [2007/06/14 19:57:42 | 00,145,504 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\System32\bgsvcgen.exe
PRC - [2007/01/04 14:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/05/25 18:30:16 | 00,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\TODDSrv.exe
PRC - [2006/04/24 19:54:14 | 00,110,592 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\TPSODDCtl.exe
PRC - [2006/04/24 19:54:12 | 00,315,392 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\TPSMain.exe
PRC - [2006/04/24 19:54:04 | 00,045,056 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\TPSBattM.exe
PRC - [2006/04/12 17:34:24 | 00,024,576 | ---- | M] (Utimaco Safeware AG) -- C:\Program Files\Utimaco\SafeGuard Easy\Ecview.exe
PRC - [2006/04/12 17:33:08 | 00,090,112 | ---- | M] (Utimaco Safeware AG) -- C:\Program Files\Utimaco\SafeGuard Easy\SgeCtl.exe
PRC - [2006/04/12 17:30:40 | 00,131,072 | ---- | M] () -- C:\Program Files\Utimaco\SafeGuard Easy\SgeClient.exe
PRC - [2006/04/12 17:26:54 | 00,147,456 | ---- | M] (Utimaco Safeware AG) -- C:\Program Files\Utimaco\SafeGuard Easy\WksCfgSrv.exe
PRC - [2006/04/09 21:24:28 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe
PRC - [2006/02/02 12:11:38 | 00,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Tvs\TvsTray.exe
PRC - [2005/12/20 12:46:20 | 00,176,128 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\ThpSrv.exe
PRC - [2005/11/28 11:31:32 | 00,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2005/11/28 11:29:00 | 00,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2005/11/28 11:28:14 | 00,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2005/11/15 13:28:04 | 00,085,744 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2005/11/15 13:27:54 | 01,756,912 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2005/11/15 13:27:44 | 00,020,208 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2005/11/02 16:41:04 | 00,978,944 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2005/10/04 12:42:50 | 00,177,776 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2005/10/04 12:42:42 | 00,185,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2005/10/04 12:42:40 | 00,048,752 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2005/08/05 13:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe
PRC - [2005/08/05 13:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
PRC - [2005/07/12 17:14:42 | 00,040,960 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
PRC - [2005/05/17 11:42:02 | 00,049,152 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
PRC - [2005/03/31 12:27:00 | 00,061,440 | ---- | M] (Utimaco Safeware AG) -- C:\WINDOWS\System32\SgLogPlayer.exe
PRC - [2005/01/17 16:38:38 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2004/12/30 00:32:20 | 00,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
PRC - [2004/08/28 00:37:00 | 00,155,648 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\System32\RAMASST.exe
PRC - [2004/08/28 00:33:00 | 00,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\System32\DVDRAMSV.exe
PRC - [2004/08/18 03:37:44 | 00,184,320 | ---- | M] (Agere Systems) -- C:\Program Files\ltmoh\Ltmoh.exe
PRC - [2004/03/23 22:40:42 | 00,196,608 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\Apoint.exe
PRC - [2003/02/26 11:08:42 | 00,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\Apntex.exe
========== Win32 Services (SafeList) ========== SRV - File not found -- -- (getPlus® Helper [On_Demand | Stopped])
SRV - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/11/09 13:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService [Auto | Running])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/04/13 17:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2007/08/16 08:56:16 | 00,309,744 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9 [Auto | Stopped])
SRV - [2007/08/16 08:56:14 | 00,166,384 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9 [Auto | Stopped])
SRV - [2007/08/16 08:56:10 | 01,092,080 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9 [On_Demand | Stopped])
SRV - [2007/07/24 05:14:08 | 00,088,560 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9 [On_Demand | Stopped])
SRV - [2007/07/24 05:14:06 | 00,358,896 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9 [Auto | Stopped])
SRV - [2007/06/14 19:57:42 | 00,145,504 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\System32\bgsvcgen.exe -- (bgsvcgen [Auto | Running])
SRV - [2007/01/04 14:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])
SRV - [2006/05/25 18:30:16 | 00,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\TODDSrv.exe -- (TODDSrv [Auto | Running])
SRV - [2006/04/12 17:33:08 | 00,090,112 | ---- | M] (Utimaco Safeware AG) -- C:\Program Files\Utimaco\SafeGuard Easy\SgeCtl.exe -- (SgeCtl [Auto | Running])
SRV - [2006/04/12 17:30:40 | 00,131,072 | ---- | M] () -- C:\Program Files\Utimaco\SafeGuard Easy\SgeClient.exe -- (SgeClient [Auto | Running])
SRV - [2006/04/12 17:26:54 | 00,147,456 | ---- | M] (Utimaco Safeware AG) -- C:\Program Files\Utimaco\SafeGuard Easy\WksCfgSrv.exe -- (WksCfgSrv [Auto | Running])
SRV - [2006/04/09 21:24:28 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe -- (ehRecvr [Auto | Running])
SRV - [2005/12/20 12:46:20 | 00,176,128 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\ThpSrv.exe -- (Thpsrv [Auto | Running])
SRV - [2005/11/28 11:31:32 | 00,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor [Auto | Running])
SRV - [2005/11/28 11:29:00 | 00,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng [Auto | Running])
SRV - [2005/11/28 11:28:14 | 00,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc [Auto | Running])
SRV - [2005/11/15 13:27:56 | 00,169,200 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam [On_Demand | Stopped])
SRV - [2005/11/15 13:27:54 | 01,756,912 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus [Auto | Running])
SRV - [2005/11/15 13:27:44 | 00,020,208 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch [Auto | Running])
SRV - [2005/10/19 17:39:34 | 00,214,672 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc [On_Demand | Stopped])
SRV - [2005/10/04 12:42:50 | 00,177,776 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr [Auto | Running])
SRV - [2005/10/04 12:42:48 | 00,083,568 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc [On_Demand | Stopped])
SRV - [2005/10/04 12:42:42 | 00,185,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr [Auto | Running])
SRV - [2005/08/05 13:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe -- (ehSched [Auto | Running])
SRV - [2005/08/05 13:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
SRV - [2005/08/03 18:29:52 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [On_Demand | Stopped])
SRV - [2005/07/12 17:14:42 | 00,040,960 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr [Auto | Running])
SRV - [2005/03/31 12:27:00 | 00,061,440 | ---- | M] (Utimaco Safeware AG) -- C:\WINDOWS\System32\SgLogPlayer.exe -- (SgLogPlayer [Auto | Running])
SRV - [2005/03/30 21:48:22 | 00,992,864 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc [On_Demand | Stopped])
SRV - [2005/01/17 16:38:38 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs [Auto | Running])
SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2004/08/28 00:33:00 | 00,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\System32\DVDRAMSV.exe -- (DVD-RAM_Service [Auto | Running])
SRV - [2004/08/10 04:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped])
SRV - [2003/03/09 22:31:02 | 00,065,795 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12 [On_Demand | Stopped])
========== Modules (SafeList) ========== MOD - [2009/10/25 23:39:36 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bob Tan\Desktop\OTL.exe
MOD - [2009/07/25 21:03:22 | 00,090,112 | -HS- | M] () -- C:\WINDOWS\System32\balayoyu.dll
MOD - [2009/07/25 09:03:38 | 00,052,224 | -HS- | M] () -- C:\WINDOWS\System32\dezudesu.dll
MOD - [2008/04/13 17:12:51 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2006/04/12 17:33:06 | 00,024,576 | ---- | M] (Utimaco Safeware AG) -- C:\Program Files\Utimaco\SafeGuard Easy\SgMsgBhk.dll
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://ie.search.msn...st/srchcust.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch =
http://us.rd.yahoo.c...rch/search.htmlIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://us.rd.yahoo.c...//www.yahoo.comIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL =
http://search.yahoo....e...-8&fr=b1ie7IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch =
http://ie.search.msn...autosearch.aspxIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://ie.search.msn...st/srchcust.htmIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
http://ie.search.msn...st/srchasst.htmIE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/07 22:42:27 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\
[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008/12/23 18:27:22 | 00,000,000 | ---D | M]
O1 HOSTS File: (155 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.127.226 windows-shield.microsoft.com
O1 - Hosts: 91.212.127.226 windows-shield.com
O1 - Hosts: 91.212.127.226 www.windows-shield.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {36142BDD-7850-42FC-9681-1534A35285B9} - No CLSID value found.
O2 - BHO: (no name) - {4AED1C2F-9ACE-4FDB-8493-ED1C9F4CD6F6} - C:\WINDOWS\System32\khfFXNEv.dll File not found
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [EdWizard] C:\Program Files\Utimaco\SafeGuard Easy\EdWizard.exe (Utimaco Safeware AG)
O4 - HKLM..\Run: [hopidajuj] C:\WINDOWS\System32\balayoyu.DLL ()
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SgeEcView] C:\Program Files\Utimaco\SafeGuard Easy\Ecview.exe (Utimaco Safeware AG)
O4 - HKLM..\Run: [ThpSrv] C:\WINDOWS\System32\thpsrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosHKCW.exe] C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPSODDCtl] C:\WINDOWS\System32\TPSODDCtl.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe File not found
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (TOSHIBA)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Bidd\mbamgui.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\System32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCMD = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCMD = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe File not found
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: antispyexpert.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: avsystemcare.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: imageservr.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: onerateld.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: safetydownload.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: spyguardpro.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: storageguardsoft.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: trustedantivirus.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: virusremover2008.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: virusschlacht.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: antispyexpert.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: avsystemcare.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: imageservr.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: onerateld.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: safetydownload.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: spyguardpro.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: storageguardsoft.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: trustedantivirus.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: virusremover2008.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: virusschlacht.com ([]* in Trusted sites)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED}
https://supportcente...oad/tgctlcm.cab (Reg Error: Key error.)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533}
https://support.micr...veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501}
http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71}
http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0}
http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565}
http://messenger.zon...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24}
http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166}
http://cdn.scan.onec...lscbase6662.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC}
https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592}
http://messenger.zon...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072}
http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF}
http://upload.facebo...Uploader4_5.cab (Facebook Photo Uploader 4)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: CabBuilder
http://kiw.imgag.com...llerControl.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\flowto {C7101FB0-28FB-11D5-883A-204C4F4F5021} - C:\Program Files\NetExchange Pro3.0\FlowHook.dll ()
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (dezudesu.dll) - C:\WINDOWS\System32\dezudesu.dll ()
O20 - AppInit_DLLs: (c:\windows\system32\balayoyu.dll) - C:\WINDOWS\System32\balayoyu.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (SGGINA.DLL) - C:\WINDOWS\System32\SGGINA.DLL (Utimaco Safeware AG)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\System32\NavLogon.dll (Symantec Corporation)
O20 - Winlogon\Notify\NotLog: DllName - SGLogEx.dll - C:\WINDOWS\System32\SGLogEx.dll (Utimaco Safeware AG)
O20 - Winlogon\Notify\psfus: DllName - psqlpwd.dll - C:\WINDOWS\System32\psqlpwd.dll (UPEK Inc.)
O20 - Winlogon\Notify\SGLogNotification: DllName - SGLogNotification.dll - C:\WINDOWS\System32\SGLogNotification.dll (Utimaco Safeware AG)
O21 - SSODL: fulebofet - {b64045b6-e5c7-42e2-b15c-6a6c8b093c66} - C:\WINDOWS\System32\balayoyu.dll ()
O22 - SharedTaskScheduler: {b64045b6-e5c7-42e2-b15c-6a6c8b093c66} - kupuhivus - C:\WINDOWS\System32\balayoyu.dll ()
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O29 - HKLM SecurityProviders - (msansspc.dll) - File not found
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\khfFXNEv) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/08/18 17:34:15 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found
NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: MHN - C:\WINDOWS\System32\mhn.dll (Microsoft Corporation)
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
========== Files/Folders - Created Within 14 Days ========== [2009/10/15 10:42:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Verizon Wireless
[2009/10/15 21:14:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob Tan\Application Data\Verizon Wireless
[2009/10/25 22:13:07 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/25 09:13:42 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware1
[2009/10/15 10:41:59 | 00,000,000 | ---D | C] -- C:\Program Files\Verizon Wireless
[2009/10/25 23:39:34 | 00,521,728 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bob Tan\Desktop\OTL.exe
[2009/10/25 22:13:11 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/25 22:13:09 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/25 21:26:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob Tan\Desktop\RootRepeal
[2009/10/25 09:31:06 | 00,000,000 | ---D | C] -- C:\Avenger
[2009/10/25 08:58:52 | 02,876,720 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Bob Tan\Desktop\mbam-setup.exe
[2009/10/14 19:12:23 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/07/22 17:46:02 | 00,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Bob Tan\Application Data\pcouffin.sys
========== Files - Modified Within 14 Days ========== [1 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/10/25 23:39:36 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bob Tan\Desktop\OTL.exe
[2009/10/25 23:38:51 | 00,004,100 | -H-- | M] () -- C:\WINDOWS\System32\royiteze
[2009/10/25 22:13:11 | 00,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/25 21:41:45 | 00,523,776 | ---- | M] () -- C:\Documents and Settings\Bob Tan\Desktop\dds.scr
[2009/10/25 21:40:37 | 00,288,256 | ---- | M] () -- C:\Documents and Settings\Bob Tan\Desktop\exeHelper.com
[2009/10/25 20:23:36 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/25 20:23:28 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/25 20:23:23 | 21,382,92224 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/25 08:58:52 | 02,876,720 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Bob Tan\Desktop\mbam-setup.exe
[2009/10/24 14:57:10 | 00,026,628 | ---- | M] () -- C:\WINDOWS\System32\logon.exe
[2009/10/21 19:47:00 | 00,129,258 | ---- | M] () -- C:\Documents and Settings\Bob Tan\Desktop\D_North_South_2009.pdf
[2009/10/21 13:34:04 | 00,057,344 | ---- | M] () -- C:\Documents and Settings\Bob Tan\Desktop\Kit Order Form_Janet1.doc
[2009/10/21 12:07:03 | 00,544,084 | ---- | M] () -- C:\Documents and Settings\Bob Tan\Desktop\Supplemental Fee Disclosure.pdf
[2009/10/21 12:05:58 | 00,080,949 | ---- | M] () -- C:\Documents and Settings\Bob Tan\Desktop\PLAN_LEVEL_PERF.pdf
[2009/10/21 12:04:11 | 00,427,923 | ---- | M] () -- C:\Documents and Settings\Bob Tan\Desktop\Ontario Enrollment Form.pdf
[2009/10/18 18:23:30 | 00,258,993 | ---- | M] () -- C:\Documents and Settings\Bob Tan\My Documents\scan0002.jpg
[2009/10/15 10:42:13 | 00,001,024 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VZAccess Manager.lnk
[2009/10/14 19:14:17 | 00,504,314 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/14 19:14:17 | 00,443,034 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/10/14 19:14:17 | 00,072,134 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/10/14 19:08:36 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/10/14 19:04:23 | 00,000,663 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/10/12 12:37:36 | 00,553,174 | ---- | M] () -- C:\Documents and Settings\Bob Tan\My Documents\wallace 1099.pdf
========== Files - No Company Name ==========[2009/10/25 22:13:11 | 00,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/25 21:41:42 | 00,523,776 | ---- | C] () -- C:\Documents and Settings\Bob Tan\Desktop\dds.scr
[2009/10/25 21:40:36 | 00,288,256 | ---- | C] () -- C:\Documents and Settings\Bob Tan\Desktop\exeHelper.com
[2009/10/24 14:57:12 | 00,026,628 | ---- | C] () -- C:\WINDOWS\System32\logon.exe
[2009/10/21 19:46:59 | 00,129,258 | ---- | C] () -- C:\Documents and Settings\Bob Tan\Desktop\D_North_South_2009.pdf
[2009/10/21 12:07:03 | 00,544,084 | ---- | C] () -- C:\Documents and Settings\Bob Tan\Desktop\Supplemental Fee Disclosure.pdf
[2009/10/21 12:05:58 | 00,080,949 | ---- | C] () -- C:\Documents and Settings\Bob Tan\Desktop\PLAN_LEVEL_PERF.pdf
[2009/10/21 12:04:10 | 00,427,923 | ---- | C] () -- C:\Documents and Settings\Bob Tan\Desktop\Ontario Enrollment Form.pdf
[2009/10/21 11:48:14 | 00,057,344 | ---- | C] () -- C:\Documents and Settings\Bob Tan\Desktop\Kit Order Form_Janet1.doc
[2009/10/18 18:23:28 | 00,258,993 | ---- | C] () -- C:\Documents and Settings\Bob Tan\My Documents\scan0002.jpg
[2009/10/15 10:42:13 | 00,001,024 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VZAccess Manager.lnk
[2009/10/12 12:37:36 | 00,553,174 | ---- | C] () -- C:\Documents and Settings\Bob Tan\My Documents\wallace 1099.pdf
[2009/09/09 11:20:52 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[2009/08/13 15:08:25 | 00,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2009/07/25 21:03:22 | 00,090,112 | -HS- | C] () -- C:\WINDOWS\System32\balayoyu.dll
[2009/07/25 21:03:22 | 00,038,400 | -HS- | C] () -- C:\WINDOWS\System32\jahomayo.dll
[2009/07/25 09:03:38 | 00,052,224 | -HS- | C] () -- C:\WINDOWS\System32\puyepidu.dll
[2009/07/25 09:03:38 | 00,052,224 | -HS- | C] () -- C:\WINDOWS\System32\fapilizu.dll
[2009/07/25 09:03:38 | 00,052,224 | -HS- | C] () -- C:\WINDOWS\System32\dezudesu.dll
[2009/07/25 09:03:02 | 00,089,600 | -HS- | C] () -- C:\WINDOWS\System32\levukote.dll
[2009/07/25 09:03:02 | 00,052,224 | -HS- | C] () -- C:\WINDOWS\System32\sekanawo.dll
[2009/07/25 09:03:02 | 00,038,912 | -HS- | C] () -- C:\WINDOWS\System32\tuduriro.dll
[2009/07/24 15:02:06 | 00,038,912 | -HS- | C] () -- C:\WINDOWS\System32\ruvubeye.dll
[2009/07/22 17:46:02 | 00,087,608 | ---- | C] () -- C:\Documents and Settings\Bob Tan\Application Data\inst.exe
[2009/07/22 17:46:02 | 00,007,887 | ---- | C] () -- C:\Documents and Settings\Bob Tan\Application Data\pcouffin.cat
[2009/07/22 17:46:02 | 00,001,144 | ---- | C] () -- C:\Documents and Settings\Bob Tan\Application Data\pcouffin.inf
[2009/07/22 17:46:02 | 00,000,034 | ---- | C] () -- C:\Documents and Settings\Bob Tan\Application Data\pcouffin.log
[2009/04/01 18:05:34 | 00,008,704 | ---- | C] () -- C:\WINDOWS\System32\BHARegister.dll
[2009/01/26 23:23:04 | 00,000,240 | ---- | C] () -- C:\Documents and Settings\Bob Tan\Application Data\wklnhst.dat
[2008/12/22 13:34:51 | 00,002,104 | -HS- | C] () -- C:\WINDOWS\System32\vENXFfhk.ini2
[2008/12/22 13:34:51 | 00,002,104 | -HS- | C] () -- C:\WINDOWS\System32\vENXFfhk.ini
[2008/12/17 15:26:17 | 00,000,125 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2008/10/12 16:06:19 | 00,000,143 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/08/15 15:23:26 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS71.DLL
[2008/07/24 20:08:38 | 00,000,560 | ---- | C] () -- C:\WINDOWS\stbce.INI
[2008/05/27 16:50:18 | 00,009,255 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/05/27 16:37:32 | 00,000,770 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Installer.log
[2008/02/25 09:30:12 | 00,059,168 | ---- | C] () -- C:\Documents and Settings\Bob Tan\Application Data\GDIPFONTCACHEV1.DAT
[2008/01/30 17:10:46 | 00,274,432 | ---- | C] () -- C:\WINDOWS\System32\libcurl.dll
[2007/12/02 18:55:05 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\USA19HPropPage.dll
[2007/12/02 18:55:02 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\k19hinst.dll
[2007/11/26 16:15:40 | 00,000,228 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/11/21 17:01:23 | 00,007,680 | ---- | C] () -- C:\Documents and Settings\Bob Tan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/07 10:54:05 | 00,032,397 | ---- | C] () -- C:\WINDOWS\SGTBox.INI
[2007/10/31 10:39:54 | 00,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2007/09/17 13:15:09 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2007/09/17 13:15:09 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2007/09/07 20:50:27 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/09/07 20:44:11 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Bob Tan\Application Data\desktop.ini
[2007/09/07 20:44:10 | 00,035,536 | ---- | C] () -- C:\Documents and Settings\Bob Tan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2007/09/07 20:44:10 | 00,000,130 | ---- | C] () -- C:\Documents and Settings\Bob Tan\Local Settings\Application Data\fusioncache.dat
[2007/05/17 14:58:10 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\libexpatw.dll
[2006/08/20 15:41:53 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/08/18 19:45:49 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/08/18 19:45:49 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/08/18 19:45:49 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/08/18 19:45:49 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/08/18 19:45:49 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/08/18 19:45:49 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/08/18 19:40:31 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2006/08/18 19:38:00 | 00,036,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys
[2006/08/18 19:38:00 | 00,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2006/08/18 19:05:13 | 00,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2006/08/18 19:05:13 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2006/08/18 19:05:13 | 00,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2006/08/18 19:05:13 | 00,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2006/08/18 17:44:41 | 00,000,594 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/18 17:28:48 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/08/18 16:53:12 | 00,000,330 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/08/18 16:48:33 | 00,000,663 | ---- | C] () -- C:\WINDOWS\win.ini
[2006/08/18 16:48:25 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2006/08/18 10:24:16 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2006/04/12 17:34:50 | 00,016,384 | ---- | C] () -- C:\WINDOWS\System32\Sgegina040C.Dll
[2006/04/12 17:34:46 | 00,016,384 | ---- | C] () -- C:\WINDOWS\System32\SgeGina0407.Dll
[2006/02/15 15:32:36 | 00,024,576 | R--- | C] () -- C:\WINDOWS\System32\loaddlln.dll
[2005/09/02 14:44:08 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/08/24 15:20:28 | 00,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2005/08/05 14:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/07/22 21:30:20 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2005/03/31 12:27:18 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\SGCleanLocalGPO.dll
[2004/07/20 17:04:02 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 14:43:28 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2004/01/13 17:46:34 | 00,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2003/03/09 22:31:04 | 00,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[1999/01/27 13:39:06 | 00,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 07:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
========== LOP Check ========== [2009/10/15 10:42:01 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data
[2008/10/06 18:05:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/06/16 15:31:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/10/30 00:37:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2008/08/18 11:19:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2009/08/11 10:06:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2009/10/25 20:27:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink
[2008/12/17 15:26:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
[2007/09/07 20:42:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intel
[2009/03/26 12:29:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2009/09/10 23:06:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Linksys
[2007/12/05 12:39:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogiShrd
[2009/04/01 22:04:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panasonic
[2009/04/21 13:03:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Roxio
[2008/12/17 15:32:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2008/03/02 10:18:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TVU Networks
[2009/10/15 10:42:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Verizon Wireless
[2009/06/15 15:02:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/07/22 22:07:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2006/08/18 19:31:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2007/09/07 20:52:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2009/10/15 21:14:52 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Bob Tan\Application Data
[2008/10/30 00:37:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob Tan\Application Data\acccore
[2007/12/01 16:52:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob Tan\Application Data\Ahead
[2008/05/27 16:49:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob Tan\Application Data\FotoWire
[2007/09/07 20:42:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob Tan\Application Data\Intel
[2007/09/20 14:29:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob Tan\Application Data\InterVideo
[2008/04/05 19:37:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob Tan\Application Data\Intuit
[2007/12/02 18:55:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob Tan\Application Data\Leadertech
[2007/10/02 23:33:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob Tan\Application Data\Morningstar
[2009/02/18 09:48:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob Tan\Application Data\Move Networks
[2007/09/17 13:15:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob Tan\Application Data\Pershing
[2006/08/18 19:16:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob Tan\Application Data\Protector Suite
[2009/02/03 16:56:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob Tan\Application Data\Roxio
[2007/09/07 21:48:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob Tan\Application Data\Smith Micro
[2009/01/26 23:23:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob Tan\Application Data\Template
[2006/08/18 19:34:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob Tan\Application Data\toshiba
[2008/03/02 10:18:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob Tan\Application Data\TVU Networks
[2009/09/15 22:51:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob Tan\Application Data\U3
[2009/10/15 21:14:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob Tan\Application Data\Verizon Wireless
[2007/09/17 14:29:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob Tan\Application Data\Viewpoint
[2009/09/30 09:49:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob Tan\Application Data\Vso
[2006/08/18 20:04:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob Tan\Application Data\You've Got Pictures Screensaver
[2004/08/10 05:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/10/25 20:23:36 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < %systemroot%\system32\eventlog.dll >[2008/04/13 17:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll
[1 C:\WINDOWS\system32\*.tmp files]
< %systemroot%\system32\scecli.dll >[2008/04/13 17:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll
[1 C:\WINDOWS\system32\*.tmp files]
< %systemroot%\netlogon.dll > < %systemroot%\system32\cngaudit.dll > < %systemroot%\system32\sceclt.dll > < %systemroot%\ntelogon.dll > < %systemroot%\system32\logevent.dll > < %systemroot%\system32\drivers\iaStor.sys > < %systemroot%\System32\drivers\nvstor.sys > < %systemroot%\system32\drivers\atapi.sys >[2008/04/13 11:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atapi.sys
< %systemroot%\system32\drivers\IdeChnDr.sys > ========== Alternate Data Streams ========== @Alternate Data Stream - 72 bytes -> C:\WINDOWS:B71040C4F996698E
< End of report >
OTL Extras logfile created on: 10/25/2009 11:40:43 PM - Run 1
OTL by OldTimer - Version 3.0.22.1 Folder = C:\Documents and Settings\Bob Tan\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.99 Gb Total Physical Memory | 1.25 Gb Available Physical Memory | 62.88% Memory free
3.84 Gb Paging File | 3.20 Gb Available in Paging File | 83.36% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.60 Gb Total Space | 52.17 Gb Free Space | 46.74% Space Free | Partition Type: NTFS
Drive D: | 4.20 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: BOB
Current User Name: Bob Tan
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe" = C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:*:Enabled:RoxioUPnPRenderer9 -- (Sonic Solutions)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- (TOSHIBA Corporation)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon -- File not found
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed -- File not found
"C:\Program Files\Common Files\AOL\1155956573\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1155956573\EE\AOLServiceHost.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" = C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Engine -- File not found
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- File not found
"C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe" = C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:*:Enabled:RoxioUPnPRenderer9 -- (Sonic Solutions)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe" = C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service -- File not found
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)
"C:\Program Files\Symantec AntiVirus\DefWatch.exe" = C:\Program Files\Symantec AntiVirus\DefWatch.exe:*:Enabled:DefWatch -- (Symantec Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{095B0246-4EB6-45B9-B1BE-536097A0BDDA}" = HD Writer 2.5E for HDC
"{0B962238-F67B-4498-8093-71C75F090F76}" = Principia
"{0D048BE8-AE02-4CB5-A428-616B9848E4A7}" = BlackBerry Desktop Software 4.3
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0F3B05E3-EBAC-11D4-8839-0008C7E93768}" = Merlin Marketing System 09.2.5
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{24300A63-DD78-4AA5-A914-4D582C41D33A}" = TOSHIBA TouchPad On/Off Utility V2.05.01
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 13
"{2C38F661-26B7-445D-B87D-B53FE2D3BD42}" = TOSHIBA PC Diagnostic Tool
"{2E97DE76-851A-48AA-A0D6-665860FAD9CA}" = Keyspan USB Serial Adapter
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{400830CA-F056-4BBE-80A3-9DF9CA4FB889}" = TOSHIBA Direct Disc Writer
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = TIPCI
"{46B63F23-2B4A-4525-A827-688026BE5E40}" = Symantec AntiVirus
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}" = TOSHIBA SD Memory Card Format
"{4D9029D3-D12C-4786-94F5-FF158FDB9470}" = VZAccess Manager
"{529DDE6B-4F31-438B-B218-F36266ABD8C0}" = TOSHIBA Disc Creator
"{56190F69-01D3-46CA-9861-43377C5E9B87}" = TOSHIBA Utilities
"{5D96E2B1-D9AC-46E0-9073-425C5F63E338}" = Touch and Launch
"{5EED93A8-33AD-46A7-A6AC-4DEAFBEFEEE1}" = Roxio Media Manager
"{625A04D4-47DB-40C1-A8C9-4556AAA24894}" = Principia
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility
"{684D798A-79D9-49CA-A865-B9BC57368272}" = SalesTools jre1.4.2
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C0F9CF5-C0A3-4C65-A17A-878FE1C821B3}" = SafeGuard® Easy 4.20.1
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{737629F4-4111-4FD4-9071-29873B7C6426}" = Protector Suite 5.4
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7862BAD8-A379-4128-8AA1-EFD5A9603C53}" = Wireless Hotkey
"{7B4D6360-851F-11D6-ACA8-0040CA9654B6}_is1" = SwoEcoLeo 4.8
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{83E08F63-F860-449A-BE27-30389484E527}" = Principia
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8B12BA86-ADAC-4BA6-B441-FFC591087252}" = TOSHIBA Virtual Sound
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9743AF47-B746-4324-B4C4-512E67D04370}" = Symantec Technical Support Web Controls
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A1BC9F13-59FE-43E4-8498-DF5A721196C5}" = BlackBerry USB Drivers
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC4732F4-665D-4E6B-8E50-74D6B6FBE5A9}" = PassAlong Software
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{BBF5493A-05FB-4449-90DE-84A61EB78154}" = TOSHIBA SD Memory Boot Utility
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0FC3B56-E345-40CD-A5CB-7EB791CE3E74}" = TOSHIBA Password Utility
"{C2DA1CDC-EF9D-4B7C-91F8-710B17AD44A7}" = Microsoft Office Live Meeting 2007
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logitech QuickCam Software
"{C45F4811-31D5-4786-801D-F79CD06EDD85}" = SD Secure Module
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{DB667234-EEC7-4D8D-A9F1-C28BF65FD75F}" = Allocation Mentor
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F21B28BF-8A4D-4F1A-A61B-69DD5B4A9BBA}" = Toshiba Media Center Game Console
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AIM_6" = AIM 6
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"BlackBerry_{0D048BE8-AE02-4CB5-A428-616B9848E4A7}" = BlackBerry Desktop Software 4.3
"Canon iP90 series User Registration" = Canon iP90 series User Registration
"Canon iP90 Setup Utility" = Canon iP90 Setup Utility
"CANONBJ_Deinstall_CNMCP71.DLL" = Canon iP90
"CanonMyPrinter" = Canon My Printer
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab 6_is1" = DVDFab 6.0.7.0 (18/09/2009)
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-WebPrint" = Easy-WebPrint
"EB88B6218325D2AB47CFFBF7170236B60A6198FF" = Windows Driver Package - Microsoft Corporation (usbvideo) Image (05/25/2007 1.0.3656.0)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ING Presents" = ING Presents
"InstallShield_{2C38F661-26B7-445D-B87D-B53FE2D3BD42}" = TOSHIBA PC Diagnostic Tool
"InstallShield_{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{56190F69-01D3-46CA-9861-43377C5E9B87}" = TOSHIBA Utilities
"InstallShield_{C0FC3B56-E345-40CD-A5CB-7EB791CE3E74}" = TOSHIBA Password Utility
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"Logitech Print Service" = Logitech Print Service
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Nero - Burning Rom!UninstallKey" = Ahead Nero Burning ROM
"NetExchangePro 3.0" = NetExchangePro 3.0
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Picasa2" = Picasa 2
"Power Saver" = TOSHIBA Power Saver
"Principia" = Principia
"ProInst" = Intel® PROSet/Wireless Software
"PROSet" = Intel® PRO Network Connections Drivers
"QcDrv" = Logitech® Camera Driver
"TDspBtn" = TOSHIBA Display Devices Change Utility
"TFNF5" = TOSHIBA Hotkey Utility for Display Devices
"TOSHIBA Game Console" = TOSHIBA Game Console
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WT006066" = FATE
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0F3B05E3-EBAC-11D4-8839-0008C7E93768}" = Merlin Marketing System 09.2.5
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 10/24/2009 5:57:55 PM | Computer Name = BOB | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Threat: Infostealer.Banker.C in File: C:\WINDOWS\system32\config\systemprofile\Local
Settings\Temporary Internet Files\Content.IE5\01QJG1IZ\Z[1].exe by: Auto-Protect
scan. Action: Reboot Required. Action Description: Quarantine was partially successful.
Error - 10/24/2009 5:58:05 PM | Computer Name = BOB | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Threat: Infostealer.Banker.C in File: C:\WINDOWS\TEMP\RDL408~1.EXE
by: Auto-Protect scan. Action: Clean failed : Quarantine failed. Action Description:
The file was deleted successfully.
Error - 10/24/2009 5:58:05 PM | Computer Name = BOB | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Infostealer.Banker.C in File: C:\WINDOWS\Temp\rdl408.tmp.exe
by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Delete succeeded
: Access denied. Action Description: The file was deleted successfully.
Error - 10/24/2009 5:58:07 PM | Computer Name = BOB | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Threat: Infostealer.Banker.C in File: C:\WINDOWS\TEMP\RDL408~1.EXE
by: Auto-Protect scan. Action: Reboot Required. Action Description: The file
was deleted successfully.
Error - 10/24/2009 6:15:34 PM | Computer Name = BOB | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Threat: Infostealer.Banker.C in File: Unavailable
by: Invalid : (15) scan. Action: Leave Alone succeeded. Action Description: The
file was left unchanged.
Error - 10/24/2009 6:15:37 PM | Computer Name = BOB | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Threat: Infostealer.Banker.C in File: Unavailable
by: Invalid : (15) scan. Action: Reboot Required. Action Description:
Error - 10/24/2009 6:15:44 PM | Computer Name = BOB | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Threat: Infostealer.Banker.C in File: Unavailable
by: Invalid : (15) scan. Action: Leave Alone succeeded. Action Description: The
file was left unchanged.
Error - 10/24/2009 6:15:45 PM | Computer Name = BOB | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Threat: Infostealer.Banker.C in File: Unavailable
by: Invalid : (15) scan. Action: Reboot Required. Action Description:
Error - 10/24/2009 9:01:23 PM | Computer Name = BOB | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16915, faulting
module mshtml.dll, version 7.0.6000.16915, fault address 0x00176d36.
Error - 10/26/2009 12:49:08 AM | Computer Name = BOB | Source = Application Hang | ID = 1002
Description = Hanging application httpiu.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
[ System Events ]
Error - 10/17/2009 11:55:46 PM | Computer Name = BOB | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the WZCSVC service.
Error - 10/24/2009 1:24:18 PM | Computer Name = BOB | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)
Error - 10/24/2009 1:24:18 PM | Computer Name = BOB | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.
Error - 10/24/2009 1:24:35 PM | Computer Name = BOB | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)
Error - 10/24/2009 1:24:35 PM | Computer Name = BOB | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.
Error - 10/26/2009 12:10:42 AM | Computer Name = BOB | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.
Error - 10/26/2009 12:10:49 AM | Computer Name = BOB | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.
Error - 10/26/2009 12:10:57 AM | Computer Name = BOB | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.
Error - 10/26/2009 12:11:04 AM | Computer Name = BOB | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.
Error - 10/26/2009 12:11:12 AM | Computer Name = BOB | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.
< End of report >