Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Tons of acting up after google redirect fix/loads of various error mes


  • This topic is locked This topic is locked

#1
maximem

maximem

    Member

  • Member
  • PipPip
  • 96 posts
Hi everyone,

I've had some bad laptop problems these past few days. I got a google redirect virus on Monday. I followed the tutorial included here to solve it, and unfortunately was unsuccesful. Tdsskiller wouldn't find infected files, only one suspicious one that I could only delete. I tried other sites and fixes, the virus would go away and come back throughout the day. Finally, I decided to delete the file that tdsskiller kept finding (stpd.sys). This was my first mistake. Now my computer wouldn't start, blue screen of death. Tried to search the error, realized there was now a problem with my ATI driver, I think I ended up re-downloading it, and things were okay. More blue screen of death, lots of errors, and did check registry fixes. Now when I boot the computer I get multiple error messages. Here are a few of them:

Microsoft VIsual C++ Runtime LIbrary
Runtime Error
Program: C:/Program File
This application has requested the Runtime to terminate it in an unusual way. Please contact the application's support team.
DivXUpdate.exe _ Application Error
The Application Failed to initialize properly (0xc0000005)
Client Gateway 3.5.18 has encountered a problem and needs to close.
TCP/IP Services Application
Generic Host Process for Win32 Services has
DW20.exe the application failed to nitialize properly


In addition to this, firefox continuously crashed, at least every 30 minutes and I can't notice a pattern into why. Above all this, I still have the google re-direct virus. Any help would be GREATLY appreciated!! I am no expert but I can usually figure things out with good instructions. This time I think I might have messed up my computer since I didn't really know what I was doing.

Thank you kindly,
Maxime




OTL logfile created on: 1/13/2011 1:19:03 PM - Run 1
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Documents and Settings\user\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 40.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 61.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 11.51 Gb Free Space | 20.60% Space Free | Partition Type: NTFS
Drive D: | 7.58 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: YOUR-2B7C71599F | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/13 13:18:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
PRC - [2011/01/04 11:05:06 | 000,083,440 | ---- | M] (Google) -- C:\Documents and Settings\user\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2010/12/10 23:25:08 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/12/10 23:25:03 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/09/15 03:34:02 | 001,094,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/03/25 20:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009/10/30 22:03:24 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/05/21 16:26:10 | 000,451,896 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
PRC - [2008/05/16 05:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/05/16 05:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/29 16:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2007/04/03 15:18:08 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2007/01/11 12:57:22 | 000,291,760 | ---- | M] () -- C:\Program Files\Lexmark 5400 Series\lxctmon.exe
PRC - [2006/07/25 17:03:42 | 000,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2006/07/13 15:27:16 | 000,528,384 | ---- | M] ( ) -- C:\WINDOWS\system32\lxctcoms.exe
PRC - [2006/04/25 19:57:00 | 000,299,008 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\DDWMon.exe
PRC - [2006/04/04 16:57:18 | 000,053,248 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
PRC - [2006/03/16 15:27:26 | 000,634,880 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
PRC - [2006/02/02 14:11:38 | 000,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
PRC - [2005/12/20 14:17:48 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TODDSrv.exe
PRC - [2005/12/15 13:41:28 | 000,188,416 | ---- | M] (Agere Systems) -- C:\Program Files\ltmoh\ltmoh.exe
PRC - [2005/12/06 00:06:10 | 001,077,322 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
PRC - [2005/11/02 03:41:04 | 000,978,944 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2005/09/26 13:22:28 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe
PRC - [2005/06/06 11:58:44 | 000,024,576 | ---- | M] (TOSHIBA) -- C:\WINDOWS\system32\ZoomingHook.exe
PRC - [2005/05/31 19:16:44 | 000,282,624 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe
PRC - [2005/05/31 19:16:24 | 000,045,056 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2005/01/17 03:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2004/08/27 11:37:00 | 000,155,648 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMASST.exe
PRC - [2004/08/27 11:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe
PRC - [2004/08/04 07:00:00 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\freecell.exe


========== Modules (SafeList) ==========

MOD - [2011/01/13 13:18:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2010/11/25 14:23:40 | 001,375,992 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/03/25 20:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/03/02 12:18:06 | 000,689,392 | ---- | M] (Radialpoint Inc.) [Auto | Stopped] -- C:\Program Files\Videotron\Videotron Service Agent\ServicepointService.exe -- (ServicepointService)
SRV - [2009/06/26 08:26:20 | 000,085,504 | ---- | M] (PC Pitstop LLC) [Disabled | Stopped] -- C:\Program Files\PCPitstop\PCPitstopScheduleService.exe -- (PCPitstop Scheduling)
SRV - [2008/07/26 07:27:42 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\logishrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2008/05/21 16:25:30 | 000,012,800 | ---- | M] (Pure Networks, Inc.) [On_Demand | Stopped] -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe -- (nmraapache)
SRV - [2008/05/16 05:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/04/13 19:12:02 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2008/01/29 16:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007/04/03 15:18:08 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2006/07/25 17:03:42 | 002,119,360 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2006/07/25 17:03:42 | 000,100,032 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2006/07/13 15:27:16 | 000,528,384 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxctcoms.exe -- (lxct_device)
SRV - [2005/12/20 14:17:48 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\TODDSrv.exe -- (TODDSrv)
SRV - [2005/09/26 13:22:28 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2005/01/17 03:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2004/08/27 11:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)


========== Driver Services (SafeList) ==========

DRV - [2010/11/07 15:37:53 | 000,015,264 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/07/12 03:55:39 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/02/11 07:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/06/30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008/09/02 03:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2008/05/16 05:10:32 | 000,023,992 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/05/16 05:10:30 | 000,025,272 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2008/04/13 13:46:20 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2008/04/13 13:46:20 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2008/04/13 13:46:10 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/10/12 00:56:22 | 000,490,776 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV - [2007/04/03 15:17:08 | 000,306,295 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007/03/06 16:54:40 | 000,041,376 | ---- | M] (Labtec Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/03/06 16:52:46 | 002,261,792 | ---- | M] (Labtec Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2007/03/06 16:50:30 | 001,669,664 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2007/03/06 16:48:46 | 001,273,504 | ---- | M] (Labtec Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2007/03/06 16:48:46 | 000,014,240 | ---- | M] (Labtec Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2007/01/31 12:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007/01/18 13:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/04/25 11:01:48 | 000,043,776 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs)
DRV - [2006/04/18 17:12:00 | 000,098,816 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tdudf.sys -- (tdudf)
DRV - [2006/04/17 18:31:26 | 004,262,912 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/04/01 19:46:28 | 000,471,264 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2006/03/17 18:36:42 | 001,155,584 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/03/17 04:24:09 | 001,520,640 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/03/02 20:49:50 | 000,015,360 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/01/05 18:31:20 | 000,011,264 | ---- | M] (TOSHIBA ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPwSav.sys -- (TPwSav)
DRV - [2005/06/01 14:33:00 | 000,102,384 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2005/01/26 07:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2004/11/15 03:22:08 | 000,101,874 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004/08/03 17:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/06/27 21:35:24 | 000,069,760 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2003/09/19 03:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/09/11 01:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2003/01/29 01:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2002/01/24 16:43:40 | 000,006,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Tbiosdrv.sys -- (TBiosDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Swag Bucks Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Swag Bucks Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..extensions.enabledItems: {987311C6-B504-4aa2-90BF-60CC49808D42}:2.2
FF - prefs.js..extensions.enabledItems: [email protected]:3.5
FF - prefs.js..extensions.enabledItems: {b055c535-4a3a-11db-9659-00e08161166f}:1.1
FF - prefs.js..extensions.enabledItems: [email protected]:3.9.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CB56AAF9-68C8-41bd-8E5C-7B53232CF7B9}:1.9.37
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}:3.2.5.2
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.5.2
FF - prefs.js..keyword.URL: "http://flvdirect.iam...c=tops&search="


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/24 16:21:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/10 23:25:16 | 000,000,000 | ---D | M]

[2010/03/01 16:08:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions
[2010/03/01 16:08:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions\[email protected]
[2011/01/13 12:16:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\erodl7l0.default\extensions
[2010/04/27 10:52:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\erodl7l0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/04 21:56:36 | 000,000,000 | ---D | M] (Swag Bucks Community Toolbar) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\erodl7l0.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
[2009/11/06 19:19:51 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\erodl7l0.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
[2009/05/13 11:30:48 | 000,000,000 | ---D | M] (TV5 - Dictionnaires) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\erodl7l0.default\extensions\{b055c535-4a3a-11db-9659-00e08161166f}
[2010/10/05 08:36:11 | 000,000,000 | ---D | M] (dragdropupload) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\erodl7l0.default\extensions\{CB56AAF9-68C8-41bd-8E5C-7B53232CF7B9}
[2011/01/04 21:56:38 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\erodl7l0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/02/15 18:51:23 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\erodl7l0.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2010/05/20 06:36:38 | 000,000,000 | ---D | M] ("Better Gmail 2") -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\erodl7l0.default\extensions\[email protected]
[2011/01/04 21:56:34 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\erodl7l0.default\extensions\[email protected]
[2010/02/15 21:51:29 | 000,000,000 | ---D | M] (Dictionnaire français «Réforme 1990») -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\erodl7l0.default\extensions\[email protected]
[2010/10/02 08:48:54 | 000,000,000 | ---D | M] (Dictionnaire français «Classique») -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\erodl7l0.default\extensions\[email protected]
[2010/08/19 20:33:02 | 000,000,923 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\erodl7l0.default\searchplugins\conduit.xml
[2011/01/13 11:06:01 | 000,001,540 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\erodl7l0.default\searchplugins\swagbuckscom.xml
[2011/01/13 12:16:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/17 11:55:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/13 23:28:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/03/01 16:06:27 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2007/06/21 17:38:54 | 000,079,432 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\CgpCore.dll
[2007/06/21 17:38:56 | 000,071,240 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\confmgr.dll
[2007/06/21 17:39:18 | 000,034,376 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\logging.dll
[2010/07/17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/06/21 17:39:34 | 000,325,200 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npicaN.dll
[2007/06/21 17:40:02 | 000,030,280 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\TcpPServ.dll

O1 HOSTS File: ([2011/01/11 09:07:05 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe (COMPAL ELECTRONIC INC.)
O4 - HKLM..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe (TOSHIBA CO.,LTD.)
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [LXCTCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.DLL (Lexmark International Inc.)
O4 - HKLM..\Run: [lxctmon.exe] C:\Program Files\Lexmark 5400 Series\lxctmon.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe (TOSHIBA)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe (COMPAL ELECTRONIC INC.)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [VideotronSA.exe] C:\Program Files\Videotron\Videotron Service Agent\VideotronSA.exe (Vidéotron)
O4 - HKLM..\Run: [ZoomingHook] C:\WINDOWS\System32\ZoomingHook.exe (TOSHIBA)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O15 - HKCU\..Trusted Domains: acdi-cida.gc.ca ([]https in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...t/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553538000} http://fpdownload2.m...ash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} http://www.instantac...ad/iaplayer.cab (InstantAction Game Launcher)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../PCPitStop2.cab (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Pure Networks, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/05 12:58:42 | 000,000,007 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{40610602-f00a-11df-a950-0016d426eef7}\Shell - "" = AutoRun
O33 - MountPoints2\{40610602-f00a-11df-a950-0016d426eef7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{40610602-f00a-11df-a950-0016d426eef7}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{d19d3852-0a0c-11df-a79f-00059a3c7800}\Shell\AutoRun\command - "" = F:\JAN\J-1-2-34-000000AAAA-11111111111-5555555555-111\Max.exe
O33 - MountPoints2\{d19d3852-0a0c-11df-a79f-00059a3c7800}\Shell\open\command - "" = F:\JAN\J-1-2-34-000000AAAA-11111111111-5555555555-111\Max.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/13 13:18:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
[2011/01/12 09:06:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\GetRightToGo
[2011/01/12 08:45:13 | 000,000,000 | ---D | C] -- C:\spoolerlogs
[2011/01/11 09:23:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\GooredFix Backups
[2011/01/11 09:23:02 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\user\Desktop\GooredFix.exe
[2011/01/11 08:52:21 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/01/11 08:50:50 | 000,519,680 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTM.exe
[2011/01/11 08:49:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\ERUNT
[2011/01/11 08:45:36 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2011/01/07 10:02:30 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2011/01/07 10:01:02 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2011/01/05 10:45:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\_My Filing Cabinet
[2011/01/05 10:29:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Organizer And Filing Cabinet
[2011/01/05 10:29:22 | 000,000,000 | ---D | C] -- C:\Program Files\Organizer And Filing Cabinet
[2011/01/02 10:17:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\Teav school stuff
[2010/12/23 12:22:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\Vouchers
[2010/12/22 12:50:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Ectaco
[2010/12/22 12:39:48 | 000,000,000 | ---D | C] -- C:\Program Files\LingvoSoft
[2010/12/18 20:04:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\com.inm.fusion.PixtorioViewer.744790F1545733D757EA034B675902690507C2E8.1
[2010/12/18 20:04:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2008/10/26 19:51:11 | 000,409,600 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctinpa.dll
[2008/10/26 19:51:10 | 001,187,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctserv.dll
[2008/10/26 19:51:10 | 000,983,040 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctusb1.dll
[2008/10/26 19:51:10 | 000,393,216 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctiesc.dll
[2008/10/26 19:51:10 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctprox.dll
[2008/10/26 19:51:09 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctpmui.dll
[2008/10/26 19:51:09 | 000,528,384 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctlmpm.dll
[2008/10/26 19:51:09 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctpplc.dll
[2008/10/26 19:51:08 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcthbn3.dll
[2008/10/26 19:51:07 | 000,667,648 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctcomc.dll
[2008/10/26 19:51:07 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctcomm.dll

========== Files - Modified Within 30 Days ==========

[2011/01/13 13:18:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
[2011/01/13 13:08:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2210832384-2747458650-1879816375-1006UA.job
[2011/01/13 10:57:14 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/01/13 10:51:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/13 10:51:48 | 1474,408,448 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/13 00:01:20 | 000,083,968 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/12 13:13:59 | 063,938,560 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2011/01/12 12:51:57 | 003,072,054 | ---- | M] () -- C:\Documents and Settings\user\Desktop\suspicious.bmp
[2011/01/12 09:03:51 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/11 18:40:27 | 000,099,801 | ---- | M] () -- C:\Documents and Settings\user\Desktop\MaximeMichelCV.docx
[2011/01/11 17:01:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/01/11 10:05:08 | 001,535,244 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Alumni_fr.pdf
[2011/01/11 09:24:59 | 001,232,020 | ---- | M] () -- C:\Documents and Settings\user\Desktop\tdsskiller.zip
[2011/01/11 09:23:04 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\user\Desktop\GooredFix.exe
[2011/01/11 09:07:05 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/01/11 08:51:00 | 000,519,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTM.exe
[2011/01/10 23:08:04 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2210832384-2747458650-1879816375-1006Core.job
[2011/01/07 15:03:48 | 000,015,173 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Caitlin.xlsx
[2011/01/07 14:15:08 | 000,213,595 | ---- | M] () -- C:\Documents and Settings\user\Desktop\00066010403_SCS3100D.pdf
[2011/01/07 11:31:34 | 000,010,060 | ---- | M] () -- C:\Documents and Settings\user\Desktop\David Gillies.docx
[2011/01/06 14:16:05 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/01/05 10:29:37 | 000,001,866 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Organizer And Filing Cabinet.lnk
[2011/01/02 11:22:39 | 000,015,915 | ---- | M] () -- C:\Documents and Settings\user\Desktop\MaximeMichelLetter.docx
[2011/01/01 17:51:46 | 000,048,128 | ---- | M] () -- C:\Documents and Settings\user\My Documents\Copy of lawrences-christmas-shopping-budget.xls
[2011/01/01 17:42:33 | 000,007,827 | ---- | M] () -- C:\Documents and Settings\user\My Documents\Xmas gift expenses 2010.xlsx
[2010/12/31 11:21:14 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\user\My Documents\Michel,Maxime.doc
[2010/12/17 11:04:56 | 000,064,901 | ---- | M] () -- C:\Documents and Settings\user\My Documents\Teav Calendar 2011.xlsx
[2010/12/17 11:04:47 | 000,064,901 | ---- | M] () -- C:\Documents and Settings\user\My Documents\PracticalSpreadsheets_2011Calendar1.xlsx
[2010/12/16 09:34:16 | 000,150,792 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/15 16:42:22 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/12/15 13:02:35 | 000,041,984 | ---- | M] () -- C:\Documents and Settings\user\My Documents\bourquet.doc
[2010/12/15 00:52:32 | 000,733,410 | ---- | M] () -- C:\Documents and Settings\user\My Documents\WritingandStyleGuide2010-2011_001.pdf

========== Files Created - No Company Name ==========

[2011/01/12 13:40:38 | 1474,408,448 | -HS- | C] () -- C:\hiberfil.sys
[2011/01/12 12:51:56 | 003,072,054 | ---- | C] () -- C:\Documents and Settings\user\Desktop\suspicious.bmp
[2011/01/11 10:05:08 | 001,535,244 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Alumni_fr.pdf
[2011/01/11 09:24:44 | 001,232,020 | ---- | C] () -- C:\Documents and Settings\user\Desktop\tdsskiller.zip
[2011/01/07 14:15:08 | 000,213,595 | ---- | C] () -- C:\Documents and Settings\user\Desktop\00066010403_SCS3100D.pdf
[2011/01/07 14:07:09 | 000,015,173 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Caitlin.xlsx
[2011/01/07 11:29:30 | 000,010,060 | ---- | C] () -- C:\Documents and Settings\user\Desktop\David Gillies.docx
[2011/01/05 10:29:37 | 000,001,866 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Organizer And Filing Cabinet.lnk
[2011/01/02 11:22:39 | 000,015,915 | ---- | C] () -- C:\Documents and Settings\user\Desktop\MaximeMichelLetter.docx
[2011/01/01 17:42:32 | 000,007,827 | ---- | C] () -- C:\Documents and Settings\user\My Documents\Xmas gift expenses 2010.xlsx
[2010/12/31 11:18:55 | 000,040,960 | ---- | C] () -- C:\Documents and Settings\user\My Documents\Michel,Maxime.doc
[2010/12/17 11:04:55 | 000,064,901 | ---- | C] () -- C:\Documents and Settings\user\My Documents\Teav Calendar 2011.xlsx
[2010/12/17 11:04:46 | 000,064,901 | ---- | C] () -- C:\Documents and Settings\user\My Documents\PracticalSpreadsheets_2011Calendar1.xlsx
[2010/12/15 00:52:32 | 000,733,410 | ---- | C] () -- C:\Documents and Settings\user\My Documents\WritingandStyleGuide2010-2011_001.pdf
[2010/10/21 10:06:15 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2010/01/22 23:50:58 | 000,000,416 | ---- | C] () -- C:\WINDOWS\scummvm.ini
[2009/12/18 22:05:16 | 000,000,037 | ---- | C] () -- C:\WINDOWS\Viewer.ini
[2009/12/18 22:02:29 | 000,000,765 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2009/11/16 22:41:05 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\user\Application Data\avdrn.dat
[2009/08/31 23:43:55 | 000,000,518 | ---- | C] () -- C:\WINDOWS\YUKON.INI
[2009/05/23 06:09:16 | 000,000,262 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/05/22 03:58:05 | 000,010,236 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\NetMailTmp.bin
[2008/10/26 19:56:15 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxctvs.dll
[2008/10/26 19:56:12 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\lxctcoin.dll
[2008/10/26 19:55:12 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxctdrs.dll
[2008/10/26 19:55:12 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxctcaps.dll
[2008/10/26 19:55:12 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxctcnv4.dll
[2008/10/26 19:53:55 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxctpmon.dll
[2008/10/26 19:53:55 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXCTFXPU.DLL
[2008/10/26 19:51:11 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\LXCTinst.dll
[2008/10/26 19:51:08 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\lxctgrd.dll
[2008/10/12 13:12:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ToDisc.INI
[2008/10/06 15:40:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\TPTray.INI
[2008/09/15 19:14:24 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/08/28 18:13:56 | 000,000,745 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/07/04 23:25:03 | 000,083,968 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/05 18:47:14 | 000,001,400 | ---- | C] () -- C:\Documents and Settings\user\Application Data\default.cfg
[2008/06/05 17:40:32 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2008/06/05 17:40:32 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2008/06/05 17:40:32 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2008/06/05 17:40:32 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2008/06/05 17:40:09 | 000,006,528 | ---- | C] () -- C:\WINDOWS\System32\drivers\Tbiosdrv.sys
[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/10/12 00:11:58 | 000,051,370 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/04/03 15:18:26 | 000,197,672 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2007/04/03 15:18:06 | 000,193,576 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007/03/06 16:50:30 | 001,669,664 | ---- | C] () -- C:\WINDOWS\System32\drivers\Lvckap.sys
[2006/05/04 21:33:04 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/05/03 16:13:51 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/05/03 16:09:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2006/05/03 16:07:00 | 000,036,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys
[2006/05/03 16:07:00 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2006/05/03 16:04:16 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/05/03 16:04:16 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/05/03 16:04:16 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/05/03 16:04:16 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/05/03 16:04:16 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/05/03 16:04:16 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/05/03 15:58:30 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\EBLib.DLL
[2006/05/03 15:55:22 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/05/03 13:54:56 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/05/03 13:32:48 | 000,002,392 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/05/03 13:32:34 | 000,003,584 | ---- | C] () -- C:\WINDOWS\System32\nt.dll
[2006/05/03 06:44:12 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/01/05 20:49:34 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\HWS_Ctrl.dll
[2006/01/05 19:36:22 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\EKECioCtl.dll
[2005/12/09 16:36:30 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\TPeculiarity.dll
[2005/11/23 15:55:42 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\SPCtl.dll

========== LOP Check ==========

[2008/10/26 19:53:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\5400 Series
[2010/03/25 14:36:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA-SupportBridge
[2009/08/23 23:23:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2008/10/10 20:04:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Graboid Inc
[2008/10/11 21:08:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Launcher
[2010/09/07 16:45:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2010/11/04 13:45:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Radialpoint
[2010/11/04 13:45:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Videotron
[2010/08/07 15:25:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
[2010/09/10 22:28:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\5400 Series
[2010/12/18 20:04:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\com.inm.fusion.PixtorioViewer.744790F1545733D757EA034B675902690507C2E8.1
[2009/08/23 23:32:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\DAEMON Tools Lite
[2010/12/22 12:51:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Ectaco
[2009/06/12 17:13:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Emulators
[2010/06/09 20:15:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Facebook
[2010/02/15 18:51:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Foxit
[2010/02/26 11:08:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Foxit Software
[2008/07/11 20:04:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\GarageGames
[2011/01/12 09:06:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\GetRightToGo
[2010/02/21 12:28:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Gmail Backup
[2008/10/06 23:54:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\ICAClient
[2008/07/02 23:21:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\InterVideo
[2009/08/18 13:19:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\LANCITE
[2008/08/29 15:33:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Leadertech
[2006/05/03 16:06:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\toshiba
[2010/11/04 13:45:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Videotron
[2009/04/28 09:36:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Xerox
[2011/01/06 14:16:05 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/01/13 10:57:14 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



< End of report >

Edited by maximem, 13 January 2011 - 01:08 PM.

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi SPTD is part of Daemon tools and controls your cd/dvd. This is why TDSSKiller would not delete it

We will start easy and move on from there. First I will remove what I can see and then check the veracity of your files. Once done we will start work in earnest. There should be an OTL extras text on your desktop, could you post that

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
    O33 - MountPoints2\{d19d3852-0a0c-11df-a79f-00059a3c7800}\Shell\AutoRun\command - "" = F:\JAN\J-1-2-34-000000AAAA-11111111111-5555555555-111\Max.exe
    O33 - MountPoints2\{d19d3852-0a0c-11df-a79f-00059a3c7800}\Shell\open\command - "" = F:\JAN\J-1-2-34-000000AAAA-11111111111-5555555555-111\Max.exe

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Go to start > All Programs > Accessories
Run the Command Prompt
When the prompt opens type the following bolded text and press enter

sfc /scannow (Note: There is a space between sfc and /scannow)

On completion reboot
  • 0

#3
maximem

maximem

    Member

  • Topic Starter
  • Member
  • PipPip
  • 96 posts
I really appreciate you taking this on!


Extras file:
OTL Extras logfile created on: 1/13/2011 1:19:03 PM - Run 1
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Documents and Settings\user\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 40.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 61.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 11.51 Gb Free Space | 20.60% Space Free | Partition Type: NTFS
Drive D: | 7.58 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: YOUR-2B7C71599F | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Print_Directory_Listing] -- printdir.bat "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Documents and Settings\user\Local Settings\Application Data\FolderShare\FolderShare.exe" = C:\Documents and Settings\user\Local Settings\Application Data\FolderShare\FolderShare.exe:*:Enabled:Windows Live FolderShare Beta -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\user\Local Settings\Application Data\FolderShare\FolderShare.exe" = C:\Documents and Settings\user\Local Settings\Application Data\FolderShare\FolderShare.exe:*:Enabled:Windows Live FolderShare Beta -- (Microsoft Corporation)
"C:\WINDOWS\system32\lxctcoms.exe" = C:\WINDOWS\system32\lxctcoms.exe:*:Enabled:Lexmark Communications System -- ( )
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
"C:\Program Files\BitLord\BitLord.exe" = C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord -- (www.BitLord.com)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Documents and Settings\user\My Documents\Games Stuff\ZSNES\NESTCL95.EXE" = C:\Documents and Settings\user\My Documents\Games Stuff\ZSNES\NESTCL95.EXE:*:Enabled:NESTCL95 -- ()
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Documents and Settings\user\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\user\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\Videotron\Videotron Service Agent\ServicepointService.exe" = C:\Program Files\Videotron\Videotron Service Agent\ServicepointService.exe:*:Enabled:Servicepoint Service -- (Radialpoint Inc.)
"C:\Program Files\GameSpy Arcade\Aphex.exe" = C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade -- (IGN Entertainment, Inc.)
"C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe" = C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service -- (Pure Networks, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{02EED746-8C5A-43C8-BB3D-D29C8B363A4D}" = TOSHIBA Zooming Utility
"{05832D65-6EDB-4D32-BA78-BCD0E2B91C02}" = Atheros Wireless LAN MiniPCI/PCIe card Driver
"{062335f7-6e6e-4bad-85f7-48360463f722}" = Organizer And Filing Cabinet
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0F0A0506-9A9C-406a-999D-0D5A92EBC14B}" = HP Photosmart Appliance Printer Driver Software 9.0
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 21
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
"{37C5A56A-00EA-347B-B7A1-5628BED56702}" = Google Talk Plugin
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{3A57482F-BEBC-47E4-ADA1-6302403C7E50}" = TOSHIBA Accessibility
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{400830CA-F056-4BBE-80A3-9DF9CA4FB889}" = TOSHIBA Direct Disc Writer
"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{529DDE6B-4F31-438B-B218-F36266ABD8C0}" = TOSHIBA Disc Creator
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{578B6EF9-119B-4FB8-8377-7DAFA9588B97}" = Network Magic
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5D96E2B1-D9AC-46E0-9073-425C5F63E338}" = Touch and Launch
"{5E730665-26CF-4cd5-BBDC-D005665B01F6}" = ps_app_npi_software
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{71D658CF-4E0D-4DA8-AA67-8C0B6F1C01FE}" = Atheros Client Utility
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{7900D3A6-A9E8-4954-ACCB-AB15867978BF}" = TOSHIBA Hotkey Utility
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{80977342-27E8-4FF7-8B6A-D8D89461DA7F}" = TouchPad On/Off Utility
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B12BA86-ADAC-4BA6-B441-FFC591087252}" = TOSHIBA Virtual Sound
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{92365AAA-536A-4545-A536-506EFA3C8356}" = ps_app_npi_ProductContext
"{93E972BB-E180-4c03-80EF-5C45D5E4BF5F}" = A620_Help
"{93F54611-2701-454e-94AB-623F458D9E6B}" = DeviceDiscovery
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{995BF1A7-30E5-49E5-A0E4-AD3213D9E330}" = Labtec WebCam
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A38D57D1-5F29-4691-B3DD-FE4B3A7B3AFE}" = TOSHIBA Power Saver
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A446E2BB-FA65-47ba-A929-95594FF86B52}" = A620
"{A4C23DE2-327B-4ec8-8365-27E1E4DC0F65}" = A620_doccd
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A70500000002}" = Adobe Reader 7.0.5
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C49067A8-8212-4A82-A4D9-1519701644F0}" = Citrix Presentation Server Client - Web Only
"{C9507D0D-1A9C-486E-91D6-33A71CCA55F2}" = Pure Networks Platform
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}" = Cisco Systems VPN Client 5.0.00.0340
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF911E7B-1B9D-4e1c-8534-60E70FA45BC1}" = ps_app_npi_software_req
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"{FE434300-A311-4BE1-93BA-B74BC8C4017B}" = Windows Live FolderShare Beta
"AC3Filter" = AC3Filter (remove only)
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Age of Empires II Trial" = Microsoft Age of Empires II Trial Version
"All ATI Software" = ATI - Software Uninstall Utility
"Ask Toolbar_is1" = Foxit Toolbar
"ATI Display Driver" = ATI Display Driver
"BitLord" = BitLord 1.1
"CutePDF Writer Installation" = CutePDF Writer 2.8
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"EPSON Printer and Utilities" = EPSON Printer Software
"Fn-esse" = TOSHIBA Fn-esse
"GameSpy Arcade" = GameSpy Arcade
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{02EED746-8C5A-43C8-BB3D-D29C8B363A4D}" = TOSHIBA Zooming Utility
"InstallShield_{3A57482F-BEBC-47E4-ADA1-6302403C7E50}" = TOSHIBA Accessibility
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{7900D3A6-A9E8-4954-ACCB-AB15867978BF}" = TOSHIBA Hotkey Utility
"InstallShield_{80977342-27E8-4FF7-8B6A-D8D89461DA7F}" = TouchPad On/Off Utility
"InstallShield_{A38D57D1-5F29-4691-B3DD-FE4B3A7B3AFE}" = TOSHIBA Power Saver
"Lexmark 5400 Series" = Lexmark 5400 Series
"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyDefrag v4.3.1_is1" = MyDefrag v4.3.1
"Network MagicUninstall" = Network Magic
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PC Diagnostic Tool" = TOSHIBA PC Diagnostic Tool
"PC Pitstop Driver Alert2_is1" = PC Pitstop Driver Alert2 2.0.0.0
"QcDrv" = Labtec® Camera Driver
"RadialpointClientGateway_is1" = Videotron Service Agent 3.5.18
"RadialpointSecurityAdvisorService_is1" = Radialpoint Security Advisor 2.5.10
"RealPlayer 12.0" = RealPlayer
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Toshiba Tbiosdrv Driver" = Toshiba Tbiosdrv Driver
"VLC media player" = VideoLAN VLC media player 0.8.6d
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"2917680e3371d6d7" = Jango Desktop
"Facebook Plug-In" = Facebook Plug-In

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/13/2011 11:52:02 AM | Computer Name = YOUR-2B7C71599F | Source = LPR Print Monitor | ID = 2007
Description = The LPR print monitor failed to open the port named relmon.uottawa.ca:relmon.
The cause is probably that the server name for this port is incorrect. Printing
to this port will fail.

Error - 1/13/2011 11:52:02 AM | Computer Name = YOUR-2B7C71599F | Source = LPR Print Monitor | ID = 2007
Description = The LPR print monitor failed to open the port named relmon.uottawa.ca:COLOR.
The cause is probably that the server name for this port is incorrect. Printing
to this port will fail.

Error - 1/13/2011 11:52:05 AM | Computer Name = YOUR-2B7C71599F | Source = Application Error | ID = 1000
Description = Faulting application tcpsvcs.exe, version 5.1.2600.0, faulting module
tcpsvcs.exe, version 5.1.2600.0, fault address 0x000032a1.

Error - 1/13/2011 11:52:40 AM | Computer Name = YOUR-2B7C71599F | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module advapi32.dll, version 5.1.2600.5755, fault address 0x00007066.

Error - 1/13/2011 11:55:24 AM | Computer Name = YOUR-2B7C71599F | Source = Application Error | ID = 1000
Description = Faulting application ServicepointService.exe, version 3.5.18.43454,
faulting module ServicepointService.exe, version 3.5.18.43454, fault address 0x000539f1.

Error - 1/13/2011 11:56:14 AM | Computer Name = YOUR-2B7C71599F | Source = Application Error | ID = 1001
Description = Fault bucket -2028056364.

Error - 1/13/2011 11:56:24 AM | Computer Name = YOUR-2B7C71599F | Source = Application Error | ID = 1001
Description = Fault bucket -2028056110.

Error - 1/13/2011 11:56:36 AM | Computer Name = YOUR-2B7C71599F | Source = Application Error | ID = 1001
Description = Fault bucket 1278135493.

Error - 1/13/2011 1:56:10 PM | Computer Name = YOUR-2B7C71599F | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3989, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.

Error - 1/13/2011 1:56:25 PM | Computer Name = YOUR-2B7C71599F | Source = Application Error | ID = 1001
Description = Fault bucket -2081677592.

[ OSession Events ]
Error - 9/8/2008 11:24:21 AM | Computer Name = YOUR-2B7C71599F | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 541 seconds with 240 seconds of active time. This session ended with a crash.

Error - 9/11/2008 5:41:45 PM | Computer Name = YOUR-2B7C71599F | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 86 seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 1/13/2011 12:16:00 PM | Computer Name = YOUR-2B7C71599F | Source = Service Control Manager | ID = 7023
Description = The Protected Storage service terminated with the following error:
%%998

Error - 1/13/2011 12:16:05 PM | Computer Name = YOUR-2B7C71599F | Source = Service Control Manager | ID = 7023
Description = The Protected Storage service terminated with the following error:
%%998

Error - 1/13/2011 12:16:10 PM | Computer Name = YOUR-2B7C71599F | Source = Service Control Manager | ID = 7023
Description = The Protected Storage service terminated with the following error:
%%998

Error - 1/13/2011 12:16:15 PM | Computer Name = YOUR-2B7C71599F | Source = Service Control Manager | ID = 7023
Description = The Protected Storage service terminated with the following error:
%%998

Error - 1/13/2011 12:16:20 PM | Computer Name = YOUR-2B7C71599F | Source = Service Control Manager | ID = 7023
Description = The Protected Storage service terminated with the following error:
%%998

Error - 1/13/2011 12:16:25 PM | Computer Name = YOUR-2B7C71599F | Source = Service Control Manager | ID = 7023
Description = The Protected Storage service terminated with the following error:
%%998

Error - 1/13/2011 12:16:31 PM | Computer Name = YOUR-2B7C71599F | Source = Service Control Manager | ID = 7023
Description = The Protected Storage service terminated with the following error:
%%998

Error - 1/13/2011 12:16:36 PM | Computer Name = YOUR-2B7C71599F | Source = Service Control Manager | ID = 7023
Description = The Protected Storage service terminated with the following error:
%%998

Error - 1/13/2011 12:16:41 PM | Computer Name = YOUR-2B7C71599F | Source = Service Control Manager | ID = 7023
Description = The Protected Storage service terminated with the following error:
%%998

Error - 1/13/2011 12:16:46 PM | Computer Name = YOUR-2B7C71599F | Source = Service Control Manager | ID = 7023
Description = The Protected Storage service terminated with the following error:
%%998


< End of report >



OTL LOG
OTL logfile created on: 1/13/2011 2:40:08 PM - Run 2
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Documents and Settings\user\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 49.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 11.54 Gb Free Space | 20.64% Space Free | Partition Type: NTFS
Drive D: | 7.58 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: YOUR-2B7C71599F | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/13 13:18:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
PRC - [2010/12/10 23:25:08 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/12/10 23:25:03 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/09/16 15:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/09/15 03:34:02 | 001,094,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/03/25 20:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2010/03/02 12:18:06 | 000,689,392 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Videotron\Videotron Service Agent\ServicepointService.exe
PRC - [2009/10/30 22:03:24 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/05/21 16:26:10 | 000,451,896 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
PRC - [2008/05/16 05:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/05/16 05:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/29 16:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2007/04/03 15:18:08 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2007/01/11 12:57:22 | 000,291,760 | ---- | M] () -- C:\Program Files\Lexmark 5400 Series\lxctmon.exe
PRC - [2006/07/25 17:03:42 | 000,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2006/07/13 15:27:16 | 000,528,384 | ---- | M] ( ) -- C:\WINDOWS\system32\lxctcoms.exe
PRC - [2006/04/25 19:57:00 | 000,299,008 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\DDWMon.exe
PRC - [2006/04/04 16:57:18 | 000,053,248 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
PRC - [2006/03/16 15:27:26 | 000,634,880 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
PRC - [2006/02/02 14:11:38 | 000,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
PRC - [2005/12/20 14:17:48 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TODDSrv.exe
PRC - [2005/12/15 13:41:28 | 000,188,416 | ---- | M] (Agere Systems) -- C:\Program Files\ltmoh\ltmoh.exe
PRC - [2005/12/06 00:06:10 | 001,077,322 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
PRC - [2005/11/02 03:41:04 | 000,978,944 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2005/09/26 13:22:28 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe
PRC - [2005/06/06 11:58:44 | 000,024,576 | ---- | M] (TOSHIBA) -- C:\WINDOWS\system32\ZoomingHook.exe
PRC - [2005/05/31 19:16:44 | 000,282,624 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe
PRC - [2005/05/31 19:16:24 | 000,045,056 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2005/01/17 03:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2004/08/27 11:37:00 | 000,155,648 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMASST.exe
PRC - [2004/08/27 11:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe
PRC - [2004/08/04 07:00:00 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\freecell.exe


========== Modules (SafeList) ==========

MOD - [2011/01/13 13:18:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2010/11/25 14:23:40 | 001,375,992 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/03/25 20:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/03/02 12:18:06 | 000,689,392 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files\Videotron\Videotron Service Agent\ServicepointService.exe -- (ServicepointService)
SRV - [2009/06/26 08:26:20 | 000,085,504 | ---- | M] (PC Pitstop LLC) [Disabled | Stopped] -- C:\Program Files\PCPitstop\PCPitstopScheduleService.exe -- (PCPitstop Scheduling)
SRV - [2008/07/26 07:27:42 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\logishrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2008/05/21 16:25:30 | 000,012,800 | ---- | M] (Pure Networks, Inc.) [On_Demand | Stopped] -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe -- (nmraapache)
SRV - [2008/05/16 05:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/04/13 19:12:02 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2008/01/29 16:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007/04/03 15:18:08 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2006/07/25 17:03:42 | 002,119,360 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2006/07/25 17:03:42 | 000,100,032 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2006/07/13 15:27:16 | 000,528,384 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxctcoms.exe -- (lxct_device)
SRV - [2005/12/20 14:17:48 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\TODDSrv.exe -- (TODDSrv)
SRV - [2005/09/26 13:22:28 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2005/01/17 03:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2004/08/27 11:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)


========== Driver Services (SafeList) ==========

DRV - [2010/11/07 15:37:53 | 000,015,264 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/07/12 03:55:39 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/02/11 07:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/06/30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008/09/02 03:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2008/05/16 05:10:32 | 000,023,992 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/05/16 05:10:30 | 000,025,272 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2008/04/13 13:46:20 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2008/04/13 13:46:20 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2008/04/13 13:46:10 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/10/12 00:56:22 | 000,490,776 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV - [2007/04/03 15:17:08 | 000,306,295 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007/03/06 16:54:40 | 000,041,376 | ---- | M] (Labtec Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/03/06 16:52:46 | 002,261,792 | ---- | M] (Labtec Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2007/03/06 16:50:30 | 001,669,664 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2007/03/06 16:48:46 | 001,273,504 | ---- | M] (Labtec Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2007/03/06 16:48:46 | 000,014,240 | ---- | M] (Labtec Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2007/01/31 12:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007/01/18 13:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/04/25 11:01:48 | 000,043,776 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs)
DRV - [2006/04/18 17:12:00 | 000,098,816 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tdudf.sys -- (tdudf)
DRV - [2006/04/17 18:31:26 | 004,262,912 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/04/01 19:46:28 | 000,471,264 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2006/03/17 18:36:42 | 001,155,584 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/03/17 04:24:09 | 001,520,640 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/03/02 20:49:50 | 000,015,360 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/01/05 18:31:20 | 000,011,264 | ---- | M] (TOSHIBA ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPwSav.sys -- (TPwSav)
DRV - [2005/06/01 14:33:00 | 000,102,384 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2005/01/26 07:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2004/11/15 03:22:08 | 000,101,874 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004/08/03 17:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/06/27 21:35:24 | 000,069,760 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2003/09/19 03:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/09/11 01:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2003/01/29 01:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2002/01/24 16:43:40 | 000,006,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Tbiosdrv.sys -- (TBiosDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Swag Bucks Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Swag Bucks Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..extensions.enabledItems: {987311C6-B504-4aa2-90BF-60CC49808D42}:2.2
FF - prefs.js..extensions.enabledItems: [email protected]:3.5
FF - prefs.js..extensions.enabledItems: {b055c535-4a3a-11db-9659-00e08161166f}:1.1
FF - prefs.js..extensions.enabledItems: [email protected]:3.9.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CB56AAF9-68C8-41bd-8E5C-7B53232CF7B9}:1.9.37
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}:3.2.5.2
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.5.2
FF - prefs.js..keyword.URL: "http://flvdirect.iam...c=tops&search="


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/24 16:21:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/10 23:25:16 | 000,000,000 | ---D | M]

[2010/03/01 16:08:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions
[2010/03/01 16:08:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions\[email protected]
[2011/01/13 12:16:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\erodl7l0.default\extensions
[2010/04/27 10:52:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\erodl7l0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/04 21:56:36 | 000,000,000 | ---D | M] (Swag Bucks Community Toolbar) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\erodl7l0.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
[2009/11/06 19:19:51 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\erodl7l0.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
[2009/05/13 11:30:48 | 000,000,000 | ---D | M] (TV5 - Dictionnaires) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\erodl7l0.default\extensions\{b055c535-4a3a-11db-9659-00e08161166f}
[2010/10/05 08:36:11 | 000,000,000 | ---D | M] (dragdropupload) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\erodl7l0.default\extensions\{CB56AAF9-68C8-41bd-8E5C-7B53232CF7B9}
[2011/01/04 21:56:38 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\erodl7l0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/02/15 18:51:23 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\erodl7l0.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2010/05/20 06:36:38 | 000,000,000 | ---D | M] ("Better Gmail 2") -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\erodl7l0.default\extensions\[email protected]
[2011/01/04 21:56:34 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\erodl7l0.default\extensions\[email protected]
[2010/02/15 21:51:29 | 000,000,000 | ---D | M] (Dictionnaire français «Réforme 1990») -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\erodl7l0.default\extensions\[email protected]
[2010/10/02 08:48:54 | 000,000,000 | ---D | M] (Dictionnaire français «Classique») -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\erodl7l0.default\extensions\[email protected]
[2010/08/19 20:33:02 | 000,000,923 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\erodl7l0.default\searchplugins\conduit.xml
[2011/01/13 11:06:01 | 000,001,540 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\erodl7l0.default\searchplugins\swagbuckscom.xml
[2011/01/13 12:16:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/17 11:55:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/13 23:28:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/03/01 16:06:27 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2007/06/21 17:38:54 | 000,079,432 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\CgpCore.dll
[2007/06/21 17:38:56 | 000,071,240 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\confmgr.dll
[2007/06/21 17:39:18 | 000,034,376 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\logging.dll
[2010/07/17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/06/21 17:39:34 | 000,325,200 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npicaN.dll
[2007/06/21 17:40:02 | 000,030,280 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\TcpPServ.dll

O1 HOSTS File: ([2011/01/13 14:27:59 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe (COMPAL ELECTRONIC INC.)
O4 - HKLM..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe (TOSHIBA CO.,LTD.)
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [LXCTCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.DLL (Lexmark International Inc.)
O4 - HKLM..\Run: [lxctmon.exe] C:\Program Files\Lexmark 5400 Series\lxctmon.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe (TOSHIBA)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe (COMPAL ELECTRONIC INC.)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [VideotronSA.exe] C:\Program Files\Videotron\Videotron Service Agent\VideotronSA.exe (Vidéotron)
O4 - HKLM..\Run: [ZoomingHook] C:\WINDOWS\System32\ZoomingHook.exe (TOSHIBA)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O15 - HKCU\..Trusted Domains: acdi-cida.gc.ca ([]https in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...t/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553538000} http://fpdownload2.m...ash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} http://www.instantac...ad/iaplayer.cab (InstantAction Game Launcher)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../PCPitStop2.cab (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Pure Networks, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/05 12:58:42 | 000,000,007 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{40610602-f00a-11df-a950-0016d426eef7}\Shell - "" = AutoRun
O33 - MountPoints2\{40610602-f00a-11df-a950-0016d426eef7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{40610602-f00a-11df-a950-0016d426eef7}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/13 14:27:55 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/01/13 13:18:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
[2011/01/12 09:06:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\GetRightToGo
[2011/01/12 08:45:13 | 000,000,000 | ---D | C] -- C:\spoolerlogs
[2011/01/11 09:23:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\GooredFix Backups
[2011/01/11 09:23:02 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\user\Desktop\GooredFix.exe
[2011/01/11 08:52:21 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/01/11 08:50:50 | 000,519,680 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTM.exe
[2011/01/11 08:49:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\ERUNT
[2011/01/11 08:45:36 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2011/01/07 10:02:30 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2011/01/07 10:01:02 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2011/01/05 10:45:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\_My Filing Cabinet
[2011/01/05 10:29:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Organizer And Filing Cabinet
[2011/01/05 10:29:22 | 000,000,000 | ---D | C] -- C:\Program Files\Organizer And Filing Cabinet
[2011/01/02 10:17:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\Teav school stuff
[2010/12/23 12:22:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\Vouchers
[2010/12/22 12:50:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Ectaco
[2010/12/22 12:39:48 | 000,000,000 | ---D | C] -- C:\Program Files\LingvoSoft
[2010/12/18 20:04:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\com.inm.fusion.PixtorioViewer.744790F1545733D757EA034B675902690507C2E8.1
[2010/12/18 20:04:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2008/10/26 19:51:11 | 000,409,600 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctinpa.dll
[2008/10/26 19:51:10 | 001,187,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctserv.dll
[2008/10/26 19:51:10 | 000,983,040 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctusb1.dll
[2008/10/26 19:51:10 | 000,393,216 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctiesc.dll
[2008/10/26 19:51:10 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctprox.dll
[2008/10/26 19:51:09 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctpmui.dll
[2008/10/26 19:51:09 | 000,528,384 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctlmpm.dll
[2008/10/26 19:51:09 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctpplc.dll
[2008/10/26 19:51:08 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcthbn3.dll
[2008/10/26 19:51:07 | 000,667,648 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctcomc.dll
[2008/10/26 19:51:07 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctcomm.dll

========== Files - Modified Within 30 Days ==========

[2011/01/13 14:53:27 | 000,000,374 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2011/01/13 14:41:08 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/01/13 14:35:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/13 14:35:30 | 1474,408,448 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/13 14:27:59 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/01/13 14:14:45 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/01/13 14:08:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2210832384-2747458650-1879816375-1006UA.job
[2011/01/13 13:18:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
[2011/01/13 00:01:20 | 000,083,968 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/12 13:13:59 | 063,938,560 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2011/01/12 12:51:57 | 003,072,054 | ---- | M] () -- C:\Documents and Settings\user\Desktop\suspicious.bmp
[2011/01/12 09:03:51 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/11 18:40:27 | 000,099,801 | ---- | M] () -- C:\Documents and Settings\user\Desktop\MaximeMichelCV.docx
[2011/01/11 17:01:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/01/11 10:05:08 | 001,535,244 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Alumni_fr.pdf
[2011/01/11 09:24:59 | 001,232,020 | ---- | M] () -- C:\Documents and Settings\user\Desktop\tdsskiller.zip
[2011/01/11 09:23:04 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\user\Desktop\GooredFix.exe
[2011/01/11 08:51:00 | 000,519,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTM.exe
[2011/01/10 23:08:04 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2210832384-2747458650-1879816375-1006Core.job
[2011/01/07 15:03:48 | 000,015,173 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Caitlin.xlsx
[2011/01/07 14:15:08 | 000,213,595 | ---- | M] () -- C:\Documents and Settings\user\Desktop\00066010403_SCS3100D.pdf
[2011/01/07 11:31:34 | 000,010,060 | ---- | M] () -- C:\Documents and Settings\user\Desktop\David Gillies.docx
[2011/01/05 10:29:37 | 000,001,866 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Organizer And Filing Cabinet.lnk
[2011/01/02 11:22:39 | 000,015,915 | ---- | M] () -- C:\Documents and Settings\user\Desktop\MaximeMichelLetter.docx
[2011/01/01 17:51:46 | 000,048,128 | ---- | M] () -- C:\Documents and Settings\user\My Documents\Copy of lawrences-christmas-shopping-budget.xls
[2011/01/01 17:42:33 | 000,007,827 | ---- | M] () -- C:\Documents and Settings\user\My Documents\Xmas gift expenses 2010.xlsx
[2010/12/31 11:21:14 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\user\My Documents\Michel,Maxime.doc
[2010/12/17 11:04:56 | 000,064,901 | ---- | M] () -- C:\Documents and Settings\user\My Documents\Teav Calendar 2011.xlsx
[2010/12/17 11:04:47 | 000,064,901 | ---- | M] () -- C:\Documents and Settings\user\My Documents\PracticalSpreadsheets_2011Calendar1.xlsx
[2010/12/16 09:34:16 | 000,150,792 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/15 16:42:22 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/12/15 13:02:35 | 000,041,984 | ---- | M] () -- C:\Documents and Settings\user\My Documents\bourquet.doc
[2010/12/15 00:52:32 | 000,733,410 | ---- | M] () -- C:\Documents and Settings\user\My Documents\WritingandStyleGuide2010-2011_001.pdf

========== Files Created - No Company Name ==========

[2011/01/13 14:40:39 | 000,000,374 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2011/01/12 13:40:38 | 1474,408,448 | -HS- | C] () -- C:\hiberfil.sys
[2011/01/12 12:51:56 | 003,072,054 | ---- | C] () -- C:\Documents and Settings\user\Desktop\suspicious.bmp
[2011/01/11 10:05:08 | 001,535,244 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Alumni_fr.pdf
[2011/01/11 09:24:44 | 001,232,020 | ---- | C] () -- C:\Documents and Settings\user\Desktop\tdsskiller.zip
[2011/01/07 14:15:08 | 000,213,595 | ---- | C] () -- C:\Documents and Settings\user\Desktop\00066010403_SCS3100D.pdf
[2011/01/07 14:07:09 | 000,015,173 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Caitlin.xlsx
[2011/01/07 11:29:30 | 000,010,060 | ---- | C] () -- C:\Documents and Settings\user\Desktop\David Gillies.docx
[2011/01/05 10:29:37 | 000,001,866 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Organizer And Filing Cabinet.lnk
[2011/01/02 11:22:39 | 000,015,915 | ---- | C] () -- C:\Documents and Settings\user\Desktop\MaximeMichelLetter.docx
[2011/01/01 17:42:32 | 000,007,827 | ---- | C] () -- C:\Documents and Settings\user\My Documents\Xmas gift expenses 2010.xlsx
[2010/12/31 11:18:55 | 000,040,960 | ---- | C] () -- C:\Documents and Settings\user\My Documents\Michel,Maxime.doc
[2010/12/17 11:04:55 | 000,064,901 | ---- | C] () -- C:\Documents and Settings\user\My Documents\Teav Calendar 2011.xlsx
[2010/12/17 11:04:46 | 000,064,901 | ---- | C] () -- C:\Documents and Settings\user\My Documents\PracticalSpreadsheets_2011Calendar1.xlsx
[2010/12/15 00:52:32 | 000,733,410 | ---- | C] () -- C:\Documents and Settings\user\My Documents\WritingandStyleGuide2010-2011_001.pdf
[2010/10/21 10:06:15 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2010/01/22 23:50:58 | 000,000,416 | ---- | C] () -- C:\WINDOWS\scummvm.ini
[2009/12/18 22:05:16 | 000,000,037 | ---- | C] () -- C:\WINDOWS\Viewer.ini
[2009/12/18 22:02:29 | 000,000,765 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2009/11/16 22:41:05 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\user\Application Data\avdrn.dat
[2009/08/31 23:43:55 | 000,000,518 | ---- | C] () -- C:\WINDOWS\YUKON.INI
[2009/05/23 06:09:16 | 000,000,262 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/05/22 03:58:05 | 000,010,236 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\NetMailTmp.bin
[2008/10/26 19:56:15 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxctvs.dll
[2008/10/26 19:56:12 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\lxctcoin.dll
[2008/10/26 19:55:12 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxctdrs.dll
[2008/10/26 19:55:12 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxctcaps.dll
[2008/10/26 19:55:12 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxctcnv4.dll
[2008/10/26 19:53:55 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxctpmon.dll
[2008/10/26 19:53:55 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXCTFXPU.DLL
[2008/10/26 19:51:11 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\LXCTinst.dll
[2008/10/26 19:51:08 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\lxctgrd.dll
[2008/10/12 13:12:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ToDisc.INI
[2008/10/06 15:40:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\TPTray.INI
[2008/09/15 19:14:24 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/08/28 18:13:56 | 000,000,745 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/07/04 23:25:03 | 000,083,968 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/05 18:47:14 | 000,001,400 | ---- | C] () -- C:\Documents and Settings\user\Application Data\default.cfg
[2008/06/05 17:40:32 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2008/06/05 17:40:32 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2008/06/05 17:40:32 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2008/06/05 17:40:32 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2008/06/05 17:40:09 | 000,006,528 | ---- | C] () -- C:\WINDOWS\System32\drivers\Tbiosdrv.sys
[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/10/12 00:11:58 | 000,051,370 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/04/03 15:18:26 | 000,197,672 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2007/04/03 15:18:06 | 000,193,576 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007/03/06 16:50:30 | 001,669,664 | ---- | C] () -- C:\WINDOWS\System32\drivers\Lvckap.sys
[2006/05/04 21:33:04 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/05/03 16:13:51 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/05/03 16:09:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2006/05/03 16:07:00 | 000,036,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys
[2006/05/03 16:07:00 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2006/05/03 16:04:16 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/05/03 16:04:16 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/05/03 16:04:16 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/05/03 16:04:16 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/05/03 16:04:16 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/05/03 16:04:16 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/05/03 15:58:30 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\EBLib.DLL
[2006/05/03 15:55:22 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/05/03 13:54:56 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/05/03 13:32:48 | 000,002,392 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/05/03 13:32:34 | 000,003,584 | ---- | C] () -- C:\WINDOWS\System32\nt.dll
[2006/05/03 06:44:12 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/01/05 20:49:34 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\HWS_Ctrl.dll
[2006/01/05 19:36:22 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\EKECioCtl.dll
[2005/12/09 16:36:30 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\TPeculiarity.dll
[2005/11/23 15:55:42 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\SPCtl.dll

========== LOP Check ==========

[2008/10/26 19:53:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\5400 Series
[2010/03/25 14:36:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA-SupportBridge
[2009/08/23 23:23:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2008/10/10 20:04:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Graboid Inc
[2008/10/11 21:08:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Launcher
[2010/09/07 16:45:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2010/11/04 13:45:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Radialpoint
[2010/11/04 13:45:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Videotron
[2010/08/07 15:25:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
[2010/09/10 22:28:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\5400 Series
[2010/12/18 20:04:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\com.inm.fusion.PixtorioViewer.744790F1545733D757EA034B675902690507C2E8.1
[2009/08/23 23:32:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\DAEMON Tools Lite
[2010/12/22 12:51:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Ectaco
[2009/06/12 17:13:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Emulators
[2010/06/09 20:15:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Facebook
[2010/02/15 18:51:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Foxit
[2010/02/26 11:08:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Foxit Software
[2008/07/11 20:04:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\GarageGames
[2011/01/12 09:06:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\GetRightToGo
[2010/02/21 12:28:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Gmail Backup
[2008/10/06 23:54:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\ICAClient
[2008/07/02 23:21:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\InterVideo
[2009/08/18 13:19:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\LANCITE
[2008/08/29 15:33:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Leadertech
[2006/05/03 16:06:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\toshiba
[2010/11/04 13:45:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Videotron
[2009/04/28 09:36:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Xerox
[2011/01/13 14:14:45 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/01/13 14:41:08 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/01/13 14:53:27 | 000,000,374 | -H-- | M] () -- C:\WINDOWS\Tasks\MpIdleTask.job

========== Purity Check ==========



< End of report >


And I'm running the other scan and am about to restart the computer!
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

I really appreciate you taking this on!

I like a challenge :D

Once the SFC scan has done could you let me know if there was any warnings during the run

OK busy busy time for you now - once the sfc has completed please do the following

Download ComboFix from one of these locations:


Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#5
maximem

maximem

    Member

  • Topic Starter
  • Member
  • PipPip
  • 96 posts
Hey,

Sorry I'm posting from another computer. The combo fix has been running for about 40 minutes on my laptop and the clock is no longer updating, nothing is happening and I can't press control alt delete. Should I manually shut down or do you want me to keep it running?

*SFC scan didn't come up with any errors, it finished no problem.
I had a few popups at start up which I copied on the laptop, so I'll paste them here when I can access it!
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Is combofix running through a series of stages ? If so what number is it at

If it has just frozen then reboot the computer
  • 0

#7
maximem

maximem

    Member

  • Topic Starter
  • Member
  • PipPip
  • 96 posts
Yeah nothing has happened since the start, I assumed it was running it just had the message
"Scanning for infected files..."
This typically doesn<t take more than 10 minutes.
However, scan times for badly infected machines may easily double.

I'll re-start and try again!

Thanks :D
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
If it sticks again then try it in safe mode - do you know how to access it ?
  • 0

#9
maximem

maximem

    Member

  • Topic Starter
  • Member
  • PipPip
  • 96 posts
(yes i can definitely use safe mode)
Hmmm, so I just rebooted, and I have a blue screen of death that says this:

STOP: c000218 (Registry file failure)
The registry cannot load the hive (file):
\SYstemRoot\System32\Config\Software


Should I try to manually reset again?
Told you it was pretty screwed up :D
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes reboot - go to the safe mode menu and select last known good

We will defer the use of Combofix for now and use a less intensive programme

Let me know when you are ready
  • 0

Advertisements


#11
maximem

maximem

    Member

  • Topic Starter
  • Member
  • PipPip
  • 96 posts
Perfect I'm loading up the last known configuration as we speak!

The computer can't handle intensity, I will try to pet it to calm it down :D
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK then - we will now run an antivirus programme but I will do it in the reverse order to my normal routine - less stress :D

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

On the first tab select all elements down to Computer

Posted Image

Do not close AVPTool or it will self uninstall, if it does uninstall - then just rerun the setup file on your desktop

Now an analysis scan

Select the Manual Disinfection tab
Press the Gather System Information button
Once done Open the last report saved folder then attach the zip file to your next post zip
The file is located at C:\Users\your name\Desktop\Virus Removal Tool\setup_9.0.0.722_05.01.2011_20-34\LOG\avptool_sysinfo.zip

Posted Image
  • 0

#13
maximem

maximem

    Member

  • Topic Starter
  • Member
  • PipPip
  • 96 posts
Just to let you know I still got an error message on my last bootup:
"One of the files containing the system's registry data had to be recovered by use of a log or alternate copy. The recovery was succesful".


Here's the zip file!

Attached Files


  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK that showed nothing untoward which was good in a way

A question - do you have a windows disc in case we need to do a repair ?

And moving on a bit further

  • Run Malwarebytes
  • Update Malwarebytes' Anti-Malware .
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
  • 0

#15
maximem

maximem

    Member

  • Topic Starter
  • Member
  • PipPip
  • 96 posts
Darn. "Preparing to scan system" and it's frozen! Can't control alt delete, so I'll re-set. Should I do last known configuration again?

About a boot disk, the only thing I have a my laptop's recovery DVD, doesn't seem to say windows anywhere on it but I always assumed that's what it was?
"Product Recovery DVD-ROM. Toshiba Satellite A110"
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP