Thanks for the help again!
Here are the OTL logs.
Extras :OTL Extras logfile created on: 6/17/2011 5:49:45 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Armand\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1014.42 Mb Total Physical Memory | 326.18 Mb Available Physical Memory | 32.15% Memory free
2.39 Gb Paging File | 1.60 Gb Available in Paging File | 67.10% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.23 Gb Total Space | 16.75 Gb Free Space | 50.42% Space Free | Partition Type: NTFS
Computer Name: H3RMIT | User Name: Armand | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\IBM\Updater\jre\bin\java.exe" = C:\Program Files\IBM\Updater\jre\bin\java.exe:*:Enabled:IBM Update Connector -- (IBM)
"C:\Program Files\IBM\Updater\jre\bin\javaw.exe" = C:\Program Files\IBM\Updater\jre\bin\javaw.exe:*:Enabled:IBM Update Connector -- (IBM)
"C:\Program Files\IBM\Updater\ucsmb.exe" = C:\Program Files\IBM\Updater\ucsmb.exe:*:Enabled:IBM Update Connector -- (IBM Corporation, Inc.)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\IBM\Updater\jre\bin\java.exe" = C:\Program Files\IBM\Updater\jre\bin\java.exe:*:Enabled:IBM Update Connector -- (IBM)
"C:\Program Files\IBM\Updater\jre\bin\javaw.exe" = C:\Program Files\IBM\Updater\jre\bin\javaw.exe:*:Enabled:IBM Update Connector -- (IBM)
"C:\Program Files\IBM\Updater\ucsmb.exe" = C:\Program Files\IBM\Updater\ucsmb.exe:*:Enabled:IBM Update Connector -- (IBM Corporation, Inc.)
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = IBM ThinkVantage Technologies Welcome Message
"{11783F13-C3A9-44A8-929B-21A476F65272}" = IBM Rescue and Recovery with Rapid Restore
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = IBM DLA
"{1526D87C-A955-4FAB-BF18-697BA457E352}" = Norton WMI Update
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = IBM ThinkPad Keyboard Customizer Utility
"{22B71A00-4DED-11D4-A5E5-0004AC564F43}" = IBM Access Connections
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23DA4222-E517-42B3-8F97-9CFD49E2A732}" = AVG 2011
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java 6 Update 22
"{28DA872A-0848-48CF-B749-19A198157A2A}" = mDriver
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38D80A4C-D893-4985-BA3F-0B1D9E848CED}" = ESET Smart Security
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{633FA11B-1C0E-4ED5-9924-02222C6A2580}" = System Requirements Lab for Intel
"{6C72E14A-C1F3-45E5-8810-83CE3C19ED63}" = IBM 32-bit Runtime Environment for Java 2, v1.4.1
"{6CE96A14-61E2-48CC-837E-22710A953ADE}" = IBM Themes
"{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" = mCore
"{7169B8E4-2632-46B1-AA5F-167CB5FE5029}" = Symantec Network Drivers Update
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{72806716-7088-41B2-8FA6-717A2A164DAB}" = IBM Active Protection System
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8D815BF3-2399-459C-B121-49373FEFB9E8}" = IBM Update Connector
"{90140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140011-0061-0409-0000-0000000FF1CE}" = Microsoft Office Home and Student 2010 - English
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{91D2C605-AD2B-44C8-A0A1-9B116B3C91CB}" = AVG 2011
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = IBM RecordNow!
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2DC81B-8114-37D9-A922-95E460A1FAFB}" = Microsoft Visual Basic 2008 Express Edition - ENU
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9F0E3482-8FB8-41E3-8A04-517BCD797D91}" = AquaSnap
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{B2042D5E-986D-44EC-AEE3-AFE4108CCC93}" = Python 3.2
"{B4C0A315-07FB-39F9-85CD-8CE20C019350}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EA664480-3844-11D5-8C25-444553540000}" = IBM TrackPoint Accessibility Features
"{EC6AF20D-4376-4070-BEE4-D3A0DFF7E140}" = Access IBM
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.01.173
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F386C340-DF4B-4BBA-9503-420FB7EDB395}" = Wallpapers
"{F413B3A4-EE5D-457C-BAE5-6E58D9589ED5}" = Access IBM Message Center
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"Action Replay Code Manager_is1" = Action Replay Code Manager
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Audacity_is1" = Audacity 1.2.6
"AVG" = AVG 2011
"CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_05591014" = IBM Integrated 56K Modem
"EasyEject Utility" = IBM ThinkPad EasyEject Utility
"HitmanPro35" = Hitman Pro 3.5
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{6C72E14A-C1F3-45E5-8810-83CE3C19ED63}" = IBM 32-bit Runtime Environment for Java 2, v1.4.1
"LiveUpdate" = LiveUpdate 1.90 (Symantec Corporation)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual Basic 2008 Express Edition - ENU" = Microsoft Visual Basic 2008 Express Edition - ENU
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Power Features" = IBM ThinkPad Battery MaxiMiser and Power Management Features
"Power Management Driver" = IBM ThinkPad Power Management Driver
"Presentation Director" = IBM ThinkPad Presentation Director
"ProInst" = Intel® PROSet/Wireless Software
"PROSet" = Intel® PRO Network Adapters and Drivers
"ThinkPad Configuration" = IBM ThinkPad Configuration
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"ThinkPadSoftwareInstaller" = ThinkPad Software Installer
"TrackPoint" = IBM TrackPoint Support
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 beta 4 (32-bit)
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 6/14/2011 8:58:19 PM | Computer Name = H3RMIT | Source = MsiInstaller | ID = 11500
Description = Product: ESET Smart Security -- Error 1500. Another installation is
in progress. You must complete that installation before continuing this one.
Error - 6/14/2011 8:58:19 PM | Computer Name = H3RMIT | Source = MsiInstaller | ID = 11500
Description = Product: ESET Smart Security -- Error 1500. Another installation is
in progress. You must complete that installation before continuing this one.
Error - 6/14/2011 8:58:20 PM | Computer Name = H3RMIT | Source = MsiInstaller | ID = 11500
Description = Product: ESET Smart Security -- Error 1500. Another installation is
in progress. You must complete that installation before continuing this one.
Error - 6/14/2011 8:58:27 PM | Computer Name = H3RMIT | Source = MsiInstaller | ID = 11500
Description = Product: ESET Smart Security -- Error 1500. Another installation is
in progress. You must complete that installation before continuing this one.
Error - 6/14/2011 8:58:27 PM | Computer Name = H3RMIT | Source = MsiInstaller | ID = 11500
Description = Product: ESET Smart Security -- Error 1500. Another installation is
in progress. You must complete that installation before continuing this one.
Error - 6/14/2011 8:58:27 PM | Computer Name = H3RMIT | Source = MsiInstaller | ID = 11500
Description = Product: ESET Smart Security -- Error 1500. Another installation is
in progress. You must complete that installation before continuing this one.
Error - 6/14/2011 8:58:28 PM | Computer Name = H3RMIT | Source = MsiInstaller | ID = 11500
Description = Product: ESET Smart Security -- Error 1500. Another installation is
in progress. You must complete that installation before continuing this one.
Error - 6/14/2011 8:58:28 PM | Computer Name = H3RMIT | Source = MsiInstaller | ID = 11500
Description = Product: ESET Smart Security -- Error 1500. Another installation is
in progress. You must complete that installation before continuing this one.
Error - 6/14/2011 8:58:29 PM | Computer Name = H3RMIT | Source = MsiInstaller | ID = 11500
Description = Product: ESET Smart Security -- Error 1500. Another installation is
in progress. You must complete that installation before continuing this one.
Error - 6/16/2011 6:30:31 PM | Computer Name = H3RMIT | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0061-0409-0000-0000000FF1CE}):
DownloadLatest Failed: The server name or address could not be resolved
[ Application Events ]
Error - 6/14/2011 8:58:19 PM | Computer Name = H3RMIT | Source = MsiInstaller | ID = 11500
Description = Product: ESET Smart Security -- Error 1500. Another installation is
in progress. You must complete that installation before continuing this one.
Error - 6/14/2011 8:58:19 PM | Computer Name = H3RMIT | Source = MsiInstaller | ID = 11500
Description = Product: ESET Smart Security -- Error 1500. Another installation is
in progress. You must complete that installation before continuing this one.
Error - 6/14/2011 8:58:20 PM | Computer Name = H3RMIT | Source = MsiInstaller | ID = 11500
Description = Product: ESET Smart Security -- Error 1500. Another installation is
in progress. You must complete that installation before continuing this one.
Error - 6/14/2011 8:58:27 PM | Computer Name = H3RMIT | Source = MsiInstaller | ID = 11500
Description = Product: ESET Smart Security -- Error 1500. Another installation is
in progress. You must complete that installation before continuing this one.
Error - 6/14/2011 8:58:27 PM | Computer Name = H3RMIT | Source = MsiInstaller | ID = 11500
Description = Product: ESET Smart Security -- Error 1500. Another installation is
in progress. You must complete that installation before continuing this one.
Error - 6/14/2011 8:58:27 PM | Computer Name = H3RMIT | Source = MsiInstaller | ID = 11500
Description = Product: ESET Smart Security -- Error 1500. Another installation is
in progress. You must complete that installation before continuing this one.
Error - 6/14/2011 8:58:28 PM | Computer Name = H3RMIT | Source = MsiInstaller | ID = 11500
Description = Product: ESET Smart Security -- Error 1500. Another installation is
in progress. You must complete that installation before continuing this one.
Error - 6/14/2011 8:58:28 PM | Computer Name = H3RMIT | Source = MsiInstaller | ID = 11500
Description = Product: ESET Smart Security -- Error 1500. Another installation is
in progress. You must complete that installation before continuing this one.
Error - 6/14/2011 8:58:29 PM | Computer Name = H3RMIT | Source = MsiInstaller | ID = 11500
Description = Product: ESET Smart Security -- Error 1500. Another installation is
in progress. You must complete that installation before continuing this one.
Error - 6/16/2011 6:30:31 PM | Computer Name = H3RMIT | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0061-0409-0000-0000000FF1CE}):
DownloadLatest Failed: The server name or address could not be resolved
[ System Events ]
Error - 6/14/2011 6:37:44 PM | Computer Name = H3RMIT | Source = PlugPlayManager | ID = 12
Description = The device 'Communications Port (COM1)' (ACPI\PNP0501\4&61f3b4b&0)
disappeared from the system without first being prepared for removal.
Error - 6/14/2011 6:37:44 PM | Computer Name = H3RMIT | Source = PlugPlayManager | ID = 12
Description = The device 'Printer Port (LPT1)' (ACPI\PNP0400\4&61f3b4b&0) disappeared
from the system without first being prepared for removal.
Error - 6/14/2011 6:37:44 PM | Computer Name = H3RMIT | Source = PlugPlayManager | ID = 12
Description = The device 'Printer Port Logical Interface' (LPTENUM\MicrosoftRawPort\5&1178ad2a&0&LPT1)
disappeared from the system without first being prepared for removal.
Error - 6/14/2011 6:37:47 PM | Computer Name = H3RMIT | Source = PlugPlayManager | ID = 12
Description = The device 'MATSHITA UJDA755yDVD/CDRW' (IDE\CdRomMATSHITA_UJDA755yDVD/CDRW_______________1.71____\5&3ccf215&0&0.0.0)
disappeared from the system without first being prepared for removal.
Error - 6/14/2011 7:06:29 PM | Computer Name = H3RMIT | Source = Service Control Manager | ID = 7034
Description = The Spectrum24 Event Monitor service terminated unexpectedly. It
has done this 1 time(s).
Error - 6/16/2011 6:29:44 PM | Computer Name = H3RMIT | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the stisvc service.
Error - 6/16/2011 6:39:42 PM | Computer Name = H3RMIT | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
HAYDEEM that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{CE57C184-BAC5-435E-9. The master browser is stopping or an election
is being forced.
Error - 6/16/2011 7:42:16 PM | Computer Name = H3RMIT | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Schedule service.
Error - 6/17/2011 5:16:15 PM | Computer Name = H3RMIT | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the stisvc service.
Error - 6/17/2011 5:23:27 PM | Computer Name = H3RMIT | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
HAYZIL that believes that it is the master browser for the domain on transport NetBT_Tcpip_{CE57C184-BAC5-435E-93.
The
master browser is stopping or an election is being forced.
< End of report >
OTL : OTL logfile created on: 6/17/2011 5:49:45 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Armand\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1014.42 Mb Total Physical Memory | 326.18 Mb Available Physical Memory | 32.15% Memory free
2.39 Gb Paging File | 1.60 Gb Available in Paging File | 67.10% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.23 Gb Total Space | 16.75 Gb Free Space | 50.42% Space Free | Partition Type: NTFS
Computer Name: H3RMIT | User Name: Armand | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - File not found --
PRC - [2011/04/30 00:07:26 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/01/21 23:54:18 | 000,875,008 | ---- | M] (
http://www.nurgo-software.com) -- C:\Program Files\AquaSnap\AquaSnap.Daemon.exe
PRC - [2011/01/12 16:41:42 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2011/01/12 16:41:24 | 002,219,184 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2010/05/14 12:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/04/24 01:10:54 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/04/24 01:10:44 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2008/04/14 09:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/03/18 06:07:00 | 000,745,472 | ---- | M] (IBM Corp.) -- C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
PRC - [2005/03/18 06:07:00 | 000,077,824 | ---- | M] (IBM Corp.) -- C:\WINDOWS\system32\QCONSVC.EXE
PRC - [2005/03/03 20:10:32 | 000,094,208 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
PRC - [2004/12/16 07:49:44 | 000,385,024 | ---- | M] () -- C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
PRC - [2004/12/16 06:41:56 | 000,090,112 | ---- | M] (IBM Corp.) -- C:\IBMTOOLS\utils\ibmprc.exe
PRC - [2004/11/02 17:59:50 | 000,316,544 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\Security Center\symwsc.exe
PRC - [2004/07/22 05:01:00 | 000,442,368 | ---- | M] (IBM) -- C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
PRC - [2003/07/11 21:19:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe
PRC - [2002/01/10 18:01:34 | 000,065,536 | ---- | M] (IBM Corporation) -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
========== Modules (SafeList) ========== MOD - [2011/01/21 23:54:24 | 000,256,512 | ---- | M] () -- C:\Program Files\AquaSnap\AquaSnap.Hook.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- -- (PsaSrv)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/10 15:29:24 | 000,150,528 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2011/01/12 16:44:02 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EHttpSrv)
SRV - [2011/01/12 16:41:42 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2010/04/24 01:10:54 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/04/24 01:10:44 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2005/03/18 06:07:00 | 000,077,824 | ---- | M] (IBM Corp.) [Auto | Running] -- C:\WINDOWS\system32\QCONSVC.EXE -- (QCONSVC)
SRV - [2005/01/21 23:32:12 | 000,206,552 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2004/12/16 07:49:44 | 000,385,024 | ---- | M] () [Auto | Running] -- C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe -- (IBM Rapid Restore Ultra Service)
SRV - [2004/11/02 17:59:50 | 000,316,544 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- (SymWSC)
SRV - [2003/07/11 21:19:22 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)
========== Driver Services (SafeList) ========== DRV - File not found [Kernel | Disabled | Running] -- -- (SAVRTPEL)
DRV - [2011/04/14 21:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/12/21 15:04:06 | 000,141,264 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2010/12/21 15:04:06 | 000,115,008 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010/12/21 13:47:38 | 000,134,000 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2010/12/21 13:47:38 | 000,033,120 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2010/10/07 16:38:32 | 000,013,184 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2010/08/03 12:28:36 | 000,055,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2010/04/24 01:10:54 | 000,018,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sftvolxp.sys -- (Sftvol)
DRV - [2010/04/24 01:10:52 | 000,020,584 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sftredirxp.sys -- (Sftredir)
DRV - [2010/04/24 01:10:50 | 000,211,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sftplayxp.sys -- (Sftplay)
DRV - [2010/04/24 01:10:44 | 000,554,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sftfsxp.sys -- (Sftfs)
DRV - [2009/11/11 08:26:02 | 002,216,064 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2007/02/08 13:45:00 | 000,029,184 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ActionReplayDS.sys -- (ActionReplayDS)
DRV - [2005/03/18 06:07:00 | 000,012,288 | ---- | M] (IBM Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qcndisif.sys -- (QCNDISIF)
DRV - [2005/03/18 06:07:00 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2005/03/18 06:07:00 | 000,002,432 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.SYS -- (IBMTPCHK)
DRV - [2005/01/21 23:31:50 | 000,267,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2005/01/21 23:31:48 | 000,026,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2004/12/16 07:12:20 | 000,063,616 | ---- | M] (IBM) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ibmfilter.sys -- (ibmfilter)
DRV - [2004/10/15 13:20:04 | 000,011,354 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2004/07/29 04:37:00 | 000,016,384 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWR.SYS -- (TPPWR)
DRV - [2004/07/29 04:36:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
DRV - [2004/07/29 04:36:00 | 000,009,341 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
DRV - [2004/07/22 18:25:58 | 000,197,888 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2004/07/22 18:24:52 | 000,676,096 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/07/22 18:24:20 | 001,041,152 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/07/15 05:31:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2003/11/21 14:07:52 | 000,082,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2001/08/17 13:49:10 | 000,026,624 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irstusb.sys -- (STIrUsb)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems:
[email protected]:1.0
FF - HKLM\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/06/14 00:51:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/30 00:08:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/10 23:31:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\
[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011/06/14 21:01:12 | 000,000,000 | ---D | M]
[2010/12/25 03:31:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Armand\Application Data\Mozilla\Extensions
[2011/03/21 21:22:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Armand\Application Data\Mozilla\Firefox\Profiles\sedwf73q.default\extensions
[2011/02/05 01:09:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Armand\Application Data\Mozilla\Firefox\Profiles\sedwf73q.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/12 21:35:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/13 17:18:50 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/01/20 18:32:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) --
[2011/06/14 00:51:09 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
[2011/01/20 18:32:02 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/04/30 00:07:12 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/01/20 18:32:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
O1 HOSTS File: ([2004/08/04 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BMMGAG] C:\Program Files\ThinkPad\Utilities\PWRMONIT.DLL (IBM Corp.)
O4 - HKLM..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE ()
O4 - HKLM..\Run: [BMMMONWND] C:\Program Files\ThinkPad\Utilities\BATINFEX.DLL ()
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe ()
O4 - HKLM..\Run: [IBMPRC] C:\IBMTOOLS\utils\ibmprc.exe (IBM Corp.)
O4 - HKLM..\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE (IBM Corp.)
O4 - HKLM..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE (IBM Corp.)
O4 - HKLM..\Run: [Symantec NetDriver Monitor] C:\Program Files\SymNetDrv\SNDMon.exe (Symantec Corporation)
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (IBM Corporation)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe ()
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (IBM Corp.)
O4 - HKLM..\Run: [UC_SMB] File not found
O4 - HKLM..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe ()
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [VisualTooltip] File not found
O4 - HKCU..\Run: [AeroSnap] File not found
O4 - HKCU..\Run: [AquaSnap] C:\Program Files\AquaSnap\AquaSnap.Daemon.exe (
http://www.nurgo-software.com)
O4 - HKCU..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe (IBM)
O4 - HKCU..\Run: [Malware Protection] File not found
O4 - HKCU..\Run: [Sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson)
O4 - HKCU..\Run: [ViStart] File not found
O4 - HKCU..\Run: [YDZ1QVAGOJ] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}
http://java.sun.com/...all-141-win.cab (Java Plug-in 1.4.1)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\QConGina: DllName - QConGina.dll - C:\WINDOWS\System32\QConGina.dll (IBM Corp.)
O20 - Winlogon\Notify\tphotkey: DllName - tphklock.dll - C:\WINDOWS\System32\tphklock.dll ()
O24 - Desktop Components:0 () -
http://assets.tumblr...png?alpha&5O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Armand\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Armand\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/12/25 06:30:05 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{ee057ec8-2424-11e0-9174-0012f098e6fe}\Shell\AutoRun\command - "" = D:\pccompanion\Startme.exe
O33 - MountPoints2\{ee057ec8-2424-11e0-9174-0012f098e6fe}\Shell\menu1\command - "" = D:\pccompanion\Startme.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\setuppls.exe /AUTORUN
O33 - MountPoints2\D\Shell\configure\command - "" = D:\setuppls.exe
O33 - MountPoints2\D\Shell\install\command - "" = D:\setuppls.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ========== [2011/06/17 17:47:53 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Armand\Desktop\OTL.exe
[2011/06/14 21:07:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Armand\Local Settings\Application Data\ESET
[2011/06/14 21:07:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Armand\Application Data\ESET
[2011/06/14 21:04:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET
[2011/06/14 21:02:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/06/14 21:00:31 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/06/14 21:00:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ESET
[2011/06/14 21:00:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2011/06/14 20:31:06 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/06/14 00:53:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2011
[2011/06/14 00:43:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/06/13 23:40:44 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2011/06/13 19:38:22 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/06/13 19:38:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Hitman Pro 3.5
[2011/06/13 19:37:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/06/13 19:30:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2011/06/13 18:46:28 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/06/13 18:46:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/06/13 18:38:42 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/06/13 16:05:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Tools
[2011/06/13 16:05:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2011/06/13 16:03:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\ShellNew
[2011/06/11 11:36:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Home and Student (English)
[2011/06/11 11:33:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011/06/11 11:33:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\SoftGrid Client
[2011/06/11 11:33:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Microsoft
[2011/06/11 11:33:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011/06/11 11:33:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Application Virtualization Client
[2011/06/11 10:45:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Virtualized Applications
[2011/05/25 21:05:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Armand\My Documents\Portal 2 OST
[21 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2011/06/17 17:50:00 | 000,000,286 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/06/17 17:48:07 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Armand\Desktop\OTL.exe
[2011/06/17 17:48:01 | 000,000,286 | -H-- | M] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2011/06/17 17:36:01 | 000,000,248 | -H-- | M] () -- C:\WINDOWS\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011/06/17 17:29:17 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/16 18:40:33 | 118,836,835 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/06/14 20:32:04 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/06/14 01:08:37 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/14 01:05:55 | 000,000,314 | -HS- | M] () -- C:\WINDOWS\tasks\yqrfjp.job
[2011/06/14 01:05:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/14 01:05:11 | 1063,768,064 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/14 00:53:30 | 000,000,701 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/06/14 00:11:19 | 000,017,480 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/06/13 21:34:46 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/06/13 19:38:22 | 000,001,674 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2011/06/13 18:38:23 | 000,116,560 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/13 17:57:38 | 000,136,704 | RHS- | M] () -- C:\WINDOWS\System32\kbdazel2.dll
[2011/06/13 16:06:46 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2011/06/13 16:05:39 | 000,001,741 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2011/06/12 03:03:36 | 000,442,136 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/12 03:03:35 | 000,071,648 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/31 20:01:00 | 000,001,916 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Sony Ericsson PC Companion 2.0.lnk
[21 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ========== [2011/06/16 18:40:33 | 118,836,835 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/06/14 00:53:30 | 000,000,701 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/06/13 19:45:02 | 1063,768,064 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/13 19:38:24 | 000,017,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/06/13 19:38:22 | 000,001,674 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2011/06/13 17:57:41 | 000,000,314 | -HS- | C] () -- C:\WINDOWS\tasks\yqrfjp.job
[2011/06/13 17:57:37 | 000,136,704 | RHS- | C] () -- C:\WINDOWS\System32\kbdazel2.dll
[2011/06/13 17:56:33 | 000,000,286 | -H-- | C] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2011/06/13 17:56:27 | 000,000,286 | -H-- | C] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/06/13 16:06:45 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/06/13 16:05:36 | 000,002,489 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
[2011/06/13 16:05:36 | 000,002,002 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft PowerPoint.lnk
[2011/06/13 16:05:36 | 000,001,741 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2011/06/13 16:05:35 | 000,002,030 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Excel.lnk
[2011/06/05 11:58:18 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/05/30 22:05:28 | 000,000,248 | -H-- | C] () -- C:\WINDOWS\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011/04/12 21:42:46 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/01/16 22:28:55 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Armand\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/25 03:31:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/10/07 16:50:30 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2010/10/07 16:49:16 | 000,184,320 | ---- | C] () -- C:\WINDOWS\TPBATHLP.EXE
[2010/10/07 16:44:05 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2010/10/07 16:43:22 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2010/10/07 16:43:22 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2010/10/07 16:42:39 | 000,002,432 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.SYS
[2010/10/07 16:38:36 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\psasrv.exe
[2010/10/07 16:32:16 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2010/10/07 16:32:16 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2010/10/07 16:32:16 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2010/10/07 16:32:16 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2010/10/07 16:32:16 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2010/10/07 16:32:16 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2010/10/07 16:30:48 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/10/07 16:23:57 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll
[2010/10/07 16:23:10 | 000,009,341 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2010/10/07 16:20:53 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TpKmpSvc.exe
[2010/10/07 16:20:42 | 000,114,688 | ---- | C] () -- C:\WINDOWS\_tpiu000.exe
[2010/10/07 16:13:14 | 000,002,481 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2010/10/07 15:59:17 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll
[2004/12/16 06:41:58 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\pwdmon.dll
[2004/12/16 06:41:58 | 000,019,853 | ---- | C] () -- C:\WINDOWS\ibmprc.ini
[2004/11/08 20:12:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/09 14:03:43 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/09 14:01:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/09 13:51:56 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/09 13:46:20 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/09 13:45:31 | 000,116,560 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/01/09 09:10:32 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\AIBMRUNL.dll
[2002/01/09 21:38:20 | 000,106,496 | ---- | C] () -- C:\WINDOWS\desktopset.exe
[2001/08/23 10:26:08 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2001/08/23 10:24:30 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[1980/01/01 03:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[1980/01/01 03:00:00 | 000,442,136 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[1980/01/01 03:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[1980/01/01 03:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[1980/01/01 03:00:00 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[1980/01/01 03:00:00 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\tp4uires.dll
[1980/01/01 03:00:00 | 000,071,648 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[1980/01/01 03:00:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\tp4unins.exe
[1980/01/01 03:00:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ibmpmsvc.exe
[1980/01/01 03:00:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\tpinspm.dll
[1980/01/01 03:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[1980/01/01 03:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[1980/01/01 03:00:00 | 000,005,600 | ---- | C] () -- C:\WINDOWS\System32\tp4table.dat
[1980/01/01 03:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[1980/01/01 03:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[1980/01/01 03:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
========== LOP Check ========== [2011/06/14 00:57:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/04/18 20:20:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/06/14 21:00:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2011/06/13 19:37:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/10/07 16:31:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ibm
[2011/06/14 00:41:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/06/11 10:45:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Virtualized Applications
[2011/04/16 14:40:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VirtualizedApplications
[2011/01/20 19:22:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\~0
[2011/01/28 20:23:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armand\Application Data\AeroSnapApp
[2011/04/18 20:22:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armand\Application Data\AVG10
[2011/06/14 21:07:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armand\Application Data\ESET
[2011/01/18 22:18:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armand\Application Data\IBM
[2011/06/14 01:02:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armand\Application Data\SoftGrid Client
[2011/01/20 18:37:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armand\Application Data\SystemRequirementsLab
[2011/06/11 11:38:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armand\Application Data\TP
[2011/04/26 23:28:05 | 000,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\BMMTask.job
[2011/06/14 01:05:55 | 000,000,314 | -HS- | M] () -- C:\WINDOWS\Tasks\yqrfjp.job
[2011/06/17 17:50:00 | 000,000,286 | -H-- | M] () -- C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/06/17 17:36:01 | 000,000,248 | -H-- | M] () -- C:\WINDOWS\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011/06/17 17:48:01 | 000,000,286 | -H-- | M] () -- C:\WINDOWS\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
========== Purity Check ========== < End of report >
Here is the aswMBR log : aswMBR version 0.9.6.399 Copyright© 2011 AVAST Software
Run date: 2011-06-17 18:00:20
-----------------------------
18:00:20.265 OS Version: Windows 5.1.2600 Service Pack 3
18:00:20.265 Number of processors: 1 586 0xD06
18:00:20.265 ComputerName: H3RMIT UserName: Armand
18:00:22.390 Initialize success
18:01:46.750 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
18:01:46.750 Disk 0 Vendor: HITACHI_DK13FA-40B 00MCA0B7 Size: 38154MB BusType: 3
18:01:48.890 Disk 0 MBR read successfully
18:01:48.906 Disk 0 MBR scan
18:01:48.906 Disk 0 unknown MBR code
18:01:50.906 Disk 0 scanning sectors +78140160
18:01:51.000 Disk 0 scanning C:\WINDOWS\system32\drivers
18:02:01.828 Service scanning
18:02:03.296 Disk 0 trace - called modules:
18:02:03.453 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
18:02:03.453 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f5bab8]
18:02:03.453 3 CLASSPNP.SYS[f765bfd7] -> nt!IofCallDriver -> \Device\00000095[0x86f369e8]
18:02:03.453 5 ACPI.sys[f75c2620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86edf940]
18:02:03.453 Scan finished successfully
18:02:48.609 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Armand\Desktop\MBR.dat"
18:02:48.609 The log file has been saved successfully to "C:\Documents and Settings\Armand\Desktop\aswMBR.txt"