Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

win32/small.ca shutting down my computer

Started by unique101sd , Sep 02 2013 02:35 AM

Please log in to reply

#1
unique101sd

Posted 02 September 2013 - 02:35 AM

Member

Member
65 posts

I'm hoping that someone can help me. When I started my computer, my computer shut down and I received a blue screen. When I restarted my computer, I received a noticed that my computer had been shut down due to an error and I was asked if I wanted to report the problem to Microsoft. Upon sending the report to Microsoft, Microsoft reported that the problem was due to Win32/small.ca. I ran ESET Smart Security 6. No infection was detected. However, the next time I restarted my computer, a grey system error box opened. It mentioned Win32/small.ca. The box contained a timer that counted down from 30 seconds. Upon completion of the countdown, my computer shut down again. Please help me remove this infection. Your help would be greatly appreciated.

OTL logfile created on: 9/2/2013 1:03:36 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Andre Stone\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 1.23 Gb Available Physical Memory | 62.78% Memory free
3.81 Gb Paging File | 3.28 Gb Available in Paging File | 85.88% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 31.69 Gb Total Space | 4.26 Gb Free Space | 13.44% Space Free | Partition Type: NTFS

Computer Name: ANDRESTONE | User Name: Andre Stone | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/02 01:03:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andre Stone\My Documents\Downloads\OTL.exe
PRC - [2013/08/18 19:51:34 | 000,276,376 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/04/02 03:01:48 | 000,240,264 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.2.233.0\SeaPort.EXE
PRC - [2013/03/21 15:19:46 | 001,341,664 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2013/03/21 15:19:40 | 005,078,504 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2012/07/05 22:07:00 | 000,161,704 | ---- | M] (Oracle Corporation) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
PRC - [2010/03/10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009/11/15 01:40:46 | 000,427,296 | ---- | M] (Apple Inc.) -- C:\Program Files\Boot Camp\KbdMgr.exe
PRC - [2009/11/15 01:40:46 | 000,099,640 | ---- | M] (Apple Inc.) -- C:\WINDOWS\system32\AppleTimeSrv.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2013/08/21 10:57:48 | 016,166,280 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll
MOD - [2013/08/18 19:51:33 | 003,551,640 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll

========== Services (SafeList) ==========

SRV - [2013/08/21 10:57:50 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/08/18 19:51:34 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/04/02 03:01:48 | 000,240,264 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files\Microsoft\BingBar\7.2.233.0\SeaPort.EXE -- (BBUpdate)
SRV - [2013/04/02 03:01:48 | 000,193,672 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\7.2.233.0\BBSvc.EXE -- (BBSvc)
SRV - [2013/03/21 15:19:46 | 001,341,664 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2013/02/05 08:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2012/07/05 22:07:00 | 000,161,704 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2010/03/10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/11/15 01:40:46 | 000,136,504 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\AppleOSSMgr.exe -- (AppleOSSMgr)
SRV - [2009/11/15 01:40:46 | 000,099,640 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\WINDOWS\system32\AppleTimeSrv.exe -- (AppleTimeSrv)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCTINDIS5.SYS -- (PCTINDIS5)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pctnullport.sys -- (Nmea)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/02/20 11:07:38 | 000,062,512 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2013/01/10 15:08:16 | 000,150,080 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2013/01/10 15:08:16 | 000,040,376 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2013/01/10 15:08:14 | 000,161,368 | ---- | M] (ESET) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2013/01/10 15:08:14 | 000,122,240 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010/11/16 17:24:48 | 000,013,880 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\regi.sys -- (regi)
DRV - [2009/11/15 01:40:46 | 000,005,760 | ---- | M] (Apple Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\KeyAgent.sys -- (KeyAgent)
DRV - [2009/10/16 09:36:50 | 000,023,552 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KeyMagic.sys -- (KeyMagic)
DRV - [2008/10/15 11:58:34 | 000,171,144 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWNC5E00.sys -- (SWNC5E00)
DRV - [2008/10/15 11:58:34 | 000,149,512 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swmx00.sys -- (swmx00)
DRV - [2008/10/15 11:58:34 | 000,024,840 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2008/10/15 11:58:32 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2008/10/15 11:58:26 | 000,222,720 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2008/04/15 16:36:37 | 004,625,408 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008/04/15 15:29:47 | 000,009,088 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\applebt.sys -- (applebt)
DRV - [2008/02/08 11:00:34 | 000,255,232 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2008/02/08 10:58:26 | 001,123,328 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/02/08 10:57:29 | 000,017,664 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iSightUP.sys -- (iSightUpdate)
DRV - [2008/02/08 10:57:29 | 000,007,680 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iSightFT.sys -- (DevUpper)
DRV - [2008/02/08 10:57:16 | 000,035,072 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aapltp.sys -- (aapltp)
DRV - [2008/02/08 10:57:16 | 000,004,224 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aapltctp.sys -- (aapltctp)
DRV - [2008/02/08 10:56:41 | 000,016,512 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IRFilter.sys -- (IRRemoteFlt)
DRV - [2008/02/08 10:55:48 | 000,006,528 | ---- | M] (Apple Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\MacHALDriver.sys -- (MacHALDriver)
DRV - [2008/02/08 10:54:57 | 000,007,424 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BthKicker.sys -- (BthKicker)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.c...ferrer:source?}
IE - HKCU\..\SearchScopes,DefaultScope = {0DBB56C1-9F15-4BEA-B941-61BEF68A5FF6}
IE - HKCU\..\SearchScopes\{0DBB56C1-9F15-4BEA-B941-61BEF68A5FF6}: "URL" = http://search.live.c...ferrer:source?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/08/18 19:51:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/08/18 19:51:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013/09/01 01:49:30 | 000,000,000 | ---D | M]

[2009/07/14 19:07:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Andre Stone\Application Data\Mozilla\Extensions
[2013/08/18 19:51:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/08/18 19:51:35 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2009/07/06 05:46:09 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll File not found
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.2.233.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.2.233.0\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\KbdMgr.exe (Apple Inc.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx File not found
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0B72CCA4-5F11-11D0-9CB5-0000C0EC9FDB} http://www2.stlu.com...eetnoagent7.cab (Street Technologies ActiveX Control Object)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.t...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symant...ex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EC0F273D-8DE3-48E8-9C63-7F5D437A7ED8}: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Andre Stone\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Andre Stone\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/17 18:42:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{19f49eb4-aa27-11df-97dd-001ff3b0c9c5}\Shell - "" = AutoRun
O33 - MountPoints2\{19f49eb4-aa27-11df-97dd-001ff3b0c9c5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{19f49eb4-aa27-11df-97dd-001ff3b0c9c5}\Shell\AutoRun\command - "" = E:\WIN\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/01 01:48:52 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/09/01 01:48:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ESET
[2013/09/01 01:48:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2013/08/21 17:55:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andre Stone\My Documents\Coronado Cays Yacht Club
[2013/08/20 13:46:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andre Stone\My Documents\Coronado Baptist Church
[2013/08/20 10:55:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andre Stone\My Documents\Upwind Solutions
[2013/08/18 19:51:18 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/08/15 17:30:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andre Stone\Application Data\com.kmbs.Paperwork
[2013/08/15 17:23:26 | 000,000,000 | ---D | C] -- C:\Program Files\Paperwork

========== Files - Modified Within 30 Days ==========

[2013/09/02 00:57:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/09/02 00:37:01 | 000,000,324 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2013/09/02 00:36:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/08/29 10:16:30 | 000,061,917 | ---- | M] () -- C:\Documents and Settings\Andre Stone\Desktop\ailey.jpg
[2013/08/29 09:37:19 | 002,336,311 | ---- | M] () -- C:\Documents and Settings\Andre Stone\My Documents\Media_Guide_Consumer.pdf
[2013/08/28 11:11:49 | 000,374,294 | ---- | M] () -- C:\Documents and Settings\Andre Stone\Desktop\La Hacienda KM Lease.pdf
[2013/08/28 11:10:59 | 000,320,931 | ---- | M] () -- C:\Documents and Settings\Andre Stone\Desktop\La Hacienda Service Contract.pdf
[2013/08/27 22:57:43 | 000,128,211 | ---- | M] () -- C:\Documents and Settings\Andre Stone\Desktop\MLK_Article_Img_686x386.jpg
[2013/08/27 12:13:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/08/25 21:36:30 | 000,013,159 | ---- | M] () -- C:\Documents and Settings\Andre Stone\Desktop\998920_10151807762369288_1760383574_n.jpg
[2013/08/25 21:36:15 | 000,044,441 | ---- | M] () -- C:\Documents and Settings\Andre Stone\Desktop\970981_10151751667319288_488861101_n.jpg
[2013/08/25 06:52:08 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/08/22 19:17:03 | 005,582,134 | ---- | M] () -- C:\Documents and Settings\Andre Stone\My Documents\C454e Specification & Installation Guide - bizhub_C554e_C454e_Spec_and_Install_Guide.pdf
[2013/08/22 19:10:41 | 002,297,763 | ---- | M] () -- C:\Documents and Settings\Andre Stone\Desktop\C654e Specification & Installation Guide - bizhub_C754e_C654e_Spec_and_Install_Guide.pdf
[2013/08/20 10:45:59 | 000,079,318 | ---- | M] () -- C:\Documents and Settings\Andre Stone\Desktop\bizhubc454e_large.jpg
[2013/08/16 15:04:22 | 000,024,459 | ---- | M] () -- C:\Documents and Settings\Andre Stone\Desktop\Component Control Move Form.pdf
[2013/08/15 17:23:27 | 000,000,648 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Paperwork.lnk
[2013/08/14 22:03:51 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/08/14 12:14:24 | 000,523,724 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/08/14 12:14:24 | 000,095,466 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/08/09 10:18:37 | 000,115,245 | ---- | M] () -- C:\Documents and Settings\Andre Stone\Desktop\OPS Strategy Form.pdf
[2013/08/09 09:29:54 | 000,128,579 | ---- | M] () -- C:\Documents and Settings\Andre Stone\Desktop\Strategy & Assessment Form v9-1.pdf
[2013/08/07 09:30:28 | 000,075,439 | ---- | M] () -- C:\Documents and Settings\Andre Stone\Desktop\Andre_92103 & 92118_Legal1.pdf
[2013/08/05 11:04:25 | 000,304,232 | ---- | M] () -- C:\Documents and Settings\Andre Stone\Desktop\MFPCloseout_SalesRep_030813.pdf

========== Files Created - No Company Name ==========

[2013/08/29 10:16:30 | 000,061,917 | ---- | C] () -- C:\Documents and Settings\Andre Stone\Desktop\ailey.jpg
[2013/08/28 11:26:50 | 002,336,311 | ---- | C] () -- C:\Documents and Settings\Andre Stone\My Documents\Media_Guide_Consumer.pdf
[2013/08/28 11:11:49 | 000,374,294 | ---- | C] () -- C:\Documents and Settings\Andre Stone\Desktop\La Hacienda KM Lease.pdf
[2013/08/28 11:10:59 | 000,320,931 | ---- | C] () -- C:\Documents and Settings\Andre Stone\Desktop\La Hacienda Service Contract.pdf
[2013/08/27 22:57:41 | 000,128,211 | ---- | C] () -- C:\Documents and Settings\Andre Stone\Desktop\MLK_Article_Img_686x386.jpg
[2013/08/25 21:36:29 | 000,013,159 | ---- | C] () -- C:\Documents and Settings\Andre Stone\Desktop\998920_10151807762369288_1760383574_n.jpg
[2013/08/25 21:36:13 | 000,044,441 | ---- | C] () -- C:\Documents and Settings\Andre Stone\Desktop\970981_10151751667319288_488861101_n.jpg
[2013/08/22 19:17:03 | 005,582,134 | ---- | C] () -- C:\Documents and Settings\Andre Stone\My Documents\C454e Specification & Installation Guide - bizhub_C554e_C454e_Spec_and_Install_Guide.pdf
[2013/08/22 19:10:41 | 002,297,763 | ---- | C] () -- C:\Documents and Settings\Andre Stone\Desktop\C654e Specification & Installation Guide - bizhub_C754e_C654e_Spec_and_Install_Guide.pdf
[2013/08/20 10:45:58 | 000,079,318 | ---- | C] () -- C:\Documents and Settings\Andre Stone\Desktop\bizhubc454e_large.jpg
[2013/08/16 15:04:22 | 000,024,459 | ---- | C] () -- C:\Documents and Settings\Andre Stone\Desktop\Component Control Move Form.pdf
[2013/08/09 10:18:37 | 000,115,245 | ---- | C] () -- C:\Documents and Settings\Andre Stone\Desktop\OPS Strategy Form.pdf
[2013/08/09 09:29:54 | 000,128,579 | ---- | C] () -- C:\Documents and Settings\Andre Stone\Desktop\Strategy & Assessment Form v9-1.pdf
[2013/08/07 09:30:28 | 000,075,439 | ---- | C] () -- C:\Documents and Settings\Andre Stone\Desktop\Andre_92103 & 92118_Legal1.pdf
[2013/08/05 11:04:25 | 000,304,232 | ---- | C] () -- C:\Documents and Settings\Andre Stone\Desktop\MFPCloseout_SalesRep_030813.pdf
[2012/10/25 01:44:05 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/15 14:35:33 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2008/07/30 00:40:05 | 000,046,592 | ---- | C] () -- C:\Documents and Settings\Andre Stone\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2009/04/07 14:39:36 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 17:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 17:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/05/06 00:29:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/02/09 18:19:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Aimersoft DVD Ripper
[2013/09/01 01:48:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2012/11/05 11:41:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IBMERS
[2012/10/25 00:55:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/08/17 12:51:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sprint
[2013/02/12 03:45:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\xml_param
[2013/08/15 17:30:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andre Stone\Application Data\com.kmbs.Paperwork
[2009/12/17 10:53:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andre Stone\Application Data\com.kmbs.Paperwork.A297539FD1E76821C9C59643DA1370B7E26631B8.1
[2011/07/21 12:33:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andre Stone\Application Data\ESET
[2009/06/09 22:20:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andre Stone\Application Data\GlarySoft
[2013/02/12 05:03:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andre Stone\Application Data\HandBrake
[2012/11/05 11:41:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andre Stone\Application Data\IBMERS
[2010/09/20 13:43:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andre Stone\Application Data\Interwise
[2009/01/14 18:55:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andre Stone\Application Data\Learn2.com
[2012/07/18 18:30:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andre Stone\Application Data\Oracle
[2009/04/07 14:51:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andre Stone\Application Data\Prism Software Corporation
[2012/10/25 01:11:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andre Stone\Application Data\Research In Motion
[2010/08/17 10:47:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andre Stone\Application Data\Sierra Wireless
[2013/08/28 11:34:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andre Stone\Application Data\Spotify

========== Purity Check ==========

< End of report >

#2
RKinner

Posted 02 September 2013 - 10:46 AM

Malware Expert

Expert
24,625 posts

You may need to go into Safe Mode with Networking in order to avoid the timer.

(Reboot and when you see the maker's logo, hear a beep or it talks about F8, start tapping the F8 key slowly. Keep tapping until the Safe Mode Menu appears and choose Safe Mode with Networking. Login with your usual login.)

Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml

Go into Task Scheduler and temporarily stop all tasks:

Click Start, click All Programs, point to Accessories, point to System Tools, and then click Scheduled Tasks. The Scheduled Tasks window opens so that you can modify the settings.

For each task: To prevent a task from running until you decide to let it run again, right-click the task in the Scheduled Tasks window, and then click Properties. On the General tab, clear the Enabled check box. Select the check box again to enable the task when you are ready to let the task scheduler run it again.

Reboot. Do you still get the 30 second timer box?

If so, boot back into Safe Mode with Networking and run the following scans. Multiple posts are OK. If something won't work just skip to the next step.

Download : ADWCleaner to your desktop.

NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs, pause your anti-virus and right click on the AdwCleaner icon and Run As Admin.

Posted Image

Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.

Junkware-Removal-Tool

Please download Junkware Removal Tool to your desktop.

Pause your anti-virus. Close all browsers.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
rsvpsp.dll
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
user32.dll
/md5stop
dir C:\ /S /A:L /C
C:\Windows\assembly\tmp\U\*.* /s
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%ProgramFiles%\WINDOWS NT\*.* /s
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Download aswMBR.exe to your desktop.
Double click aswMBR.exe
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html

Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Double click on ComboFix to start the program.

* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock so you may wish to disable your screen saver. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

You should get a log when Combofix finishes. If not run it again. I'll need to see that in your reply. If you get an error about a registry key then just reboot and that will fix it.

Ron

#3
unique101sd

Posted 02 September 2013 - 11:06 PM

Member

Topic Starter
Member
65 posts

Hi RKinner,

Thanks for your quick response.

I just ran ADWCleaner. Here is the report you requested. I will have multiple posts here as I follow the steps you have recommended.

# AdwCleaner v3.002 - Report created 02/09/2013 at 21:54:55
# Updated 01/09/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Administrator - ANDRESTONE
# Running from : C:\Documents and Settings\Andre Stone\desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v7.0.6000.21348

-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Documents and Settings\Andre Stone\Application Data\Mozilla\Firefox\Profiles\bxpp8ck0.default-1352229856765\prefs.js ]

[ File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5bynli54.default\prefs.js ]

*************************

AdwCleaner[R0].txt - [1225 octets] - [02/09/2013 21:14:48]
AdwCleaner[R1].txt - [887 octets] - [02/09/2013 21:54:55]
AdwCleaner[S0].txt - [1294 octets] - [02/09/2013 21:18:02]

########## EOF - \AdwCleaner\AdwCleaner[R1].txt - [1006 octets] ##########

#4
unique101sd

Posted 02 September 2013 - 11:27 PM

Member

Topic Starter
Member
65 posts

Here is the report from JRT.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.7 (09.01.2013:1)
OS: Microsoft Windows XP x86
Ran by Andre Stone on Mon 09/02/2013 at 22:19:48.24
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 09/02/2013 at 22:22:49.34
End of JRT log

#5
unique101sd

Posted 03 September 2013 - 06:24 AM

Member

Topic Starter
Member
65 posts

Here are the OTL reports you requested.

OTL logfile created on: 9/3/2013 5:07:54 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Andre Stone\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 1.23 Gb Available Physical Memory | 62.68% Memory free
3.78 Gb Paging File | 3.25 Gb Available in Paging File | 85.97% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 31.69 Gb Total Space | 4.37 Gb Free Space | 13.78% Space Free | Partition Type: NTFS

Computer Name: ANDRESTONE | User Name: Andre Stone | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/02 01:03:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andre Stone\desktop\OTL.exe
PRC - [2013/08/18 19:51:34 | 000,276,376 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/04/02 03:01:48 | 000,193,672 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.2.233.0\BBSvc.EXE
PRC - [2013/03/21 15:19:46 | 001,341,664 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2013/03/21 15:19:40 | 005,078,504 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2012/07/05 22:07:00 | 000,161,704 | ---- | M] (Oracle Corporation) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
PRC - [2010/03/10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009/11/15 01:40:46 | 000,427,296 | ---- | M] (Apple Inc.) -- C:\Program Files\Boot Camp\KbdMgr.exe
PRC - [2009/11/15 01:40:46 | 000,099,640 | ---- | M] (Apple Inc.) -- C:\WINDOWS\system32\AppleTimeSrv.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2013/08/18 19:51:33 | 003,551,640 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll

========== Services (SafeList) ==========

SRV - [2013/08/21 10:57:50 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/08/18 19:51:34 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/04/02 03:01:48 | 000,240,264 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\7.2.233.0\SeaPort.EXE -- (BBUpdate)
SRV - [2013/04/02 03:01:48 | 000,193,672 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\7.2.233.0\BBSvc.EXE -- (BBSvc)
SRV - [2013/03/21 15:19:46 | 001,341,664 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2013/02/05 08:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2012/07/05 22:07:00 | 000,161,704 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2010/03/10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/11/15 01:40:46 | 000,136,504 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\AppleOSSMgr.exe -- (AppleOSSMgr)
SRV - [2009/11/15 01:40:46 | 000,099,640 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\WINDOWS\system32\AppleTimeSrv.exe -- (AppleTimeSrv)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCTINDIS5.SYS -- (PCTINDIS5)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pctnullport.sys -- (Nmea)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/02/20 11:07:38 | 000,062,512 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2013/01/10 15:08:16 | 000,150,080 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2013/01/10 15:08:16 | 000,040,376 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2013/01/10 15:08:14 | 000,161,368 | ---- | M] (ESET) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2013/01/10 15:08:14 | 000,122,240 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010/11/16 17:24:48 | 000,013,880 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\regi.sys -- (regi)
DRV - [2009/11/15 01:40:46 | 000,005,760 | ---- | M] (Apple Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\KeyAgent.sys -- (KeyAgent)
DRV - [2009/10/16 09:36:50 | 000,023,552 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KeyMagic.sys -- (KeyMagic)
DRV - [2008/10/15 11:58:34 | 000,171,144 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWNC5E00.sys -- (SWNC5E00)
DRV - [2008/10/15 11:58:34 | 000,149,512 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swmx00.sys -- (swmx00)
DRV - [2008/10/15 11:58:34 | 000,024,840 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2008/10/15 11:58:32 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2008/10/15 11:58:26 | 000,222,720 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2008/04/15 16:36:37 | 004,625,408 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008/04/15 15:29:47 | 000,009,088 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\applebt.sys -- (applebt)
DRV - [2008/02/08 11:00:34 | 000,255,232 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2008/02/08 10:58:26 | 001,123,328 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/02/08 10:57:29 | 000,017,664 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iSightUP.sys -- (iSightUpdate)
DRV - [2008/02/08 10:57:29 | 000,007,680 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iSightFT.sys -- (DevUpper)
DRV - [2008/02/08 10:57:16 | 000,035,072 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aapltp.sys -- (aapltp)
DRV - [2008/02/08 10:57:16 | 000,004,224 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aapltctp.sys -- (aapltctp)
DRV - [2008/02/08 10:56:41 | 000,016,512 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IRFilter.sys -- (IRRemoteFlt)
DRV - [2008/02/08 10:55:48 | 000,006,528 | ---- | M] (Apple Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\MacHALDriver.sys -- (MacHALDriver)
DRV - [2008/02/08 10:54:57 | 000,007,424 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BthKicker.sys -- (BthKicker)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.c...ferrer:source?}
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/08/18 19:51:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/08/18 19:51:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013/09/01 01:49:30 | 000,000,000 | ---D | M]

[2009/07/14 19:07:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Andre Stone\Application Data\Mozilla\Extensions
[2013/08/18 19:51:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/08/18 19:51:35 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2009/07/06 05:46:09 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll File not found
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.2.233.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.2.233.0\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\KbdMgr.exe (Apple Inc.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx File not found
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0B72CCA4-5F11-11D0-9CB5-0000C0EC9FDB} http://www2.stlu.com...eetnoagent7.cab (Street Technologies ActiveX Control Object)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.t...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symant...ex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EC0F273D-8DE3-48E8-9C63-7F5D437A7ED8}: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Andre Stone\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Andre Stone\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/17 18:42:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{19f49eb4-aa27-11df-97dd-001ff3b0c9c5}\Shell - "" = AutoRun
O33 - MountPoints2\{19f49eb4-aa27-11df-97dd-001ff3b0c9c5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{19f49eb4-aa27-11df-97dd-001ff3b0c9c5}\Shell\AutoRun\command - "" = E:\WIN\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "Symantec Core LC"
MsConfig - Services: "SQLWriter"
MsConfig - Services: "SQLBrowser"
MsConfig - Services: "SeaPort"
MsConfig - Services: "SCardSvr"
MsConfig - Services: "RemoteRegistry"
MsConfig - Services: "RDSessMgr"
MsConfig - Services: "RasMan"
MsConfig - Services: "RasAuto"
MsConfig - Services: "ProtectedStorage"
MsConfig - Services: "ose"
MsConfig - Services: "odserv"
MsConfig - Services: "NtLmSsp"
MsConfig - Services: "Nla"
MsConfig - Services: "MSSQL$PRISM_SQL"
MsConfig - Services: "mnmsrvc"
MsConfig - Services: "MDM"
MsConfig - Services: "LiveUpdate Notice"
MsConfig - Services: "LiveUpdate"
MsConfig - Services: "lanmanserver"
MsConfig - Services: "HidServ"
MsConfig - Services: "dmadmin"
MsConfig - Services: "comHost"
MsConfig - Services: "Browser"
MsConfig - Services: "Automatic LiveUpdate Scheduler"
MsConfig - Services: "AppleOSSMgr"
MsConfig - Services: "Apple Mobile Device"
MsConfig - Services: "Adobe LM Service"
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe - ()
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe - (McAfee, Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Push Client.LNK - - File not found
MsConfig - StartUpReg: 10680154 - hkey= - key= - File not found
MsConfig - StartUpReg: 90690146 - hkey= - key= - File not found
MsConfig - StartUpReg: Acrobat Assistant 7.0 - hkey= - key= - C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - File not found
MsConfig - StartUpReg: Alcmtr - hkey= - key= - C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: AppleSyncNotifier - hkey= - key= - File not found
MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig - StartUpReg: BluetoothAuthenticationAgent - hkey= - key= - File not found
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
MsConfig - StartUpReg: eCopyPWPrntHlpr - hkey= - key= - C:\Program Files\PaperWorks\Bin\eCopyPWPrntHlpr.exe (eCopy, Inc.)
MsConfig - StartUpReg: HotKeysCmds - hkey= - key= - File not found
MsConfig - StartUpReg: IgfxTray - hkey= - key= - File not found
MsConfig - StartUpReg: IRW - hkey= - key= - File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: MsnMsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: Persistence - hkey= - key= - File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: RIMBBLaunchAgent.exe - hkey= - key= - C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
MsConfig - StartUpReg: RTHDCPL - hkey= - key= - C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: Spotify - hkey= - key= - C:\Documents and Settings\Andre Stone\Application Data\Spotify\Spotify.exe (Spotify Ltd)
MsConfig - StartUpReg: Spotify Web Helper - hkey= - key= - C:\Documents and Settings\Andre Stone\Application Data\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: updateMgr - hkey= - key= - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe (Adobe Systems Incorporated)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: WdfLoadGroup - Driver Group
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: WdfLoadGroup - Driver Group
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {01754031-89DF-CF4E-8763-73682D4314FE} - Browser Customizations
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/02 22:07:09 | 001,028,757 | ---- | C] (Thisisu) -- C:\Documents and Settings\Andre Stone\Desktop\JRT.exe
[2013/09/02 21:28:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/09/02 21:14:39 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/09/02 20:44:59 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2013/09/02 01:03:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Andre Stone\Desktop\OTL.exe
[2013/09/01 01:48:52 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/09/01 01:48:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ESET
[2013/09/01 01:48:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2013/08/21 17:55:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andre Stone\My Documents\Coronado Cays Yacht Club
[2013/08/20 13:46:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andre Stone\My Documents\Coronado Baptist Church
[2013/08/20 10:55:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andre Stone\My Documents\Upwind Solutions
[2013/08/18 19:51:18 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/08/15 17:30:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andre Stone\Application Data\com.kmbs.Paperwork
[2013/08/15 17:23:26 | 000,000,000 | ---D | C] -- C:\Program Files\Paperwork

========== Files - Modified Within 30 Days ==========

[2013/09/03 11:59:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/09/02 22:07:10 | 001,028,757 | ---- | M] (Thisisu) -- C:\Documents and Settings\Andre Stone\Desktop\JRT.exe
[2013/09/02 21:53:27 | 001,037,134 | ---- | M] () -- C:\Documents and Settings\Andre Stone\Desktop\AdwCleaner.exe
[2013/09/02 21:52:03 | 000,000,324 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2013/09/02 21:51:40 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/09/02 21:51:33 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/09/02 21:02:32 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/09/02 01:03:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andre Stone\Desktop\OTL.exe
[2013/08/29 10:16:30 | 000,061,917 | ---- | M] () -- C:\Documents and Settings\Andre Stone\Desktop\ailey.jpg
[2013/08/29 09:37:19 | 002,336,311 | ---- | M] () -- C:\Documents and Settings\Andre Stone\My Documents\Media_Guide_Consumer.pdf
[2013/08/28 11:11:49 | 000,374,294 | ---- | M] () -- C:\Documents and Settings\Andre Stone\Desktop\La Hacienda KM Lease.pdf
[2013/08/28 11:10:59 | 000,320,931 | ---- | M] () -- C:\Documents and Settings\Andre Stone\Desktop\La Hacienda Service Contract.pdf
[2013/08/27 22:57:43 | 000,128,211 | ---- | M] () -- C:\Documents and Settings\Andre Stone\Desktop\MLK_Article_Img_686x386.jpg
[2013/08/25 21:36:30 | 000,013,159 | ---- | M] () -- C:\Documents and Settings\Andre Stone\Desktop\998920_10151807762369288_1760383574_n.jpg
[2013/08/25 21:36:15 | 000,044,441 | ---- | M] () -- C:\Documents and Settings\Andre Stone\Desktop\970981_10151751667319288_488861101_n.jpg
[2013/08/25 06:52:08 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/08/22 19:17:03 | 005,582,134 | ---- | M] () -- C:\Documents and Settings\Andre Stone\My Documents\C454e Specification & Installation Guide - bizhub_C554e_C454e_Spec_and_Install_Guide.pdf
[2013/08/22 19:10:41 | 002,297,763 | ---- | M] () -- C:\Documents and Settings\Andre Stone\Desktop\C654e Specification & Installation Guide - bizhub_C754e_C654e_Spec_and_Install_Guide.pdf
[2013/08/21 10:57:49 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/08/21 10:57:49 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/08/20 10:45:59 | 000,079,318 | ---- | M] () -- C:\Documents and Settings\Andre Stone\Desktop\bizhubc454e_large.jpg
[2013/08/16 15:04:22 | 000,024,459 | ---- | M] () -- C:\Documents and Settings\Andre Stone\Desktop\Component Control Move Form.pdf
[2013/08/15 17:23:27 | 000,000,648 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Paperwork.lnk
[2013/08/14 22:03:51 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/08/14 12:14:24 | 000,523,724 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/08/14 12:14:24 | 000,095,466 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/08/09 10:18:37 | 000,115,245 | ---- | M] () -- C:\Documents and Settings\Andre Stone\Desktop\OPS Strategy Form.pdf
[2013/08/09 09:29:54 | 000,128,579 | ---- | M] () -- C:\Documents and Settings\Andre Stone\Desktop\Strategy & Assessment Form v9-1.pdf
[2013/08/07 09:30:28 | 000,075,439 | ---- | M] () -- C:\Documents and Settings\Andre Stone\Desktop\Andre_92103 & 92118_Legal1.pdf
[2013/08/05 11:04:25 | 000,304,232 | ---- | M] () -- C:\Documents and Settings\Andre Stone\Desktop\MFPCloseout_SalesRep_030813.pdf

========== Files Created - No Company Name ==========

[2013/09/02 21:53:27 | 001,037,134 | ---- | C] () -- C:\Documents and Settings\Andre Stone\Desktop\AdwCleaner.exe
[2013/08/29 10:16:30 | 000,061,917 | ---- | C] () -- C:\Documents and Settings\Andre Stone\Desktop\ailey.jpg
[2013/08/28 11:26:50 | 002,336,311 | ---- | C] () -- C:\Documents and Settings\Andre Stone\My Documents\Media_Guide_Consumer.pdf
[2013/08/28 11:11:49 | 000,374,294 | ---- | C] () -- C:\Documents and Settings\Andre Stone\Desktop\La Hacienda KM Lease.pdf
[2013/08/28 11:10:59 | 000,320,931 | ---- | C] () -- C:\Documents and Settings\Andre Stone\Desktop\La Hacienda Service Contract.pdf
[2013/08/27 22:57:41 | 000,128,211 | ---- | C] () -- C:\Documents and Settings\Andre Stone\Desktop\MLK_Article_Img_686x386.jpg
[2013/08/25 21:36:29 | 000,013,159 | ---- | C] () -- C:\Documents and Settings\Andre Stone\Desktop\998920_10151807762369288_1760383574_n.jpg
[2013/08/25 21:36:13 | 000,044,441 | ---- | C] () -- C:\Documents and Settings\Andre Stone\Desktop\970981_10151751667319288_488861101_n.jpg
[2013/08/22 19:17:03 | 005,582,134 | ---- | C] () -- C:\Documents and Settings\Andre Stone\My Documents\C454e Specification & Installation Guide - bizhub_C554e_C454e_Spec_and_Install_Guide.pdf
[2013/08/22 19:10:41 | 002,297,763 | ---- | C] () -- C:\Documents and Settings\Andre Stone\Desktop\C654e Specification & Installation Guide - bizhub_C754e_C654e_Spec_and_Install_Guide.pdf
[2013/08/20 10:45:58 | 000,079,318 | ---- | C] () -- C:\Documents and Settings\Andre Stone\Desktop\bizhubc454e_large.jpg
[2013/08/16 15:04:22 | 000,024,459 | ---- | C] () -- C:\Documents and Settings\Andre Stone\Desktop\Component Control Move Form.pdf
[2013/08/09 10:18:37 | 000,115,245 | ---- | C] () -- C:\Documents and Settings\Andre Stone\Desktop\OPS Strategy Form.pdf
[2013/08/09 09:29:54 | 000,128,579 | ---- | C] () -- C:\Documents and Settings\Andre Stone\Desktop\Strategy & Assessment Form v9-1.pdf
[2013/08/07 09:30:28 | 000,075,439 | ---- | C] () -- C:\Documents and Settings\Andre Stone\Desktop\Andre_92103 & 92118_Legal1.pdf
[2013/08/05 11:04:25 | 000,304,232 | ---- | C] () -- C:\Documents and Settings\Andre Stone\Desktop\MFPCloseout_SalesRep_030813.pdf
[2012/10/25 01:44:05 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/15 14:35:33 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2008/07/30 00:40:05 | 000,046,592 | ---- | C] () -- C:\Documents and Settings\Andre Stone\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2009/04/07 14:39:36 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 17:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 17:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media
Interface type: IDE
Media Type: Fixed\thard disk media
Model: FUJITSU MHY2250BH
Partitions: 3
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 -
Interface type: USB
Media Type:
Model: RIM BlackBerry SD USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE2 -
Interface type: USB
Media Type:
Model: RIM BlackBerry USB Device
Partitions: 0
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 200.00MB
Starting Offset: 512
Hidden sectors: 0

DeviceID: Disk #0, Partition #1
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 201.00GB
Starting Offset: 209735680
Hidden sectors: 0

DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 32.00GB
Starting Offset: 216031842304
Hidden sectors: 0

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\assembly\GAC_32\*.ini >

< %systemroot%\assembly\GAC_64\*.ini >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2011/02/28 20:20:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andre Stone\Application Data\Adobe
[2009/07/06 17:02:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andre Stone\Application Data\AdobeUM
[2013/02/11 17:51:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andre Stone\Application Data\Apple Computer
[2013/08/15 17:30:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andre Stone\Application Data\com.kmbs.Paperwork
[2009/12/17 10:53:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andre Stone\Application Data\com.kmbs.Paperwork.A297539FD1E76821C9C59643DA1370B7E26631B8.1
[2013/02/12 05:27:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andre Stone\Application Data\Corel
[2013/02/10 09:37:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andre Stone\Application Data\dvdcss
[2011/07/21 12:33:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andre Stone\Application Data\ESET
[2009/06/09 22:20:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andre Stone\Application Data\GlarySoft
[2013/02/12 05:03:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andre Stone\Application Data\HandBrake
[2009/04/08 09:17:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andre Stone\Application Data\Help
[2012/11/05 11:41:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andre Stone\Application Data\IBMERS
[2008/06/17 18:47:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andre Stone\Application Data\Identities
[2010/09/20 13:43:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andre Stone\Application Data\Interwise
[2009/01/14 18:55:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andre Stone\Application Data\Learn2.com
[2008/06/19 16:06:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andre Stone\Application Data\Macromedia
[2009/07/04 01:52:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andre Stone\Application Data\Malwarebytes
[2012/10/25 01:19:44 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Andre Stone\Application Data\Microsoft
[2008/11/10 18:59:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andre Stone\Application Data\Move Networks
[2011/08/12 14:32:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andre Stone\Application Data\Mozilla
[2012/07/18 18:30:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andre Stone\Application Data\Oracle
[2009/04/07 14:51:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andre Stone\Application Data\Prism Software Corporation
[2012/10/25 01:11:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andre Stone\Application Data\Research In Motion
[2010/08/17 10:47:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andre Stone\Application Data\Sierra Wireless
[2013/08/28 11:34:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andre Stone\Application Data\Spotify
[2009/07/05 20:40:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andre Stone\Application Data\Sun
[2008/06/20 13:01:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andre Stone\Application Data\Symantec
[2013/04/29 01:24:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andre Stone\Application Data\vlc

< MD5 for: ATAPI.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/04/17 11:02:46 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/04/17 11:02:46 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\i386\atapi.sys

< MD5 for: CSRSS.EXE >
[2008/04/13 17:12:15 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINDOWS\ServicePackFiles\i386\csrss.exe
[2008/04/13 17:12:15 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINDOWS\system32\csrss.exe
[2004/08/04 05:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=F12B178B1678D778CFD3FF1FC38C71FB -- C:\WINDOWS\$NtServicePackUninstall$\csrss.exe

< MD5 for: EXPLORER.EXE >
[2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\cache\explorer.exe
[2007/06/13 04:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 03:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 05:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: MSWSOCK.DLL >
[2008/06/20 10:41:10 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=097722F235A1FB698BF9234E01B52637 -- C:\WINDOWS\$NtServicePackUninstall$\mswsock.dll
[2008/06/20 10:36:11 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=1DFCA7713EA5A70D5D93B436AEA0317A -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[2004/08/04 05:00:00 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=4E74AF063C3271FBEA20DD940CFD1184 -- C:\WINDOWS\$NtUninstallKB951748_0$\mswsock.dll
[2008/06/20 10:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[2008/06/20 10:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\$NtUninstallKB2509553$\mswsock.dll
[2008/06/20 09:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS\system32\dllcache\mswsock.dll
[2008/06/20 09:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS\system32\mswsock.dll
[2008/04/13 17:12:01 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\$NtUninstallKB951748$\mswsock.dll
[2008/04/13 17:12:01 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\ServicePackFiles\i386\mswsock.dll
[2008/06/20 10:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\mswsock.dll
[2008/06/20 10:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll

< MD5 for: NWPROVAU.DLL >
[2008/04/13 17:12:02 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=06E587F41466569F32BEAAC7260E8AEC -- C:\WINDOWS\ServicePackFiles\i386\nwprovau.dll
[2008/04/13 17:12:02 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=06E587F41466569F32BEAAC7260E8AEC -- C:\WINDOWS\system32\nwprovau.dll
[2006/10/13 05:41:38 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=808CB47D7F6BE51B0354CD628CF45978 -- C:\WINDOWS\$hf_mig$\KB923980\SP2QFE\nwprovau.dll
[2006/10/13 05:35:12 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=AEEB687B865E1BAB04BB9C3604F92CEF -- C:\WINDOWS\$NtServicePackUninstall$\nwprovau.dll
[2004/08/04 05:00:00 | 000,144,384 | ---- | M] (Microsoft Corporation) MD5=F01D97A8E0380BA52F58249A7B3BD7F1 -- C:\WINDOWS\$NtUninstallKB923980$\nwprovau.dll

< MD5 for: PNRPNSP.DLL >
[2004/08/04 05:00:00 | 000,048,640 | ---- | M] (Microsoft Corporation) MD5=74D3620D2E63489975E3956A40DDD35F -- C:\WINDOWS\$NtServicePackUninstall$\pnrpnsp.dll
[2008/04/13 17:12:02 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=AF1449AC1D79D37C7026C1D8912DDA8E -- C:\WINDOWS\ServicePackFiles\i386\pnrpnsp.dll
[2008/04/13 17:12:02 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=AF1449AC1D79D37C7026C1D8912DDA8E -- C:\WINDOWS\system32\dllcache\pnrpnsp.dll
[2008/04/13 17:12:02 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=AF1449AC1D79D37C7026C1D8912DDA8E -- C:\WINDOWS\system32\pnrpnsp.dll

< MD5 for: RSVPSP.DLL >
[2008/04/13 17:12:04 | 000,092,672 | ---- | M] (Microsoft Corporation) MD5=72451FD61DDBB0A1FB071B7C3CDE5594 -- C:\WINDOWS\ServicePackFiles\i386\rsvpsp.dll
[2008/04/13 17:12:04 | 000,092,672 | ---- | M] (Microsoft Corporation) MD5=72451FD61DDBB0A1FB071B7C3CDE5594 -- C:\WINDOWS\system32\rsvpsp.dll
[2004/08/04 05:00:00 | 000,090,112 | ---- | M] (Microsoft Corporation) MD5=90491683ABD587C702B16F181AB0D99D -- C:\WINDOWS\$NtServicePackUninstall$\rsvpsp.dll

< MD5 for: SERVICES.EXE >
[2009/02/06 04:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/13 17:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008/04/13 17:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 10:14:03 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=37561F8D4160D62DA86D24AE41FAE8DE -- C:\WINDOWS\$NtServicePackUninstall$\services.exe
[2009/02/06 03:22:21 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=4712531AB7A01B7EE059853CA17D39BD -- C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\services.exe
[2009/02/06 04:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\services.exe
[2009/02/06 04:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\cache\services.exe
[2009/02/06 04:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 04:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2004/08/04 05:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtUninstallKB956572_0$\services.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\cache\svchost.exe
[2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USER32.DLL >
[2005/03/02 11:19:56 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=1800F293BCCC8EDE8A70E12B88D80036 -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2007/03/08 08:48:36 | 000,578,048 | ---- | M] (Microsoft Corporation) MD5=7AA4F6C00405DFC4B70ED4214E7D687B -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
[2008/04/13 17:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008/04/13 17:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\dllcache\cache\user32.dll
[2008/04/13 17:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
[2007/03/08 08:36:28 | 000,577,536 | ---- | M] (Microsoft Corporation) MD5=B409909F6E2E8A7067076ED748ABF1E7 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2004/08/04 05:00:00 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=C72661F8552ACE7C5C85E16A3CF505C4 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll
[2005/03/02 11:09:30 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=DE2DB164BBB35DB061AF0997E4499054 -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll

< MD5 for: USERINIT.EXE >
[2004/08/04 05:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 17:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 17:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\cache\userinit.exe
[2008/04/13 17:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 05:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 17:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 17:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\cache\winlogon.exe
[2008/04/13 17:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WINRNR.DLL >
[2004/08/04 05:00:00 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=2C8FDB176F22629EA5342DB474FAC391 -- C:\WINDOWS\$NtServicePackUninstall$\winrnr.dll
[2008/04/13 17:12:09 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=D72B9EC3337B247A666F098F3D6B43DE -- C:\WINDOWS\ServicePackFiles\i386\winrnr.dll
[2008/04/13 17:12:09 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=D72B9EC3337B247A666F098F3D6B43DE -- C:\WINDOWS\system32\winrnr.dll

< dir C:\ /S /A:L /C >
Volume in drive C is BOOTCAMP
Volume Serial Number is B478-C02E
Directory of C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices
08/14/2013 12:08 PM <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote
08/14/2013 12:08 PM <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices
08/14/2013 12:14 PM <JUNCTION> v4.0_4.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
3 Dir(s) 4,688,945,152 bytes free

< C:\Windows\assembly\tmp\U\*.* /s >

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013/08/18 19:51:31 | 000,869,656 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013/08/18 19:51:31 | 000,869,656 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013/08/18 19:51:31 | 000,869,656 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" [2013/08/18 19:51:34 | 000,276,376 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2013/08/18 19:51:34 | 000,276,376 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2013/08/18 19:51:34 | 000,276,376 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2013/07/25 10:12:46 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2013/07/25 10:12:46 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2013/07/25 10:12:46 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" [2013/07/25 10:08:40 | 000,643,224 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013/08/18 19:51:31 | 000,869,656 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013/08/18 19:51:31 | 000,869,656 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013/08/18 19:51:31 | 000,869,656 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" [2013/08/18 19:51:34 | 000,276,376 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2013/08/18 19:51:34 | 000,276,376 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2013/08/18 19:51:34 | 000,276,376 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2013/07/25 10:12:46 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2013/07/25 10:12:46 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2013/07/25 10:12:46 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" [2013/07/25 10:08:40 | 000,643,224 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %ProgramFiles%\WINDOWS NT\*.* /s >
[2008/04/13 17:12:17 | 000,539,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\dialer.exe
[2004/08/04 05:00:00 | 000,013,312 | ---- | M] (Hilgraeve, Inc.) -- C:\Program Files\WINDOWS NT\htrn_jis.dll
[2004/08/04 05:00:00 | 000,028,160 | ---- | M] (Hilgraeve, Inc.) -- C:\Program Files\WINDOWS NT\hypertrm.exe
[2009/11/20 04:14:51 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\mswrd6.wpc
[2010/12/21 05:51:53 | 000,279,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\mswrd8.wpc
[2010/07/12 05:55:03 | 000,218,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\wordpad.exe
[2009/11/20 04:14:50 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\write.wpc
[2004/08/04 05:00:00 | 000,003,947 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\FONT.DAT
[2004/08/04 05:00:00 | 000,928,700 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\PINBALL.DAT
[2008/04/13 17:12:31 | 000,281,088 | ---- | M] (Cinematronics) -- C:\Program Files\WINDOWS NT\Pinball\pinball.exe
[2004/08/04 05:00:00 | 000,108,607 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\PINBALL.MID
[2004/08/04 05:00:00 | 000,028,888 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\PINBALL2.MID
[2004/08/04 05:00:00 | 000,055,490 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND1.WAV
[2004/08/04 05:00:00 | 000,001,226 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND104.WAV
[2004/08/04 05:00:00 | 000,001,968 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND105.WAV
[2004/08/04 05:00:00 | 000,007,754 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND108.WAV
[2004/08/04 05:00:00 | 000,000,890 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND111.WAV
[2004/08/04 05:00:00 | 000,000,824 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND112.WAV
[2004/08/04 05:00:00 | 000,004,296 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND12.WAV
[2004/08/04 05:00:00 | 000,008,034 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND13.WAV
[2004/08/04 05:00:00 | 000,001,290 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND131.WAV
[2004/08/04 05:00:00 | 000,019,282 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND136.WAV
[2004/08/04 05:00:00 | 000,003,002 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND14.WAV
[2004/08/04 05:00:00 | 000,001,046 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND16.WAV
[2004/08/04 05:00:00 | 000,002,090 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND17.WAV
[2004/08/04 05:00:00 | 000,003,986 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND18.WAV
[2004/08/04 05:00:00 | 000,027,472 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND181.WAV
[2004/08/04 05:00:00 | 000,005,230 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND19.WAV
[2004/08/04 05:00:00 | 000,008,650 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND20.WAV
[2004/08/04 05:00:00 | 000,009,194 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND21.WAV
[2004/08/04 05:00:00 | 000,007,376 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND22.WAV
[2004/08/04 05:00:00 | 000,012,106 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND24.WAV
[2004/08/04 05:00:00 | 000,014,600 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND240.WAV
[2004/08/04 05:00:00 | 000,020,712 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND243.WAV
[2004/08/04 05:00:00 | 000,025,704 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND25.WAV
[2004/08/04 05:00:00 | 000,007,306 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND26.WAV
[2004/08/04 05:00:00 | 000,020,242 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND27.WAV
[2004/08/04 05:00:00 | 000,008,650 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND28.WAV
[2004/08/04 05:00:00 | 000,010,364 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND29.WAV
[2004/08/04 05:00:00 | 000,022,858 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND3.WAV
[2004/08/04 05:00:00 | 000,022,570 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND30.WAV
[2004/08/04 05:00:00 | 000,001,520 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND34.WAV
[2004/08/04 05:00:00 | 000,019,498 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND35.WAV
[2004/08/04 05:00:00 | 000,033,848 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND36.WAV
[2004/08/04 05:00:00 | 000,013,024 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND38.WAV
[2004/08/04 05:00:00 | 000,028,282 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND39.WAV
[2004/08/04 05:00:00 | 000,016,626 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND4.WAV
[2004/08/04 05:00:00 | 000,029,140 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND42.WAV
[2004/08/04 05:00:00 | 000,022,796 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND43.WAV
[2004/08/04 05:00:00 | 000,009,770 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND45.WAV
[2004/08/04 05:00:00 | 000,001,876 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND49.WAV
[2004/08/04 05:00:00 | 000,003,330 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND49D.WAV
[2004/08/04 05:00:00 | 000,003,180 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND5.WAV
[2004/08/04 05:00:00 | 000,012,074 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND50.WAV
[2004/08/04 05:00:00 | 000,008,932 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND528.WAV
[2004/08/04 05:00:00 | 000,009,022 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND53.WAV
[2004/08/04 05:00:00 | 000,018,250 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND54.WAV
[2004/08/04 05:00:00 | 000,021,890 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND55.WAV
[2004/08/04 05:00:00 | 000,029,004 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND560.WAV
[2004/08/04 05:00:00 | 000,024,192 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND563.WAV
[2004/08/04 05:00:00 | 000,030,502 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND57.WAV
[2004/08/04 05:00:00 | 000,003,408 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND58.WAV
[2004/08/04 05:00:00 | 000,004,376 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND6.WAV
[2004/08/04 05:00:00 | 000,017,676 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND65.WAV
[2004/08/04 05:00:00 | 000,032,402 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND68.WAV
[2004/08/04 05:00:00 | 000,026,442 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND7.WAV
[2004/08/04 05:00:00 | 000,014,592 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND713.WAV
[2004/08/04 05:00:00 | 000,027,268 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND735.WAV
[2004/08/04 05:00:00 | 000,002,102 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND8.WAV
[2004/08/04 05:00:00 | 000,047,230 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND827.WAV
[2004/08/04 05:00:00 | 000,020,098 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND9.WAV
[2004/08/04 05:00:00 | 000,006,742 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND999.WAV
[2004/08/04 05:00:00 | 000,339,178 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\table.bmp
[2004/08/04 05:00:00 | 000,002,687 | R--- | M] () -- C:\Program Files\WINDOWS NT\Pinball\wavemix.inf

< %systemroot%\system3 >

< End of report >

OTL Extras logfile created on: 9/3/2013 5:07:54 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Andre Stone\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 1.23 Gb Available Physical Memory | 62.68% Memory free
3.78 Gb Paging File | 3.25 Gb Available in Paging File | 85.97% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 31.69 Gb Total Space | 4.37 Gb Free Space | 13.78% Space Free | Partition Type: NTFS

Computer Name: ANDRESTONE | User Name: Andre Stone | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe C:\WINDOWS\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"4481:TCP" = 4481:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
"4481:UDP" = 4481:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery
"4482:TCP" = 4482:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
"4482:UDP" = 4482:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\PaperWorks\Bin\eCopyPaperWorks.exe" = C:\Program Files\PaperWorks\Bin\eCopyPaperWorks.exe:*:Enabled:eCopy PaperWorks -- (eCopy, Inc.)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Documents and Settings\Andre Stone\Application Data\Spotify\spotify.exe" = C:\Documents and Settings\Andre Stone\Application Data\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
"C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe" = C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe:*:Enabled:BlackBerry Desktop Software -- (Research In Motion)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{991D8429-CFD9-48D9-BD85-6EDD3007B5A9}" = Corel WinDVD Pro 11
"{0A5B39D2-7ED6-4779-BCC9-37F381139DB3}" = Adobe AIR
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 24
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java™ 7 Update 5
"{26A9D866-8410-4F9C-A6F2-FA11DADD7A4C}" = Siebel Outlook Email Integration On Demand
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (PRISM_SQL)
"{2E5C5BC1-9285-45DA-8885-29AFEA541C52}" = Setup
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32A3A4F4-B792-11D6-A78A-00B0D0160140}" = Java™ SE Development Kit 6 Update 14
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5849AFE4-802B-4C4D-A79F-F988C2BB7A7F}" = Corel WinDVD
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{82A34D1B-A36C-4B53-BFC8-2F3FDB32CFD9}" = IPM
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{926C96FB-9D0A-4504-8000-C6D3A4A3118E}" = Java DB 10.4.2.1
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97B70991-5002-4241-8B0C-D74B8ADEB2B5}" = BlackBerry Desktop Software 7.1
"{991D8429-CFD9-48D9-BD85-6EDD3007B5A9}" = ICA
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6A4A94C-534F-4C0B-B10D-5FCB3E54F5B2}" = eCopy PaperWorks
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E3DF16E6-6136-4FA2-2292-25ED365A0EA2}" = Paperwork
"{E461E45A-2B48-42FA-90E1-6F36D85DF101}" = Bing Bar
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E45628-1218-4865-A516-8E8A54272ADC}" = Boot Camp Services
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FBFA7DDB-4188-457E-BD16-81B26E2B447C}" = ESET Smart Security
"02FEC2FAAA7DED51CAF15F06DB8B63E735EE735C" = Windows Driver Package - Apple Inc. (applebt) Bluetooth (04/06/2008 2.1.0.1)
"144A90A8644F24BDCA0607CBAE7F90C2F5427DA4" = Windows Driver Package - Apple Inc. Apple Multitouch (12/18/2007 2.0.1.10)
"15749019150B76CBADCF00B88C88E85C16A26FF1" = Windows Driver Package - Apple Inc. (applebt) Bluetooth (11/13/2007 2.0.1.5)
"18BB9B0552BA675902E31409A34F929D9C9AD56C" = Windows Driver Package - Intel (e1express) Net (04/03/2006 9.3.39.0)
"2CA2C2712E3120F27F44A38A6FA5540D9A93CA01" = Windows Driver Package - Apple Inc. Apple IR Receiver (11/01/2007 2.0.1.1)
"3F930CC3EE841B82D6D463716B5F67BD240BBD46" = Windows Driver Package - Apple Inc. Apple Wireless Mouse (09/17/2009 3.0.0.5)
"5F8BE32FAE3D6BC77B512F7B0624D7B6C8A26EFB" = Windows Driver Package - Apple Inc. Apple Bluetooth Enabler (06/27/2007 2.0.0.1)
"6AB59209597E0F6B986EC8E976521FDF0A696C9D" = Windows Driver Package - Marvell (yukonwxp) Net (03/23/2007 10.12.7.3)
"6B401A4481C0B1B07B5D7425378A5C00FF7D75DE" = Windows Driver Package - Apple Inc. Apple Multitouch Mouse (09/10/2009 3.0.0.0)
"80087CDF19A4CE2FBB535E7DC99A0E50FFA25589" = Windows Driver Package - Intel (E1000) Net (01/06/2006 8.6.17.0)
"82BE89CA9B7493FA05D2D4D32B415CF07EA08B47" = Windows Driver Package - Intel System (07/20/2007 1.2.76.0)
"8BBE3DC2B1A38488ADAF1D96E1296F4F88B7F69C" = Windows Driver Package - CirrusLogic (HdAudAddService) MEDIA (09/15/2009 1.0.0.26)
"9324ED54E32F5399037F87E076CA01C6CEB92830" = Windows Driver Package - Apple Inc. Apple Built-in iSight (10/25/2007 2.0.1.0)
"992615C0D0002C27AA3BB336C66D1E7764047A51" = Windows Driver Package - Apple Inc. Apple Trackpad (10/09/2007 2.0.1.5)
"ActiveTouchMeetingClient" = WebEx
"AD3493E108434977125BBF78F47699626F8AF64B" = Windows Driver Package - Apple Inc. (AppleUSBEthernet) Net (01/11/2008 3.4.3.18)
"AD3F97DB12E1CE21FA0120AB7CE80FADD54FC0AB" = Windows Driver Package - Apple Inc. Apple Keyboard (03/10/2008 2.1.0.0)
"Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.1.0 Professional
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"B4AC4F962DDC0DD6B71FCF20B8F2F694214FAE69" = Windows Driver Package - Apple Inc. Apple ODD (01/17/2008 2.0.2.2)
"BlackBerry_Desktop" = BlackBerry Desktop Software 7.1
"C71CD722DD357F78301EAEA028431241C2D91890" = Windows Driver Package - Apple Inc. System (09/12/2007 2.0.1.1)
"CD6212024668E03491C257CA53617893F2E8E924" = Windows Driver Package - Apple Inc. Apple Multitouch (09/10/2009 3.0.0.0)
"CE031DF97C704035E8B6E570362ABD337ACA4BA5" = Windows Driver Package - Atheros (AR5211) Net (04/05/2007 5.3.0.35)
"com.kmbs.Paperwork.A297539FD1E76821C9C59643DA1370B7E26631B8.1" = Paperwork
"D1E46C4F35C591B14E31349A9EDA8227C5F0E966" = Windows Driver Package - Apple Inc. Apple Trackpad Enabler (10/09/2007 2.0.1.5)
"D3BCC671821E117ACD653C1AA146540791143F25" = Windows Driver Package - Apple Inc. Apple Display (12/19/2007 2.0.2.0)
"D66D0ACEFE4E32CCDF30362ACBB3EAEFB97E9FDE" = Windows Driver Package - Atheros (AR5416) Net (06/26/2007 6.0.3.94)
"D922ADD1498E7464ED76231D79D703FC1320C80C" = Windows Driver Package - Broadcom (BCM43XX) Net (09/20/2007 4.170.25.12)
"E77704EF5E71F4F18CADFBFA68595AFE036D5D97" = Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"F2AE684ADF164A03D9FFABF28F04DDE05ED67BC5" = Windows Driver Package - Apple Inc. Apple Keyboard (04/06/2009 3.0.0.0)
"F5A89004299B5282B8B5D7D9F7253FF13C58628F" = Windows Driver Package - Apple Inc. Apple Multitouch Mouse (12/18/2007 2.0.1.10)
"F8438DF02326129F7A78E93130D90DA5C4F3D359" = Windows Driver Package - Apple Inc. Apple Keyboard (12/18/2007 2.0.2.3)
"Glary Utilities_is1" = Glary Utilities 2.6.1
"HandBrake" = HandBrake 0.9.8
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"KONICA MINOLTA C652Series Installer" = KONICA MINOLTA C652Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 23.0.1 (x86 en-US)" = Mozilla Firefox 23.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Revo Uninstaller" = Revo Uninstaller 1.92
"StreetPlugin" = Learn.com Player (Uninstall Only)
"VLC media player" = VLC media player 1.1.11
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/1/2013 3:53:28 AM | Computer Name = ANDRESTONE | Source = MSSQLServerADHelper | ID = 100
Description = '0' is an invalid number of start up parameters. This service takes
two start up parameters.

Error - 9/1/2013 4:33:42 AM | Computer Name = ANDRESTONE | Source = MSSQLServerADHelper | ID = 100
Description = '0' is an invalid number of start up parameters. This service takes
two start up parameters.

Error - 9/1/2013 11:48:23 PM | Computer Name = ANDRESTONE | Source = MSSQLServerADHelper | ID = 100
Description = '0' is an invalid number of start up parameters. This service takes
two start up parameters.

Error - 9/2/2013 3:34:36 AM | Computer Name = ANDRESTONE | Source = Winlogon | ID = 1015
Description = A critical system process, C:\WINDOWS\system32\lsass.exe, failed with
status code c0000005. The machine must now be restarted.

Error - 9/2/2013 3:37:47 AM | Computer Name = ANDRESTONE | Source = MSSQLServerADHelper | ID = 100
Description = '0' is an invalid number of start up parameters. This service takes
two start up parameters.

Error - 9/2/2013 10:14:32 AM | Computer Name = ANDRESTONE | Source = MSSQLServerADHelper | ID = 100
Description = '0' is an invalid number of start up parameters. This service takes
two start up parameters.

Error - 9/2/2013 10:18:03 AM | Computer Name = ANDRESTONE | Source = MSSQLServerADHelper | ID = 100
Description = '0' is an invalid number of start up parameters. This service takes
two start up parameters.

Error - 9/3/2013 12:44:47 AM | Computer Name = ANDRESTONE | Source = MSSQLServerADHelper | ID = 100
Description = '0' is an invalid number of start up parameters. This service takes
two start up parameters.

Error - 9/3/2013 12:59:08 AM | Computer Name = ANDRESTONE | Source = MSSQLServerADHelper | ID = 100
Description = '0' is an invalid number of start up parameters. This service takes
two start up parameters.

Error - 9/3/2013 7:59:43 AM | Computer Name = ANDRESTONE | Source = MSSQLServerADHelper | ID = 100
Description = '0' is an invalid number of start up parameters. This service takes
two start up parameters.

[ OSession Events ]
Error - 2/24/2010 12:07:39 PM | Computer Name = ANDRESTONE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1274
seconds with 180 seconds of active time. This session ended with a crash.

Error - 3/10/2011 4:00:45 PM | Computer Name = ANDRESTONE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10507
seconds with 1980 seconds of active time. This session ended with a crash.

Error - 3/2/2012 7:50:12 PM | Computer Name = ANDRESTONE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 22801
seconds with 1320 seconds of active time. This session ended with a crash.

Error - 4/19/2012 2:18:35 AM | Computer Name = ANDRESTONE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2987
seconds with 0 seconds of active time. This session ended with a crash.

Error - 12/13/2012 5:05:30 PM | Computer Name = ANDRESTONE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 4650
seconds with 120 seconds of active time. This session ended with a crash.

Error - 8/13/2013 11:23:35 AM | Computer Name = ANDRESTONE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/13/2013 11:23:41 AM | Computer Name = ANDRESTONE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/13/2013 11:23:53 AM | Computer Name = ANDRESTONE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/13/2013 11:24:29 AM | Computer Name = ANDRESTONE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/13/2013 11:24:42 AM | Computer Name = ANDRESTONE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 9/2/2013 11:46:02 PM | Computer Name = ANDRESTONE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 9/2/2013 11:46:39 PM | Computer Name = ANDRESTONE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
eamon ehdrv Fips intelppm

Error - 9/3/2013 12:18:38 AM | Computer Name = ANDRESTONE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 9/3/2013 12:20:14 AM | Computer Name = ANDRESTONE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 9/3/2013 12:20:36 AM | Computer Name = ANDRESTONE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 9/3/2013 12:21:20 AM | Computer Name = ANDRESTONE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
eamon ehdrv Fips intelppm

Error - 9/3/2013 12:43:08 AM | Computer Name = ANDRESTONE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 9/3/2013 12:44:48 AM | Computer Name = ANDRESTONE | Source = Service Control Manager | ID = 7024
Description = The SQL Server Active Directory Helper service terminated with service-specific
error 3221225572 (0xC0000064).

Error - 9/3/2013 12:59:08 AM | Computer Name = ANDRESTONE | Source = Service Control Manager | ID = 7024
Description = The SQL Server Active Directory Helper service terminated with service-specific
error 3221225572 (0xC0000064).

Error - 9/3/2013 7:59:43 AM | Computer Name = ANDRESTONE | Source = Service Control Manager | ID = 7024
Description = The SQL Server Active Directory Helper service terminated with service-specific
error 3221225572 (0xC0000064).

< End of report >

#6
unique101sd

Posted 03 September 2013 - 07:05 AM

Member

Topic Starter
Member
65 posts

Hi RKinner,

Here is teh aswMBR scan text you requested.

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-09-03 05:26:36
-----------------------------
05:26:36.093 OS Version: Windows 5.1.2600 Service Pack 3
05:26:36.093 Number of processors: 2 586 0x1706
05:26:36.093 ComputerName: ANDRESTONE UserName:
05:26:36.781 Initialize success
05:32:39.718 AVAST engine defs: 13090201
05:32:54.875 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-10
05:32:54.875 Disk 0 Vendor: FUJITSU_MHY2250BH 0081000D Size: 238475MB BusType: 3
05:32:55.015 Disk 0 MBR read successfully
05:32:55.031 Disk 0 MBR scan
05:32:55.078 Disk 0 Windows XP default MBR code
05:32:55.078 Disk 0 Partition 1 00 EE GPT 200 MB offset 1
05:32:55.109 Disk 0 Partition 2 00 AF HFS / HFS+ 205696 MB offset 409640
05:32:55.140 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 32451 MB offset 421937192
05:32:55.156 Disk 0 scanning sectors +488397128
05:32:55.171 Disk 0 scanning C:\WINDOWS\system32\drivers
05:33:06.453 Service scanning
05:33:33.359 Modules scanning
05:33:43.109 AVAST engine scan C:\WINDOWS
05:34:02.093 AVAST engine scan C:\WINDOWS\system32
05:36:15.484 AVAST engine scan C:\WINDOWS\system32\drivers
05:36:28.921 AVAST engine scan C:\Documents and Settings\Andre Stone
05:50:44.343 AVAST engine scan C:\Documents and Settings\All Users
05:52:07.078 Scan finished successfully
06:03:42.109 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Andre Stone\Desktop\MBR.dat"
06:03:42.109 The log file has been saved successfully to "C:\Documents and Settings\Andre Stone\Desktop\aswMBR.txt"