Scan result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 23-05-2012
Ran by SYSTEM at 24-05-2012 03:49:38
Running from E:\
Microsoft Windows XP (X86) OS Language: English(US)
The current controlset is ControlSet003
========================== Registry (Whitelisted) =============
HKLM\...\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe [184320 2009-03-29] (Alps Electric Co., Ltd.)
HKLM\...\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui [471128 2009-06-10] (Atheros Communications, Inc.)
HKLM\...\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START [83336 2008-12-19] (TOSHIBA CORPORATION)
HKLM\...\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start [424496 2009-07-27] (Chicony)
HKLM\...\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe [81920 2009-05-08] (COMPAL ELECTRONIC INC.)
HKLM\...\Run: [] [x]
HKLM\...\Run: [ThpSrv] C:\WINDOWS\system32\thpsrv /logon [x]
HKLM\...\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe [141848 2009-02-17] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe [166424 2009-02-17] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe [137752 2009-02-17] (Intel Corporation)
HKLM\...\Run: [RTHDCPL] RTHDCPL.EXE [x]
HKLM\...\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe [869744 2009-07-01] (COMPAL ELECTRONIC INC.)
HKLM\...\Run: [TDispVol] TDispVol.exe [x]
HKLM\...\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP [28672 2004-05-01] (TOSHIBA CO.,LTD.)
HKLM\...\Run: [ZoomingHook] ZoomingHook.exe [x]
HKLM\...\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [159744 2007-04-09] (TOSHIBA Corporation)
HKLM\...\Run: [TAccessibility] C:\Program Files\TOSHIBA\Accessibility\TAccessibility.exe Instant [110592 2009-02-25] ()
HKLM\...\Run: [TPSMain] TPSMain.exe [x]
HKLM\...\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe [311296 2007-04-13] (TOSHIBA Corporation)
HKLM\...\Run: [TUSBSleepChargeSrv] %ProgramFiles%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe [252288 2009-07-02] (TOSHIBA)
HKLM\...\Run: [NortonOnlineBackupReminder] "C:\Program Files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED [529256 2009-07-16] (Toshiba)
HKLM\...\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run [136816 2007-01-25] ()
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [417792 2009-11-11] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [141608 2010-02-15] (Apple Inc.)
HKLM\...\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2216960 2011-11-17] (Crawler.com)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2011-06-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM\...\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1230704 2011-03-21] ()
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM\...\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe" [291760 2007-06-11] ()
HKLM\...\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe" [20480 2007-04-30] ()
HKLM\...\Run: [Reader Application Helper] C:\Program Files\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe [892928 2011-11-23] (Sony Corporation)
HKLM\...\Run: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul [660568 2012-04-04] (Webroot)
HKU\Default User\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-09-08] (Google Inc.)
HKU\Default User\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\Faircloth\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-09-08] (Google Inc.)
HKU\Faircloth\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\Faircloth\...\Policies\system: [DisableCMD] 0
HKU\Faircloth\...\Policies\system: [NoDispAppearancePage] 0
HKU\Faircloth\...\Policies\system: [NoDispBackgroundPage] 0
HKU\Faircloth\...\Policies\system: [NoDispSettingsPage] 0
HKU\kodak\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-09-08] (Google Inc.)
HKU\kodak\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\kodak\...\Policies\system: [DisableCMD] 0
HKU\kodak\...\Policies\system: [NoDispAppearancePage] 0
HKU\kodak\...\Policies\system: [NoDispBackgroundPage] 0
HKU\kodak\...\Policies\system: [NoDispSettingsPage] 0
HKU\LocalService\...\Policies\system: [DisableCMD] 0
HKU\LocalService\...\Policies\system: [NoDispAppearancePage] 0
HKU\LocalService\...\Policies\system: [NoDispBackgroundPage] 0
HKU\LocalService\...\Policies\system: [NoDispSettingsPage] 0
HKU\NetworkService\...\Policies\system: [DisableCMD] 0
HKU\NetworkService\...\Policies\system: [NoDispAppearancePage] 0
HKU\NetworkService\...\Policies\system: [NoDispBackgroundPage] 0
HKU\NetworkService\...\Policies\system: [NoDispSettingsPage] 0
Winlogon\Notify\crypt32chain: crypt32.dll (Microsoft Corporation)
Winlogon\Notify\cryptnet: cryptnet.dll (Microsoft Corporation)
Winlogon\Notify\cscdll: cscdll.dll (Microsoft Corporation)
Winlogon\Notify\dimsntfy: %SystemRoot%\System32\dimsntfy.dll (Microsoft Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Winlogon\Notify\ScCertProp: wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\Schedule: wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\sclgntfy: sclgntfy.dll (Microsoft Corporation)
Winlogon\Notify\SensLogn: WlNotify.dll (Microsoft Corporation)
Winlogon\Notify\termsrv: wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)
Winlogon\Notify\wlballoon: wlnotify.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 24.220.0.10 24.220.0.11
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk
ShortcutTarget: NETGEAR WG111v3 Smart Wizard.lnk -> C:\Program Files\NETGEAR\WG111v3\WG111v3.exe ()
================================ Services (Whitelisted) ==================
2 ACS; C:\WINDOWS\system32\acs.exe [499796 2009-06-10] (Atheros)
2 Apple Mobile Device; "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" [144672 2009-08-28] (Apple Inc.)
2 CFSvcs; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2005-01-17] (TOSHIBA CORPORATION)
2 Eventlog; C:\Windows\System32\services.exe [110592 2009-02-06] (Microsoft Corporation)
3 GameConsoleService; "C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe" [250616 2009-05-22] (WildTangent, Inc.)
2 gupdate1ca6fc050bdcb20; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [133104 2009-11-27] (Google Inc.)
2 KodakDigitalDisplayService; "C:\Program Files\Kodak\Digital Display\OrbKodakLauncher\DllStartupService.exe" [98304 2008-08-08] (Orb Networks, Inc.)
2 lxddCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe [99248 2007-05-25] (Lexmark International, Inc.)
2 lxdd_device; C:\WINDOWS\system32\lxddcoms.exe -service [537520 2007-05-25] ( )
2 pinger; C:\TOSHIBA\IVP\ISM\pinger.exe [136816 2007-01-25] ()
2 SNMP; C:\Windows\System32\snmp.exe [33280 2008-04-14] (Microsoft Corporation)
3 Sony SCSI Helper Service; "C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe" [73728 2011-09-23] (Sony Corporation)
2 sp_rssrv; "C:\Program Files\Spyware Terminator\sp_rsser.exe" [496128 2011-11-17] (Crawler.com)
2 Thpsrv; C:\WINDOWS\system32\ThpSrv.exe [523320 2008-08-22] (TOSHIBA Corporation)
2 TODDSrv; C:\WINDOWS\system32\TODDSrv.exe [129632 2007-11-21] (TOSHIBA Corporation)
2 TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [144752 2009-06-20] (TOSHIBA CORPORATION)
2 WRSVC; "C:\Program Files\Webroot\WRSA.exe" -service [660568 2012-04-04] (Webroot)
3 AppMgmt; C:\Windows\System32\appmgmts.dll [x]
3 clr_optimization_v2.0.50727_32; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [x]
3 FontCache3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [x]
4 HidServ; C:\Windows\System32\hidserv.dll [x]
3 idsvc; "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" [x]
2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" [x]
4 NetTcpPortSharing; "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" [x]
2 Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [x]
========================== Drivers (Whitelisted) =============
2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [21035 2010-02-15] (Meetinghouse Data Communications)
3 Ambfilt; C:\Windows\System32\drivers\Ambfilt.sys [1684736 2008-08-05] (Creative)
3 ApfiltrService; C:\Windows\System32\DRIVERS\Apfiltr.sys [166448 2008-02-07] (Alps Electric Co., Ltd.)
3 AR5416; C:\Windows\System32\DRIVERS\athw.sys [1574112 2009-06-22] (Atheros Communications, Inc.)
0 awprDvyd; C:\Windows\System32\drivers\awprDvyd.sys [109584 2012-04-14] (Webroot)
3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
3 cecnuvc; C:\Windows\System32\Drivers\cec_uvc.sys [48176 2009-04-10] (Chicony Electronics Co., Ltd.)
2 EAPPkt; C:\Windows\System32\DRIVERS\EAPPkt.sys [38144 2007-10-09] (Realtek)
3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-14] (Windows ® Server 2003 DDK provider)
3 ialm; C:\Windows\System32\DRIVERS\igxpmp32.sys [5854752 2008-02-15] (Intel Corporation)
3 IntcAzAudAddService; C:\Windows\System32\drivers\RtkHDAud.sys [5870080 2009-07-29] (Realtek Semiconductor Corp.)
3 Monfilt; C:\Windows\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)
3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation)
3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
2 Netdevio; C:\Windows\System32\DRIVERS\netdevio.sys [12032 2003-01-29] (TOSHIBA Corporation.)
3 PSched; C:\Windows\System32\DRIVERS\psched.sys [69120 2008-04-14] (Microsoft Corporation)
3 Ptilink; C:\Windows\System32\DRIVERS\ptilink.sys [17792 2008-04-14] (Parallel Technologies, Inc.)
3 RTL8187B; C:\Windows\System32\DRIVERS\wg111v3.sys [287232 2007-12-28] (Realtek Semiconductor Corporation )
3 RTLE8023xp; C:\Windows\System32\DRIVERS\Rtenicxp.sys [120064 2009-01-22] (Realtek Semiconductor Corporation )
3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation)
1 sp_rsdrv2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [142592 2010-03-11] ()
3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation)
3 tdcmdpst; C:\Windows\System32\DRIVERS\tdcmdpst.sys [16128 2007-02-22] (TOSHIBA Corporation.)
2 tdudf; C:\Windows\System32\DRIVERS\tdudf.sys [105856 2007-03-26] (TOSHIBA Corporation)
0 Thpdrv; C:\Windows\System32\DRIVERS\thpdrv.sys [28536 2008-08-21] (TOSHIBA Corporation)
0 Thpevm; C:\Windows\System32\DRIVERS\Thpevm.SYS [6528 2007-09-04] (TOSHIBA Corporation)
3 tosporte; C:\Windows\System32\DRIVERS\tosporte.sys [46984 2009-06-17] (TOSHIBA Corporation)
3 tosrfbd; C:\Windows\System32\DRIVERS\tosrfbd.sys [143720 2009-07-06] (TOSHIBA CORPORATION)
3 tosrfbnp; C:\Windows\System32\Drivers\tosrfbnp.sys [36992 2009-06-11] (TOSHIBA Corporation)
1 Tosrfcom; C:\Windows\System32\Drivers\tosrfcom.sys [69352 2009-06-23] (TOSHIBA Corporation)
3 tosrfec; C:\Windows\System32\DRIVERS\tosrfec.sys [15216 2009-07-14] (TOSHIBA Corporation)
3 Tosrfhid; C:\Windows\System32\DRIVERS\Tosrfhid.sys [74368 2009-05-20] (TOSHIBA Corporation.)
3 tosrfnds; C:\Windows\System32\DRIVERS\tosrfnds.sys [21608 2009-06-18] (TOSHIBA Corporation.)
3 TosRfSnd; C:\Windows\System32\drivers\tosrfsnd.sys [59888 2009-06-19] (TOSHIBA Corporation)
3 Tosrfusb; C:\Windows\System32\DRIVERS\tosrfusb.sys [48888 2009-06-19] (TOSHIBA CORPORATION)
1 TPwSav; \??\C:\WINDOWS\system32\drivers\TPwSav.sys [17192 2008-07-24] (TOSHIBA )
2 trudf; C:\Windows\System32\DRIVERS\trudf.sys [134016 2007-02-19] (TOSHIBA Corporation)
0 TVALZ; C:\Windows\System32\DRIVERS\TVALZ_O.SYS [23512 2009-03-12] (TOSHIBA Corporation)
3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [17960 2009-04-10] (Chicony Electronics Co., Ltd.)
0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [109584 2012-04-14] (Webroot)
3 WSIMD; C:\Windows\System32\DRIVERS\wsimd.sys [58208 2009-03-17] (Atheros Communications, Inc.)
3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation)
4 Abiosdsk; [x]
4 abp480n5; [x]
4 adpu160m; [x]
4 Aha154x; [x]
4 aic78u2; [x]
4 aic78xx; [x]
4 AliIde; [x]
4 amsint; [x]
4 asc; [x]
4 asc3350p; [x]
4 asc3550; [x]
4 Atdisk; [x]
4 cd20xrnt; [x]
1 Changer; [x]
4 CmdIde; [x]
4 Cpqarray; [x]
3 cpuz132; \??\C:\DOCUME~1\FAIRCL~1\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys [x]
4 dac2w2k; [x]
4 dac960nt; [x]
4 dpti2o; [x]
4 hpn; [x]
1 i2omgmt; [x]
4 i2omp; [x]
4 ini910u; [x]
4 IntelIde; [x]
1 lbrtfdc; [x]
4 mraid35x; [x]
1 PCIDump; [x]
3 PDCOMP; [x]
3 PDFRAME; [x]
3 PDRELI; [x]
3 PDRFRAME; [x]
4 perc2; [x]
4 perc2hib; [x]
4 ql1080; [x]
4 Ql10wnt; [x]
4 ql12160; [x]
4 ql1240; [x]
4 ql1280; [x]
3 RtsUIR; C:\Windows\System32\DRIVERS\Rts516xIR.sys [x]
1 Sfloppy; [x]
4 Simbad; [x]
4 Sparrow; [x]
4 symc810; [x]
4 symc8xx; [x]
4 sym_hi; [x]
4 sym_u3; [x]
4 TosIde; [x]
4 ultra; [x]
3 USBCCID; C:\Windows\System32\DRIVERS\RtsUCcid.sys [x]
4 ViaIde; [x]
3 WDICA; [x]
========================== NetSvcs (Whitelisted) ===========
============ One Month Created Files and Folders ==============
2012-05-22 19:54 - 2012-05-22 21:29 - 0000000 ____D C:\FRST
============ 3 Months Modified Files and Folders ===============
2012-05-22 21:29 - 2012-05-22 19:54 - 0000000 ____D C:\FRST
2012-04-14 20:13 - 2010-10-10 11:41 - 0000000 ____D C:\Documents and Settings\Faircloth\Application Data\BitTorrent
2012-04-14 20:10 - 2012-04-14 18:10 - 0000664 ____A C:\Windows\System32\d3d9caps.dat
2012-04-14 20:09 - 2012-04-14 20:09 - 0109584 ____A (Webroot) C:\Windows\System32\Drivers\awprDvyd.sys
2012-04-14 19:53 - 2012-02-18 21:43 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\WRData
2012-04-14 19:47 - 2010-03-11 21:55 - 0000000 ____D C:\Documents and Settings\Faircloth\Application Data\Spyware Terminator
2012-04-14 19:46 - 2012-02-18 21:44 - 0146104 ____A (Webroot) C:\Windows\System32\WRusr.dll
2012-04-14 19:46 - 2012-02-18 21:44 - 0109584 ____A (Webroot) C:\Windows\System32\Drivers\WRkrn.sys
2012-04-14 19:46 - 2010-03-11 21:55 - 0000000 ____D C:\Program Files\Spyware Terminator
2012-04-14 19:32 - 2009-11-28 01:32 - 0000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-04-14 16:53 - 2010-10-05 05:14 - 0000430 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{01A95FD4-E392-4044-B6F9-191CC3FFBD47}.job
2012-04-12 21:56 - 2009-11-24 21:51 - 0000000 ___RD C:\Documents and Settings\Faircloth\My Documents\My Pictures
2012-04-10 00:55 - 2010-01-03 03:52 - 0000000 ____D C:\Documents and Settings\All Users\Documents\My Slide Shows
2012-04-06 18:26 - 2011-01-06 13:38 - 0000000 ____D C:\Documents and Settings\Faircloth\Local Settings\Application Data\Productivity_1.12
2012-04-04 13:22 - 2012-02-18 21:43 - 0000000 ____D C:\Program Files\Webroot
2012-03-31 15:32 - 2009-11-28 01:32 - 0000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-03-26 12:29 - 2010-02-15 23:14 - 0000387 ____A C:\Windows\RTacDbg.txt
2012-03-26 12:28 - 2010-01-03 03:52 - 0000062 __ASH C:\Documents and Settings\kodak\Local Settings\desktop.ini
2012-03-26 12:28 - 2009-11-24 21:51 - 0000062 __ASH C:\Documents and Settings\Faircloth\Local Settings\desktop.ini
2012-03-26 12:28 - 2009-09-08 09:58 - 0001158 ____A C:\Windows\System32\wpa.dbl
2012-03-26 12:28 - 2009-09-08 09:26 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-03-26 12:28 - 2009-09-08 02:20 - 0000049 ____A C:\Windows\wiaservc.log
2012-03-26 12:28 - 2009-09-08 02:19 - 0000159 ____A C:\Windows\wiadebug.log
2012-03-26 12:27 - 2009-10-25 01:46 - 1063702528 __ASH C:\hiberfil.sys
2012-03-26 12:27 - 2009-09-08 09:26 - 0000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2012-03-26 12:27 - 2009-09-08 09:26 - 0000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2012-03-26 12:26 - 2009-11-24 21:51 - 0000178 ___SH C:\Documents and Settings\Faircloth\ntuser.ini
2012-03-26 12:26 - 2009-09-08 09:26 - 0032620 ____A C:\Windows\SchedLgU.Txt
2012-03-26 12:26 - 2009-09-08 09:22 - 1901359 ____A C:\Windows\WindowsUpdate.log
2012-03-23 23:27 - 2009-11-24 22:14 - 0000000 ____D C:\Documents and Settings\Faircloth\Local Settings\Application Data\Google
2012-03-23 23:24 - 2012-03-23 23:24 - 0000000 ____D C:\Documents and Settings\kodak\Local Settings\Application Data\Google
2012-03-19 05:02 - 2009-09-08 09:22 - 0000000 ___SD C:\Windows\Downloaded Program Files
2012-03-19 04:58 - 2009-09-08 02:17 - 0211626 ____A C:\Windows\setupact.log
2012-03-15 23:36 - 2009-11-27 23:41 - 0002698 ___AC C:\Documents and Settings\Faircloth\Application Data\wklnhst.dat
2012-03-14 17:27 - 2009-09-08 02:18 - 0512034 ___AC C:\Windows\System32\PerfStringBackup.INI
2012-03-14 17:12 - 2009-10-25 02:03 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\Norton
========================= Known DLLs (Whitelisted) ============
========================= Bamital & volsnap Check ============
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points (XP) =====================
RP: -> 2012-02-29 22:15 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP128
RP: -> 2011-12-15 14:38 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP127
RP: -> 2011-12-14 10:12 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP126
RP: -> 2011-11-23 11:47 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP125
RP: -> 2011-11-17 01:02 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP124
RP: -> 2011-11-12 11:31 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP123
RP: -> 2011-11-10 13:04 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP122
RP: -> 2011-11-08 14:27 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP121
RP: -> 2011-10-13 10:54 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP120
RP: -> 2011-10-01 14:47 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP119
RP: -> 2011-09-28 06:50 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP118
RP: -> 2011-09-26 17:26 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP117
RP: -> 2011-09-15 20:52 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP116
RP: -> 2011-09-12 09:45 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP115
RP: -> 2011-09-10 15:37 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP114
RP: -> 2011-09-08 12:16 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP113
RP: -> 2011-09-06 20:30 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP112
RP: -> 2011-09-03 21:25 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP111
RP: -> 2011-09-02 15:45 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP110
RP: -> 2011-08-25 10:47 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP109
RP: -> 2011-08-17 10:25 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP108
RP: -> 2011-08-11 10:51 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP107
RP: -> 2011-07-25 23:17 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP106
RP: -> 2011-07-24 12:01 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP105
RP: -> 2011-07-14 15:01 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP104
RP: -> 2011-07-12 21:25 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP103
========================= Memory info ======================
Percentage of memory in use: 19%
Total physical RAM: 1014.36 MB
Available physical RAM: 814.41 MB
Total Pagefile: 901.92 MB
Available Pagefile: 831.92 MB
Total Virtual: 2047.88 MB
Available Virtual: 2001.54 MB
======================= Partitions =========================
1 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
2 Drive c: (TI105133P0A ) (Fixed) (Total:139.66 GB) (Free:24.59 GB) NTFS ==>[Drive with boot components (Windows XP)]
3 Drive e: (IOMEGAMINI) (Removable) (Total:0.06 GB) (Free:0.06 GB) FAT
4 Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS
5 Drive y: (HDDRECOVERY) (Fixed) (Total:9.38 GB) (Free:4.56 GB) FAT32
Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 149 GB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 140 GB 32 KB
Partition 2 Primary 9 GB 140 GB
======================================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C TI105133P0A NTFS Partition 140 GB Healthy
======================================================================================================
Disk: 0
Partition 2
Type : 0C
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 Y HDDRECOVERY FAT32 Partition 9 GB Healthy
======================================================================================================
======================= End Of Log ==========================