Page 1 of 3 123 LastLast
Results 1 to 10 of 21
  1. #1
    Member
    Join Date
    May 2011
    Posts
    12
    Points
    0

    Default click.giftload infection on my laptop (Toshiba Tecra M5 with XP Pro/SP3; spybot nogo.

    Howdy! I read the thread submitted by "ravencoloured sky": "Click.GiftLoad on my computer(spybot isn't helping) ;-;", responded to by "Net_Surfer". This seemed to most closely match my own experience. I had previously tried using spybot + malwarebytes, without lasting success with spybot (upon reboot) and malwarebytes didn't even recognize the virus.

    The infected machine is a Toshiba Tecra M5 Laptop, running XP Pro+ SP3 on an intel T2500 @ 2Ghz, with 1.5 GB of RAM. Currently the 90GB drive shows 69.7GB used and 20GB free space. I'm supplying the logs via my clean desktop unit.

    After reading the thread listed above, I have completed the following scans with logs posted below.

    1. exeHelper
    2. MBAM
    3. TDSSKiller.exe
    4. Combofix
    Please review the following and let me know what other issues I must still resolve to get my laptop funcional again -any help is greatly appreciated! Thanks in advance. I have not run any additonal scans, only turned on the Windows firewall and MS Security Essentials (with auto-scan turned off).

    Gracias.

    1. exeHelper
    exeHelper by Raktor
    Build 20100414
    Run at 14:42:57 on 05/17/11
    Now searching...
    Checking for numerical processes...
    Checking for sysguard processes...
    Checking for bad processes...
    Checking for bad files...
    Checking for bad registry entries...
    Resetting filetype association for .exe
    Resetting filetype association for .com
    Resetting userinit and shell values...
    Resetting policies...
    --Finished--

    2. MBAM
    Malwarebytes' Anti-Malware 1.50.1.1100
    Malwarebytes : Free anti-malware, anti-virus and spyware removal download

    Database version: 6600

    Windows 5.1.2600 Service Pack 3 (Safe Mode)
    Internet Explorer 8.0.6001.18702

    17/05/2011 3:51:39 PM
    mbam-log-2011-05-17 (15-51-39).txt

    Scan type: Full scan (C:\|E:\|H:\|)
    Objects scanned: 347633
    Time elapsed: 1 hour(s), 1 minute(s), 52 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    3. TDSSKiller.exe
    2011/05/17 16:16:17.0875 0700 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29
    2011/05/17 16:16:18.0546 0700 ================================================================================
    2011/05/17 16:16:18.0546 0700 SystemInfo:
    2011/05/17 16:16:18.0546 0700
    2011/05/17 16:16:18.0546 0700 OS Version: 5.1.2600 ServicePack: 3.0
    2011/05/17 16:16:18.0546 0700 Product type: Workstation
    2011/05/17 16:16:18.0546 0700 ComputerName: TOSHIBA-LDA002
    2011/05/17 16:16:18.0546 0700 UserName: Larry Arndt
    2011/05/17 16:16:18.0546 0700 Windows directory: C:\WINDOWS
    2011/05/17 16:16:18.0546 0700 System windows directory: C:\WINDOWS
    2011/05/17 16:16:18.0546 0700 Processor architecture: Intel x86
    2011/05/17 16:16:18.0546 0700 Number of processors: 2
    2011/05/17 16:16:18.0546 0700 Page size: 0x1000
    2011/05/17 16:16:18.0546 0700 Boot type: Safe boot with network
    2011/05/17 16:16:18.0546 0700 ================================================================================
    2011/05/17 16:16:18.0781 0700 Initialize success
    2011/05/17 16:16:30.0171 0580 ================================================================================
    2011/05/17 16:16:30.0171 0580 Scan started
    2011/05/17 16:16:30.0171 0580 Mode: Manual;
    2011/05/17 16:16:30.0171 0580 ================================================================================
    2011/05/17 16:16:31.0921 0580 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2011/05/17 16:16:31.0968 0580 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    2011/05/17 16:16:32.0062 0580 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2011/05/17 16:16:32.0109 0580 AegisP (12dafd934641dcf61e446313bc261ec2) C:\WINDOWS\system32\DRIVERS\AegisP.sys
    2011/05/17 16:16:32.0171 0580 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
    2011/05/17 16:16:32.0234 0580 AgereSoftModem (b3192376c7a3814b5341efc2202022f8) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
    2011/05/17 16:16:32.0468 0580 ApfiltrService (3ed81e8b4709d13e5a38db2d8e792b28) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
    2011/05/17 16:16:32.0515 0580 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    2011/05/17 16:16:32.0671 0580 ASPI32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\ASPI32.sys
    2011/05/17 16:16:32.0718 0580 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2011/05/17 16:16:32.0750 0580 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2011/05/17 16:16:32.0812 0580 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2011/05/17 16:16:32.0859 0580 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2011/05/17 16:16:33.0015 0580 bdfsfltr (9b281f5f673cbc5b9ec886d59e0b4f26) C:\WINDOWS\system32\drivers\bdfsfltr.sys
    2011/05/17 16:16:33.0046 0580 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2011/05/17 16:16:33.0109 0580 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2011/05/17 16:16:33.0156 0580 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    2011/05/17 16:16:33.0218 0580 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2011/05/17 16:16:33.0250 0580 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2011/05/17 16:16:33.0281 0580 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2011/05/17 16:16:33.0312 0580 CE3 (6d63e366d96494336f375ff155d47ab3) C:\WINDOWS\system32\DRIVERS\ce3n5.sys
    2011/05/17 16:16:33.0406 0580 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    2011/05/17 16:16:33.0468 0580 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
    2011/05/17 16:16:33.0671 0580 DefragFS (65c7122d1115a4e1db3e8c11df919a40) C:\WINDOWS\system32\drivers\DefragFS.sys
    2011/05/17 16:16:33.0703 0580 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    2011/05/17 16:16:33.0750 0580 DLABOIOM (ee4325becef51b8c32b4329097e4f301) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
    2011/05/17 16:16:33.0781 0580 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
    2011/05/17 16:16:33.0812 0580 DLADResN (1e6c6597833a04c2157be7b39ea92ce1) C:\WINDOWS\system32\DLA\DLADResN.SYS
    2011/05/17 16:16:33.0843 0580 DLAIFS_M (752376e109a090970bfa9722f0f40b03) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
    2011/05/17 16:16:33.0859 0580 DLAOPIOM (62ee7902e74b90bf1ccc4643fc6c07a7) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
    2011/05/17 16:16:33.0890 0580 DLAPoolM (5c220124c5afeaee84a9bb89d685c17b) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
    2011/05/17 16:16:33.0937 0580 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
    2011/05/17 16:16:33.0984 0580 DLAUDFAM (4ebb78d9bbf072119363b35b9b3e518f) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
    2011/05/17 16:16:34.0031 0580 DLAUDF_M (333b770e52d2cea7bd86391120466e43) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
    2011/05/17 16:16:34.0078 0580 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    2011/05/17 16:16:34.0109 0580 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    2011/05/17 16:16:34.0140 0580 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2011/05/17 16:16:34.0187 0580 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    2011/05/17 16:16:34.0375 0580 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    2011/05/17 16:16:34.0406 0580 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
    2011/05/17 16:16:34.0437 0580 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
    2011/05/17 16:16:34.0515 0580 e1express (8942419786970adb32b05bb7950aee72) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
    2011/05/17 16:16:34.0562 0580 Eplpdx02 (f9472131367d39435d750f5fa3d23582) C:\WINDOWS\system32\Drivers\EPLPDX02.SYS
    2011/05/17 16:16:34.0656 0580 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2011/05/17 16:16:34.0703 0580 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
    2011/05/17 16:16:34.0796 0580 FdRedir (3314f3134ac59771a133a0cd3d343fff) C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys
    2011/05/17 16:16:34.0812 0580 FileDisk2 (7b33f094a7a42a0225c344f5b25b1b05) C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys
    2011/05/17 16:16:34.0890 0580 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    2011/05/17 16:16:34.0906 0580 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
    2011/05/17 16:16:34.0953 0580 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    2011/05/17 16:16:35.0000 0580 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2011/05/17 16:16:35.0031 0580 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2011/05/17 16:16:35.0093 0580 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
    2011/05/17 16:16:35.0109 0580 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2011/05/17 16:16:35.0281 0580 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    2011/05/17 16:16:35.0343 0580 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2011/05/17 16:16:35.0390 0580 HPEAPPkt (4ba96e24c86aa9114862a4185dfef090) C:\WINDOWS\system32\DRIVERS\HPEAPPkt.sys
    2011/05/17 16:16:35.0468 0580 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
    2011/05/17 16:16:35.0500 0580 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
    2011/05/17 16:16:35.0562 0580 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
    2011/05/17 16:16:35.0625 0580 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    2011/05/17 16:16:35.0734 0580 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2011/05/17 16:16:35.0828 0580 IFXTPM (2cdf483f8fc2bf3f7b93e3bdd734cfbd) C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
    2011/05/17 16:16:35.0843 0580 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2011/05/17 16:16:35.0953 0580 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    2011/05/17 16:16:35.0984 0580 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    2011/05/17 16:16:36.0015 0580 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2011/05/17 16:16:36.0078 0580 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2011/05/17 16:16:36.0125 0580 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2011/05/17 16:16:36.0171 0580 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2011/05/17 16:16:36.0203 0580 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2011/05/17 16:16:36.0250 0580 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2011/05/17 16:16:36.0281 0580 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys
    2011/05/17 16:16:36.0343 0580 Jukebox3 (c4d1e49a7d853a6fdfe8ec2906ae5aaa) C:\WINDOWS\system32\DRIVERS\ctpdusb.sys
    2011/05/17 16:16:36.0390 0580 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2011/05/17 16:16:36.0500 0580 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2011/05/17 16:16:36.0546 0580 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    2011/05/17 16:16:36.0718 0580 meiudf (7efac183a25b30fb5d64cc9d484b1eb6) C:\WINDOWS\system32\Drivers\meiudf.sys
    2011/05/17 16:16:36.0765 0580 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2011/05/17 16:16:36.0812 0580 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    2011/05/17 16:16:36.0828 0580 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2011/05/17 16:16:36.0875 0580 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    2011/05/17 16:16:36.0921 0580 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2011/05/17 16:16:36.0984 0580 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
    2011/05/17 16:16:37.0218 0580 MpKsl2700004a (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2A0A8A4C-58F7-4C7F-988F-91C32682E419}\MpKsl2700004a.sys
    2011/05/17 16:16:37.0312 0580 MpKsl7277faf7 (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2A0A8A4C-58F7-4C7F-988F-91C32682E419}\MpKsl7277faf7.sys
    2011/05/17 16:16:37.0406 0580 MpKsl9a6e1a7a (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2A0A8A4C-58F7-4C7F-988F-91C32682E419}\MpKsl9a6e1a7a.sys
    2011/05/17 16:16:37.0437 0580 MpKsle258eb6f (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2A0A8A4C-58F7-4C7F-988F-91C32682E419}\MpKsle258eb6f.sys
    2011/05/17 16:16:37.0562 0580 MpKslecd6282f (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2A0A8A4C-58F7-4C7F-988F-91C32682E419}\MpKslecd6282f.sys
    2011/05/17 16:16:37.0875 0580 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
    2011/05/17 16:16:37.0984 0580 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
    2011/05/17 16:16:38.0031 0580 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2011/05/17 16:16:38.0109 0580 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2011/05/17 16:16:38.0171 0580 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2011/05/17 16:16:38.0218 0580 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2011/05/17 16:16:38.0265 0580 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2011/05/17 16:16:38.0312 0580 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2011/05/17 16:16:38.0359 0580 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2011/05/17 16:16:38.0390 0580 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    2011/05/17 16:16:38.0437 0580 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    2011/05/17 16:16:38.0484 0580 MXOFX (ca68234d644aca94e7de0c90d2142f9d) C:\WINDOWS\system32\DRIVERS\MXOFX.SYS
    2011/05/17 16:16:38.0546 0580 MXOPSWD (e3dec7ca28a9870e24fff4e467af7328) C:\WINDOWS\system32\DRIVERS\mxopswd.sys
    2011/05/17 16:16:38.0703 0580 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    2011/05/17 16:16:38.0781 0580 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    2011/05/17 16:16:38.0796 0580 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    2011/05/17 16:16:38.0843 0580 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2011/05/17 16:16:38.0875 0580 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2011/05/17 16:16:38.0921 0580 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2011/05/17 16:16:38.0968 0580 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    2011/05/17 16:16:39.0000 0580 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2011/05/17 16:16:39.0046 0580 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2011/05/17 16:16:39.0109 0580 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys
    2011/05/17 16:16:39.0187 0580 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    2011/05/17 16:16:39.0234 0580 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2011/05/17 16:16:39.0296 0580 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    2011/05/17 16:16:39.0343 0580 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2011/05/17 16:16:39.0484 0580 nv (5445c6e4b1db1d9ecfc63d3f8d6b7884) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    2011/05/17 16:16:39.0671 0580 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2011/05/17 16:16:39.0703 0580 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2011/05/17 16:16:39.0750 0580 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
    2011/05/17 16:16:39.0765 0580 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
    2011/05/17 16:16:39.0812 0580 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
    2011/05/17 16:16:39.0843 0580 NWRDR (36b9b950e3d2e100970a48d8bad86740) C:\WINDOWS\system32\DRIVERS\nwrdr.sys
    2011/05/17 16:16:39.0890 0580 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    2011/05/17 16:16:39.0953 0580 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    2011/05/17 16:16:39.0984 0580 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2011/05/17 16:16:40.0031 0580 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    2011/05/17 16:16:40.0078 0580 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    2011/05/17 16:16:40.0140 0580 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2011/05/17 16:16:40.0187 0580 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
    2011/05/17 16:16:40.0468 0580 PersonalSecureDrive (0d8848fbe1765a3e27b69b5bef6d429f) C:\WINDOWS\System32\drivers\psd.sys
    2011/05/17 16:16:40.0500 0580 Pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
    2011/05/17 16:16:40.0546 0580 PfModNT (c8a2d6ff660ac601b7bb9a9b16a5c25e) C:\WINDOWS\system32\drivers\PfModNT.sys
    2011/05/17 16:16:40.0625 0580 Point32 (5c71f7cdd1b4ba5f00b87ca05e414aea) C:\WINDOWS\system32\DRIVERS\point32.sys
    2011/05/17 16:16:40.0703 0580 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2011/05/17 16:16:40.0875 0580 Profos (d90a33660d328a9f587580f0b38c85de) C:\Program Files\TELUS\TELUS security services\BitDefender\profos.sys
    2011/05/17 16:16:40.0984 0580 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2011/05/17 16:16:41.0046 0580 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2011/05/17 16:16:41.0078 0580 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    2011/05/17 16:16:41.0343 0580 RadialpointIDSDriver (9dc4b985729c8ae26b0fd607d2081048) C:\Program Files\TELUS\TELUS security services\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys
    2011/05/17 16:16:41.0375 0580 RadialpointIDSEH (2457250ca176e7fde9c3d3b2c94341f0) C:\WINDOWS\system32\drivers\AVGIDSEH.sys
    2011/05/17 16:16:41.0406 0580 RadialpointIDSFilter (0871aad56c4960e311150fd724e106ae) C:\Program Files\TELUS\TELUS security services\AVG\Identity Protection\agent\drivers\AVGIDSFilter.sys
    2011/05/17 16:16:41.0437 0580 RadialpointIDSShim (2b949205f1c53b6e4002a3c38327c9a2) C:\Program Files\TELUS\TELUS security services\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys
    2011/05/17 16:16:41.0468 0580 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2011/05/17 16:16:41.0515 0580 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2011/05/17 16:16:41.0562 0580 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2011/05/17 16:16:41.0578 0580 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2011/05/17 16:16:41.0625 0580 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2011/05/17 16:16:41.0671 0580 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2011/05/17 16:16:41.0718 0580 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    2011/05/17 16:16:41.0781 0580 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    2011/05/17 16:16:41.0812 0580 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2011/05/17 16:16:41.0890 0580 RPPKT (b7e136986bb3dac249a00e760281f0a9) C:\WINDOWS\system32\DRIVERS\rp_pkt32.sys
    2011/05/17 16:16:41.0937 0580 RPSKT (750d83c39d60964b6bc2b8a75ed7a165) C:\WINDOWS\system32\DRIVERS\rp_skt32.sys
    2011/05/17 16:16:42.0015 0580 s24trans (1cc074e0d48383d4e9bffc6a26c2a58a) C:\WINDOWS\system32\DRIVERS\s24trans.sys
    2011/05/17 16:16:42.0187 0580 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
    2011/05/17 16:16:42.0250 0580 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2011/05/17 16:16:42.0328 0580 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    2011/05/17 16:16:42.0343 0580 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    2011/05/17 16:16:42.0406 0580 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
    2011/05/17 16:16:42.0468 0580 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
    2011/05/17 16:16:42.0531 0580 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
    2011/05/17 16:16:42.0625 0580 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    2011/05/17 16:16:42.0687 0580 smihlp (94eede27fd7d46707be49127922695a7) C:\Program Files\Protector Suite QL\smihlp.sys
    2011/05/17 16:16:42.0765 0580 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2011/05/17 16:16:42.0812 0580 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    2011/05/17 16:16:42.0875 0580 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    2011/05/17 16:16:43.0000 0580 STHDA (ba225dbe19060a8bece4cfbcdcc8b69d) C:\WINDOWS\system32\drivers\sthda.sys
    2011/05/17 16:16:43.0046 0580 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    2011/05/17 16:16:43.0078 0580 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2011/05/17 16:16:43.0109 0580 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    2011/05/17 16:16:43.0296 0580 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys
    2011/05/17 16:16:43.0390 0580 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    2011/05/17 16:16:43.0484 0580 TBiosDrv (eeca2b57545e7b7be949b5e70e31444f) C:\WINDOWS\system32\drivers\TBiosDrv.sys
    2011/05/17 16:16:43.0546 0580 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2011/05/17 16:16:43.0609 0580 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
    2011/05/17 16:16:43.0640 0580 TcUsb (fc6fe02f400308606a911640e72326b5) C:\WINDOWS\system32\Drivers\tcusb.sys
    2011/05/17 16:16:43.0671 0580 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2011/05/17 16:16:43.0734 0580 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2011/05/17 16:16:43.0781 0580 TEchoCan (4a80e7a7d65560aa26e10b4c0a77d87a) C:\WINDOWS\system32\DRIVERS\TEchoCan.sys
    2011/05/17 16:16:43.0828 0580 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2011/05/17 16:16:43.0859 0580 Thpdrv (9a932560e9246b0d370fb97789bc0fd4) C:\WINDOWS\system32\DRIVERS\thpdrv.sys
    2011/05/17 16:16:43.0921 0580 Thpevm (beeca51c9ef368a1038e455278e4715e) C:\WINDOWS\system32\DRIVERS\Thpevm.SYS
    2011/05/17 16:16:43.0968 0580 TMEI3E (684bfb1e9abb05d3f48c53f3cd16a3e6) C:\WINDOWS\system32\Drivers\TMEI3E.SYS
    2011/05/17 16:16:44.0062 0580 tosrfec (cc069342ee0eae55b32a0ae99cf6185c) C:\WINDOWS\system32\DRIVERS\tosrfec.sys
    2011/05/17 16:16:44.0250 0580 Trufos (b16d66a71de03285e14e9f165b59eda4) C:\Program Files\TELUS\TELUS security services\BitDefender\trufos.sys
    2011/05/17 16:16:44.0328 0580 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
    2011/05/17 16:16:44.0359 0580 TVALZ (ccf4f8f8240f7057bf864ef73e91dcbb) C:\WINDOWS\system32\DRIVERS\TVALZ.SYS
    2011/05/17 16:16:44.0375 0580 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2011/05/17 16:16:44.0484 0580 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    2011/05/17 16:16:44.0625 0580 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    2011/05/17 16:16:44.0671 0580 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2011/05/17 16:16:44.0718 0580 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2011/05/17 16:16:44.0765 0580 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    2011/05/17 16:16:44.0828 0580 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    2011/05/17 16:16:44.0859 0580 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2011/05/17 16:16:44.0875 0580 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    2011/05/17 16:16:44.0953 0580 V0250Dev (b2a9cefea4ae26161d53d48e7aa39765) C:\WINDOWS\system32\DRIVERS\V0250Dev.sys
    2011/05/17 16:16:45.0000 0580 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2011/05/17 16:16:45.0046 0580 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    2011/05/17 16:16:45.0171 0580 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys
    2011/05/17 16:16:45.0218 0580 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2011/05/17 16:16:45.0296 0580 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2011/05/17 16:16:45.0453 0580 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
    2011/05/17 16:16:45.0546 0580 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    2011/05/17 16:16:45.0593 0580 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    2011/05/17 16:16:45.0625 0580 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    2011/05/17 16:16:45.0718 0580 \HardDisk1 - detected Rootkit.Win32.TDSS.tdl4 (0)
    2011/05/17 16:16:45.0750 0580 ================================================================================
    2011/05/17 16:16:45.0750 0580 Scan finished
    2011/05/17 16:16:45.0750 0580 ================================================================================
    2011/05/17 16:16:45.0781 0872 Detected object count: 1
    2011/05/17 16:17:24.0359 0872 \HardDisk1 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
    2011/05/17 16:17:24.0359 0872 \HardDisk1 - ok
    2011/05/17 16:17:24.0359 0872 Rootkit.Win32.TDSS.tdl4(\HardDisk1) - User select action: Cure
    2011/05/17 16:17:34.0312 0232 Deinitialize success


    4. Combofix
    ComboFix 11-05-17.01 - Larry Arndt 17/05/2011 16:54:31.1.2 - x86 NETWORK
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.1037 [GMT -7:00]
    Running from: c:\documents and settings\Larry Arndt\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    AV: TELUS security services Anti-Virus *Disabled/Outdated* {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
    FW: TELUS security services Firewall *Disabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Larry Arndt\Application Data\825268B7273C42F1257463E87587AB84
    c:\documents and settings\Larry Arndt\Application Data\825268B7273C42F1257463E87587AB84\enemies-names.txt
    c:\documents and settings\Larry Arndt\Application Data\825268B7273C42F1257463E87587AB84\local.ini
    c:\documents and settings\Larry Arndt\Application Data\Adobe\plugs
    c:\documents and settings\Larry Arndt\Application Data\Adobe\shed
    c:\documents and settings\Larry Arndt\Application Data\Sun\ivzmdl.dll
    c:\documents and settings\Larry Arndt\g2mdlhlpx.exe
    c:\windows\system32\Thumbs.db
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_USNJSVC
    -------\Service_usnjsvc
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-04-18 to 2011-05-18 )))))))))))))))))))))))))))))))
    .
    .
    2011-05-14 03:35 . 2011-05-14 03:35 28752 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2A0A8A4C-58F7-4C7F-988F-91C32682E419}\MpKsle258eb6f.sys
    2011-05-14 03:21 . 2011-05-14 03:21 28752 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2A0A8A4C-58F7-4C7F-988F-91C32682E419}\MpKsl9a6e1a7a.sys
    2011-05-14 02:50 . 2011-05-14 02:50 28752 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2A0A8A4C-58F7-4C7F-988F-91C32682E419}\MpKslecd6282f.sys
    2011-05-13 22:43 . 2011-05-13 22:43 28752 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2A0A8A4C-58F7-4C7F-988F-91C32682E419}\MpKsl8d19b880.sys
    2011-05-13 22:29 . 2011-05-13 22:29 28752 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2A0A8A4C-58F7-4C7F-988F-91C32682E419}\MpKsl2700004a.sys
    2011-05-13 20:24 . 2011-05-13 20:24 28752 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2A0A8A4C-58F7-4C7F-988F-91C32682E419}\MpKsl7277faf7.sys
    2011-05-13 17:32 . 2011-05-13 17:32 -------- dc----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple Computer
    2011-05-13 04:01 . 2011-05-13 04:01 20 -c--a-w- c:\windows\system32\drivers\E0ACABE0.SYS
    2011-05-12 00:21 . 2011-04-18 16:15 7071056 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2A0A8A4C-58F7-4C7F-988F-91C32682E419}\mpengine.dll
    2011-05-11 23:41 . 2011-05-11 23:41 -------- dc----w- c:\documents and settings\Larry Arndt\Local Settings\Application Data\Microsoft Corporation
    2011-05-11 23:39 . 2011-05-11 23:39 -------- dc----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
    2011-05-11 20:48 . 2011-05-11 20:48 -------- dc----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
    2011-05-11 04:22 . 2011-05-11 04:22 -------- dc----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
    2011-05-11 04:22 . 2011-05-11 04:22 -------- dc----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
    2011-05-09 10:14 . 2011-05-09 10:14 -------- dc----w- c:\documents and settings\Larry Arndt\Application Data\Auslogics
    2011-05-02 16:04 . 2011-05-02 16:04 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
    2011-05-02 16:04 . 2010-12-21 01:08 20952 -c--a-w- c:\windows\system32\drivers\mbam.sys
    2011-05-02 15:56 . 2011-05-02 15:56 -------- dc----w- c:\windows\system32\wbem\Repository
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-04-18 16:15 . 2010-03-14 13:30 7071056 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2011-03-07 05:33 . 2006-01-10 20:10 692736 -c--a-w- c:\windows\system32\inetcomm.dll
    2011-03-04 06:37 . 2006-01-10 18:52 420864 -c--a-w- c:\windows\system32\vbscript.dll
    2011-03-03 13:21 . 2006-01-10 18:52 1857920 -c--a-w- c:\windows\system32\win32k.sys
    2011-02-22 23:06 . 2006-01-10 18:52 916480 -c--a-w- c:\windows\system32\wininet.dll
    2011-02-22 23:06 . 2006-01-10 18:52 43520 -c--a-w- c:\windows\system32\licmgr10.dll
    2011-02-22 23:06 . 2006-01-10 18:52 1469440 -c--a-w- c:\windows\system32\inetcpl.cpl
    2011-02-22 11:41 . 2006-01-10 18:52 385024 -c----w- c:\windows\system32\html.iec
    2011-02-17 13:18 . 2006-01-10 18:52 455936 -c--a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-02-17 13:18 . 2006-01-10 18:52 357888 -c--a-w- c:\windows\system32\drivers\srv.sys
    2011-02-17 12:32 . 2009-04-15 13:21 5120 -c--a-w- c:\windows\system32\xpsp4res.dll
    2009-12-23 06:18 . 2009-12-23 06:18 1286144 -c----w- c:\program files\HDViewInstall_3_3.msi
    2007-09-23 14:38 . 2007-09-23 14:38 28791384 -c----w- c:\program files\avsdvdcopy.exe
    2007-09-21 19:19 . 2007-09-21 19:19 3165190 -c----w- c:\program files\EasyDVDVideoCopy.exe
    2007-09-21 19:17 . 2007-09-21 19:17 4402811 -c----w- c:\program files\burn4free_setup.exe
    2007-09-12 17:09 . 2007-09-12 17:09 51418424 -c----w- c:\program files\iTunesSetup.exe
    2007-09-09 19:19 . 2007-09-09 19:19 15505200 -c----w- c:\program files\IE7-WindowsXP-x86-enu.exe
    2007-09-02 14:04 . 2007-09-02 14:04 13416432 -c----w- c:\program files\Google_Earth_BZXV.exe
    2007-08-17 00:18 . 2007-08-17 00:18 5388088 -c----w- c:\program files\picasaweb-current-setup.exe
    2007-05-21 23:58 . 2007-05-21 23:58 18040176 -c----w- c:\program files\Install_Messenger_nous.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
    2008-08-06 22:20 279944 -c----w- c:\program files\AskBarDis\bar\bin\askBar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944]
    "{4d02e7e6-5930-4b51-b9b0-9f21b3789400}"= "mscoree.dll" [2009-11-07 297808]
    .
    [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
    [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
    .
    [HKEY_CLASSES_ROOT\clsid\{4d02e7e6-5930-4b51-b9b0-9f21b3789400}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-23 68856]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "00THotkey"="c:\windows\system32\00THotkey.exe" [2005-03-01 245760]
    "000StTHK"="000StTHK.exe" [2001-06-23 24576]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-25 7340032]
    "nwiz"="nwiz.exe" [2006-07-25 1519616]
    "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-23 196608]
    "DpUtil"="c:\program files\TOSHIBA\DualPointUtility\TEDTray.exe" [2005-06-29 155648]
    "AGRSMMSG"="AGRSMMSG.exe" [2005-10-14 88203]
    "TFNF5"="TFNF5.exe" [2005-12-26 581632]
    "SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]
    "TPSMain"="TPSMain.exe" [2005-12-15 315392]
    "TPSODDCtl"="TPSODDCtl.exe" [2005-12-15 110592]
    "TMESRV.EXE"="c:\program files\TOSHIBA\TME3\TMESRV31.EXE" [2005-12-14 126976]
    "TMERzCtl.EXE"="c:\program files\TOSHIBA\TME3\TMERzCtl.EXE" [2005-12-20 86016]
    "TMESBS.EXE"="c:\program files\TOSHIBA\TME3\TMESBS32.EXE" [2003-08-01 86016]
    "TOSDCR"="TOSDCR.EXE" [2005-12-13 57344]
    "TosHKCW.exe"="c:\program files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2005-05-17 49152]
    "TAudEffect"="c:\program files\TOSHIBA\TAudEffect\TAudEff.exe" [2005-10-05 344144]
    "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940]
    "LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2004-08-17 184320]
    "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
    "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
    "PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2006-05-06 30208]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 600896]
    "MXOBG"="c:\windows\MXOALDR.EXE" [2008-04-08 94208]
    "NVRotateSysTray"="c:\windows\system32\nvsysrot.dll" [2006-07-25 49152]
    "IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2008-12-05 677408]
    "HPWireless"="c:\program files\HP Wireless Adapter\HPWLAN.exe" [2006-10-05 618496]
    "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2004-12-15 176128]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
    "Tsa.exe"="c:\program files\TELUS\TELUS security advisor\Tsa.exe" [2010-12-16 4318520]
    "TELUS_McciTrayApp"="c:\program files\TELUS\McciTrayApp.exe" [2010-10-05 1573888]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-15 47904]
    "MaxtorOneTouch"="c:\program files\Maxtor\OneTouch\utils\Onetouch.exe" [2004-12-22 823296]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
    .
    c:\documents and settings\Administrator\Start Menu\Programs\Startup\
    IEHOME.LNK - c:\documents and settings\Default User\Local Settings\Temp\iehome.bat [2006-8-26 298]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk.disabled [2010-4-15 1819]
    HP Image Zone Fast Start.lnk.disabled [2010-4-15 809]
    RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-1-10 155648]
    .
    c:\documents and settings\Default User\Start Menu\Programs\Startup\
    IEHOME.LNK - c:\documents and settings\Default User\Local Settings\Temp\iehome.bat [2006-8-26 298]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
    2006-05-06 00:48 40448 ------w- c:\windows\system32\psqlpwd.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TosBtNP]
    2005-12-27 04:31 57344 ------w- c:\windows\system32\TosBtNP.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Radialpoint Security Services]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
    backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
    backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
    backup=c:\windows\pss\Windows Search.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Larry Arndt^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk]
    path=c:\documents and settings\Larry Arndt\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk
    backup=c:\windows\pss\Microsoft Office OneNote 2003 Quick Launch.lnkStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-11-10 20:49 932288 -c--a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2010-08-20 19:45 1164584 -c--a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2004-09-13 21:49 49152 -c--a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2011-03-07 22:33 421160 -c--a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
    2006-01-17 20:03 53248 -c----w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
    2006-01-17 20:03 135168 -c----w- c:\progra~1\MUSICM~1\MUSICM~2\mm_tray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-11-30 01:38 421888 -c--a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2007-05-23 12:51 68856 ------w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
    "MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" /background
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\Program Files\\SightSpeed\\SightSpeed.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=
    "c:\\Program Files\\Toshiba\\ConfigFree\\CFXFER.exe"=
    "c:\\Program Files\\TELUS\\TELUS security advisor\\ServicepointService.exe"=
    "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
    .
    R0 RadialpointIDSEH;RadialpointIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [15/02/2011 7:20 AM 25608]
    R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [28/12/2004 12:31 AM 16384]
    R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [10/01/2006 2:15 PM 6528]
    R1 MpKsl2700004a;MpKsl2700004a;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2A0A8A4C-58F7-4C7F-988F-91C32682E419}\MpKsl2700004a.sys [13/05/2011 3:29 PM 28752]
    R1 MpKsl7277faf7;MpKsl7277faf7;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2A0A8A4C-58F7-4C7F-988F-91C32682E419}\MpKsl7277faf7.sys [13/05/2011 1:24 PM 28752]
    R1 MpKsl9a6e1a7a;MpKsl9a6e1a7a;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2A0A8A4C-58F7-4C7F-988F-91C32682E419}\MpKsl9a6e1a7a.sys [13/05/2011 8:21 PM 28752]
    R1 MpKsle258eb6f;MpKsle258eb6f;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2A0A8A4C-58F7-4C7F-988F-91C32682E419}\MpKsle258eb6f.sys [13/05/2011 8:35 PM 28752]
    R1 MpKslecd6282f;MpKslecd6282f;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2A0A8A4C-58F7-4C7F-988F-91C32682E419}\MpKslecd6282f.sys [13/05/2011 7:50 PM 28752]
    R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [05/12/2008 4:27 PM 39080]
    R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.sys [10/01/2006 2:24 PM 5888]
    R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [05/05/2006 6:00 PM 13568]
    R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [05/05/2006 5:59 PM 33024]
    R2 HPEAPPkt;Realtek EAPPkt Protocol(HP);c:\windows\system32\drivers\HPEAPPkt.sys [28/08/2009 11:09 AM 68864]
    R2 Radialpoint Security Services;TELUS security services;c:\program files\TELUS\TELUS security services\RpsSecurityAwareR.exe [02/06/2010 7:05 PM 166944]
    R2 RadialpointIDSAgent;RadialpointIDSAgent;c:\program files\TELUS\TELUS security services\AVG\Identity Protection\agent\bin\AVGIDSAgent.exe [15/02/2011 7:20 AM 5832712]
    R2 ServicepointService;ServicepointService;c:\program files\TELUS\TELUS security advisor\ServicepointService.exe [15/02/2011 7:03 AM 689464]
    R2 smihlp;SMI helper driver;c:\program files\Protector Suite QL\smihlp.sys [05/05/2006 5:33 PM 3456]
    R2 Tmesbs;Tmesbs32;c:\program files\Toshiba\TME3\tmesbs32.exe [10/01/2006 2:24 PM 86016]
    R2 Tmesrv;Tmesrv3;c:\program files\Toshiba\TME3\TMESRV31.exe [10/01/2006 2:24 PM 126976]
    R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [10/01/2006 1:16 PM 36608]
    R3 RadialpointIDSDriver;RadialpointIDSDriver;c:\program files\TELUS\TELUS security services\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys [15/02/2011 7:20 AM 122376]
    R3 RadialpointIDSFilter;RadialpointIDSFilter;c:\program files\TELUS\TELUS security services\AVG\Identity Protection\agent\drivers\AVGIDSfilter.sys [15/02/2011 7:20 AM 30216]
    R3 RadialpointIDSShim;RadialpointIDSShim;c:\program files\TELUS\TELUS security services\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys [15/02/2011 7:20 AM 25736]
    S1 MpKsl170db2af;MpKsl170db2af;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AE03E1F9-F4BF-4CB5-9C00-1FEB6DB01FC3}\MpKsl170db2af.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AE03E1F9-F4BF-4CB5-9C00-1FEB6DB01FC3}\MpKsl170db2af.sys [?]
    S1 MpKsl2177c7ee;MpKsl2177c7ee;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5D1D3571-E223-4F8E-941E-6E1584CCFC9C}\MpKsl2177c7ee.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5D1D3571-E223-4F8E-941E-6E1584CCFC9C}\MpKsl2177c7ee.sys [?]
    S1 MpKsl4092da5d;MpKsl4092da5d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5B0388B6-3319-49AF-AAD6-314A63A883C4}\MpKsl4092da5d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5B0388B6-3319-49AF-AAD6-314A63A883C4}\MpKsl4092da5d.sys [?]
    S1 MpKsl4a4a7883;MpKsl4a4a7883;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5B0388B6-3319-49AF-AAD6-314A63A883C4}\MpKsl4a4a7883.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5B0388B6-3319-49AF-AAD6-314A63A883C4}\MpKsl4a4a7883.sys [?]
    S1 MpKsl787d50ee;MpKsl787d50ee;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F6335BAA-73BA-4343-9BBF-93A12B5354FF}\MpKsl787d50ee.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F6335BAA-73BA-4343-9BBF-93A12B5354FF}\MpKsl787d50ee.sys [?]
    S1 MpKsl96c4b702;MpKsl96c4b702;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F02A6A32-02A9-4706-8C3B-A9DCDB43857E}\MpKsl96c4b702.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F02A6A32-02A9-4706-8C3B-A9DCDB43857E}\MpKsl96c4b702.sys [?]
    S1 MpKsle26964de;MpKsle26964de;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2AF390E0-97A6-4A10-98CF-D89E7111A38D}\MpKsle26964de.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2AF390E0-97A6-4A10-98CF-D89E7111A38D}\MpKsle26964de.sys [?]
    S1 MpKsle47b05f3;MpKsle47b05f3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5B0388B6-3319-49AF-AAD6-314A63A883C4}\MpKsle47b05f3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5B0388B6-3319-49AF-AAD6-314A63A883C4}\MpKsle47b05f3.sys [?]
    S1 MpKsle9df36af;MpKsle9df36af;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{77EAFC97-EDEE-4A16-8F83-96BF63CEF902}\MpKsle9df36af.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{77EAFC97-EDEE-4A16-8F83-96BF63CEF902}\MpKsle9df36af.sys [?]
    S1 MpKslf321cb63;MpKslf321cb63;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B6C5F0FC-C697-4999-9478-01A3544F4BF0}\MpKslf321cb63.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B6C5F0FC-C697-4999-9478-01A3544F4BF0}\MpKslf321cb63.sys [?]
    S1 MpKslf4d88751;MpKslf4d88751;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8FB0AEE6-D0E7-4040-A662-209A013FBEBA}\MpKslf4d88751.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8FB0AEE6-D0E7-4040-A662-209A013FBEBA}\MpKslf4d88751.sys [?]
    S2 gupdate1c989b34842abd0;Google Update Service (gupdate1c989b34842abd0);c:\program files\Google\Update\GoogleUpdate.exe [07/02/2009 11:05 PM 133104]
    S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 8:19 PM 13592]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [07/02/2009 11:05 PM 133104]
    S3 TEchoCan;Toshiba Audio Effect;c:\windows\system32\drivers\TEchoCan.sys [10/01/2006 2:35 PM 595072]
    S3 V0250Dev;Live! Cam Notebook Pro;c:\windows\system32\drivers\V0250Dev.sys [01/07/2007 4:03 PM 163840]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - 1FA941E4
    *NewlyCreated* - 41D6A66B
    *NewlyCreated* - 7F21B738
    *NewlyCreated* - BF00162D
    *NewlyCreated* - WUAUSERV
    *Deregistered* - 1fa941e4
    *Deregistered* - 41d6a66b
    *Deregistered* - 7f21b738
    *Deregistered* - bf00162d
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bdx REG_MULTI_SZ scan sysagent
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-04-30 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
    .
    2011-05-14 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
    - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
    .
    2011-05-18 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-27 19:24]
    .
    2011-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-08 06:04]
    .
    2011-05-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-08 06:04]
    .
    2011-05-18 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 20:26]
    .
    .
    ------- Supplementary Scan -------
    .
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uStart Page = hxxp://www.cnbc.com/
    uInternet Settings,ProxyOverride = <local>;*.local
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: {{C461FBFE-C0DE-4757-89DD-A5A833B9AC1F} - c:\program files\Crawler\Radio\CRadio.exe
    Trusted Zone: mytelus.com\home
    Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - c:\program files\QuickTax 2007\ic2007pp.dll
    Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
    DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
    DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} - hxxp://asp17.centra.com/SiteRoots/main/Install/CentraDownloader.cab
    .
    .
    ------- File Associations -------
    .
    .scr=AutoCADScriptFile
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    MSConfigStartUp-pglsuobm - c:\docume~1\LARRYA~1\LOCALS~1\Temp\pmlybravq\iuribvldlta.exe
    HKLM_ActiveSetup-{5DDF9537-6A9D-43F7-B5C0-25053C478E65} - c:\documents and settings\Larry Arndt\Application Data\Sun\ivzmdl.dll
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
    Rootkit scan 2011-05-17 17:08
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(1580)
    c:\windows\system32\vrlogon.dll
    c:\windows\system32\psqlpwd.dll
    c:\program files\Protector Suite QL\infra.dll
    c:\program files\Protector Suite QL\homefus2.dll
    c:\windows\system32\biologon.dll
    c:\program files\Protector Suite QL\homepass.dll
    c:\program files\Protector Suite QL\bio.dll
    c:\program files\Protector Suite QL\remote.dll
    c:\windows\system32\TosBtNP.dll
    c:\program files\Protector Suite QL\crypto.dll
    c:\program files\Protector Suite QL\mysafe.dll
    .
    - - - - - - - > 'explorer.exe'(5760)
    c:\windows\system32\WININET.dll
    c:\windows\system32\nview.dll
    c:\windows\system32\ieframe.dll
    c:\program files\TOSHIBA\TME3\TMEEJMD.DLL
    c:\windows\system32\nvwddi.dll
    c:\program files\Microsoft Office\OFFICE11\msohev.dll
    c:\program files\Creative\Creative Zen Touch\NOMAD Explorer\CTJBNS.DLL
    c:\program files\Creative\Creative Zen Touch\NOMAD Explorer\JBNSHK.dll
    c:\program files\Creative\Creative Zen Touch\NOMAD Explorer\CTIntrfc.dll
    c:\program files\Creative\Creative Zen Touch\NOMAD Explorer\JBNSRES.DLL
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\program files\Protector Suite QL\mysafe.dll
    c:\program files\Protector Suite QL\infra.dll
    c:\windows\system32\TPwrCfg.DLL
    c:\windows\system32\TPwrReg.dll
    c:\windows\system32\TPSTrace.DLL
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
    c:\program files\TELUS\TELUS security services\Fws.exe
    c:\program files\Intel\Wireless\Bin\EvtEng.exe
    c:\program files\Intel\Wireless\Bin\S24EvMon.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
    c:\windows\system32\CTsvcCDA.EXE
    c:\windows\system32\DVDRAMSV.exe
    c:\windows\system32\ifxtcs.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\Motive\McciCMService.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\windows\system32\nvsvc32.exe
    c:\windows\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
    c:\windows\system32\IfxPsdSv.exe
    c:\windows\system32\HPZipm12.exe
    c:\program files\Intel\Wireless\Bin\RegSrvc.exe
    c:\windows\system32\ThpSrv.exe
    c:\windows\system32\SearchIndexer.exe
    c:\program files\TOSHIBA\TME3\TMEEJME.EXE
    c:\windows\system32\wscntfy.exe
    c:\windows\AGRSMMSG.exe
    c:\windows\system32\TFNF5.exe
    c:\windows\system32\TPSMain.exe
    c:\windows\system32\rundll32.exe
    c:\windows\system32\TPSODDCtl.exe
    c:\windows\system32\TPSBattM.exe
    c:\program files\Apoint2K\Apntex.exe
    c:\windows\system32\rundll32.exe
    c:\program files\Protector Suite QL\psqltray.exe
    c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
    c:\program files\Infineon\Security Platform Software\PSDrt.exe
    c:\program files\Infineon\Security Platform Software\SpTna.exe
    c:\windows\system32\SearchProtocolHost.exe
    c:\windows\system32\SearchFilterHost.exe
    .
    **************************************************************************
    .
    Completion time: 2011-05-17 17:17:28 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-05-18 00:17
    .
    Pre-Run: 25,097,068,544 bytes free
    Post-Run: 23,862,657,024 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /forceresetreg /numproc=2
    .
    - - End Of File - - 09FB6D4C3AF5F547028F6404BF2A79EC


    Combofix Quarantined files:

    2011-05-18 00:15:54 . 2011-05-18 00:15:54 343 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM_ActiveSetup-{5DDF9537-6A9D-43F7-B5C0-25053C478E65}.reg.dat
    2011-05-18 00:15:50 . 2011-05-18 00:15:50 640 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-pglsuobm.reg.dat
    2011-05-18 00:15:50 . 2011-05-18 00:15:50 716 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-AppleSyncNotifier.reg.dat
    2011-05-18 00:15:50 . 2011-05-18 00:15:50 668 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-Adobe Reader Speed Launcher.reg.dat
    2011-05-18 00:15:36 . 2011-05-18 00:15:36 173 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\Toolbar-Locked.reg.dat
    2011-05-17 23:57:50 . 2011-05-17 23:57:50 6,806 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\Service_usnjsvc.reg.dat
    2011-05-17 23:57:50 . 2011-05-17 23:57:50 888 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_USNJSVC.reg.dat
    2011-05-17 23:57:44 . 2011-05-17 23:57:44 11,962 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
    2011-05-17 23:26:15 . 2011-05-17 23:26:15 51 -c--a-w- C:\Qoobox\Quarantine\catchme.log
    2011-05-17 21:04:49 . 2011-05-17 21:04:49 48,640 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Larry Arndt\Application Data\Sun\ivzmdl.dll.vir
    2011-05-08 06:02:47 . 2011-05-08 06:02:47 26,602 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Larry Arndt\Application Data\825268B7273C42F1257463E87587AB84\local.ini.vir
    2011-05-08 06:02:47 . 2011-05-08 06:02:47 28,842 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Larry Arndt\Application Data\825268B7273C42F1257463E87587AB84\enemies-names.txt.vir
    2009-04-17 00:52:04 . 2010-08-30 01:52:32 72,080 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Larry Arndt\g2mdlhlpx.exe.vir
    2006-01-10 18:53:07 . 2010-11-01 14:31:33 10,240 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\Thumbs.db.vir

  2. #2
    Member
    Join Date
    May 2011
    Posts
    12
    Points
    0

    Default

    Greetings: This my second request for help in reviewing whether I've successfully resolved the click.giftload infection on my laptop. I've not applied new windows updates since completing the posted scans and am becoming increasingly concerned about new infections. Is someone able to help me by reviewing my current progress and advise any further action I should take??? Thank you...

  3. #3
    Administrator Help2Go Administrator Canuck's Avatar
    Join Date
    May 2003
    Location
    Edmonton, Alberta, Canada
    Posts
    9,817
    Points
    2034

    Default

    Hi chewie19, At the moment we have only one expert available to analyze logs, and he has other priorities. As you can see, there are many threads requesting help which he is involved with. We have a few members taking courses that will qualify them to work on logs, but until then we are very grateful to Net_Surfer for the time and help he has given us. Your patience is appreciated.


  4. #4
    Member
    Join Date
    May 2011
    Posts
    12
    Points
    0

    Default

    Howdy, (fellow)Canuck! (Go Canucks!...trying to follow the fine example set by the Oilers in years past...)
    Thank you for the update, I do appreciate it. I noticed a few posts after mine were receiving replies over the past few days but none for my request, so I wasn't sure if my request had been posted properly. As an irrelevant aside, my family is (and was) in and around Edmonton....I was there most of last year.

  5. #5
    Member Net_Surfer's Avatar
    Join Date
    May 2008
    Location
    Paradise Ca.
    Posts
    1,179
    Points
    89
    Blog Entries
    4

    Default

    Hi there

    You did good with those steps and got rid of the rootkit...there is a few bad files left that we need to get rid by using OTL...so we need a scan first:

    • Download: >>> OTL by Old Timer <<< to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check
    .

    .

    • Now copy the lines below.

      netsvcs
      msconfig
      %SYSTEMDRIVE%\*.exe
      /md5start
      eventlog.dll
      scecli.dll
      netlogon.dll
      cngaudit.dll
      sceclt.dll
      ntelogon.dll
      logevent.dll
      iaStor.sys
      nvstor.sys
      atapi.sys
      IdeChnDr.sys
      viasraid.sys
      AGP440.sys
      vaxscsi.sys
      nvatabus.sys
      viamraid.sys
      nvata.sys
      nvgts.sys
      iastorv.sys
      ViPrt.sys
      eNetHook.dll
      ahcix86.sys
      KR10N.sys
      nvstor32.sys
      ahcix86s.sys
      nvrd32.sys
      symmpi.sys
      adp3132.sys
      /md5stop
      %systemroot%\*. /mp /s
      %systemroot%\system32\*.dll /lockedfiles
      %systemroot%\Tasks\*.job /lockedfiles
      %systemroot%\system32\drivers\*.sys /lockedfiles
      CREATERESTOREPOINT


    • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.


      .
    • Click the Run Scan button.


    • Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply.

    =========
    Our help here is always free but it does cost money to keep the site running. If you feel we've helped you kindly, Click here: >> Please Donate to the Forum <<


    "Obstacles are what you see when yo take your eyes off your Goals"

    Net_Surfer is a Graduate of BleepingComputer Malware Removal Training ProgramYou too could train to help others!.

  6. #6
    Member
    Join Date
    May 2011
    Posts
    12
    Points
    0

    Default

    Hi, Net_Surfer! Thank you for your help and feedback, I really appreciate it! As with the previous scans the the following were completed in "safe mode". I noticed I was unable to login to this forum while in safe mode on the problem laptop for some reason. I transferred the log file to my desk top station for posting in this reply.

    Regards,
    Chewie19

    As requested, here are the log files you requested:

    OTL Extras logfile created on: 20/05/2011 10:33:16 AM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Larry Arndt\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

    1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 65.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
    Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 89.80 Gb Total Space | 22.67 Gb Free Space | 25.25% Space Free | Partition Type: NTFS

    Computer Name: TOSHIBA-LDA002 | User Name: Larry Arndt | Logged in as Administrator.
    Boot Mode: SafeMode with Networking | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = htmlfile] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "D:\PortableApps\MalwarebytesPortable\App\Malwarebytes\mbam.exe" = D:\PortableApps\MalwarebytesPortable\App\Malwarebytes\mbam.exe:*:Enabled:Malwarebytes

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
    "C:\Program Files\SightSpeed\SightSpeed.exe" = C:\Program Files\SightSpeed\SightSpeed.exe:*:Enabled:SightSpeed -- (SightSpeed Inc.)
    "C:\Program Files\Toshiba\ConfigFree\CFXFER.exe" = C:\Program Files\Toshiba\ConfigFree\CFXFER.exe:*:Enabled:ConfigFree SUMMIT Engine -- (TOSHIBA CORPORATION)
    "C:\Program Files\TELUS\TELUS security advisor\ServicepointService.exe" = C:\Program Files\TELUS\TELUS security advisor\ServicepointService.exe:*:Enabled:Servicepoint Service -- (Radialpoint Inc.)
    "C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
    "C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{02C85EC5-E864-4847-AF55-42730861004C}" = MrvlUsgTracking
    "{0577A2AA-DEA0-4D40-8372-4211102D43E4}" = TOSHIBA Mic Effect
    "{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan
    "{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
    "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
    "{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
    "{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy
    "{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant
    "{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax
    "{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
    "{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy
    "{1E63ACB5-D45E-4856-8FC9-78F4B0D7BB80}" = TOSHIBA Security Assist
    "{1F9D123D-2850-494B-AAA0-24492F70C4A4}" = RPS CRT
    "{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp
    "{22EC35BD-F8F2-45EB-8DCB-1C7FB65D0A71}" = QuickTax 2007
    "{231F68F4-70E4-41A6-BEDA-7E7934169B54}" = Maxtor OneTouch
    "{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
    "{24261D9F-6057-447A-B55D-F0A1B195C91D}" = Extreme Charts and Simutrade Manager
    "{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 21
    "{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1
    "{2767DEDE-EA9D-4FCE-A06A-40F4DD293330}" = hppusgP1000
    "{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
    "{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
    "{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
    "{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
    "{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
    "{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
    "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
    "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
    "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
    "{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour
    "{384A95F1-EDDA-4BBE-BC6B-7FAA886380F6}" = Trade Navigator
    "{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext
    "{39FE665F-3C44-4A0E-87FB-A992BF6DB50D}" = RTM
    "{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
    "{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
    "{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme
    "{44FFF4AC-F56C-4457-AE63-C69ADAC1F6FC}" = QuickTax Tracker
    "{461073BF-9642-4A73-B58E-157358D412AB}" = 6200
    "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
    "{4701BF4D-9DBD-4F3B-953A-AFC3316E821B}" = TOSHIBA Dual Pointing Device Utility
    "{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}" = TOSHIBA SD Memory Card Format
    "{56190F69-01D3-46CA-9861-43377C5E9B87}" = TOSHIBA Utilities
    "{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
    "{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{5783F2D7-5001-0409-0002-0060B0CE6BBA}" = AutoCAD 2007 - English
    "{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
    "{58ECE031-9AAD-4011-B34A-BC78E77527E2}" = hppMSRedist
    "{5C1E3F85-3FBA-40F0-9BA6-3A640E505357}" = RPS PerfectDiskStub
    "{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility
    "{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
    "{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
    "{64FC0C98-B035-4530-B15D-3D30610B6DF1}" = HP Software Update
    "{6518675B-CC8D-4AB3-A3F6-CC02FF6548D7}" = 6200_Help
    "{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
    "{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6C117F31-28A8-4477-BE91-64AC0A2204AD}" = Microsoft IntelliPoint 6.01
    "{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm
    "{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1
    "{737629F4-4111-4FD4-9071-29873B7C6426}" = Protector Suite 5.4
    "{7596C248-4816-4C6F-8AAC-D8C81F2B4B49}" = HD View
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
    "{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
    "{7862BAD8-A379-4128-8AA1-EFD5A9603C53}" = Wireless Hotkey
    "{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply
    "{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
    "{7B738CD9-D107-48C7-8E65-2E6639A39C8D}" = PerfectDisk 10 Professional
    "{7C407674-8253-4DC4-90A8-6636B3D0E8C9}" = Recovery Disc Creator Reminder
    "{7D8EB6EC-82C2-47CA-99BA-05DE6C3D4D45}" = RPS RpsCore
    "{8265D6DA-AE00-45B6-8763-5E6FC0E32028}" = TELUS security services
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
    "{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
    "{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
    "{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
    "{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}" = DocProc
    "{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
    "{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
    "{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{91219316-786C-4C9C-A84D-0B60D7046921}" = RPS CRT
    "{912CED74-88D3-4C5B-ACB0-13231864975D}" = PressReader
    "{91510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
    "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
    "{91A10409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
    "{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
    "{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
    "{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
    "{962DE60D-D080-4E77-BD0C-F97A179C50B7}" = Microsoft Windows Vista Upgrade Advisor
    "{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
    "{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
    "{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
    "{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
    "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
    "{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config
    "{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
    "{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
    "{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B6AB0D42-3690-404F-A826-EC19C066F2A3}" = Trumba EventPlus for*Microsoft*Outlook
    "{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director
    "{BBF5493A-05FB-4449-90DE-84A61EB78154}" = TOSHIBA SD Memory Boot Utility
    "{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C0FC3B56-E345-40CD-A5CB-7EB791CE3E74}" = TOSHIBA Password Utility
    "{C3F81504-72F3-4262-9449-487404DA75BB}" = 6200Trb
    "{C4045386-B2F3-11D7-B042-00C04F6D4CEB}" = QuestraderPro
    "{C45F4811-31D5-4786-801D-F79CD06EDD85}" = SD Secure Module
    "{C461FBFE-C0DE-4757-89DD-A5A833B9AC1F}_is1" = Crawler Radio & MP3 Player
    "{C73F2967-062E-48F2-A462-D335B8950183}" = Safari
    "{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
    "{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
    "{CBCDEDF3-A2E5-4402-8E9E-E2C23DBE1DA8}" = Adobe Lightroom
    "{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
    "{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg
    "{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
    "{D104C1CF-7C12-4D32-9850-DDC99060DE5B}" = Infineon TPM Professional Package
    "{D1DDE912-03B9-4C1C-A7EB-C60693820E18}" = HP Wireless Adapter
    "{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar
    "{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
    "{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
    "{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
    "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
    "{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
    "{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
    "{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
    "{F13D54AA-EE45-4394-8510-C612A56FD9BC}" = Creative Zen Touch
    "{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
    "{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates
    "{FC4C645F-8EBC-4F1E-A517-D1505B43A374}" = TOSHIBA Wireless Key Logon
    "{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
    "{FD2E3551-29BB-4FC6-B775-A3330955F7B6}" = Searchme Toolbar 3.0 SP
    "Adobe Acrobat 5.0" = Adobe Acrobat 5.0
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe SVG Viewer" = Adobe SVG Viewer 3.0
    "Advanced Registry Optimizer_is1" = Advanced Registry Optimizer
    "Advanced Video FX Utility" = Advanced Video FX Utility
    "Ask Toolbar_is1" = Ask Toolbar
    "Autodesk DWF Viewer" = Autodesk DWF Viewer
    "AVS DVD Copy_is1" = AVS DVD Copy version 1.4
    "AVSCoverEditor_AVSMedia_is1" = AVS Cover Editor 1.3.1.79 (AVSMedia)
    "Canadian Rental Kit08-1" = Canadian Rental Kit
    "CANONBJ_Deinstall_CNMCP5c.DLL" = Canon i960
    "CCleaner" = CCleaner
    "CentraClient" = Centra Client
    "CentraOneClient" = CentraOne
    "Creative Jukebox Driver" = Creative Jukebox Driver
    "Creative Live! Cam Notebook Pro User's Guide English" = Creative Live! Cam Notebook Pro User's Guide (English)
    "Creative VF0250" = Creative Live! Cam Notebook Pro Driver (1.01.03.0405)
    "Creative WebCam Center" = Creative WebCam Center
    "CToolbar_UNINSTALL" = Crawler Toolbar
    "Digital Editions" = Adobe Digital Editions
    "DivX Setup.divx.com" = DivX Setup
    "Easy DVD-Video Copy" = Easy DVD-Video Copy
    "Entriq MediaSphere_is1" = Entriq MediaSphere 3.5.2.2
    "EPSON Printer and Utilities" = EPSON Printer Software
    "Get Yahoo! Messenger" = Get Yahoo! Messenger
    "Google Chrome" = Google Chrome
    "Google Updater" = Google Updater
    "HP LaserJet P1000 series" = HP LaserJet P1000 series
    "HP Photo & Imaging" = HP Image Zone 4.7
    "hp print screen utility" = hp print screen utility
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{44FFF4AC-F56C-4457-AE63-C69ADAC1F6FC}" = QuickTax Tracker
    "InstallShield_{56190F69-01D3-46CA-9861-43377C5E9B87}" = TOSHIBA Utilities
    "InstallShield_{C0FC3B56-E345-40CD-A5CB-7EB791CE3E74}" = TOSHIBA Password Utility
    "InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
    "InterActual Player" = InterActual Player
    "LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft Security Client" = Microsoft Security Essentials
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "MSNINST" = MSN
    "MXOFX" = USB Storage Adapter FX (MXO)
    "NBC Universal_is1" = NBC Universal 1.0.0.7
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "NVIDIA Drivers" = NVIDIA Drivers
    "PC Diagnostic Tool" = TOSHIBA PC Diagnostic Tool
    "Picasa2" = Picasa 2
    "Power Saver" = TOSHIBA Power Saver
    "ProInst" = Intel(R) PROSet/Wireless Software
    "PROSet" = Intel(R) PRO Network Connections Drivers
    "RadialpointClientGateway_is1" = TELUS security advisor 3.7.44
    "SequoiaView" = SequoiaView
    "SightSpeed" = SightSpeed (remove only)
    "SysInfo" = Creative System Information
    "TDspBtn" = TOSHIBA Display Devices Change Utility
    "TELUS" = TELUS Support Centre
    "TeraCopy_is1" = TeraCopy 1.22
    "TFNF5" = TOSHIBA Hotkey Utility for Display Devices
    "TME3" = TOSHIBA Mobile Extension3 for Windows XP V3.78.00.XP
    "Toshiba Tbiosdrv Driver" = Toshiba Tbiosdrv Driver
    "V3.2_is1" = File Scavenger 3.2
    "Windows Live Toolbar" = Windows Live Toolbar
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "Yahoo! Companion" = Yahoo! Toolbar
    "Yahoo! Toolbar" = Yahoo! Toolbar

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "GoToMeeting" = GoToMeeting 4.5.0.457
    "InstallShield_{231F68F4-70E4-41A6-BEDA-7E7934169B54}" = Maxtor OneTouch
    "Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 20/05/2011 3:03:57 AM | Computer Name = TOSHIBA-LDA002 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 919563

    Error - 20/05/2011 3:04:00 AM | Computer Name = TOSHIBA-LDA002 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 20/05/2011 3:04:00 AM | Computer Name = TOSHIBA-LDA002 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 921750

    Error - 20/05/2011 3:04:00 AM | Computer Name = TOSHIBA-LDA002 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 921750

    Error - 20/05/2011 9:11:39 AM | Computer Name = TOSHIBA-LDA002 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 20/05/2011 9:11:39 AM | Computer Name = TOSHIBA-LDA002 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 22981281

    Error - 20/05/2011 9:11:39 AM | Computer Name = TOSHIBA-LDA002 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 22981281

    Error - 20/05/2011 9:11:41 AM | Computer Name = TOSHIBA-LDA002 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 20/05/2011 9:11:41 AM | Computer Name = TOSHIBA-LDA002 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 22983453

    Error - 20/05/2011 9:11:41 AM | Computer Name = TOSHIBA-LDA002 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 22983453

    [ System Events ]
    Error - 13/05/2011 2:37:02 PM | Computer Name = TOSHIBA-LDA002 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service MDM with arguments
    "" in order to run the server: {943B6A75-BB5E-41A7-A6D3-A1A5E892B33B}

    Error - 13/05/2011 2:37:13 PM | Computer Name = TOSHIBA-LDA002 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service MDM with arguments
    "" in order to run the server: {943B6A75-BB5E-41A7-A6D3-A1A5E892B33B}

    Error - 13/05/2011 2:37:15 PM | Computer Name = TOSHIBA-LDA002 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service MDM with arguments
    "" in order to run the server: {943B6A75-BB5E-41A7-A6D3-A1A5E892B33B}

    Error - 13/05/2011 2:37:15 PM | Computer Name = TOSHIBA-LDA002 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service MDM with arguments
    "" in order to run the server: {943B6A75-BB5E-41A7-A6D3-A1A5E892B33B}

    Error - 13/05/2011 2:37:15 PM | Computer Name = TOSHIBA-LDA002 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service MDM with arguments
    "" in order to run the server: {943B6A75-BB5E-41A7-A6D3-A1A5E892B33B}

    Error - 13/05/2011 2:37:15 PM | Computer Name = TOSHIBA-LDA002 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service MDM with arguments
    "" in order to run the server: {943B6A75-BB5E-41A7-A6D3-A1A5E892B33B}

    Error - 13/05/2011 2:37:20 PM | Computer Name = TOSHIBA-LDA002 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service MDM with arguments
    "" in order to run the server: {943B6A75-BB5E-41A7-A6D3-A1A5E892B33B}

    Error - 13/05/2011 2:37:23 PM | Computer Name = TOSHIBA-LDA002 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service MDM with arguments
    "" in order to run the server: {943B6A75-BB5E-41A7-A6D3-A1A5E892B33B}

    Error - 13/05/2011 2:37:32 PM | Computer Name = TOSHIBA-LDA002 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service MDM with arguments
    "" in order to run the server: {943B6A75-BB5E-41A7-A6D3-A1A5E892B33B}

    Error - 13/05/2011 2:37:43 PM | Computer Name = TOSHIBA-LDA002 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service MDM with arguments
    "" in order to run the server: {943B6A75-BB5E-41A7-A6D3-A1A5E892B33B}


    < End of report >

    OTL logfile created on: 20/05/2011 10:33:16 AM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Larry Arndt\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

    1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 65.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
    Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 89.80 Gb Total Space | 22.67 Gb Free Space | 25.25% Space Free | Partition Type: NTFS

    Computer Name: TOSHIBA-LDA002 | User Name: Larry Arndt | Logged in as Administrator.
    Boot Mode: SafeMode with Networking | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\Larry Arndt\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\TELUS\TELUS security advisor\ServicepointService.exe (Radialpoint Inc.)
    PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
    PRC - C:\Program Files\TELUS\TELUS security services\RpsSecurityAwareR.exe (TELUS)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


    ========== Modules (SafeList) ==========

    MOD - C:\Documents and Settings\Larry Arndt\Desktop\OTL.exe (OldTimer Tools)
    MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)


    ========== Win32 Services (SafeList) ==========

    SRV - (ServicepointService) -- C:\Program Files\TELUS\TELUS security advisor\ServicepointService.exe (Radialpoint Inc.)
    SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
    SRV - (Radialpoint Security Services) -- C:\Program Files\TELUS\TELUS security services\RpsSecurityAwareR.exe (TELUS)
    SRV - (RP_FWS) -- C:\Program Files\TELUS\TELUS security services\Fws.exe (TELUS)
    SRV - (RadialpointIDSAgent) -- C:\Program Files\TELUS\TELUS security services\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
    SRV - (scan) -- C:\Program Files\TELUS\TELUS security services\BitDefender\scan.dll (S.C. BitDefender S.R.L)
    SRV - (PDEngine) -- C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe (Raxco Software, Inc.)
    SRV - (PDAgent) -- C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe (Raxco Software, Inc.)
    SRV - (CFSvcs) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
    SRV - (PersonalSecureDriveService) -- C:\WINDOWS\system32\IfxPsdSv.exe (Infineon Technologies AG)
    SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
    SRV - (Autodesk Licensing Service) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
    SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
    SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
    SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe ()
    SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
    SRV - (Thpsrv) -- C:\WINDOWS\system32\ThpSrv.exe (TOSHIBA Corporation)
    SRV - (Tmesrv) -- C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe (TOSHIBA)
    SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
    SRV - (DVD-RAM_Service) -- C:\WINDOWS\system32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.)
    SRV - (Tmesbs) -- C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe (TOSHIBA Corporation)


    ========== Driver Services (SafeList) ==========

    DRV - (RPSKT) Security Services Driver (x86) -- C:\WINDOWS\system32\drivers\rp_skt32.sys (Radialpoint Inc.)
    DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
    DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
    DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
    DRV - (Trufos) -- C:\Program Files\TELUS\TELUS security services\BitDefender\trufos.sys (BitDefender S.R.L.)
    DRV - (Profos) -- C:\Program Files\TELUS\TELUS security services\BitDefender\profos.sys (BitDefender S.R.L.)
    DRV - (RadialpointIDSDriver) -- C:\Program Files\TELUS\TELUS security services\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys (AVG Technologies )
    DRV - (RadialpointIDSFilter) -- C:\Program Files\TELUS\TELUS security services\AVG\Identity Protection\agent\drivers\AVGIDSfilter.sys (AVG Technologies )
    DRV - (RadialpointIDSShim) -- C:\Program Files\TELUS\TELUS security services\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys (AVG Technologies )
    DRV - (RadialpointIDSEH) -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys (AVG Technologies )
    DRV - (bdfsfltr) -- C:\WINDOWS\system32\drivers\bdfsfltr.sys (BitDefender S.R.L. Bucharest, ROMANIA)
    DRV - (DefragFS) -- C:\WINDOWS\System32\drivers\DefragFs.sys (Raxco Software, Inc.)
    DRV - (Netdevio) -- C:\WINDOWS\system32\drivers\Netdevio.sys (TOSHIBA Corporation.)
    DRV - (IFXTPM) -- C:\WINDOWS\system32\drivers\ifxtpm.sys (Infineon Technologies AG)
    DRV - (PersonalSecureDrive) -- C:\WINDOWS\System32\drivers\psd.sys (Infineon Technologies AG)
    DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
    DRV - (Thpevm) -- C:\WINDOWS\system32\DRIVERS\Thpevm.SYS (TOSHIBA Corporation)
    DRV - (symlcbrd) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation)
    DRV - (HPEAPPkt) Realtek EAPPkt Protocol(HP) -- C:\WINDOWS\system32\drivers\HPEAPPkt.sys (Windows (R) 2000 DDK provider)
    DRV - (FdRedir) -- C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys (UPEK Inc.)
    DRV - (FileDisk2) -- C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys (UPEK Inc.)
    DRV - (smihlp) -- C:\Program Files\Protector Suite QL\smihlp.sys (UPEK Inc.)
    DRV - (V0250Dev) -- C:\WINDOWS\system32\drivers\V0250Dev.sys (Creative Technology Ltd.)
    DRV - (TEchoCan) -- C:\WINDOWS\system32\drivers\TEchoCan.sys (TOSHIBA Corporation)
    DRV - (TVALZ) -- C:\WINDOWS\system32\DRIVERS\TVALZ.SYS (TOSHIBA Corporation)
    DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
    DRV - (w39n51) Intel(R) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
    DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
    DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
    DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
    DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
    DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
    DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
    DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
    DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
    DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
    DRV - (tosrfec) -- C:\WINDOWS\system32\drivers\tosrfec.sys (TOSHIBA Corporation)
    DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
    DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
    DRV - (meiudf) -- C:\WINDOWS\system32\drivers\meiudf.sys (Matsushita Electric Industrial Co.,Ltd.)
    DRV - (Thpdrv) -- C:\WINDOWS\system32\DRIVERS\thpdrv.sys (TOSHIBA Corporation)
    DRV - (MXOPSWD) -- C:\WINDOWS\system32\drivers\mxopswd.sys (Maxtor Corp.)
    DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
    DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
    DRV - (TMEI3E) -- C:\WINDOWS\system32\drivers\TMEI3E.sys (Toshiba Corporation)
    DRV - (Jukebox3) -- C:\WINDOWS\system32\drivers\ctpdusb.sys (Creative Technology Ltd.)
    DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
    DRV - (MXOFX) USB Storage Adapter FX (MXO) -- C:\WINDOWS\system32\drivers\MXOFX.SYS (Cypress Semiconductor)
    DRV - (Pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
    DRV - (TBiosDrv) -- C:\WINDOWS\system32\drivers\tbiosdrv.sys ()
    DRV - (PfModNT) -- C:\WINDOWS\system32\drivers\PfModNT.sys (Creative Technology Ltd.)
    DRV - (CE3) -- C:\WINDOWS\system32\drivers\CE3N5.SYS (Xircom, Inc.)
    DRV - (Eplpdx02) -- C:\WINDOWS\system32\drivers\EPLPDX02.SYS (MK Systems CO., LTD.)
    DRV - (ASPI32) -- C:\WINDOWS\System32\drivers\ASPI32.SYS (Adaptec)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = CNBC Mobile Home
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local


    [2008/09/18 05:37:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Larry Arndt\Application Data\Mozilla\Firefox\extensions
    [2008/09/18 05:37:06 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Documents and Settings\Larry Arndt\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

    O1 HOSTS File: ([2011/05/17 17:06:01 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: () - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
    O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
    O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
    O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3 - HKCU\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
    O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
    O4 - HKLM..\Run: [000StTHK] C:\WINDOWS\System32\000StTHK.exe ()
    O4 - HKLM..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
    O4 - HKLM..\Run: [DpUtil] C:\Program Files\Toshiba\DualPointUtility\TEDTray.exe (TOSHIBA)
    O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe (HP)
    O4 - HKLM..\Run: [HPWireless] C:\Program Files\HP Wireless Adapter\HPWLAN.exe (3G Corp.)
    O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
    O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
    O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
    O4 - HKLM..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\Utils\OneTouch.exe (Maxtor Corporation)
    O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE (Cypress Semiconductor)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NVRotateSysTray] C:\WINDOWS\System32\nvsysrot.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
    O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
    O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TAudEffect] C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe (TOSHIBA)
    O4 - HKLM..\Run: [TELUS_McciTrayApp] C:\Program Files\TELUS\McciTrayApp.exe (Alcatel-Lucent)
    O4 - HKLM..\Run: [TFNF5] C:\WINDOWS\System32\TFNF5.exe (TOSHIBA Corp.)
    O4 - HKLM..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE (TOSHIBA)
    O4 - HKLM..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE (TOSHIBA)
    O4 - HKLM..\Run: [TOSDCR] C:\WINDOWS\System32\TOSDCR.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TosHKCW.exe] C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe (TOSHIBA CORPORATION)
    O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TPSODDCtl] C:\WINDOWS\System32\TPSODDCtl.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [Tsa.exe] C:\Program Files\TELUS\TELUS security advisor\Tsa.exe (TELUS)
    O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk.disabled ()
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk.disabled ()
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: _NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O9 - Extra Button: Radio && MP3 Player - {C461FBFE-C0DE-4757-89DD-A5A833B9AC1F} - C:\Program Files\Crawler\Radio\CRadio.exe (Crawler.com)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKCU\..Trusted Domains: mytelus.com ([home] http in Trusted sites)
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/pr.../ieawsdc32.cab (Microsoft Office Template and Media Control)
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
    O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} http://prod1.centra.com/SiteRoots/ma...aUpdaterAx.cab (Reg Error: Key error.)
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} http://www.creative.com/su/ocx/15031/CTSUEng.cab (Reg Error: Key error.)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downlo...eckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanage...ex-2.2.4.1.cab (Reg Error: Key error.)
    O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} http://vanmappub.vancouver.ca/download/mgaxctrl.cab (Reg Error: Key error.)
    O16 - DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} https://secure.logmeinrescue.com/Cus...Downloader.cab (Reg Error: Key error.)
    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Reg Error: Key error.)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsof...?1174927917031 (MUWebControl Class)
    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab (Reg Error: Key error.)
    O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn...Detection2.cab (GMNRev Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://towercam.arts.ubc.ca/activex/AxisCamControl.ocx (Reg Error: Key error.)
    O16 - DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} http://asp17.centra.com/SiteRoots/ma...Downloader.cab (Reg Error: Key error.)
    O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://costco.pnimedia.com/upload/ac...eX_Control.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CBD8B1CB-2F5F-415F-93E8-A297B33DCBB2} http://entriq.vo.llnwd.net/o1/NBCUni...ck_1_0_0_5.cab (CentrinoCheck Control)
    O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} http://entriq.vo.llnwd.net/o1/NBCUni...2_2_Silent.cab (MediaControl Class)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/s...sh/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {DE0FB644-C59B-46D1-B650-88BA945BC98F} http://entriq.vo.llnwd.net/o1/NBCUni...al_1_0_0_7.cab (NBCUniversal Class)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://investools.webex.com/client/...nt/ieatgpc.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} http://costco.pnimedia.com/upload/ac...eX_Control.cab (Reg Error: Key error.)
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative.com/su/ocx/15031/CTPID.cab (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254
    O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
    O18 - Protocol\Handler\intu-qt2007 {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\WINDOWS\System32\vrlogon.dll (UPEK Inc.)
    O20 - Winlogon\Notify\psfus: DllName - psqlpwd.dll - C:\WINDOWS\System32\psqlpwd.dll (UPEK Inc.)
    O20 - Winlogon\Notify\TosBtNP: DllName - TosBtNP.dll - C:\WINDOWS\System32\TosBtNP.dll (TOSHIBA CORPORATION)
    O24 - Desktop WallPaper: C:\Documents and Settings\Larry Arndt\My Documents\My Pictures\DigiCam\Random Scenics\cypress_fog.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Larry Arndt\My Documents\My Pictures\DigiCam\Random Scenics\cypress_fog.bmp
    O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
    O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/01/10 13:12:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (PDBoot.exe) - C:\WINDOWS\System32\PDBoot.exe (Raxco Software, Inc.)
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O35 - HKCU\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe - (Adobe Systems, Inc.)
    MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart17.exe - (Autodesk, Inc)
    MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe - (Microsoft Corporation)
    MsConfig - StartUpFolder: C:^Documents and Settings^Larry Arndt^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE - (Microsoft Corporation)
    MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
    MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Company)
    MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
    MsConfig - StartUpReg: mmtask - hkey= - key= - C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe (Musicmatch Inc.)
    MsConfig - StartUpReg: MMTray - hkey= - key= - C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe (Musicmatch, Inc.)
    MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
    MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    MsConfig - State: "system.ini" - 0
    MsConfig - State: "win.ini" - 0
    MsConfig - State: "bootini" - 2
    MsConfig - State: "services" - 0
    MsConfig - State: "startup" - 2

    CREATERESTOREPOINT
    Error starting restore point: The function was called in safe mode.
    Error closing restore point: The sequence number is invalid.

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/05/20 10:29:44 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Larry Arndt\Desktop\OTL.exe
    [2011/05/17 18:37:50 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2011/05/17 16:58:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
    [2011/05/17 16:45:27 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2011/05/17 16:26:29 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2011/05/17 16:26:29 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2011/05/17 16:26:29 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2011/05/17 16:26:29 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2011/05/17 16:26:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2011/05/17 16:25:55 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/05/17 14:41:31 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Larry Arndt\Desktop\tdsskiller.exe
    [2011/05/13 10:32:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple Computer
    [2011/05/12 07:52:36 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Larry Arndt\Recent
    [2011/05/11 16:41:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Larry Arndt\Local Settings\Application Data\Microsoft Corporation
    [2011/05/11 16:39:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
    [2011/05/11 13:48:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
    [2011/05/11 10:27:05 | 000,772,376 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Larry Arndt\Desktop\Mats_Run.IEAddon.exe
    [2011/05/10 21:22:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
    [2011/05/10 21:22:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
    [2011/05/09 03:14:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Larry Arndt\Application Data\Auslogics
    [2011/05/08 13:30:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
    [2011/05/08 13:30:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
    [2011/05/08 06:10:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
    [2011/05/08 06:10:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
    [2011/05/02 09:04:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/05/02 09:04:52 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2011/05/02 09:04:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2007/09/23 07:38:51 | 028,791,384 | ---- | C] (Online Media Technologies Ltd. ) -- C:\Program Files\avsdvdcopy.exe
    [2007/09/21 12:17:24 | 004,402,811 | ---- | C] (Burn4Free) -- C:\Program Files\burn4free_setup.exe
    [2007/09/12 10:09:19 | 051,418,424 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesSetup.exe
    [2007/09/09 12:19:22 | 015,505,200 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE7-WindowsXP-x86-enu.exe
    [2007/08/16 17:18:24 | 005,388,088 | ---- | C] (Google Inc.) -- C:\Program Files\picasaweb-current-setup.exe
    [2007/05/21 16:58:18 | 018,040,176 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Install_Messenger_nous.exe
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [2 C:\Documents and Settings\Larry Arndt\My Documents\*.tmp files -> C:\Documents and Settings\Larry Arndt\My Documents\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/05/20 10:29:48 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Larry Arndt\Desktop\OTL.exe
    [2011/05/20 10:25:29 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/05/20 10:24:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/05/20 09:54:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2011/05/20 09:52:01 | 000,000,266 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
    [2011/05/20 07:55:17 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Larry Arndt\.pr_stat_data
    [2011/05/19 20:46:14 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
    [2011/05/19 19:57:22 | 000,000,803 | ---- | M] () -- C:\Documents and Settings\Larry Arndt\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
    [2011/05/19 19:54:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2011/05/19 19:44:22 | 000,061,150 | ---- | M] () -- C:\WINDOWS\System32\nvwsapps.xml
    [2011/05/17 17:56:42 | 000,001,824 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    [2011/05/17 17:06:01 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2011/05/17 16:45:31 | 000,000,353 | RHS- | M] () -- C:\boot.ini
    [2011/05/17 16:07:17 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/05/17 14:41:46 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Larry Arndt\Desktop\tdsskiller.exe
    [2011/05/17 14:26:00 | 004,350,161 | R--- | M] () -- C:\Documents and Settings\Larry Arndt\Desktop\ComboFix.exe
    [2011/05/16 18:48:26 | 000,294,400 | ---- | M] () -- C:\Documents and Settings\Larry Arndt\Desktop\exeHelper.com
    [2011/05/16 18:41:00 | 001,006,778 | ---- | M] () -- C:\Documents and Settings\Larry Arndt\Desktop\rkill.com
    [2011/05/12 21:01:57 | 000,000,020 | ---- | M] () -- C:\WINDOWS\System32\drivers\E0ACABE0.SYS
    [2011/05/12 12:17:38 | 000,242,349 | ---- | M] () -- C:\Documents and Settings\Larry Arndt\Desktop\Sauls_psych - 4 up.pdf
    [2011/05/12 12:14:45 | 000,466,126 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2011/05/12 12:14:45 | 000,079,846 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2011/05/12 11:59:37 | 000,357,752 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2011/05/12 11:49:01 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
    [2011/05/12 07:51:56 | 000,000,693 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
    [2011/05/11 16:39:21 | 000,001,873 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Windows 7 Upgrade Advisor.lnk
    [2011/05/11 13:54:16 | 000,434,010 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110512-064215.backup
    [2011/05/11 13:03:12 | 000,434,010 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110511-135415.backup
    [2011/05/11 10:26:29 | 000,772,376 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Larry Arndt\Desktop\Mats_Run.IEAddon.exe
    [2011/05/09 23:43:27 | 000,433,904 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110511-130311.backup
    [2011/05/09 15:59:55 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\Larry Arndt\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/05/08 21:45:31 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
    [2011/05/08 21:45:30 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
    [2011/05/08 20:35:33 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
    [2011/05/08 20:35:32 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
    [2011/05/08 19:35:40 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
    [2011/05/08 19:35:40 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
    [2011/05/08 15:57:33 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
    [2011/05/08 15:57:33 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
    [2011/05/08 13:19:09 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
    [2011/05/08 13:19:05 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
    [2011/05/08 12:23:20 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
    [2011/05/08 12:23:20 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
    [2011/05/08 06:02:48 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
    [2011/05/08 06:02:47 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
    [2011/05/07 15:29:43 | 000,000,027 | -HS- | M] () -- C:\Documents and Settings\Larry Arndt\.pr_data
    [2011/05/03 17:39:21 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
    [2011/05/03 17:39:20 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
    [2011/05/03 07:59:53 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
    [2011/05/03 07:59:52 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
    [2011/05/02 16:59:36 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
    [2011/05/02 16:59:36 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
    [2011/05/02 12:19:18 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
    [2011/05/02 12:19:18 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
    [2011/05/02 09:30:05 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
    [2011/05/02 09:30:05 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
    [2011/05/02 09:04:57 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/05/02 09:03:29 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
    [2011/05/02 09:03:29 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
    [2011/05/02 08:51:31 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
    [2011/05/02 08:51:30 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
    [2011/05/02 08:51:22 | 000,011,206 | -HS- | M] () -- C:\Documents and Settings\Larry Arndt\Local Settings\Application Data\8577pbl4k146s4547xpb05o
    [2011/05/02 08:51:22 | 000,011,206 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\8577pbl4k146s4547xpb05o
    [2011/05/02 08:29:39 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
    [2011/05/02 08:29:38 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
    [2011/05/01 21:23:56 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
    [2011/05/01 21:23:56 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
    [2011/04/30 08:23:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2011/04/29 17:25:09 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
    [2011/04/29 17:25:07 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
    [2011/04/29 09:40:21 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
    [2011/04/29 09:40:20 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
    [2011/04/26 20:16:15 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
    [2011/04/26 20:16:15 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
    [2011/04/24 09:47:36 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
    [2011/04/24 09:47:36 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [2 C:\Documents and Settings\Larry Arndt\My Documents\*.tmp files -> C:\Documents and Settings\Larry Arndt\My Documents\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/05/17 16:45:31 | 000,000,236 | ---- | C] () -- C:\Boot.bak
    [2011/05/17 16:45:28 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2011/05/17 16:26:29 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2011/05/17 16:26:29 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2011/05/17 16:26:29 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2011/05/17 16:26:29 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2011/05/17 16:26:29 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2011/05/17 14:25:52 | 004,350,161 | R--- | C] () -- C:\Documents and Settings\Larry Arndt\Desktop\ComboFix.exe
    [2011/05/16 18:48:25 | 000,294,400 | ---- | C] () -- C:\Documents and Settings\Larry Arndt\Desktop\exeHelper.com
    [2011/05/16 18:40:55 | 001,006,778 | ---- | C] () -- C:\Documents and Settings\Larry Arndt\Desktop\rkill.com
    [2011/05/12 21:01:57 | 000,000,020 | ---- | C] () -- C:\WINDOWS\System32\drivers\E0ACABE0.SYS
    [2011/05/12 12:17:38 | 000,242,349 | ---- | C] () -- C:\Documents and Settings\Larry Arndt\Desktop\Sauls_psych - 4 up.pdf
    [2011/05/11 16:39:21 | 000,001,879 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
    [2011/05/11 16:39:21 | 000,001,873 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Windows 7 Upgrade Advisor.lnk
    [2011/05/02 09:04:57 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/05/01 20:58:20 | 000,011,206 | -HS- | C] () -- C:\Documents and Settings\Larry Arndt\Local Settings\Application Data\8577pbl4k146s4547xpb05o
    [2011/05/01 20:58:20 | 000,011,206 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\8577pbl4k146s4547xpb05o
    [2011/04/15 22:04:26 | 000,017,334 | -HS- | C] () -- C:\Documents and Settings\Larry Arndt\Local Settings\Application Data\qb4wt75j32d2kq3
    [2011/04/15 22:04:26 | 000,017,334 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\qb4wt75j32d2kq3
    [2011/02/05 17:19:28 | 000,508,648 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2010/04/25 10:21:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
    [2010/04/15 10:48:34 | 000,068,977 | ---- | C] () -- C:\WINDOWS\hpoins05.dat
    [2010/04/15 10:48:33 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat
    [2010/03/12 21:07:50 | 000,007,239 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\N360BUOptions.ini
    [2010/01/07 21:38:05 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\HPPLVS.dll
    [2009/12/22 23:18:19 | 001,286,144 | ---- | C] () -- C:\Program Files\HDViewInstall_3_3.msi
    [2009/10/21 15:20:08 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen_x86.sys
    [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
    [2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
    [2009/05/12 11:58:27 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS5c.DLL
    [2009/03/12 14:32:11 | 000,000,471 | ---- | C] () -- C:\WINDOWS\iScreensaver.ini
    [2008/05/26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
    [2008/05/26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
    [2008/04/30 11:38:24 | 000,000,080 | ---- | C] () -- C:\WINDOWS\intuprof.ini
    [2008/04/04 15:07:34 | 000,002,644 | ---- | C] () -- C:\WINDOWS\checkip.dat
    [2008/04/02 11:40:38 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
    [2008/03/08 05:53:31 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2008/03/03 17:05:25 | 000,000,782 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
    [2008/03/03 17:04:18 | 000,000,145 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT3.DAT
    [2008/03/03 17:03:55 | 000,000,045 | ---- | C] () -- C:\WINDOWS\EPSON C62 Installer.ini
    [2008/01/12 12:20:43 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    [2007/11/15 23:56:03 | 000,007,609 | ---- | C] () -- C:\WINDOWS\hpdj5100.ini
    [2007/11/15 23:54:12 | 000,000,478 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
    [2007/10/22 07:01:40 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
    [2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
    [2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
    [2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
    [2007/09/21 12:19:11 | 003,165,190 | ---- | C] () -- C:\Program Files\EasyDVDVideoCopy.exe
    [2007/09/02 07:04:43 | 013,416,432 | ---- | C] () -- C:\Program Files\Google_Earth_BZXV.exe
    [2007/07/26 12:01:50 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\hppatusg01.dll
    [2007/05/04 11:48:29 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\G32_rkey.dll
    [2007/05/04 11:48:29 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\free_res.exe
    [2007/03/25 13:31:18 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\PdeSrvps.dll
    [2007/03/25 13:31:15 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
    [2006/10/23 20:32:03 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Larry Arndt\Local Settings\Application Data\fusioncache.dat
    [2006/10/11 19:02:26 | 000,000,117 | ---- | C] () -- C:\WINDOWS\NavWin.INI
    [2006/10/11 19:01:16 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\G32_TICK.DLL
    [2006/10/07 08:01:51 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Larry Arndt\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2006/08/26 08:25:04 | 000,090,112 | ---- | C] () -- C:\WINDOWS\InstDrvr.exe
    [2006/08/26 08:25:04 | 000,006,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
    [2006/07/25 08:32:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
    [2006/01/11 20:35:46 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2006/01/10 14:50:31 | 000,000,222 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2006/01/10 14:44:29 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
    [2006/01/10 14:44:29 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
    [2006/01/10 14:44:29 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
    [2006/01/10 14:44:28 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
    [2006/01/10 14:44:28 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
    [2006/01/10 14:44:28 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
    [2006/01/10 14:33:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
    [2006/01/10 14:07:28 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
    [2006/01/10 14:07:27 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
    [2006/01/10 14:07:27 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
    [2006/01/10 14:07:27 | 000,020,482 | ---- | C] () -- C:\WINDOWS\System32\egegbdb.dll
    [2006/01/10 14:07:27 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
    [2006/01/10 13:59:28 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\000StTHK.exe
    [2006/01/10 13:31:32 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2006/01/10 13:18:16 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
    [2006/01/10 13:15:26 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2006/01/10 13:10:27 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2006/01/10 11:53:04 | 000,002,392 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
    [2006/01/10 11:52:32 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2006/01/10 11:52:30 | 000,466,126 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2006/01/10 11:52:30 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2006/01/10 11:52:30 | 000,079,846 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2006/01/10 11:52:30 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2006/01/10 11:52:29 | 000,004,631 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2006/01/10 11:52:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2006/01/10 11:52:27 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2006/01/10 11:52:23 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2006/01/10 11:52:22 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2006/01/10 11:52:16 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2006/01/10 11:52:10 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2006/01/10 11:20:57 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
    [2006/01/10 11:20:55 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
    [2006/01/10 11:20:53 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
    [2006/01/10 11:20:46 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
    [2006/01/10 11:20:36 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
    [2006/01/10 11:20:31 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
    [2006/01/10 11:20:10 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
    [2006/01/10 11:20:10 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
    [2006/01/10 05:05:03 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2006/01/10 05:04:12 | 000,357,752 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2005/11/28 04:33:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2005/09/02 15:44:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
    [2005/08/02 15:03:51 | 000,224,768 | ---- | C] () -- C:\WINDOWS\System32\b4fm.dll
    [2005/07/22 22:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
    [2004/07/20 18:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
    [2004/02/26 11:02:02 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\bCastRingSvr.dll
    [2004/01/15 15:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
    [2003/03/13 11:15:26 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\tdsExSvr.dll
    [2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
    [2002/03/18 17:23:40 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\TunnelThruDll.dll
    [2000/09/13 19:03:00 | 000,000,145 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT.DAT

    ========== LOP Check ==========

    [2007/03/25 10:17:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
    [2007/04/22 08:09:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Entriq
    [2008/12/05 16:31:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Infineon
    [2010/08/28 05:36:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NewspaperDirect
    [2011/04/14 11:06:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
    [2009/05/12 11:52:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
    [2011/02/15 07:04:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Radialpoint
    [2008/04/11 06:53:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RetroExp
    [2011/02/15 07:16:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TELUS
    [2011/04/24 09:49:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2008/12/05 15:48:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TOSHIBA
    [2008/10/06 17:11:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    [2010/10/16 07:44:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2011/05/09 03:14:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Arndt\Application Data\Auslogics
    [2007/03/25 10:41:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Arndt\Application Data\Autodesk
    [2008/02/29 14:01:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Arndt\Application Data\Centra
    [2008/09/22 07:51:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Arndt\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2009/09/10 22:29:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Arndt\Application Data\Documents and Settings
    [2011/04/05 12:55:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Arndt\Application Data\DriverCure
    [2011/05/11 10:46:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Arndt\Application Data\ElevatedDiagnostics
    [2008/12/05 16:31:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Arndt\Application Data\Infineon
    [2007/03/25 13:29:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Arndt\Application Data\InterTrust
    [2006/09/07 21:55:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Arndt\Application Data\InterVideo
    [2009/03/12 13:33:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Arndt\Application Data\iScreensaver
    [2007/04/02 06:55:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Arndt\Application Data\Musicmatch
    [2008/06/14 09:09:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Arndt\Application Data\NewspaperDirect
    [2011/04/05 12:55:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Arndt\Application Data\ParetoLogic
    [2006/10/31 08:06:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Arndt\Application Data\Protector Suite
    [2008/02/29 14:01:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Arndt\Application Data\Saba
    [2008/03/08 08:34:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Arndt\Application Data\Sammsoft
    [2011/02/15 13:10:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Arndt\Application Data\TELUS
    [2011/05/17 18:44:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Arndt\Application Data\TeraCopy
    [2009/02/03 04:36:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Arndt\Application Data\toshiba
    [2009/10/08 18:24:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Arndt\Application Data\v3.5
    [2009/03/24 15:53:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Arndt\Application Data\WebEx
    [2009/01/18 21:08:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Arndt\Application Data\Windows Desktop Search
    [2009/01/25 10:34:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Arndt\Application Data\Windows Search
    [2011/05/20 09:52:01 | 000,000,266 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.exe >


    < MD5 for: AGP440.SYS >
    [2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
    [2008/09/12 19:47:54 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
    [2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
    [2008/09/12 19:47:54 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
    [2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
    [2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
    [2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

    < MD5 for: ATAPI.SYS >
    [2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
    [2008/09/12 19:47:54 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
    [2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
    [2008/09/12 19:47:54 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
    [2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
    [2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
    [2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
    [2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
    [2004/08/04 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys

    < MD5 for: EVENTLOG.DLL >
    [2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
    [2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
    [2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
    [2004/08/04 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
    [2006/05/05 17:50:50 | 000,023,552 | ---- | M] (UPEK Inc.) MD5=885972DF728A6C0600C0133DCF7CDD78 -- C:\Program Files\Protector Suite QL\eventlog.dll

    < MD5 for: NETLOGON.DLL >
    [2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
    [2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
    [2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
    [2004/08/04 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

    < MD5 for: SCECLI.DLL >
    [2004/08/04 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
    [2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
    [2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
    [2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

    < %systemroot%\*. /mp /s >

    < %systemroot%\system32\*.dll /lockedfiles >
    [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\system32\drivers\*.sys /lockedfiles >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B
    @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B9AB561D

    < End of report >

  7. #7
    Member
    Join Date
    May 2011
    Posts
    12
    Points
    0

    Default

    Hi, Net_Surfer! Thank you for your help and feedback, I really appreciate it! As with the previous scans the the following were completed in "safe mode". I noticed I was unable to login to this forum while in safe mode on the problem laptop for some reason. I transferred the log file to my desk top station for posting in this reply.

    Regards,
    Chewie19

    As requested, here are the log files you requested:

    OTL Extras logfile created on: 20/05/2011 10:33:16 AM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Larry Arndt\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

    1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 65.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
    Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 89.80 Gb Total Space | 22.67 Gb Free Space | 25.25% Space Free | Partition Type: NTFS

    Computer Name: TOSHIBA-LDA002 | User Name: Larry Arndt | Logged in as Administrator.
    Boot Mode: SafeMode with Networking | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = htmlfile] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "D:\PortableApps\MalwarebytesPortable\App\Malwarebytes\mbam.exe" = D:\PortableApps\MalwarebytesPortable\App\Malwarebytes\mbam.exe:*:Enabled:Malwarebytes

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
    "C:\Program Files\SightSpeed\SightSpeed.exe" = C:\Program Files\SightSpeed\SightSpeed.exe:*:Enabled:SightSpeed -- (SightSpeed Inc.)
    "C:\Program Files\Toshiba\ConfigFree\CFXFER.exe" = C:\Program Files\Toshiba\ConfigFree\CFXFER.exe:*:Enabled:ConfigFree SUMMIT Engine -- (TOSHIBA CORPORATION)
    "C:\Program Files\TELUS\TELUS security advisor\ServicepointService.exe" = C:\Program Files\TELUS\TELUS security advisor\ServicepointService.exe:*:Enabled:Servicepoint Service -- (Radialpoint Inc.)
    "C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
    "C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{02C85EC5-E864-4847-AF55-42730861004C}" = MrvlUsgTracking
    "{0577A2AA-DEA0-4D40-8372-4211102D43E4}" = TOSHIBA Mic Effect
    "{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan
    "{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
    "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
    "{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
    "{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy
    "{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant
    "{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax
    "{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
    "{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy
    "{1E63ACB5-D45E-4856-8FC9-78F4B0D7BB80}" = TOSHIBA Security Assist
    "{1F9D123D-2850-494B-AAA0-24492F70C4A4}" = RPS CRT
    "{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp
    "{22EC35BD-F8F2-45EB-8DCB-1C7FB65D0A71}" = QuickTax 2007
    "{231F68F4-70E4-41A6-BEDA-7E7934169B54}" = Maxtor OneTouch
    "{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
    "{24261D9F-6057-447A-B55D-F0A1B195C91D}" = Extreme Charts and Simutrade Manager
    "{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 21
    "{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1
    "{2767DEDE-EA9D-4FCE-A06A-40F4DD293330}" = hppusgP1000
    "{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
    "{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
    "{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
    "{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
    "{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
    "{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
    "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
    "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
    "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
    "{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour
    "{384A95F1-EDDA-4BBE-BC6B-7FAA886380F6}" = Trade Navigator
    "{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext
    "{39FE665F-3C44-4A0E-87FB-A992BF6DB50D}" = RTM
    "{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
    "{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
    "{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme
    "{44FFF4AC-F56C-4457-AE63-C69ADAC1F6FC}" = QuickTax Tracker
    "{461073BF-9642-4A73-B58E-157358D412AB}" = 6200
    "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
    "{4701BF4D-9DBD-4F3B-953A-AFC3316E821B}" = TOSHIBA Dual Pointing Device Utility
    "{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}" = TOSHIBA SD Memory Card Format
    "{56190F69-01D3-46CA-9861-43377C5E9B87}" = TOSHIBA Utilities
    "{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
    "{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{5783F2D7-5001-0409-0002-0060B0CE6BBA}" = AutoCAD 2007 - English
    "{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
    "{58ECE031-9AAD-4011-B34A-BC78E77527E2}" = hppMSRedist
    "{5C1E3F85-3FBA-40F0-9BA6-3A640E505357}" = RPS PerfectDiskStub
    "{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility
    "{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
    "{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
    "{64FC0C98-B035-4530-B15D-3D30610B6DF1}" = HP Software Update
    "{6518675B-CC8D-4AB3-A3F6-CC02FF6548D7}" = 6200_Help
    "{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
    "{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6C117F31-28A8-4477-BE91-64AC0A2204AD}" = Microsoft IntelliPoint 6.01
    "{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm
    "{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1
    "{737629F4-4111-4FD4-9071-29873B7C6426}" = Protector Suite 5.4
    "{7596C248-4816-4C6F-8AAC-D8C81F2B4B49}" = HD View
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
    "{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
    "{7862BAD8-A379-4128-8AA1-EFD5A9603C53}" = Wireless Hotkey
    "{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply
    "{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
    "{7B738CD9-D107-48C7-8E65-2E6639A39C8D}" = PerfectDisk 10 Professional
    "{7C407674-8253-4DC4-90A8-6636B3D0E8C9}" = Recovery Disc Creator Reminder
    "{7D8EB6EC-82C2-47CA-99BA-05DE6C3D4D45}" = RPS RpsCore
    "{8265D6DA-AE00-45B6-8763-5E6FC0E32028}" = TELUS security services
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
    "{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
    "{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
    "{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
    "{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}" = DocProc
    "{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
    "{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
    "{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{91219316-786C-4C9C-A84D-0B60D7046921}" = RPS CRT
    "{912CED74-88D3-4C5B-ACB0-13231864975D}" = PressReader
    "{91510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
    "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
    "{91A10409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
    "{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
    "{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
    "{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
    "{962DE60D-D080-4E77-BD0C-F97A179C50B7}" = Microsoft Windows Vista Upgrade Advisor
    "{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
    "{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
    "{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
    "{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
    "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
    "{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config
    "{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
    "{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
    "{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B6AB0D42-3690-404F-A826-EC19C066F2A3}" = Trumba EventPlus for*Microsoft*Outlook
    "{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director
    "{BBF5493A-05FB-4449-90DE-84A61EB78154}" = TOSHIBA SD Memory Boot Utility
    "{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C0FC3B56-E345-40CD-A5CB-7EB791CE3E74}" = TOSHIBA Password Utility
    "{C3F81504-72F3-4262-9449-487404DA75BB}" = 6200Trb
    "{C4045386-B2F3-11D7-B042-00C04F6D4CEB}" = QuestraderPro
    "{C45F4811-31D5-4786-801D-F79CD06EDD85}" = SD Secure Module
    "{C461FBFE-C0DE-4757-89DD-A5A833B9AC1F}_is1" = Crawler Radio & MP3 Player
    "{C73F2967-062E-48F2-A462-D335B8950183}" = Safari
    "{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
    "{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
    "{CBCDEDF3-A2E5-4402-8E9E-E2C23DBE1DA8}" = Adobe Lightroom
    "{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
    "{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg
    "{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
    "{D104C1CF-7C12-4D32-9850-DDC99060DE5B}" = Infineon TPM Professional Package
    "{D1DDE912-03B9-4C1C-A7EB-C60693820E18}" = HP Wireless Adapter
    "{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar
    "{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
    "{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
    "{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
    "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
    "{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
    "{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
    "{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
    "{F13D54AA-EE45-4394-8510-C612A56FD9BC}" = Creative Zen Touch
    "{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
    "{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates
    "{FC4C645F-8EBC-4F1E-A517-D1505B43A374}" = TOSHIBA Wireless Key Logon
    "{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
    "{FD2E3551-29BB-4FC6-B775-A3330955F7B6}" = Searchme Toolbar 3.0 SP
    "Adobe Acrobat 5.0" = Adobe Acrobat 5.0
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe SVG Viewer" = Adobe SVG Viewer 3.0
    "Advanced Registry Optimizer_is1" = Advanced Registry Optimizer
    "Advanced Video FX Utility" = Advanced Video FX Utility
    "Ask Toolbar_is1" = Ask Toolbar
    "Autodesk DWF Viewer" = Autodesk DWF Viewer
    "AVS DVD Copy_is1" = AVS DVD Copy version 1.4
    "AVSCoverEditor_AVSMedia_is1" = AVS Cover Editor 1.3.1.79 (AVSMedia)
    "Canadian Rental Kit08-1" = Canadian Rental Kit
    "CANONBJ_Deinstall_CNMCP5c.DLL" = Canon i960
    "CCleaner" = CCleaner
    "CentraClient" = Centra Client
    "CentraOneClient" = CentraOne
    "Creative Jukebox Driver" = Creative Jukebox Driver
    "Creative Live! Cam Notebook Pro User's Guide English" = Creative Live! Cam Notebook Pro User's Guide (English)
    "Creative VF0250" = Creative Live! Cam Notebook Pro Driver (1.01.03.0405)
    "Creative WebCam Center" = Creative WebCam Center
    "CToolbar_UNINSTALL" = Crawler Toolbar
    "Digital Editions" = Adobe Digital Editions
    "DivX Setup.divx.com" = DivX Setup
    "Easy DVD-Video Copy" = Easy DVD-Video Copy
    "Entriq MediaSphere_is1" = Entriq MediaSphere 3.5.2.2
    "EPSON Printer and Utilities" = EPSON Printer Software
    "Get Yahoo! Messenger" = Get Yahoo! Messenger
    "Google Chrome" = Google Chrome
    "Google Updater" = Google Updater
    "HP LaserJet P1000 series" = HP LaserJet P1000 series
    "HP Photo & Imaging" = HP Image Zone 4.7
    "hp print screen utility" = hp print screen utility
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{44FFF4AC-F56C-4457-AE63-C69ADAC1F6FC}" = QuickTax Tracker
    "InstallShield_{56190F69-01D3-46CA-9861-43377C5E9B87}" = TOSHIBA Utilities
    "InstallShield_{C0FC3B56-E345-40CD-A5CB-7EB791CE3E74}" = TOSHIBA Password Utility
    "InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
    "InterActual Player" = InterActual Player
    "LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft Security Client" = Microsoft Security Essentials
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "MSNINST" = MSN
    "MXOFX" = USB Storage Adapter FX (MXO)
    "NBC Universal_is1" = NBC Universal 1.0.0.7
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "NVIDIA Drivers" = NVIDIA Drivers
    "PC Diagnostic Tool" = TOSHIBA PC Diagnostic Tool
    "Picasa2" = Picasa 2
    "Power Saver" = TOSHIBA Power Saver
    "ProInst" = Intel(R) PROSet/Wireless Software
    "PROSet" = Intel(R) PRO Network Connections Drivers
    "RadialpointClientGateway_is1" = TELUS security advisor 3.7.44
    "SequoiaView" = SequoiaView
    "SightSpeed" = SightSpeed (remove only)
    "SysInfo" = Creative System Information
    "TDspBtn" = TOSHIBA Display Devices Change Utility
    "TELUS" = TELUS Support Centre
    "TeraCopy_is1" = TeraCopy 1.22
    "TFNF5" = TOSHIBA Hotkey Utility for Display Devices
    "TME3" = TOSHIBA Mobile Extension3 for Windows XP V3.78.00.XP
    "Toshiba Tbiosdrv Driver" = Toshiba Tbiosdrv Driver
    "V3.2_is1" = File Scavenger 3.2
    "Windows Live Toolbar" = Windows Live Toolbar
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "Yahoo! Companion" = Yahoo! Toolbar
    "Yahoo! Toolbar" = Yahoo! Toolbar

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "GoToMeeting" = GoToMeeting 4.5.0.457
    "InstallShield_{231F68F4-70E4-41A6-BEDA-7E7934169B54}" = Maxtor OneTouch
    "Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 20/05/2011 3:03:57 AM | Computer Name = TOSHIBA-LDA002 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 919563

    Error - 20/05/2011 3:04:00 AM | Computer Name = TOSHIBA-LDA002 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 20/05/2011 3:04:00 AM | Computer Name = TOSHIBA-LDA002 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 921750

    Error - 20/05/2011 3:04:00 AM | Computer Name = TOSHIBA-LDA002 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 921750

    Error - 20/05/2011 9:11:39 AM | Computer Name = TOSHIBA-LDA002 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 20/05/2011 9:11:39 AM | Computer Name = TOSHIBA-LDA002 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 22981281

    Error - 20/05/2011 9:11:39 AM | Computer Name = TOSHIBA-LDA002 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 22981281

    Error - 20/05/2011 9:11:41 AM | Computer Name = TOSHIBA-LDA002 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 20/05/2011 9:11:41 AM | Computer Name = TOSHIBA-LDA002 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 22983453

    Error - 20/05/2011 9:11:41 AM | Computer Name = TOSHIBA-LDA002 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 22983453

    [ System Events ]
    Error - 13/05/2011 2:37:02 PM | Computer Name = TOSHIBA-LDA002 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service MDM with arguments
    "" in order to run the server: {943B6A75-BB5E-41A7-A6D3-A1A5E892B33B}

    Error - 13/05/2011 2:37:13 PM | Computer Name = TOSHIBA-LDA002 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service MDM with arguments
    "" in order to run the server: {943B6A75-BB5E-41A7-A6D3-A1A5E892B33B}

    Error - 13/05/2011 2:37:15 PM | Computer Name = TOSHIBA-LDA002 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service MDM with arguments
    "" in order to run the server: {943B6A75-BB5E-41A7-A6D3-A1A5E892B33B}

    Error - 13/05/2011 2:37:15 PM | Computer Name = TOSHIBA-LDA002 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service MDM with arguments
    "" in order to run the server: {943B6A75-BB5E-41A7-A6D3-A1A5E892B33B}

    Error - 13/05/2011 2:37:15 PM | Computer Name = TOSHIBA-LDA002 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service MDM with arguments
    "" in order to run the server: {943B6A75-BB5E-41A7-A6D3-A1A5E892B33B}

    Error - 13/05/2011 2:37:15 PM | Computer Name = TOSHIBA-LDA002 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service MDM with arguments
    "" in order to run the server: {943B6A75-BB5E-41A7-A6D3-A1A5E892B33B}

    Error - 13/05/2011 2:37:20 PM | Computer Name = TOSHIBA-LDA002 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service MDM with arguments
    "" in order to run the server: {943B6A75-BB5E-41A7-A6D3-A1A5E892B33B}

    Error - 13/05/2011 2:37:23 PM | Computer Name = TOSHIBA-LDA002 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service MDM with arguments
    "" in order to run the server: {943B6A75-BB5E-41A7-A6D3-A1A5E892B33B}

    Error - 13/05/2011 2:37:32 PM | Computer Name = TOSHIBA-LDA002 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service MDM with arguments
    "" in order to run the server: {943B6A75-BB5E-41A7-A6D3-A1A5E892B33B}

    Error - 13/05/2011 2:37:43 PM | Computer Name = TOSHIBA-LDA002 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service MDM with arguments
    "" in order to run the server: {943B6A75-BB5E-41A7-A6D3-A1A5E892B33B}


    < End of report >

    OTL logfile created on: 20/05/2011 10:33:16 AM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Larry Arndt\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

    1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 65.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
    Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 89.80 Gb Total Space | 22.67 Gb Free Space | 25.25% Space Free | Partition Type: NTFS

    Computer Name: TOSHIBA-LDA002 | User Name: Larry Arndt | Logged in as Administrator.
    Boot Mode: SafeMode with Networking | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\Larry Arndt\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\TELUS\TELUS security advisor\ServicepointService.exe (Radialpoint Inc.)
    PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
    PRC - C:\Program Files\TELUS\TELUS security services\RpsSecurityAwareR.exe (TELUS)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


    ========== Modules (SafeList) ==========

    MOD - C:\Documents and Settings\Larry Arndt\Desktop\OTL.exe (OldTimer Tools)
    MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)


    ========== Win32 Services (SafeList) ==========

    SRV - (ServicepointService) -- C:\Program Files\TELUS\TELUS security advisor\ServicepointService.exe (Radialpoint Inc.)
    SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
    SRV - (Radialpoint Security Services) -- C:\Program Files\TELUS\TELUS security services\RpsSecurityAwareR.exe (TELUS)
    SRV - (RP_FWS) -- C:\Program Files\TELUS\TELUS security services\Fws.exe (TELUS)
    SRV - (RadialpointIDSAgent) -- C:\Program Files\TELUS\TELUS security services\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
    SRV - (scan) -- C:\Program Files\TELUS\TELUS security services\BitDefender\scan.dll (S.C. BitDefender S.R.L)
    SRV - (PDEngine) -- C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe (Raxco Software, Inc.)
    SRV - (PDAgent) -- C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe (Raxco Software, Inc.)
    SRV - (CFSvcs) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
    SRV - (PersonalSecureDriveService) -- C:\WINDOWS\system32\IfxPsdSv.exe (Infineon Technologies AG)
    SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
    SRV - (Autodesk Licensing Service) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
    SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
    SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
    SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe ()
    SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
    SRV - (Thpsrv) -- C:\WINDOWS\system32\ThpSrv.exe (TOSHIBA Corporation)
    SRV - (Tmesrv) -- C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe (TOSHIBA)
    SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
    SRV - (DVD-RAM_Service) -- C:\WINDOWS\system32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.)
    SRV - (Tmesbs) -- C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe (TOSHIBA Corporation)


    ========== Driver Services (SafeList) ==========

    DRV - (RPSKT) Security Services Driver (x86) -- C:\WINDOWS\system32\drivers\rp_skt32.sys (Radialpoint Inc.)
    DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
    DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
    DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
    DRV - (Trufos) -- C:\Program Files\TELUS\TELUS security services\BitDefender\trufos.sys (BitDefender S.R.L.)
    DRV - (Profos) -- C:\Program Files\TELUS\TELUS security services\BitDefender\profos.sys (BitDefender S.R.L.)
    DRV - (RadialpointIDSDriver) -- C:\Program Files\TELUS\TELUS security services\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys (AVG Technologies )
    DRV - (RadialpointIDSFilter) -- C:\Program Files\TELUS\TELUS security services\AVG\Identity Protection\agent\drivers\AVGIDSfilter.sys (AVG Technologies )
    DRV - (RadialpointIDSShim) -- C:\Program Files\TELUS\TELUS security services\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys (AVG Technologies )
    DRV - (RadialpointIDSEH) -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys (AVG Technologies )
    DRV - (bdfsfltr) -- C:\WINDOWS\system32\drivers\bdfsfltr.sys (BitDefender S.R.L. Bucharest, ROMANIA)
    DRV - (DefragFS) -- C:\WINDOWS\System32\drivers\DefragFs.sys (Raxco Software, Inc.)
    DRV - (Netdevio) -- C:\WINDOWS\system32\drivers\Netdevio.sys (TOSHIBA Corporation.)
    DRV - (IFXTPM) -- C:\WINDOWS\system32\drivers\ifxtpm.sys (Infineon Technologies AG)
    DRV - (PersonalSecureDrive) -- C:\WINDOWS\System32\drivers\psd.sys (Infineon Technologies AG)
    DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
    DRV - (Thpevm) -- C:\WINDOWS\system32\DRIVERS\Thpevm.SYS (TOSHIBA Corporation)
    DRV - (symlcbrd) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation)
    DRV - (HPEAPPkt) Realtek EAPPkt Protocol(HP) -- C:\WINDOWS\system32\drivers\HPEAPPkt.sys (Windows (R) 2000 DDK provider)
    DRV - (FdRedir) -- C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys (UPEK Inc.)
    DRV - (FileDisk2) -- C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys (UPEK Inc.)
    DRV - (smihlp) -- C:\Program Files\Protector Suite QL\smihlp.sys (UPEK Inc.)
    DRV - (V0250Dev) -- C:\WINDOWS\system32\drivers\V0250Dev.sys (Creative Technology Ltd.)
    DRV - (TEchoCan) -- C:\WINDOWS\system32\drivers\TEchoCan.sys (TOSHIBA Corporation)
    DRV - (TVALZ) -- C:\WINDOWS\system32\DRIVERS\TVALZ.SYS (TOSHIBA Corporation)
    DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
    DRV - (w39n51) Intel(R) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
    DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
    DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
    DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
    DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
    DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
    DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
    DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
    DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
    DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
    DRV - (tosrfec) -- C:\WINDOWS\system32\drivers\tosrfec.sys (TOSHIBA Corporation)
    DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
    DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
    DRV - (meiudf) -- C:\WINDOWS\system32\drivers\meiudf.sys (Matsushita Electric Industrial Co.,Ltd.)
    DRV - (Thpdrv) -- C:\WINDOWS\system32\DRIVERS\thpdrv.sys (TOSHIBA Corporation)
    DRV - (MXOPSWD) -- C:\WINDOWS\system32\drivers\mxopswd.sys (Maxtor Corp.)
    DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
    DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
    DRV - (TMEI3E) -- C:\WINDOWS\system32\drivers\TMEI3E.sys (Toshiba Corporation)
    DRV - (Jukebox3) -- C:\WINDOWS\system32\drivers\ctpdusb.sys (Creative Technology Ltd.)
    DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
    DRV - (MXOFX) USB Storage Adapter FX (MXO) -- C:\WINDOWS\system32\drivers\MXOFX.SYS (Cypress Semiconductor)
    DRV - (Pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
    DRV - (TBiosDrv) -- C:\WINDOWS\system32\drivers\tbiosdrv.sys ()
    DRV - (PfModNT) -- C:\WINDOWS\system32\drivers\PfModNT.sys (Creative Technology Ltd.)
    DRV - (CE3) -- C:\WINDOWS\system32\drivers\CE3N5.SYS (Xircom, Inc.)
    DRV - (Eplpdx02) -- C:\WINDOWS\system32\drivers\EPLPDX02.SYS (MK Systems CO., LTD.)
    DRV - (ASPI32) -- C:\WINDOWS\System32\drivers\ASPI32.SYS (Adaptec)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = CNBC Mobile Home
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local


    [2008/09/18 05:37:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Larry Arndt\Application Data\Mozilla\Firefox\extensions
    [2008/09/18 05:37:06 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Documents and Settings\Larry Arndt\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

    O1 HOSTS File: ([2011/05/17 17:06:01 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: () - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
    O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
    O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
    O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3 - HKCU\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
    O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
    O4 - HKLM..\Run: [000StTHK] C:\WINDOWS\System32\000StTHK.exe ()
    O4 - HKLM..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
    O4 - HKLM..\Run: [DpUtil] C:\Program Files\Toshiba\DualPointUtility\TEDTray.exe (TOSHIBA)
    O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe (HP)
    O4 - HKLM..\Run: [HPWireless] C:\Program Files\HP Wireless Adapter\HPWLAN.exe (3G Corp.)
    O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
    O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
    O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
    O4 - HKLM..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\Utils\OneTouch.exe (Maxtor Corporation)
    O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE (Cypress Semiconductor)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NVRotateSysTray] C:\WINDOWS\System32\nvsysrot.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
    O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
    O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TAudEffect] C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe (TOSHIBA)
    O4 - HKLM..\Run: [TELUS_McciTrayApp] C:\Program Files\TELUS\McciTrayApp.exe (Alcatel-Lucent)
    O4 - HKLM..\Run: [TFNF5] C:\WINDOWS\System32\TFNF5.exe (TOSHIBA Corp.)
    O4 - HKLM..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE (TOSHIBA)
    O4 - HKLM..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE (TOSHIBA)
    O4 - HKLM..\Run: [TOSDCR] C:\WINDOWS\System32\TOSDCR.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TosHKCW.exe] C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe (TOSHIBA CORPORATION)
    O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TPSODDCtl] C:\WINDOWS\System32\TPSODDCtl.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [Tsa.exe] C:\Program Files\TELUS\TELUS security advisor\Tsa.exe (TELUS)
    O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk.disabled ()
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk.disabled ()
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: _NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O9 - Extra Button: Radio && MP3 Player - {C461FBFE-C0DE-4757-89DD-A5A833B9AC1F} - C:\Program Files\Crawler\Radio\CRadio.exe (Crawler.com)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKCU\..Trusted Domains: mytelus.com ([home] http in Trusted sites)
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/pr.../ieawsdc32.cab (Microsoft Office Template and Media Control)
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
    O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} http://prod1.centra.com/SiteRoots/ma...aUpdaterAx.cab (Reg Error: Key error.)
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} http://www.creative.com/su/ocx/15031/CTSUEng.cab (Reg Error: Key error.)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downlo...eckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanage...ex-2.2.4.1.cab (Reg Error: Key error.)
    O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} http://vanmappub.vancouver.ca/download/mgaxctrl.cab (Reg Error: Key error.)
    O16 - DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} https://secure.logmeinrescue.com/Cus...Downloader.cab (Reg Error: Key error.)
    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Reg Error: Key error.)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsof...?1174927917031 (MUWebControl Class)
    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab (Reg Error: Key error.)
    O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn...Detection2.cab (GMNRev Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://towercam.arts.ubc.ca/activex/AxisCamControl.ocx (Reg Error: Key error.)
    O16 - DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} http://asp17.centra.com/SiteRoots/ma...Downloader.cab (Reg Error: Key error.)
    O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://costco.pnimedia.com/upload/ac...eX_Control.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CBD8B1CB-2F5F-415F-93E8-A297B33DCBB2} http://entriq.vo.llnwd.net/o1/NBCUni...ck_1_0_0_5.cab (CentrinoCheck Control)
    O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} http://entriq.vo.llnwd.net/o1/NBCUni...2_2_Silent.cab (MediaControl Class)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/s...sh/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {DE0FB644-C59B-46D1-B650-88BA945BC98F} http://entriq.vo.llnwd.net/o1/NBCUni...al_1_0_0_7.cab (NBCUniversal Class)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://investools.webex.com/client/...nt/ieatgpc.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} http://costco.pnimedia.com/upload/ac...eX_Control.cab (Reg Error: Key error.)
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative.com/su/ocx/15031/CTPID.cab (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254
    O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
    O18 - Protocol\Handler\intu-qt2007 {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\WINDOWS\System32\vrlogon.dll (UPEK Inc.)
    O20 - Winlogon\Notify\psfus: DllName - psqlpwd.dll - C:\WINDOWS\System32\psqlpwd.dll (UPEK Inc.)
    O20 - Winlogon\Notify\TosBtNP: DllName - TosBtNP.dll - C:\WINDOWS\System32\TosBtNP.dll (TOSHIBA CORPORATION)
    O24 - Desktop WallPaper: C:\Documents and Settings\Larry Arndt\My Documents\My Pictures\DigiCam\Random Scenics\cypress_fog.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Larry Arndt\My Documents\My Pictures\DigiCam\Random Scenics\cypress_fog.bmp
    O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
    O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/01/10 13:12:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (PDBoot.exe) - C:\WINDOWS\System32\PDBoot.exe (Raxco Software, Inc.)
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O35 - HKCU\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe - (Adobe Systems, Inc.)
    MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart17.exe - (Autodesk, Inc)
    MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe - (Microsoft Corporation)
    MsConfig - StartUpFolder: C:^Documents and Settings^Larry Arndt^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE - (Microsoft Corporation)
    MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
    MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Company)
    MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
    MsConfig - StartUpReg: mmtask - hkey= - key= - C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe (Musicmatch Inc.)
    MsConfig - StartUpReg: MMTray - hkey= - key= - C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe (Musicmatch, Inc.)
    MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
    MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    MsConfig - State: "system.ini" - 0
    MsConfig - State: "win.ini" - 0
    MsConfig - State: "bootini" - 2
    MsConfig - State: "services" - 0
    MsConfig - State: "startup" - 2

    CREATERESTOREPOINT
    Error starting restore point: The function was called in safe mode.
    Error closing restore point: The sequence number is invalid.

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/05/20 10:29:44 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Larry Arndt\Desktop\OTL.exe
    [2011/05/17 18:37:50 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2011/05/17 16:58:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
    [2011/05/17 16:45:27 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2011/05/17 16:26:29 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2011/05/17 16:26:29 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2011/05/17 16:26:29 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2011/05/17 16:26:29 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2011/05/17 16:26:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2011/05/17 16:25:55 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/05/17 14:41:31 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Larry Arndt\Desktop\tdsskiller.exe
    [2011/05/13 10:32:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple Computer
    [2011/05/12 07:52:36 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Larry Arndt\Recent
    [2011/05/11 16:41:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Larry Arndt\Local Settings\Application Data\Microsoft Corporation
    [2011/05/11 16:39:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
    [2011/05/11 13:48:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
    [2011/05/11 10:27:05 | 000,772,376 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Larry Arndt\Desktop\Mats_Run.IEAddon.exe
    [2011/05/10 21:22:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
    [2011/05/10 21:22:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
    [2011/05/09 03:14:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Larry Arndt\Application Data\Auslogics
    [2011/05/08 13:30:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
    [2011/05/08 13:30:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
    [2011/05/08 06:10:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
    [2011/05/08 06:10:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
    [2011/05/02 09:04:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/05/02 09:04:52 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2011/05/02 09:04:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2007/09/23 07:38:51 | 028,791,384 | ---- | C] (Online Media Technologies Ltd. ) -- C:\Program Files\avsdvdcopy.exe
    [2007/09/21 12:17:24 | 004,402,811 | ---- | C] (Burn4Free) -- C:\Program Files\burn4free_setup.exe
    [2007/09/12 10:09:19 | 051,418,424 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesSetup.exe
    [2007/09/09 12:19:22 | 015,505,200 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE7-WindowsXP-x86-enu.exe
    [2007/08/16 17:18:24 | 005,388,088 | ---- | C] (Google Inc.) -- C:\Program Files\picasaweb-current-setup.exe
    [2007/05/21 16:58:18 | 018,040,176 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Install_Messenger_nous.exe
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [2 C:\Documents and Settings\Larry Arndt\My Documents\*.tmp files -> C:\Documents and Settings\Larry Arndt\My Documents\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/05/20 10:29:48 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Larry Arndt\Desktop\OTL.exe
    [2011/05/20 10:25:29 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/05/20 10:24:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/05/20 09:54:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2011/05/20 09:52:01 | 000,000,266 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
    [2011/05/20 07:55:17 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Larry Arndt\.pr_stat_data
    [2011/05/19 20:46:14 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
    [2011/05/19 19:57:22 | 000,000,803 | ---- | M] () -- C:\Documents and Settings\Larry Arndt\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
    [2011/05/19 19:54:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2011/05/19 19:44:22 | 000,061,150 | ---- | M] () -- C:\WINDOWS\System32\nvwsapps.xml
    [2011/05/17 17:56:42 | 000,001,824 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    [2011/05/17 17:06:01 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2011/05/17 16:45:31 | 000,000,353 | RHS- | M] () -- C:\boot.ini
    [2011/05/17 16:07:17 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/05/17 14:41:46 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Larry Arndt\Desktop\tdsskiller.exe
    [2011/05/17 14:26:00 | 004,350,161 | R--- | M] () -- C:\Documents and Settings\Larry Arndt\Desktop\ComboFix.exe
    [2011/05/16 18:48:26 | 000,294,400 | ---- | M] () -- C:\Documents and Settings\Larry Arndt\Desktop\exeHelper.com
    [2011/05/16 18:41:00 | 001,006,778 | ---- | M] () -- C:\Documents and Settings\Larry Arndt\Desktop\rkill.com
    [2011/05/12 21:01:57 | 000,000,020 | ---- | M] () -- C:\WINDOWS\System32\drivers\E0ACABE0.SYS
    [2011/05/12 12:17:38 | 000,242,349 | ---- | M] () -- C:\Documents and Settings\Larry Arndt\Desktop\Sauls_psych - 4 up.pdf
    [2011/05/12 12:14:45 | 000,466,126 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2011/05/12 12:14:45 | 000,079,846 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2011/05/12 11:59:37 | 000,357,752 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2011/05/12 11:49:01 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
    [2011/05/12 07:51:56 | 000,000,693 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
    [2011/05/11 16:39:21 | 000,001,873 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Windows 7 Upgrade Advisor.lnk
    [2011/05/11 13:54:16 | 000,434,010 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110512-064215.backup
    [2011/05/11 13:03:12 | 000,434,010 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110511-135415.backup
    [2011/05/11 10:26:29 | 000,772,376 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Larry Arndt\Desktop\Mats_Run.IEAddon.exe
    [2011/05/09 23:43:27 | 000,433,904 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110511-130311.backup
    [2011/05/09 15:59:55 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\Larry Arndt\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/05/08 21:45:31 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
    [2011/05/08 21:45:30 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
    [2011/05/08 20:35:33 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
    [2011/05/08 20:35:32 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
    [2011/05/08 19:35:40 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
    [2011/05/08 19:35:40 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
    [2011/05/08 15:57:33 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
    [2011/05/08 15:57:33 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
    [2011/05/08 13:19:09 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
    [2011/05/08 13:19:05 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
    [2011/05/08 12:23:20 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
    [2011/05/08 12:23:20 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
    [2011/05/08 06:02:48 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
    [2011/05/08 06:02:47 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
    [2011/05/07 15:29:43 | 000,000,027 | -HS- | M] () -- C:\Documents and Settings\Larry Arndt\.pr_data
    [2011/05/03 17:39:21 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
    [2011/05/03 17:39:20 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
    [2011/05/03 07:59:53 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
    [2011/05/03 07:59:52 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
    [2011/05/02 16:59:36 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
    [2011/05/02 16:59:36 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
    [2011/05/02 12:19:18 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
    [2011/05/02 12:19:18 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
    [2011/05/02 09:30:05 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
    [2011/05/02 09:30:05 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
    [2011/05/02 09:04:57 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/05/02 09:03:29 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
    [2011/05/02 09:03:29 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
    [2011/05/02 08:51:31 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
    [2011/05/02 08:51:30 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
    [2011/05/02 08:51:22 | 000,011,206 | -HS- | M] () -- C:\Documents and Settings\Larry Arndt\Local Settings\Application Data\8577pbl4k146s4547xpb05o
    [2011/05/02 08:51:22 | 000,011,206 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\8577pbl4k146s4547xpb05o
    [2011/05/02 08:29:39 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
    [2011/05/02 08:29:38 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
    [2011/05/01 21:23:56 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
    [2011/05/01 21:23:56 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
    [2011/04/30 08:23:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2011/04/29 17:25:09 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
    [2011/04/29 17:25:07 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
    [2011/04/29 09:40:21 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
    [2011/04/29 09:40:20 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
    [2011/04/26 20:16:15 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
    [2011/04/26 20:16:15 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
    [2011/04/24 09:47:36 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
    [2011/04/24 09:47:36 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [2 C:\Documents and Settings\Larry Arndt\My Documents\*.tmp files -> C:\Documents and Settings\Larry Arndt\My Documents\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/05/17 16:45:31 | 000,000,236 | ---- | C] () -- C:\Boot.bak
    [2011/05/17 16:45:28 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2011/05/17 16:26:29 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2011/05/17 16:26:29 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2011/05/17 16:26:29 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2011/05/17 16:26:29 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2011/05/17 16:26:29 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2011/05/17 14:25:52 | 004,350,161 | R--- | C] () -- C:\Documents and Settings\Larry Arndt\Desktop\ComboFix.exe
    [2011/05/16 18:48:25 | 000,294,400 | ---- | C] () -- C:\Documents and Settings\Larry Arndt\Desktop\exeHelper.com
    [2011/05/16 18:40:55 | 001,006,778 | ---- | C] () -- C:\Documents and Settings\Larry Arndt\Desktop\rkill.com
    [2011/05/12 21:01:57 | 000,000,020 | ---- | C] () -- C:\WINDOWS\System32\drivers\E0ACABE0.SYS
    [2011/05/12 12:17:38 | 000,242,349 | ---- | C] () -- C:\Documents and Settings\Larry Arndt\Desktop\Sauls_psych - 4 up.pdf
    [2011/05/11 16:39:21 | 000,001,879 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
    [2011/05/11 16:39:21 | 000,001,873 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Windows 7 Upgrade Advisor.lnk
    [2011/05/02 09:04:57 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/05/01 20:58:20 | 000,011,206 | -HS- | C] () -- C:\Documents and Settings\Larry Arndt\Local Settings\Application Data\8577pbl4k146s4547xpb05o
    [2011/05/01 20:58:20 | 000,011,206 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\8577pbl4k146s4547xpb05o
    [2011/04/15 22:04:26 | 000,017,334 | -HS- | C] () -- C:\Documents and Settings\Larry Arndt\Local Settings\Application Data\qb4wt75j32d2kq3
    [2011/04/15 22:04:26 | 000,017,334 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\qb4wt75j32d2kq3
    [2011/02/05 17:19:28 | 000,508,648 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2010/04/25 10:21:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
    [2010/04/15 10:48:34 | 000,068,977 | ---- | C] () -- C:\WINDOWS\hpoins05.dat
    [2010/04/15 10:48:33 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat
    [2010/03/12 21:07:50 | 000,007,239 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\N360BUOptions.ini
    [2010/01/07 21:38:05 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\HPPLVS.dll
    [2009/12/22 23:18:19 | 001,286,144 | ---- | C] () -- C:\Program Files\HDViewInstall_3_3.msi
    [2009/10/21 15:20:08 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen_x86.sys
    [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
    [2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
    [2009/05/12 11:58:27 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS5c.DLL
    [2009/03/12 14:32:11 | 000,000,471 | ---- | C] () -- C:\WINDOWS\iScreensaver.ini
    [2008/05/26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
    [2008/05/26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
    [2008/04/30 11:38:24 | 000,000,080 | ---- | C] () -- C:\WINDOWS\intuprof.ini
    [2008/04/04 15:07:34 | 000,002,644 | ---- | C] () -- C:\WINDOWS\checkip.dat
    [2008/04/02 11:40:38 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
    [2008/03/08 05:53:31 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2008/03/03 17:05:25 | 000,000,782 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
    [2008/03/03 17:04:18 | 000,000,145 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT3.DAT
    [2008/03/03 17:03:55 | 000,000,045 | ---- | C] () -- C:\WINDOWS\EPSON C62 Installer.ini
    [2008/01/12 12:20:43 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    [2007/11/15 23:56:03 | 000,007,609 | ---- | C] () -- C:\WINDOWS\hpdj5100.ini
    [2007/11/15 23:54:12 | 000,000,478 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
    [2007/10/22 07:01:40 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
    [2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
    [2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
    [2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
    [2007/09/21 12:19:11 | 003,165,190 | ---- | C] () -- C:\Program Files\EasyDVDVideoCopy.exe
    [2007/09/02 07:04:43 | 013,416,432 | ---- | C] () -- C:\Program Files\Google_Earth_BZXV.exe
    [2007/07/26 12:01:50 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\hppatusg01.dll
    [2007/05/04 11:48:29 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\G32_rkey.dll
    [2007/05/04 11:48:29 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\free_res.exe
    [2007/03/25 13:31:18 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\PdeSrvps.dll
    [2007/03/25 13:31:15 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
    [2006/10/23 20:32:03 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Larry Arndt\Local Settings\Application Data\fusioncache.dat
    [2006/10/11 19:02:26 | 000,000,117 | ---- | C] () -- C:\WINDOWS\NavWin.INI
    [2006/10/11 19:01:16 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\G32_TICK.DLL
    [2006/10/07 08:01:51 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Larry Arndt\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2006/08/26 08:25:04 | 000,090,112 | ---- | C] () -- C:\WINDOWS\InstDrvr.exe
    [2006/08/26 08:25:04 | 000,006,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
    [2006/07/25 08:32:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
    [2006/01/11 20:35:46 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2006/01/10 14:50:31 | 000,000,222 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2006/01/10 14:44:29 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
    [2006/01/10 14:44:29 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
    [2006/01/10 14:44:29 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
    [2006/01/10 14:44:28 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
    [2006/01/10 14:44:28 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
    [2006/01/10 14:44:28 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
    [2006/01/10 14:33:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
    [2006/01/10 14:07:28 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
    [2006/01/10 14:07:27 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
    [2006/01/10 14:07:27 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
    [2006/01/10 14:07:27 | 000,020,482 | ---- | C] () -- C:\WINDOWS\System32\egegbdb.dll
    [2006/01/10 14:07:27 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
    [2006/01/10 13:59:28 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\000StTHK.exe
    [2006/01/10 13:31:32 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2006/01/10 13:18:16 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
    [2006/01/10 13:15:26 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2006/01/10 13:10:27 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2006/01/10 11:53:04 | 000,002,392 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
    [2006/01/10 11:52:32 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2006/01/10 11:52:30 | 000,466,126 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2006/01/10 11:52:30 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2006/01/10 11:52:30 | 000,079,846 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2006/01/10 11:52:30 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2006/01/10 11:52:29 | 000,004,631 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2006/01/10 11:52:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2006/01/10 11:52:27 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2006/01/10 11:52:23 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2006/01/10 11:52:22 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2006/01/10 11:52:16 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2006/01/10 11:52:10 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2006/01/10 11:20:57 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
    [2006/01/10 11:20:55 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
    [2006/01/10 11:20:53 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
    [2006/01/10 11:20:46 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
    [2006/01/10 11:20:36 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
    [2006/01/10 11:20:31 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
    [2006/01/10 11:20:10 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
    [2006/01/10 11:20:10 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
    [2006/01/10 05:05:03 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2006/01/10 05:04:12 | 000,357,752 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2005/11/28 04:33:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2005/09/02 15:44:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
    [2005/08/02 15:03:51 | 000,224,768 | ---- | C] () -- C:\WINDOWS\System32\b4fm.dll
    [2005/07/22 22:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
    [2004/07/20 18:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
    [2004/02/26 11:02:02 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\bCastRingSvr.dll
    [2004/01/15 15:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
    [2003/03/13 11:15:26 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\tdsExSvr.dll
    [2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
    [2002/03/18 17:23:40 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\TunnelThruDll.dll
    [2000/09/13 19:03:00 | 000,000,145 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT.DAT

    ========== LOP Check ==========

    [2007/03/25 10:17:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
    [2007/04/22 08:09:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Entriq
    [2008/12/05 16:31:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Infineon
    [2010/08/28 05:36:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NewspaperDirect
    [2011/04/14 11:06:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
    [2009/05/12 11:52:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
    [2011/02/15 07:04:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Radialpoint
    [2008/04/11 06:53:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RetroExp
    [2011/02/15 07:16:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TELUS
    [2011/04/24 09:49:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2008/12/05 15:48:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TOSHIBA
    [2008/10/06 17:11:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    [2010/10/16 07:44:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2011/05/09 03:14:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Arndt\Application Data\Auslogics
    [2007/03/25 10:41:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Arndt\Application Data\Autodesk
    [2008/02/29 14:01:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Arndt\Application Data\Centra
    [2008/09/22 07:51:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Arndt\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2009/09/10 22:29:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Arndt\Application Data\Documents and Settings
    [2011/04/05 12:55:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Arndt\Application Data\DriverCure
    [2011/05/11 10:46:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Arndt\Application Data\ElevatedDiagnostics
    [2008/12/05 16:31:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Arndt\Application Data\Infineon
    [2007/03/25 13:29:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Arndt\Application Data\InterTrust
    [2006/09/07 21:55:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Arndt\Application Data\InterVideo
    [2009/03/12 13:33:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Arndt\Application Data\iScreensaver
    [2007/04/02 06:55:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Arndt\Application Data\Musicmatch
    [2008/06/14 09:09:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Arndt\Application Data\NewspaperDirect
    [2011/04/05 12:55:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Arndt\Application Data\ParetoLogic
    [2006/10/31 08:06:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Arndt\Application Data\Protector Suite
    [2008/02/29 14:01:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Arndt\Application Data\Saba
    [2008/03/08 08:34:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Arndt\Application Data\Sammsoft
    [2011/02/15 13:10:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Arndt\Application Data\TELUS
    [2011/05/17 18:44:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Arndt\Application Data\TeraCopy
    [2009/02/03 04:36:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Arndt\Application Data\toshiba
    [2009/10/08 18:24:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Arndt\Application Data\v3.5
    [2009/03/24 15:53:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Arndt\Application Data\WebEx
    [2009/01/18 21:08:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Arndt\Application Data\Windows Desktop Search
    [2009/01/25 10:34:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Arndt\Application Data\Windows Search
    [2011/05/20 09:52:01 | 000,000,266 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.exe >


    < MD5 for: AGP440.SYS >
    [2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
    [2008/09/12 19:47:54 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
    [2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
    [2008/09/12 19:47:54 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
    [2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
    [2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
    [2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

    < MD5 for: ATAPI.SYS >
    [2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
    [2008/09/12 19:47:54 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
    [2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
    [2008/09/12 19:47:54 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
    [2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
    [2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
    [2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
    [2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
    [2004/08/04 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys

    < MD5 for: EVENTLOG.DLL >
    [2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
    [2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
    [2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
    [2004/08/04 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
    [2006/05/05 17:50:50 | 000,023,552 | ---- | M] (UPEK Inc.) MD5=885972DF728A6C0600C0133DCF7CDD78 -- C:\Program Files\Protector Suite QL\eventlog.dll

    < MD5 for: NETLOGON.DLL >
    [2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
    [2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
    [2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
    [2004/08/04 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

    < MD5 for: SCECLI.DLL >
    [2004/08/04 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
    [2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
    [2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
    [2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

    < %systemroot%\*. /mp /s >

    < %systemroot%\system32\*.dll /lockedfiles >
    [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\system32\drivers\*.sys /lockedfiles >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B
    @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B9AB561D

    < End of report >

  8. #8
    Member Net_Surfer's Avatar
    Join Date
    May 2008
    Location
    Paradise Ca.
    Posts
    1,179
    Points
    89
    Blog Entries
    4

    Default

    Hello again

    Sorry for the delay

    Let's continue with your fix:

    • Go to Start > Control Panel > Add/Remove Programs or Programs and Features in Vista/win7
    • Remove ALL instances of Ask Toolbar and Crawler toolbar.
    • Re-boot your computer as required.


    Download >> ToolBar S&D <-- here
    • Double-click ToolBar S&D.exe
    • Choose the language and hit Enter key, then choose Option 2 (Fix) and hit Enter key again.
    • Wait till the end of the scan

    Copy and paste the log which was created: (%SystemDrive%\TB.txt)

    Next...


    Step 2.
    Let's fix some issues with OTL by doing the following:

    Double click on the Icon at your desktop to run it.
    (Vista users right click and run as an Admin.)
    Copy the lines in the codebox below. (make sure that :Otl is on the first line ) just highlight everything in the code box (starting with :Otl ) and copy and paste it into the 'Custom scan/fix' box on OTL.
    Code:
    :otl
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
    [2008/09/18 05:37:06 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Documents and Settings\Larry Arndt\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
    O2 - BHO: () - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
    O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
    O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
    O3 - HKCU\..\Toolbar\WebBrowser: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: _NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O9 - Extra Button: Radio && MP3 Player - {C461FBFE-C0DE-4757-89DD-A5A833B9AC1F} - C:\Program Files\Crawler\Radio\CRadio.exe (Crawler.com)
    O15 - HKCU\..Trusted Domains: mytelus.com ([home] http in Trusted sites)
    O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} http://prod1.centra.com/SiteRoots/ma...aUpdaterAx.cab (Reg Error: Key error.)
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} http://www.creative.com/su/ocx/15031/CTSUEng.cab (Reg Error: Key error.)
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanage...ex-2.2.4.1.cab (Reg Error: Key error.)
    O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} http://vanmappub.vancouver.ca/download/mgaxctrl.cab (Reg Error: Key error.)
    O16 - DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} https://secure.logmeinrescue.com/Cus...Downloader.cab (Reg Error: Key error.)
    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Reg Error: Key error.)
    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://towercam.arts.ubc.ca/activex/AxisCamControl.ocx (Reg Error: Key error.)
    O16 - DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} http://asp17.centra.com/SiteRoots/ma...Downloader.cab (Reg Error: Key error.)
    O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://costco.pnimedia.com/upload/ac...eX_Control.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://investools.webex.com/client/...nt/ieatgpc.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} http://costco.pnimedia.com/upload/ac...eX_Control.cab (Reg Error: Key error.)
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative.com/su/ocx/15031/CTPID.cab (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
    O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
    [2011/05/11 13:54:16 | 000,434,010 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110512-064215.backup
    [2011/05/11 13:03:12 | 000,434,010 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110511-135415.backup
    [2011/05/08 21:45:31 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
    [2011/05/08 21:45:30 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
    [2011/05/08 20:35:33 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
    [2011/05/08 20:35:32 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
    [2011/05/08 19:35:40 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
    [2011/05/08 19:35:40 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
    [2011/05/08 15:57:33 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
    [2011/05/08 15:57:33 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
    [2011/05/08 13:19:09 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
    [2011/05/08 13:19:05 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
    [2011/05/08 12:23:20 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
    [2011/05/08 12:23:20 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
    [2011/05/08 06:02:48 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
    [2011/05/08 06:02:47 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
    [2011/05/07 15:29:43 | 000,000,027 | -HS- | M] () -- C:\Documents and Settings\Larry Arndt\.pr_data
    [2011/05/03 17:39:21 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
    [2011/05/03 17:39:20 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
    [2011/05/03 07:59:53 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
    [2011/05/03 07:59:52 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
    [2011/05/02 16:59:36 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
    [2011/05/02 16:59:36 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
    [2011/05/02 12:19:18 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
    [2011/05/02 12:19:18 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
    [2011/05/02 09:30:05 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
    [2011/05/02 09:30:05 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
    [2011/05/02 09:03:29 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
    [2011/05/02 09:03:29 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
    [2011/05/02 08:51:31 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
    [2011/05/02 08:51:30 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
    [2011/05/02 08:51:22 | 000,011,206 | -HS- | M] () -- C:\Documents and Settings\Larry Arndt\Local Settings\Application Data\8577pbl4k146s4547xpb05o
    [2011/05/02 08:51:22 | 000,011,206 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\8577pbl4k146s4547xpb05o
    [2011/05/02 08:29:39 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
    [2011/05/02 08:29:38 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
    [2011/05/01 21:23:56 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
    [2011/05/01 21:23:56 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
    [2011/04/30 08:23:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2011/04/29 17:25:09 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
    [2011/04/29 17:25:07 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
    [2011/04/29 09:40:21 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
    [2011/04/29 09:40:20 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
    [2011/04/26 20:16:15 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
    [2011/04/26 20:16:15 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
    [2011/04/24 09:47:36 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
    [2011/04/24 09:47:36 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
    [2011/05/12 21:01:57 | 000,000,020 | ---- | C] () -- C:\WINDOWS\System32\drivers\E0ACABE0.SYS
    [2011/05/12 12:17:38 | 000,242,349 | ---- | C] () -- C:\Documents and Settings\Larry Arndt\Desktop\Sauls_psych - 4 up.pdf
    [2011/05/01 20:58:20 | 000,011,206 | -HS- | C] () -- C:\Documents and Settings\Larry Arndt\Local Settings\Application Data\8577pbl4k146s4547xpb05o
    [2011/05/01 20:58:20 | 000,011,206 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\8577pbl4k146s4547xpb05o
    [2011/04/15 22:04:26 | 000,017,334 | -HS- | C] () -- C:\Documents and Settings\Larry Arndt\Local Settings\Application Data\qb4wt75j32d2kq3
    [2011/04/15 22:04:26 | 000,017,334 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\qb4wt75j32d2kq3
    [2007/05/04 11:48:29 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\G32_rkey.dll
    [2007/05/04 11:48:29 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\free_res.exe
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B
    @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B9AB561D
    
    :Files
    C:\Program Files\AskBarDis
    C:\Program Files\Crawler\Toolbar
    ipconfig /flushdns /c
    %systemroot%\prefetch\*.*
    
    :commands
    [PURITY]
    [RESETHOSTS]
    [EMPTYTEMP]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [REBOOT]
    • Return to OTL,
    • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.


    • Click the red Run Fix button.

    • Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, this is normal.
    • Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
    • After the reboot, you may need to double click OTL to launch the program and retrieve the log.


    Copy and paste the contents of the OTL log that comes up after the fix in your next reply.

    if you lose the report, there will be a copy here:
    C:\_OTL\MovedFiles





    Step 3.

    Code:
     J2SE Runtime Environment 5.0 Update 4
     Java(TM) 6 Update 3
     Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    * JavaRa and Java update.

    Your Java program is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
    Please follow these steps to remove older version Java components and update:
    Download and Run JavaRA

    Please download JavaRa and unzip it to your desktop.
    • Double-click on JavaRa.exe to start.
    • Use the drop down box to choose your language and click Select.
    • Select "Remove Older Versions".
    • Click Yes when asked "This will remove all older versions of the Java JRE...Are you sure you want to proceed?"
    • Click Ok when search and removal of old versions has completed.
    • A notice will appear indicating "Finished searching for all old versions...A logfile has been created...called JavaRa.log...
      JavaRa will now open its logfile.
      "
    • Click Ok and notepad will open with the log results of what was found and removed.
    • View the logfile and close notepad.
    • A copy of JavaRa.log will automatically be saved to your primary hard drive (usually C\:JavaRa.log).
    • Return to JavaRa and click the button for Additonal Tasks.
    • Select these Tasks:
      • Remove Useless JRE Files
      • Remove Startup Entry
      • Remove JavaRa Logfile (optional)
    • Click Go and then Ok when prompted "Finished searching for useless JRE files.
    • Click Ok again when prompted "Finished searching for JRE startup entries.
    • Close the Additional Tasks window, exit JavaRa and reboot your computer.

    Then download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
    • Look for "JDK 6 Update 25 (JDK or JRE)"
    • Click the "Download JRE" button to the right.
    • Select your Platform: "Windows".
    • Select your Language: "Multi-language".
    • Read the License Agreement, and then check the box that says: "Accept License Agreement".
    • Click Continue and the page will refresh.
    • Click on the link to download Windows Offline Installation and save the file to your desktop.
    • From your desktop double-click on jre-6u25-windows-i586.exe to install the newest version.
    -- The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
    To disable the JQS service if you don't want to use it:
    • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
    • Click Ok and reboot your computer.



    Step 4.

    * ESET Online Scan

    Sometimes malware that is removed from your computer leaves other traces behind. These traces may not be active, but they are unwanted on your computer.
    Therefore, by using ESET online scanner it is possible for us to find leftover or missed malware files on your computer and we can now further clean up your computer
    .

    You can use either Internet Explorer or Mozilla FireFox for this scan.
    NOTE:This scan requires Internet Explorer to work. Vista/Windows 7 users need to run Internet Explorer as Administrator.
    To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu
    .
    • Please go here then click on:
      Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
      All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
    • Select the option YES, I accept the Terms of Use then click on:
    • When prompted allow the Add-On/Active X to install.
    • Make sure that the option Remove found threats IS checked, and the option Scan archives is checked.
    • Now click on Advanced Settings and select the following:
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
    • Now click on:
    • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
    • When completed the Online Scan will begin automatically.
    • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
    • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
    • Now click on:
    • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    • Copy and paste that log as a reply to this topic.

    NOTE: A log.txt file will also be created and automatically saved in the C:\Program Files\EsetOnlineScanner\ folder.
    If you did not save the ESETScan log, click Start > Run..., then type or copy and paste everything inside the code box below into the Open dialogue box:

    Code:
    C:\Program Files\ESET\EsetOnlineScanner\log.txt
    • Click Ok and the scan results will open in Notepad.
    • Copy and paste the contents of log.txt in your next reply.


    In some instances if no malware is found there will be no log produced.

    Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.
    ~~~~~~~~~~~~~
    Note:
    *If you are running a 64bit system:
    The ESET Online Scanner is a 32-bit application, which means it must be run through in the 32-bit version of Internet Explorer, and as an Administrator. To do so, right-click on the Internet Explorer (32-bit) icon in the Start Menu and select "Run as administrator" from the context menu.

    Please DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean and free of malware!!!

    Summary of the logs I will need in your next reply:
    • The report log of OTL
    • The report log of Eset Online Scan.

    And a description of any remaining problems.

    How are things your end ???.


    Upon completing the above steps I will review your logs again and take the steps necessary with you to get your machine back in working order clean and free of malware.

    Kind regards
    Net_Surfer

    ============================
    Our help here is always free but it does cost money to keep the site running. If you feel we've helped you kindly, Click here: >> Please Donate to the Forum <<


    "Obstacles are what you see when yo take your eyes off your Goals"

    Net_Surfer is a Graduate of BleepingComputer Malware Removal Training ProgramYou too could train to help others!.

  9. #9
    Member
    Join Date
    May 2011
    Posts
    12
    Points
    0

    Default Reinfection resulted in supplementary updates and scans being required since last pos

    Hi, Net_Surfer. Thank you for your response. Since my posting last week I avoided updating and scanning as directed. Unfortunately reinfection surfaced yesterday, requiring me to apply some immediate first-aid to keep this laptop operational for my work, so the logs I posted previously may or may not be useful. Yesterday in safe mode I updated, scanned and removed approximately 10 virus/trojan nasties, using Spybot, Malwarebytes and MS Security Essentials. Please let me know if I should:
    [LIST=1][*]post the logs from the above three scans,[*]complete and post the scans from your latest reply,[*]post the logs from my three recent scans PLUS the ones you requested,[*]follow some other course of action?

    Thanks again...

  10. #10
    Member Net_Surfer's Avatar
    Join Date
    May 2008
    Location
    Paradise Ca.
    Posts
    1,179
    Points
    89
    Blog Entries
    4

    Default

    Hi

    yes please do the steps that I suggested and post the logs ....post first the logs that you had run on your own...then do the steps from my last post and post the logs...........we are not finished with your fix just yet.........
    Our help here is always free but it does cost money to keep the site running. If you feel we've helped you kindly, Click here: >> Please Donate to the Forum <<


    "Obstacles are what you see when yo take your eyes off your Goals"

    Net_Surfer is a Graduate of BleepingComputer Malware Removal Training ProgramYou too could train to help others!.

Page 1 of 3 123 LastLast