Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

Help - infected with Trojan Horse Downloader.Zlob.BAKH

  • 02-08-2011 3:19pm
    #1
    Gekko
    Registered Users, Registered Users 2 Posts: 1,189 ✭✭✭


    This one seems to be clever...

    It didn't let me update MalwareBytes Anti-Malware properly. Now it won't let me open it.

    it has corrupted my AVG logfiles in Excel so that they don't show anything.

    The above file was what was found by AVG which moved it to the Virus Vault and I emptied the Vault but not sure if that has cleared my PC.

    Did another scan with AVG and in its found section it now has a MalwareBytes setup file which it says has a broken digital signature.

    Any help on how to completely rid my PC of this Trojan and get MalwareBytes working properly again much appreciated!


Comments

  • #2
    ASJ112
    Site Banned Posts: 1,167 ✭✭✭ASJ112


    Download OTL to your Desktop
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Quick Scan button. Do not change any settings. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files here


  • #3
    Gekko
    Registered Users, Registered Users 2 Posts: 1,189 ✭✭✭Gekko


    Thanks for the swift reply ASJ - much appreciated. :-)

    OTL logfile created on: 02/08/2011 16:29:15 - Run 1
    OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\John Reynolds\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    2.80 Gb Total Physical Memory | 2.03 Gb Available Physical Memory | 72.64% Memory free
    4.64 Gb Paging File | 4.06 Gb Available in Paging File | 87.58% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 298.09 Gb Total Space | 275.30 Gb Free Space | 92.35% Space Free | Partition Type: NTFS
    Drive E: | 30.94 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: JOHNREYNOLDSM11 | User Name: John Reynolds | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/08/02 16:27:45 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John Reynolds\Desktop\OTL.exe
    PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
    PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    PRC - [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
    PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
    PRC - [2011/03/16 16:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
    PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
    PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
    PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
    PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
    PRC - [2010/06/08 07:20:36 | 000,278,528 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\00THotkey.exe
    PRC - [2010/02/22 15:16:30 | 000,607,616 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TNROTATE\TNROTATE.exe
    PRC - [2010/02/05 18:49:34 | 000,583,024 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
    PRC - [2010/02/05 18:48:52 | 000,677,232 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
    PRC - [2010/02/02 12:01:48 | 001,140,032 | ---- | M] (TOSHIBA Corp.) -- C:\WINDOWS\system32\TFNF5.exe
    PRC - [2009/12/22 10:17:04 | 000,225,280 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exe
    PRC - [2009/12/09 19:29:42 | 000,090,112 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TME3\TMERzCtl.exe
    PRC - [2009/11/23 15:10:34 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSODDCtl.exe
    PRC - [2009/11/23 15:10:12 | 000,319,488 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe
    PRC - [2009/11/23 15:08:50 | 000,040,960 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
    PRC - [2009/11/16 03:10:52 | 002,034,936 | R--- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\ATService.exe
    PRC - [2009/11/12 11:59:22 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
    PRC - [2009/11/05 10:15:18 | 000,111,960 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    PRC - [2009/11/05 10:15:02 | 001,021,272 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
    PRC - [2009/09/30 20:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2009/09/30 20:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2009/08/31 14:21:14 | 000,143,360 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    PRC - [2009/08/24 20:25:56 | 000,575,552 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\ThpSrv.exe
    PRC - [2009/07/22 14:40:00 | 000,083,336 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
    PRC - [2009/07/07 13:10:08 | 000,184,320 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
    PRC - [2009/07/02 09:53:20 | 000,225,280 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
    PRC - [2008/04/14 13:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/11/21 18:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TODDSrv.exe
    PRC - [2007/04/26 12:49:34 | 000,495,616 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\DDWMon.exe
    PRC - [2006/03/16 14:58:00 | 000,974,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    PRC - [2005/12/14 12:00:32 | 000,126,976 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TME3\TMESRV31.exe
    PRC - [2005/08/31 14:46:04 | 000,102,400 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TouchED\TouchED.exe
    PRC - [2005/01/17 17:38:00 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    PRC - [2004/12/24 20:15:26 | 000,081,920 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TME3\TMEEJME.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/08/02 16:27:45 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John Reynolds\Desktop\OTL.exe
    MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
    SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
    SRV - [2010/02/05 18:48:52 | 000,677,232 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
    SRV - [2010/02/04 03:38:58 | 000,108,352 | ---- | M] (AuthenTec, Inc) [Auto | Stopped] -- C:\Program Files\TrueSuite\TrueSuite.Service.exe -- (FPLService)
    SRV - [2009/12/22 10:17:04 | 000,225,280 | ---- | M] () [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exe -- (DCService.exe)
    SRV - [2009/11/16 03:10:52 | 002,034,936 | R--- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Program Files\Fingerprint Sensor\ATService.exe -- (ATService)
    SRV - [2009/11/12 11:59:22 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
    SRV - [2009/11/05 10:15:18 | 000,111,960 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
    SRV - [2009/10/21 11:39:00 | 000,148,848 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
    SRV - [2009/09/30 20:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
    SRV - [2009/09/30 20:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
    SRV - [2009/08/24 20:25:56 | 000,575,552 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\ThpSrv.exe -- (Thpsrv)
    SRV - [2008/04/29 11:04:58 | 000,572,928 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
    SRV - [2007/11/21 18:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\TODDSrv.exe -- (TODDSrv)
    SRV - [2005/12/14 12:00:32 | 000,126,976 | ---- | M] (TOSHIBA) [Auto | Running] -- C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe -- (Tmesrv)
    SRV - [2005/01/17 17:38:00 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/04/14 21:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
    DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
    DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
    DRV - [2010/12/08 05:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
    DRV - [2010/09/22 20:19:02 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
    DRV - [2010/09/13 17:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
    DRV - [2010/09/07 04:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
    DRV - [2010/08/19 22:42:38 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
    DRV - [2010/08/19 22:42:34 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
    DRV - [2010/04/09 16:24:12 | 000,063,616 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
    DRV - [2010/03/25 11:08:30 | 000,105,728 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
    DRV - [2010/03/20 12:56:04 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
    DRV - [2010/03/20 11:28:00 | 000,117,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet)
    DRV - [2010/02/10 16:01:10 | 000,132,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Impcd.sys -- (Impcd)
    DRV - [2010/01/19 05:50:10 | 000,235,520 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
    DRV - [2009/11/27 22:48:00 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\risdpe86.sys -- (risdpcie)
    DRV - [2009/11/15 06:42:12 | 000,671,488 | R--- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
    DRV - [2009/11/12 11:46:02 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
    DRV - [2009/11/02 19:43:32 | 005,939,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2009/09/24 18:54:00 | 000,169,320 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (tosrfbd)
    DRV - [2009/09/23 18:14:10 | 000,160,424 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e1k5132.sys -- (e1kexpress) Intel(R)
    DRV - [2009/09/17 13:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel(R)
    DRV - [2009/09/15 13:34:10 | 005,977,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R)
    DRV - [2009/09/14 15:29:00 | 000,049,400 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
    DRV - [2009/08/10 17:54:00 | 000,059,888 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfSnd.sys -- (TosRfSnd)
    DRV - [2009/07/28 21:01:00 | 000,069,480 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
    DRV - [2009/07/24 12:31:00 | 000,021,608 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
    DRV - [2009/07/13 23:13:00 | 000,015,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec)
    DRV - [2009/07/04 19:37:08 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdpe86.sys -- (rixdpcie)
    DRV - [2009/07/02 09:50:16 | 000,047,104 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimspe86.sys -- (rimspci)
    DRV - [2009/06/29 11:25:30 | 000,029,760 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\thpdrv.sys -- (Thpdrv)
    DRV - [2009/06/22 18:04:58 | 000,024,064 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PGEffect.sys -- (PGEffect)
    DRV - [2009/06/19 10:57:00 | 000,079,872 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Tosrfhid.sys -- (Tosrfhid)
    DRV - [2009/06/19 10:56:00 | 000,042,472 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (tosrfbnp)
    DRV - [2009/06/17 12:59:00 | 000,046,984 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
    DRV - [2009/05/11 20:11:44 | 000,006,528 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Thpevm.SYS -- (Thpevm)
    DRV - [2008/08/05 21:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
    DRV - [2008/04/30 22:09:24 | 000,004,992 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\TVALZFL.sys -- (TVALZFL)
    DRV - [2007/12/18 10:46:34 | 000,044,800 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
    DRV - [2007/11/29 11:39:52 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
    DRV - [2007/11/29 11:39:42 | 000,016,896 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
    DRV - [2007/11/29 11:39:42 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
    DRV - [2007/11/29 11:39:40 | 000,019,328 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
    DRV - [2007/09/17 16:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
    DRV - [2007/03/26 13:22:18 | 000,105,856 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tdudf.sys -- (tdudf)
    DRV - [2007/02/22 16:10:30 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tdcmdpst.sys -- (tdcmdpst)
    DRV - [2007/02/19 13:15:32 | 000,134,016 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\trudf.sys -- (trudf)
    DRV - [2007/02/16 08:44:06 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\TVALZ.SYS -- (TVALZ)
    DRV - [2006/01/04 16:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
    DRV - [2004/06/16 11:08:48 | 000,005,888 | ---- | M] (Toshiba Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TMEI3E.sys -- (TMEI3E)
    DRV - [2003/01/29 15:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/tempcleaner/{ECB77AE7-BDC8-4FF2-8228-099A0D8A1FFC}
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2011/07/12 01:39:09 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/07/12 01:39:16 | 000,000,000 | ---D | M]

    [2011/01/26 03:58:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

    O1 HOSTS File: ([2008/04/14 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\TrueSuite\TrueSuite.IEBHO.dll (AuthenTec Inc.)
    O4 - HKLM..\Run: [000StTHK] C:\WINDOWS\System32\000StTHK.exe ()
    O4 - HKLM..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [ClientAppLogon] C:\Program Files\TrueSuite\TrueSuite.ClientAppLogonExe.exe (AuthenTec, Inc.)
    O4 - HKLM..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe ()
    O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
    O4 - HKLM..\Run: [NDSTray.exe] File not found
    O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [SystemTray] C:\Program Files\TrueSuite\TrueSuite.SysTray.exe (AuthenTec, Inc)
    O4 - HKLM..\Run: [TFncKy] File not found
    O4 - HKLM..\Run: [TFNF5] C:\WINDOWS\System32\TFNF5.exe (TOSHIBA Corp.)
    O4 - HKLM..\Run: [ThpSrv] C:\WINDOWS\System32\thpsrv.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE (TOSHIBA)
    O4 - HKLM..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE (TOSHIBA)
    O4 - HKLM..\Run: [TNRotate] C:\Program Files\TOSHIBA\TNROTATE\TNROTATE.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TosHKCW.exe] C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe (TOSHIBA CORPORATION)
    O4 - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TPSODDCtl] C:\WINDOWS\System32\TPSODDCtl.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TUSBSleepChargeSrv] C:\Program Files\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe (TOSHIBA)
    O4 - HKLM..\Run: [TWebCamera] C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
    O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
    O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (WRC Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/06/15 15:04:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2009/12/22 18:16:52 | 000,131,072 | R--- | M] () - E:\AutoRun.exe -- [ CDFS ]
    O32 - AutoRun File - [2007/11/07 16:41:52 | 000,000,047 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
    O33 - MountPoints2\{18c7488d-e85e-11df-bd1f-002710038390}\Shell - "" = AutoRun
    O33 - MountPoints2\{18c7488d-e85e-11df-bd1f-002710038390}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{18c7488d-e85e-11df-bd1f-002710038390}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/12/22 18:16:52 | 000,131,072 | R--- | M] ()
    O33 - MountPoints2\{18c7488f-e85e-11df-bd1f-002710038390}\Shell - "" = AutoRun
    O33 - MountPoints2\{18c7488f-e85e-11df-bd1f-002710038390}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{18c7488f-e85e-11df-bd1f-002710038390}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/12/22 18:16:52 | 000,131,072 | R--- | M] ()
    O33 - MountPoints2\{18c74893-e85e-11df-bd1f-002710038390}\Shell - "" = AutoRun
    O33 - MountPoints2\{18c74893-e85e-11df-bd1f-002710038390}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{18c74893-e85e-11df-bd1f-002710038390}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/12/22 18:16:52 | 000,131,072 | R--- | M] ()
    O33 - MountPoints2\{18c74895-e85e-11df-bd1f-002710038390}\Shell - "" = AutoRun
    O33 - MountPoints2\{18c74895-e85e-11df-bd1f-002710038390}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{18c74895-e85e-11df-bd1f-002710038390}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/12/22 18:16:52 | 000,131,072 | R--- | M] ()
    O33 - MountPoints2\{18c74898-e85e-11df-bd1f-002710038390}\Shell - "" = AutoRun
    O33 - MountPoints2\{18c74898-e85e-11df-bd1f-002710038390}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{18c74898-e85e-11df-bd1f-002710038390}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/12/22 18:16:52 | 000,131,072 | R--- | M] ()
    O33 - MountPoints2\{24d9281e-f45e-11df-bd29-002710038390}\Shell - "" = AutoRun
    O33 - MountPoints2\{24d9281e-f45e-11df-bd29-002710038390}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{24d9281e-f45e-11df-bd29-002710038390}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/12/22 18:16:52 | 000,131,072 | R--- | M] ()
    O33 - MountPoints2\{5f36c9d0-44f4-11e0-be17-002710038390}\Shell - "" = AutoRun
    O33 - MountPoints2\{5f36c9d0-44f4-11e0-be17-002710038390}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{5f36c9d0-44f4-11e0-be17-002710038390}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/12/22 18:16:52 | 000,131,072 | R--- | M] ()
    O33 - MountPoints2\{ddc02a54-4485-11e0-be15-002710038390}\Shell - "" = AutoRun
    O33 - MountPoints2\{ddc02a54-4485-11e0-be15-002710038390}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{ddc02a54-4485-11e0-be15-002710038390}\Shell\AutoRun\command - "" = E:\NokiaPCIA_Autorun.exe
    O33 - MountPoints2\{fa2cbcea-e858-11df-bd1e-002710038390}\Shell - "" = AutoRun
    O33 - MountPoints2\{fa2cbcea-e858-11df-bd1e-002710038390}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{fa2cbcea-e858-11df-bd1e-002710038390}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/12/22 18:16:52 | 000,131,072 | R--- | M] ()
    O33 - MountPoints2\{fa2cbcee-e858-11df-bd1e-002710038390}\Shell - "" = AutoRun
    O33 - MountPoints2\{fa2cbcee-e858-11df-bd1e-002710038390}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{fa2cbcee-e858-11df-bd1e-002710038390}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/12/22 18:16:52 | 000,131,072 | R--- | M] ()
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/08/02 16:27:40 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\John Reynolds\Desktop\OTL.exe
    [2011/08/02 15:52:13 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2011/08/02 15:46:43 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\John Reynolds\Desktop\erunt-setup.exe
    [2011/08/02 15:44:13 | 011,714,744 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\John Reynolds\Desktop\SUPERAntiSpyware.exe
    [2011/08/02 15:43:35 | 000,607,017 | ---- | C] (Swearware) -- C:\Documents and Settings\John Reynolds\Desktop\dds.com
    [2011/07/29 18:55:45 | 000,032,768 | ---- | C] (AnchorFree Inc) -- C:\WINDOWS\System32\drivers\taphss.sys
    [2011/07/29 18:55:37 | 000,037,376 | ---- | C] (AnchorFree Inc.) -- C:\WINDOWS\System32\drivers\HssDrv.sys
    [2010/11/04 19:57:30 | 000,004,096 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [17 C:\Documents and Settings\John Reynolds\Desktop\*.tmp files -> C:\Documents and Settings\John Reynolds\Desktop\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/08/02 16:27:45 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John Reynolds\Desktop\OTL.exe
    [2011/08/02 15:46:42 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\John Reynolds\Desktop\erunt-setup.exe
    [2011/08/02 15:44:26 | 000,002,048 | ---- | M] () -- C:\Uninstall.dat
    [2011/08/02 15:44:12 | 011,714,744 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\John Reynolds\Desktop\SUPERAntiSpyware.exe
    [2011/08/02 15:43:38 | 000,607,017 | ---- | M] (Swearware) -- C:\Documents and Settings\John Reynolds\Desktop\dds.com
    [2011/08/02 15:31:37 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\John Reynolds\Local Settings\Application Data\prvlcl.dat
    [2011/08/02 15:10:40 | 000,001,150 | ---- | M] () -- C:\Documents and Settings\John Reynolds\Desktop\2Aug AVG log2.csv
    [2011/08/02 15:07:55 | 000,001,064 | ---- | M] () -- C:\Documents and Settings\John Reynolds\Desktop\2Aug AVG log.csv
    [2011/08/02 15:01:40 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/08/02 14:33:33 | 126,548,696 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm.prepare
    [2011/08/02 14:31:57 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/08/02 14:30:28 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-540314570-2194171126-2655910169-1005.job
    [2011/08/02 14:30:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/08/02 14:29:59 | 3003,564,032 | -HS- | M] () -- C:\hiberfil.sys
    [2011/08/02 14:23:53 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{758DE982-F315-4BED-8E6C-2F284BFCABB7}.job
    [2011/08/02 03:10:50 | 000,171,589 | ---- | M] () -- C:\Documents and Settings\John Reynolds\Desktop\Ashby Monk SWF Investments in Infra.pdf
    [2011/08/01 16:26:00 | 000,044,544 | ---- | M] () -- C:\Documents and Settings\John Reynolds\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/08/01 15:10:00 | 126,488,478 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
    [2011/07/30 19:27:06 | 000,000,211 | RHS- | M] () -- C:\boot.ini
    [2011/07/29 18:55:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\cd.dat
    [2011/07/24 00:01:15 | 001,600,101 | ---- | M] () -- C:\Documents and Settings\John Reynolds\Desktop\Google_The_Impact_of_Clean_Energy_Innovation.pdf
    [2011/07/14 10:49:50 | 000,326,704 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2011/07/14 04:06:30 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2011/07/12 01:39:17 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
    [2011/07/10 17:51:00 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-540314570-2194171126-2655910169-1005.job
    [2011/07/09 16:03:41 | 000,098,537 | ---- | M] () -- C:\Documents and Settings\John Reynolds\My Documents\090711 profile pic.jpg
    [2011/07/09 16:03:41 | 000,098,537 | ---- | M] () -- C:\Documents and Settings\John Reynolds\My Documents\090711 my pic.jpg
    [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [17 C:\Documents and Settings\John Reynolds\Desktop\*.tmp files -> C:\Documents and Settings\John Reynolds\Desktop\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/08/02 15:44:26 | 000,002,048 | ---- | C] () -- C:\Uninstall.dat
    [2011/08/02 15:10:40 | 000,001,150 | ---- | C] () -- C:\Documents and Settings\John Reynolds\Desktop\2Aug AVG log2.csv
    [2011/08/02 15:07:55 | 000,001,064 | ---- | C] () -- C:\Documents and Settings\John Reynolds\Desktop\2Aug AVG log.csv
    [2011/08/02 03:10:50 | 000,171,589 | ---- | C] () -- C:\Documents and Settings\John Reynolds\Desktop\Ashby Monk SWF Investments in Infra.pdf
    [2011/07/30 19:25:38 | 3003,564,032 | -HS- | C] () -- C:\hiberfil.sys
    [2011/07/29 18:55:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\cd.dat
    [2011/07/24 00:01:06 | 001,600,101 | ---- | C] () -- C:\Documents and Settings\John Reynolds\Desktop\Google_The_Impact_of_Clean_Energy_Innovation.pdf
    [2011/07/09 16:04:16 | 000,098,537 | ---- | C] () -- C:\Documents and Settings\John Reynolds\My Documents\090711 profile pic.jpg
    [2011/07/09 16:03:41 | 000,098,537 | ---- | C] () -- C:\Documents and Settings\John Reynolds\My Documents\090711 my pic.jpg
    [2011/05/03 04:27:18 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/04/06 02:52:26 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\John Reynolds\Local Settings\Application Data\prvlcl.dat
    [2011/01/14 00:14:57 | 000,068,404 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2011/01/08 23:46:01 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
    [2010/12/16 12:53:08 | 000,032,768 | R--- | C] () -- C:\WINDOWS\System32\Snape25.bin
    [2010/11/17 14:34:28 | 000,044,544 | ---- | C] () -- C:\Documents and Settings\John Reynolds\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/11/05 03:11:58 | 000,411,240 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2010/11/04 22:20:26 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2010/11/04 20:38:59 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2010/11/04 20:32:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
    [2010/11/04 20:24:46 | 000,007,084 | ---- | C] () -- C:\WINDOWS\System32\drivers\HDACfg.dat
    [2010/11/04 20:24:46 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtkhdaud.dat
    [2010/11/04 19:57:31 | 000,127,896 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng575.bin
    [2010/11/04 19:57:30 | 000,874,032 | ---- | C] () -- C:\WINDOWS\System32\igkrng575.bin
    [2010/11/04 19:57:30 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config
    [2010/06/15 16:00:22 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2010/06/15 15:59:49 | 000,326,704 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/06/15 15:50:02 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\000StTHK.exe
    [2010/06/15 15:21:31 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ToshBIOS.dll
    [2010/06/15 15:20:09 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
    [2010/06/15 15:19:38 | 000,159,744 | ---- | C] () -- C:\WINDOWS\MakeMrk.exe
    [2010/06/15 15:19:38 | 000,000,083 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2010/06/15 15:05:38 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2010/06/15 15:02:55 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2010/06/15 13:55:30 | 000,495,464 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/06/15 13:55:30 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2010/06/15 13:55:30 | 000,091,860 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/06/15 13:55:30 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2010/06/15 13:55:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2010/06/15 13:55:29 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2010/06/15 13:55:29 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2010/06/15 13:55:29 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2010/06/15 13:55:29 | 000,004,598 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2010/06/15 13:55:29 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2010/06/15 13:55:26 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2010/06/15 13:55:25 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
    [2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
    [2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
    [2008/05/26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
    [2008/05/26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
    [2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
    [2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
    [2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
    [2007/03/30 00:00:40 | 000,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll

    ========== LOP Check ==========

    [2011/05/03 11:36:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
    [2010/11/04 15:21:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2011/03/02 18:45:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DatacardService
    [2010/11/04 20:35:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
    [2011/03/02 06:00:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
    [2011/04/13 18:08:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2011/03/02 05:32:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
    [2011/05/03 15:18:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
    [2011/03/28 19:18:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TOSHIBA
    [2010/11/04 20:35:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TrueSuite
    [2010/11/25 13:58:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
    [2010/11/18 01:30:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2010/11/18 03:16:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Reynolds\Application Data\AVG
    [2010/11/04 15:49:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Reynolds\Application Data\AVG10
    [2011/08/02 14:42:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Reynolds\Application Data\Azureus
    [2011/03/02 15:15:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Reynolds\Application Data\Nokia
    [2011/03/02 15:15:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Reynolds\Application Data\PC Suite
    [2011/02/08 18:35:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Reynolds\Application Data\Toolbar4
    [2011/06/04 21:44:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Reynolds\Application Data\toshiba
    [2010/11/03 04:10:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Reynolds\Application Data\WinBatch
    [2010/11/13 20:50:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Reynolds\Application Data\Windows Desktop Search
    [2010/11/18 00:38:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Reynolds\Application Data\Windows Search
    [2011/08/02 14:23:53 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{758DE982-F315-4BED-8E6C-2F284BFCABB7}.job

    ========== Purity Check ==========



    < End of report >

    OTL Extras logfile created on: 02/08/2011 16:29:15 - Run 1
    OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\John Reynolds\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    2.80 Gb Total Physical Memory | 2.03 Gb Available Physical Memory | 72.64% Memory free
    4.64 Gb Paging File | 4.06 Gb Available in Paging File | 87.58% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 298.09 Gb Total Space | 275.30 Gb Free Space | 92.35% Space Free | Partition Type: NTFS
    Drive E: | 30.94 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: JOHNREYNOLDSM11 | User Name: John Reynolds | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
    "80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\TOSHIBA\Windows Utilities\TACSPROP.exe" = C:\Program Files\TOSHIBA\Windows Utilities\TACSPROP.exe:*:Enabled:Accessibility -- (TOSHIBA Corporation.)
    "C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)
    "C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}" = RICOH R5U230 Media Driver ver.2.08.03.03
    "{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
    "{1E1300BC-6DBA-476B-8CCF-4AA81ED4DF6A}" = AVG 2011
    "{1E63ACB5-D45E-4856-8FC9-78F4B0D7BB80}" = TOSHIBA Security Assist
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
    "{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
    "{24300A63-DD78-4AA5-A914-4D582C41D33A}" = TOSHIBA TouchPad On/Off Utility V2.5.1.0
    "{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
    "{2849DBDE-B140-498D-99D6-96F5E6EB45D6}" = AuthenTec TrueSuite
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{2C38F661-26B7-445D-B87D-B53FE2D3BD42}" = TOSHIBA PC Diagnostic Tool
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3B8D9FA4-745C-47C9-962D-4ABE6ACE136B}" = TOSHIBA Mobile Extension3
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{400830CA-F056-4BBE-80A3-9DF9CA4FB889}" = TOSHIBA Direct Disc Writer
    "{4F1DCA42-2030-437C-A94E-736692A499C1}" = Nokia Connectivity Cable Driver
    "{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
    "{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
    "{56190F69-01D3-46CA-9861-43377C5E9B87}" = TOSHIBA Utilities
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{5AFEABF5-7411-4C29-9FA9-71ABE880662D}" = Nokia PC Suite
    "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
    "{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
    "{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
    "{70D5C875-8C16-48BC-8758-3E90A052C985}" = TOSHIBA Manuals
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{7862BAD8-A379-4128-8AA1-EFD5A9603C53}" = Wireless Hotkey
    "{80490945-CE48-45CF-9CCA-CA0EF44D9FE4}" = AVG 2011
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{91120409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard
    "{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
    "{990C7C7E-7E53-49A1-9766-5369E17892BB}" = Nokia PC Internet Access
    "{9ACBDDE2-DD2D-4103-8ECE-D1A9F7F03D1A}" = TOSHIBA Power Saver
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
    "{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
    "{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C0FC3B56-E345-40CD-A5CB-7EB791CE3E74}" = TOSHIBA Password Utility
    "{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
    "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
    "{C897FCB3-2F8B-4185-8035-79E2AF3A92A4}" = iTunes
    "{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CD95F661-A5C4-44F5-A6AA-ECDD91C240BF}" = WinZip 15.0
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
    "{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
    "{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}" = TOSHIBA USB Sleep and Charge Utility
    "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
    "{E9BC886E-0D8A-4EF5-B793-30DB776C6E2C}" = PC Connectivity Solution
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{FEDFB4DC-E149-4897-B616-4811C718E54F}" = TOSHIBA 180 Degrees Rotation Utility
    "3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
    "8461-7759-5462-8226" = Vuze
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Agfa ScanWise 1.60" = Agfa ScanWise 1.60
    "AVG" = AVG 2011
    "CBF192A85B624E32B8D19ADEEF2DCFC5BC3AA73A" = Windows Driver Package - Nokia Modem (03/05/2008 3.7)
    "E092B2EBF2FFE83E896F8F7F829A7B5D7D1B2F9D" = Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1)
    "GOM Player" = GOM Player
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{2C38F661-26B7-445D-B87D-B53FE2D3BD42}" = TOSHIBA PC Diagnostic Tool
    "InstallShield_{56190F69-01D3-46CA-9861-43377C5E9B87}" = TOSHIBA Utilities
    "InstallShield_{9ACBDDE2-DD2D-4103-8ECE-D1A9F7F03D1A}" = TOSHIBA Power Saver
    "InstallShield_{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
    "InstallShield_{C0FC3B56-E345-40CD-A5CB-7EB791CE3E74}" = TOSHIBA Password Utility
    "InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Nokia PC Internet Access" = Nokia PC Internet Access
    "Nokia PC Suite" = Nokia PC Suite
    "O2 Broadband" = O2 Broadband
    "Picasa 3" = Picasa 3
    "PROSet" = Intel(R) Network Connections Drivers
    "RealPlayer 12.0" = RealPlayer
    "Security Task Manager" = Security Task Manager 1.8c
    "Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.4
    "TDspBtn" = TOSHIBA Display Devices Change Utility
    "Temp File Cleaner" = Temp File Cleaner
    "TFNF5" = TOSHIBA Hotkey Utility for Display Devices
    "TME" = Uninstall for TOSHIBA Mobile Extension3
    "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    "Windows Media Format Runtime" = Windows Media Format Runtime
    "Windows Media Player" = Windows Media Player 10
    "WinRAR archiver" = WinRAR archiver

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 02/08/2011 10:21:06 | Computer Name = JOHNREYNOLDSM11 | Source = Application Error | ID = 1000
    Description = Faulting application avgnsx.exe, version 10.0.0.1364, faulting module
    avgxpl.dll, version 10.0.0.1385, fault address 0x00136302.

    Error - 02/08/2011 10:23:50 | Computer Name = JOHNREYNOLDSM11 | Source = Application Error | ID = 1000
    Description = Faulting application avgnsx.exe, version 10.0.0.1364, faulting module
    avgxpl.dll, version 10.0.0.1385, fault address 0x00136302.

    Error - 02/08/2011 10:28:06 | Computer Name = JOHNREYNOLDSM11 | Source = Application Error | ID = 1000
    Description = Faulting application avgnsx.exe, version 10.0.0.1364, faulting module
    ntdll.dll, version 5.1.2600.6055, fault address 0x00011689.

    Error - 02/08/2011 10:32:05 | Computer Name = JOHNREYNOLDSM11 | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 02/08/2011 10:32:11 | Computer Name = JOHNREYNOLDSM11 | Source = Application Hang | ID = 1001
    Description = Fault bucket 1180947459.

    Error - 02/08/2011 10:32:23 | Computer Name = JOHNREYNOLDSM11 | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
    module avgxpl.dll, version 10.0.0.1385, fault address 0x0012bb7e.

    Error - 02/08/2011 10:39:04 | Computer Name = JOHNREYNOLDSM11 | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
    module flash10p.ocx, version 10.2.159.1, fault address 0x0038a620.

    Error - 02/08/2011 10:39:08 | Computer Name = JOHNREYNOLDSM11 | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
    module jscript.dll, version 5.8.6001.23141, fault address 0x00018ef0.

    Error - 02/08/2011 10:39:15 | Computer Name = JOHNREYNOLDSM11 | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
    module iertutil.dll, version 8.0.6001.19072, fault address 0x0010dc19.

    Error - 02/08/2011 10:43:15 | Computer Name = JOHNREYNOLDSM11 | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
    module ntdll.dll, version 5.1.2600.6055, fault address 0x00029efc.

    [ System Events ]
    Error - 02/08/2011 09:33:46 | Computer Name = JOHNREYNOLDSM11 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service WSearch with
    arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

    Error - 02/08/2011 09:40:16 | Computer Name = JOHNREYNOLDSM11 | Source = Service Control Manager | ID = 7034
    Description = The TrueSuiteService service terminated unexpectedly. It has done
    this 1 time(s).

    Error - 02/08/2011 09:49:01 | Computer Name = JOHNREYNOLDSM11 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service WSearch with
    arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

    Error - 02/08/2011 09:56:24 | Computer Name = JOHNREYNOLDSM11 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service WSearch with
    arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

    Error - 02/08/2011 10:03:50 | Computer Name = JOHNREYNOLDSM11 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service WSearch with
    arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

    Error - 02/08/2011 10:08:31 | Computer Name = JOHNREYNOLDSM11 | Source = Dhcp | ID = 1002
    Description = The IP address lease 62.40.58.220 for the Network Card with network
    address 001E101F648E has been denied by the DHCP server 89.204.180.177 (The DHCP
    Server sent a DHCPNACK message).

    Error - 02/08/2011 10:10:33 | Computer Name = JOHNREYNOLDSM11 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service StiSvc with
    arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

    Error - 02/08/2011 10:11:22 | Computer Name = JOHNREYNOLDSM11 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service WSearch with
    arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

    Error - 02/08/2011 10:47:22 | Computer Name = JOHNREYNOLDSM11 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service WSearch with
    arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

    Error - 02/08/2011 11:26:21 | Computer Name = JOHNREYNOLDSM11 | Source = Dhcp | ID = 1002
    Description = The IP address lease 89.204.180.179 for the Network Card with network
    address 001E101F648E has been denied by the DHCP server 95.83.206.201 (The DHCP
    Server sent a DHCPNACK message).


    < End of report >


  • #4
    Gekko
    Registered Users, Registered Users 2 Posts: 1,189 ✭✭✭Gekko


    Thanks for the swift reply ASJ - much appreciated. :-)

    OTL logfile created on: 02/08/2011 16:29:15 - Run 1
    OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\John Reynolds\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    2.80 Gb Total Physical Memory | 2.03 Gb Available Physical Memory | 72.64% Memory free
    4.64 Gb Paging File | 4.06 Gb Available in Paging File | 87.58% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 298.09 Gb Total Space | 275.30 Gb Free Space | 92.35% Space Free | Partition Type: NTFS
    Drive E: | 30.94 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: JOHNREYNOLDSM11 | User Name: John Reynolds | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/08/02 16:27:45 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John Reynolds\Desktop\OTL.exe
    PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
    PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    PRC - [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
    PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
    PRC - [2011/03/16 16:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
    PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
    PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
    PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
    PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
    PRC - [2010/06/08 07:20:36 | 000,278,528 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\00THotkey.exe
    PRC - [2010/02/22 15:16:30 | 000,607,616 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TNROTATE\TNROTATE.exe
    PRC - [2010/02/05 18:49:34 | 000,583,024 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
    PRC - [2010/02/05 18:48:52 | 000,677,232 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
    PRC - [2010/02/02 12:01:48 | 001,140,032 | ---- | M] (TOSHIBA Corp.) -- C:\WINDOWS\system32\TFNF5.exe
    PRC - [2009/12/22 10:17:04 | 000,225,280 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exe
    PRC - [2009/12/09 19:29:42 | 000,090,112 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TME3\TMERzCtl.exe
    PRC - [2009/11/23 15:10:34 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSODDCtl.exe
    PRC - [2009/11/23 15:10:12 | 000,319,488 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe
    PRC - [2009/11/23 15:08:50 | 000,040,960 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
    PRC - [2009/11/16 03:10:52 | 002,034,936 | R--- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\ATService.exe
    PRC - [2009/11/12 11:59:22 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
    PRC - [2009/11/05 10:15:18 | 000,111,960 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    PRC - [2009/11/05 10:15:02 | 001,021,272 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
    PRC - [2009/09/30 20:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2009/09/30 20:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2009/08/31 14:21:14 | 000,143,360 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    PRC - [2009/08/24 20:25:56 | 000,575,552 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\ThpSrv.exe
    PRC - [2009/07/22 14:40:00 | 000,083,336 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
    PRC - [2009/07/07 13:10:08 | 000,184,320 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
    PRC - [2009/07/02 09:53:20 | 000,225,280 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
    PRC - [2008/04/14 13:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/11/21 18:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TODDSrv.exe
    PRC - [2007/04/26 12:49:34 | 000,495,616 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\DDWMon.exe
    PRC - [2006/03/16 14:58:00 | 000,974,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    PRC - [2005/12/14 12:00:32 | 000,126,976 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TME3\TMESRV31.exe
    PRC - [2005/08/31 14:46:04 | 000,102,400 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TouchED\TouchED.exe
    PRC - [2005/01/17 17:38:00 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    PRC - [2004/12/24 20:15:26 | 000,081,920 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TME3\TMEEJME.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/08/02 16:27:45 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John Reynolds\Desktop\OTL.exe
    MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
    SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
    SRV - [2010/02/05 18:48:52 | 000,677,232 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
    SRV - [2010/02/04 03:38:58 | 000,108,352 | ---- | M] (AuthenTec, Inc) [Auto | Stopped] -- C:\Program Files\TrueSuite\TrueSuite.Service.exe -- (FPLService)
    SRV - [2009/12/22 10:17:04 | 000,225,280 | ---- | M] () [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exe -- (DCService.exe)
    SRV - [2009/11/16 03:10:52 | 002,034,936 | R--- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Program Files\Fingerprint Sensor\ATService.exe -- (ATService)
    SRV - [2009/11/12 11:59:22 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
    SRV - [2009/11/05 10:15:18 | 000,111,960 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
    SRV - [2009/10/21 11:39:00 | 000,148,848 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
    SRV - [2009/09/30 20:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
    SRV - [2009/09/30 20:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
    SRV - [2009/08/24 20:25:56 | 000,575,552 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\ThpSrv.exe -- (Thpsrv)
    SRV - [2008/04/29 11:04:58 | 000,572,928 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
    SRV - [2007/11/21 18:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\TODDSrv.exe -- (TODDSrv)
    SRV - [2005/12/14 12:00:32 | 000,126,976 | ---- | M] (TOSHIBA) [Auto | Running] -- C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe -- (Tmesrv)
    SRV - [2005/01/17 17:38:00 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/04/14 21:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
    DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
    DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
    DRV - [2010/12/08 05:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
    DRV - [2010/09/22 20:19:02 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
    DRV - [2010/09/13 17:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
    DRV - [2010/09/07 04:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
    DRV - [2010/08/19 22:42:38 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
    DRV - [2010/08/19 22:42:34 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
    DRV - [2010/04/09 16:24:12 | 000,063,616 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
    DRV - [2010/03/25 11:08:30 | 000,105,728 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
    DRV - [2010/03/20 12:56:04 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
    DRV - [2010/03/20 11:28:00 | 000,117,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet)
    DRV - [2010/02/10 16:01:10 | 000,132,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Impcd.sys -- (Impcd)
    DRV - [2010/01/19 05:50:10 | 000,235,520 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
    DRV - [2009/11/27 22:48:00 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\risdpe86.sys -- (risdpcie)
    DRV - [2009/11/15 06:42:12 | 000,671,488 | R--- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
    DRV - [2009/11/12 11:46:02 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
    DRV - [2009/11/02 19:43:32 | 005,939,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2009/09/24 18:54:00 | 000,169,320 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (tosrfbd)
    DRV - [2009/09/23 18:14:10 | 000,160,424 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e1k5132.sys -- (e1kexpress) Intel(R)
    DRV - [2009/09/17 13:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel(R)
    DRV - [2009/09/15 13:34:10 | 005,977,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R)
    DRV - [2009/09/14 15:29:00 | 000,049,400 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
    DRV - [2009/08/10 17:54:00 | 000,059,888 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfSnd.sys -- (TosRfSnd)
    DRV - [2009/07/28 21:01:00 | 000,069,480 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
    DRV - [2009/07/24 12:31:00 | 000,021,608 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
    DRV - [2009/07/13 23:13:00 | 000,015,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec)
    DRV - [2009/07/04 19:37:08 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdpe86.sys -- (rixdpcie)
    DRV - [2009/07/02 09:50:16 | 000,047,104 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimspe86.sys -- (rimspci)
    DRV - [2009/06/29 11:25:30 | 000,029,760 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\thpdrv.sys -- (Thpdrv)
    DRV - [2009/06/22 18:04:58 | 000,024,064 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PGEffect.sys -- (PGEffect)
    DRV - [2009/06/19 10:57:00 | 000,079,872 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Tosrfhid.sys -- (Tosrfhid)
    DRV - [2009/06/19 10:56:00 | 000,042,472 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (tosrfbnp)
    DRV - [2009/06/17 12:59:00 | 000,046,984 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
    DRV - [2009/05/11 20:11:44 | 000,006,528 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Thpevm.SYS -- (Thpevm)
    DRV - [2008/08/05 21:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
    DRV - [2008/04/30 22:09:24 | 000,004,992 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\TVALZFL.sys -- (TVALZFL)
    DRV - [2007/12/18 10:46:34 | 000,044,800 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
    DRV - [2007/11/29 11:39:52 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
    DRV - [2007/11/29 11:39:42 | 000,016,896 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
    DRV - [2007/11/29 11:39:42 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
    DRV - [2007/11/29 11:39:40 | 000,019,328 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
    DRV - [2007/09/17 16:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
    DRV - [2007/03/26 13:22:18 | 000,105,856 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tdudf.sys -- (tdudf)
    DRV - [2007/02/22 16:10:30 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tdcmdpst.sys -- (tdcmdpst)
    DRV - [2007/02/19 13:15:32 | 000,134,016 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\trudf.sys -- (trudf)
    DRV - [2007/02/16 08:44:06 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\TVALZ.SYS -- (TVALZ)
    DRV - [2006/01/04 16:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
    DRV - [2004/06/16 11:08:48 | 000,005,888 | ---- | M] (Toshiba Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TMEI3E.sys -- (TMEI3E)
    DRV - [2003/01/29 15:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/tempcleaner/{ECB77AE7-BDC8-4FF2-8228-099A0D8A1FFC}
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2011/07/12 01:39:09 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/07/12 01:39:16 | 000,000,000 | ---D | M]

    [2011/01/26 03:58:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

    O1 HOSTS File: ([2008/04/14 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\TrueSuite\TrueSuite.IEBHO.dll (AuthenTec Inc.)
    O4 - HKLM..\Run: [000StTHK] C:\WINDOWS\System32\000StTHK.exe ()
    O4 - HKLM..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [ClientAppLogon] C:\Program Files\TrueSuite\TrueSuite.ClientAppLogonExe.exe (AuthenTec, Inc.)
    O4 - HKLM..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe ()
    O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
    O4 - HKLM..\Run: [NDSTray.exe] File not found
    O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [SystemTray] C:\Program Files\TrueSuite\TrueSuite.SysTray.exe (AuthenTec, Inc)
    O4 - HKLM..\Run: [TFncKy] File not found
    O4 - HKLM..\Run: [TFNF5] C:\WINDOWS\System32\TFNF5.exe (TOSHIBA Corp.)
    O4 - HKLM..\Run: [ThpSrv] C:\WINDOWS\System32\thpsrv.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE (TOSHIBA)
    O4 - HKLM..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE (TOSHIBA)
    O4 - HKLM..\Run: [TNRotate] C:\Program Files\TOSHIBA\TNROTATE\TNROTATE.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TosHKCW.exe] C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe (TOSHIBA CORPORATION)
    O4 - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TPSODDCtl] C:\WINDOWS\System32\TPSODDCtl.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TUSBSleepChargeSrv] C:\Program Files\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe (TOSHIBA)
    O4 - HKLM..\Run: [TWebCamera] C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
    O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
    O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (WRC Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/06/15 15:04:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2009/12/22 18:16:52 | 000,131,072 | R--- | M] () - E:\AutoRun.exe -- [ CDFS ]
    O32 - AutoRun File - [2007/11/07 16:41:52 | 000,000,047 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
    O33 - MountPoints2\{18c7488d-e85e-11df-bd1f-002710038390}\Shell - "" = AutoRun
    O33 - MountPoints2\{18c7488d-e85e-11df-bd1f-002710038390}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{18c7488d-e85e-11df-bd1f-002710038390}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/12/22 18:16:52 | 000,131,072 | R--- | M] ()
    O33 - MountPoints2\{18c7488f-e85e-11df-bd1f-002710038390}\Shell - "" = AutoRun
    O33 - MountPoints2\{18c7488f-e85e-11df-bd1f-002710038390}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{18c7488f-e85e-11df-bd1f-002710038390}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/12/22 18:16:52 | 000,131,072 | R--- | M] ()
    O33 - MountPoints2\{18c74893-e85e-11df-bd1f-002710038390}\Shell - "" = AutoRun
    O33 - MountPoints2\{18c74893-e85e-11df-bd1f-002710038390}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{18c74893-e85e-11df-bd1f-002710038390}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/12/22 18:16:52 | 000,131,072 | R--- | M] ()
    O33 - MountPoints2\{18c74895-e85e-11df-bd1f-002710038390}\Shell - "" = AutoRun
    O33 - MountPoints2\{18c74895-e85e-11df-bd1f-002710038390}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{18c74895-e85e-11df-bd1f-002710038390}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/12/22 18:16:52 | 000,131,072 | R--- | M] ()
    O33 - MountPoints2\{18c74898-e85e-11df-bd1f-002710038390}\Shell - "" = AutoRun
    O33 - MountPoints2\{18c74898-e85e-11df-bd1f-002710038390}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{18c74898-e85e-11df-bd1f-002710038390}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/12/22 18:16:52 | 000,131,072 | R--- | M] ()
    O33 - MountPoints2\{24d9281e-f45e-11df-bd29-002710038390}\Shell - "" = AutoRun
    O33 - MountPoints2\{24d9281e-f45e-11df-bd29-002710038390}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{24d9281e-f45e-11df-bd29-002710038390}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/12/22 18:16:52 | 000,131,072 | R--- | M] ()
    O33 - MountPoints2\{5f36c9d0-44f4-11e0-be17-002710038390}\Shell - "" = AutoRun
    O33 - MountPoints2\{5f36c9d0-44f4-11e0-be17-002710038390}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{5f36c9d0-44f4-11e0-be17-002710038390}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/12/22 18:16:52 | 000,131,072 | R--- | M] ()
    O33 - MountPoints2\{ddc02a54-4485-11e0-be15-002710038390}\Shell - "" = AutoRun
    O33 - MountPoints2\{ddc02a54-4485-11e0-be15-002710038390}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{ddc02a54-4485-11e0-be15-002710038390}\Shell\AutoRun\command - "" = E:\NokiaPCIA_Autorun.exe
    O33 - MountPoints2\{fa2cbcea-e858-11df-bd1e-002710038390}\Shell - "" = AutoRun
    O33 - MountPoints2\{fa2cbcea-e858-11df-bd1e-002710038390}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{fa2cbcea-e858-11df-bd1e-002710038390}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/12/22 18:16:52 | 000,131,072 | R--- | M] ()
    O33 - MountPoints2\{fa2cbcee-e858-11df-bd1e-002710038390}\Shell - "" = AutoRun
    O33 - MountPoints2\{fa2cbcee-e858-11df-bd1e-002710038390}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{fa2cbcee-e858-11df-bd1e-002710038390}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/12/22 18:16:52 | 000,131,072 | R--- | M] ()
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/08/02 16:27:40 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\John Reynolds\Desktop\OTL.exe
    [2011/08/02 15:52:13 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2011/08/02 15:46:43 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\John Reynolds\Desktop\erunt-setup.exe
    [2011/08/02 15:44:13 | 011,714,744 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\John Reynolds\Desktop\SUPERAntiSpyware.exe
    [2011/08/02 15:43:35 | 000,607,017 | ---- | C] (Swearware) -- C:\Documents and Settings\John Reynolds\Desktop\dds.com
    [2011/07/29 18:55:45 | 000,032,768 | ---- | C] (AnchorFree Inc) -- C:\WINDOWS\System32\drivers\taphss.sys
    [2011/07/29 18:55:37 | 000,037,376 | ---- | C] (AnchorFree Inc.) -- C:\WINDOWS\System32\drivers\HssDrv.sys
    [2010/11/04 19:57:30 | 000,004,096 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [17 C:\Documents and Settings\John Reynolds\Desktop\*.tmp files -> C:\Documents and Settings\John Reynolds\Desktop\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/08/02 16:27:45 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John Reynolds\Desktop\OTL.exe
    [2011/08/02 15:46:42 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\John Reynolds\Desktop\erunt-setup.exe
    [2011/08/02 15:44:26 | 000,002,048 | ---- | M] () -- C:\Uninstall.dat
    [2011/08/02 15:44:12 | 011,714,744 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\John Reynolds\Desktop\SUPERAntiSpyware.exe
    [2011/08/02 15:43:38 | 000,607,017 | ---- | M] (Swearware) -- C:\Documents and Settings\John Reynolds\Desktop\dds.com
    [2011/08/02 15:31:37 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\John Reynolds\Local Settings\Application Data\prvlcl.dat
    [2011/08/02 15:10:40 | 000,001,150 | ---- | M] () -- C:\Documents and Settings\John Reynolds\Desktop\2Aug AVG log2.csv
    [2011/08/02 15:07:55 | 000,001,064 | ---- | M] () -- C:\Documents and Settings\John Reynolds\Desktop\2Aug AVG log.csv
    [2011/08/02 15:01:40 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/08/02 14:33:33 | 126,548,696 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm.prepare
    [2011/08/02 14:31:57 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/08/02 14:30:28 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-540314570-2194171126-2655910169-1005.job
    [2011/08/02 14:30:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/08/02 14:29:59 | 3003,564,032 | -HS- | M] () -- C:\hiberfil.sys
    [2011/08/02 14:23:53 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{758DE982-F315-4BED-8E6C-2F284BFCABB7}.job
    [2011/08/02 03:10:50 | 000,171,589 | ---- | M] () -- C:\Documents and Settings\John Reynolds\Desktop\Ashby Monk SWF Investments in Infra.pdf
    [2011/08/01 16:26:00 | 000,044,544 | ---- | M] () -- C:\Documents and Settings\John Reynolds\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/08/01 15:10:00 | 126,488,478 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
    [2011/07/30 19:27:06 | 000,000,211 | RHS- | M] () -- C:\boot.ini
    [2011/07/29 18:55:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\cd.dat
    [2011/07/24 00:01:15 | 001,600,101 | ---- | M] () -- C:\Documents and Settings\John Reynolds\Desktop\Google_The_Impact_of_Clean_Energy_Innovation.pdf
    [2011/07/14 10:49:50 | 000,326,704 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2011/07/14 04:06:30 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2011/07/12 01:39:17 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
    [2011/07/10 17:51:00 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-540314570-2194171126-2655910169-1005.job
    [2011/07/09 16:03:41 | 000,098,537 | ---- | M] () -- C:\Documents and Settings\John Reynolds\My Documents\090711 profile pic.jpg
    [2011/07/09 16:03:41 | 000,098,537 | ---- | M] () -- C:\Documents and Settings\John Reynolds\My Documents\090711 my pic.jpg
    [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [17 C:\Documents and Settings\John Reynolds\Desktop\*.tmp files -> C:\Documents and Settings\John Reynolds\Desktop\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/08/02 15:44:26 | 000,002,048 | ---- | C] () -- C:\Uninstall.dat
    [2011/08/02 15:10:40 | 000,001,150 | ---- | C] () -- C:\Documents and Settings\John Reynolds\Desktop\2Aug AVG log2.csv
    [2011/08/02 15:07:55 | 000,001,064 | ---- | C] () -- C:\Documents and Settings\John Reynolds\Desktop\2Aug AVG log.csv
    [2011/08/02 03:10:50 | 000,171,589 | ---- | C] () -- C:\Documents and Settings\John Reynolds\Desktop\Ashby Monk SWF Investments in Infra.pdf
    [2011/07/30 19:25:38 | 3003,564,032 | -HS- | C] () -- C:\hiberfil.sys
    [2011/07/29 18:55:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\cd.dat
    [2011/07/24 00:01:06 | 001,600,101 | ---- | C] () -- C:\Documents and Settings\John Reynolds\Desktop\Google_The_Impact_of_Clean_Energy_Innovation.pdf
    [2011/07/09 16:04:16 | 000,098,537 | ---- | C] () -- C:\Documents and Settings\John Reynolds\My Documents\090711 profile pic.jpg
    [2011/07/09 16:03:41 | 000,098,537 | ---- | C] () -- C:\Documents and Settings\John Reynolds\My Documents\090711 my pic.jpg
    [2011/05/03 04:27:18 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/04/06 02:52:26 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\John Reynolds\Local Settings\Application Data\prvlcl.dat
    [2011/01/14 00:14:57 | 000,068,404 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2011/01/08 23:46:01 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
    [2010/12/16 12:53:08 | 000,032,768 | R--- | C] () -- C:\WINDOWS\System32\Snape25.bin
    [2010/11/17 14:34:28 | 000,044,544 | ---- | C] () -- C:\Documents and Settings\John Reynolds\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/11/05 03:11:58 | 000,411,240 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2010/11/04 22:20:26 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2010/11/04 20:38:59 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2010/11/04 20:32:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
    [2010/11/04 20:24:46 | 000,007,084 | ---- | C] () -- C:\WINDOWS\System32\drivers\HDACfg.dat
    [2010/11/04 20:24:46 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtkhdaud.dat
    [2010/11/04 19:57:31 | 000,127,896 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng575.bin
    [2010/11/04 19:57:30 | 000,874,032 | ---- | C] () -- C:\WINDOWS\System32\igkrng575.bin
    [2010/11/04 19:57:30 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config
    [2010/06/15 16:00:22 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2010/06/15 15:59:49 | 000,326,704 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/06/15 15:50:02 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\000StTHK.exe
    [2010/06/15 15:21:31 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ToshBIOS.dll
    [2010/06/15 15:20:09 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
    [2010/06/15 15:19:38 | 000,159,744 | ---- | C] () -- C:\WINDOWS\MakeMrk.exe
    [2010/06/15 15:19:38 | 000,000,083 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2010/06/15 15:05:38 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2010/06/15 15:02:55 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2010/06/15 13:55:30 | 000,495,464 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/06/15 13:55:30 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2010/06/15 13:55:30 | 000,091,860 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/06/15 13:55:30 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2010/06/15 13:55:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2010/06/15 13:55:29 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2010/06/15 13:55:29 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2010/06/15 13:55:29 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2010/06/15 13:55:29 | 000,004,598 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2010/06/15 13:55:29 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2010/06/15 13:55:26 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2010/06/15 13:55:25 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
    [2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
    [2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
    [2008/05/26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
    [2008/05/26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
    [2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
    [2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
    [2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
    [2007/03/30 00:00:40 | 000,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll

    ========== LOP Check ==========

    [2011/05/03 11:36:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
    [2010/11/04 15:21:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2011/03/02 18:45:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DatacardService
    [2010/11/04 20:35:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
    [2011/03/02 06:00:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
    [2011/04/13 18:08:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2011/03/02 05:32:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
    [2011/05/03 15:18:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
    [2011/03/28 19:18:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TOSHIBA
    [2010/11/04 20:35:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TrueSuite
    [2010/11/25 13:58:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
    [2010/11/18 01:30:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2010/11/18 03:16:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Reynolds\Application Data\AVG
    [2010/11/04 15:49:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Reynolds\Application Data\AVG10
    [2011/08/02 14:42:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Reynolds\Application Data\Azureus
    [2011/03/02 15:15:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Reynolds\Application Data\Nokia
    [2011/03/02 15:15:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Reynolds\Application Data\PC Suite
    [2011/02/08 18:35:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Reynolds\Application Data\Toolbar4
    [2011/06/04 21:44:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Reynolds\Application Data\toshiba
    [2010/11/03 04:10:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Reynolds\Application Data\WinBatch
    [2010/11/13 20:50:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Reynolds\Application Data\Windows Desktop Search
    [2010/11/18 00:38:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Reynolds\Application Data\Windows Search
    [2011/08/02 14:23:53 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{758DE982-F315-4BED-8E6C-2F284BFCABB7}.job

    ========== Purity Check ==========



    < End of report >

    OTL Extras logfile created on: 02/08/2011 16:29:15 - Run 1
    OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\John Reynolds\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    2.80 Gb Total Physical Memory | 2.03 Gb Available Physical Memory | 72.64% Memory free
    4.64 Gb Paging File | 4.06 Gb Available in Paging File | 87.58% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 298.09 Gb Total Space | 275.30 Gb Free Space | 92.35% Space Free | Partition Type: NTFS
    Drive E: | 30.94 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: JOHNREYNOLDSM11 | User Name: John Reynolds | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
    "80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\TOSHIBA\Windows Utilities\TACSPROP.exe" = C:\Program Files\TOSHIBA\Windows Utilities\TACSPROP.exe:*:Enabled:Accessibility -- (TOSHIBA Corporation.)
    "C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)
    "C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}" = RICOH R5U230 Media Driver ver.2.08.03.03
    "{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
    "{1E1300BC-6DBA-476B-8CCF-4AA81ED4DF6A}" = AVG 2011
    "{1E63ACB5-D45E-4856-8FC9-78F4B0D7BB80}" = TOSHIBA Security Assist
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
    "{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
    "{24300A63-DD78-4AA5-A914-4D582C41D33A}" = TOSHIBA TouchPad On/Off Utility V2.5.1.0
    "{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
    "{2849DBDE-B140-498D-99D6-96F5E6EB45D6}" = AuthenTec TrueSuite
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{2C38F661-26B7-445D-B87D-B53FE2D3BD42}" = TOSHIBA PC Diagnostic Tool
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3B8D9FA4-745C-47C9-962D-4ABE6ACE136B}" = TOSHIBA Mobile Extension3
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{400830CA-F056-4BBE-80A3-9DF9CA4FB889}" = TOSHIBA Direct Disc Writer
    "{4F1DCA42-2030-437C-A94E-736692A499C1}" = Nokia Connectivity Cable Driver
    "{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
    "{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
    "{56190F69-01D3-46CA-9861-43377C5E9B87}" = TOSHIBA Utilities
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{5AFEABF5-7411-4C29-9FA9-71ABE880662D}" = Nokia PC Suite
    "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
    "{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
    "{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
    "{70D5C875-8C16-48BC-8758-3E90A052C985}" = TOSHIBA Manuals
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{7862BAD8-A379-4128-8AA1-EFD5A9603C53}" = Wireless Hotkey
    "{80490945-CE48-45CF-9CCA-CA0EF44D9FE4}" = AVG 2011
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{91120409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard
    "{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
    "{990C7C7E-7E53-49A1-9766-5369E17892BB}" = Nokia PC Internet Access
    "{9ACBDDE2-DD2D-4103-8ECE-D1A9F7F03D1A}" = TOSHIBA Power Saver
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
    "{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
    "{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C0FC3B56-E345-40CD-A5CB-7EB791CE3E74}" = TOSHIBA Password Utility
    "{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
    "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
    "{C897FCB3-2F8B-4185-8035-79E2AF3A92A4}" = iTunes
    "{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CD95F661-A5C4-44F5-A6AA-ECDD91C240BF}" = WinZip 15.0
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
    "{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
    "{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}" = TOSHIBA USB Sleep and Charge Utility
    "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
    "{E9BC886E-0D8A-4EF5-B793-30DB776C6E2C}" = PC Connectivity Solution
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{FEDFB4DC-E149-4897-B616-4811C718E54F}" = TOSHIBA 180 Degrees Rotation Utility
    "3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
    "8461-7759-5462-8226" = Vuze
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Agfa ScanWise 1.60" = Agfa ScanWise 1.60
    "AVG" = AVG 2011
    "CBF192A85B624E32B8D19ADEEF2DCFC5BC3AA73A" = Windows Driver Package - Nokia Modem (03/05/2008 3.7)
    "E092B2EBF2FFE83E896F8F7F829A7B5D7D1B2F9D" = Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1)
    "GOM Player" = GOM Player
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{2C38F661-26B7-445D-B87D-B53FE2D3BD42}" = TOSHIBA PC Diagnostic Tool
    "InstallShield_{56190F69-01D3-46CA-9861-43377C5E9B87}" = TOSHIBA Utilities
    "InstallShield_{9ACBDDE2-DD2D-4103-8ECE-D1A9F7F03D1A}" = TOSHIBA Power Saver
    "InstallShield_{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
    "InstallShield_{C0FC3B56-E345-40CD-A5CB-7EB791CE3E74}" = TOSHIBA Password Utility
    "InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Nokia PC Internet Access" = Nokia PC Internet Access
    "Nokia PC Suite" = Nokia PC Suite
    "O2 Broadband" = O2 Broadband
    "Picasa 3" = Picasa 3
    "PROSet" = Intel(R) Network Connections Drivers
    "RealPlayer 12.0" = RealPlayer
    "Security Task Manager" = Security Task Manager 1.8c
    "Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.4
    "TDspBtn" = TOSHIBA Display Devices Change Utility
    "Temp File Cleaner" = Temp File Cleaner
    "TFNF5" = TOSHIBA Hotkey Utility for Display Devices
    "TME" = Uninstall for TOSHIBA Mobile Extension3
    "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    "Windows Media Format Runtime" = Windows Media Format Runtime
    "Windows Media Player" = Windows Media Player 10
    "WinRAR archiver" = WinRAR archiver

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 02/08/2011 10:21:06 | Computer Name = JOHNREYNOLDSM11 | Source = Application Error | ID = 1000
    Description = Faulting application avgnsx.exe, version 10.0.0.1364, faulting module
    avgxpl.dll, version 10.0.0.1385, fault address 0x00136302.

    Error - 02/08/2011 10:23:50 | Computer Name = JOHNREYNOLDSM11 | Source = Application Error | ID = 1000
    Description = Faulting application avgnsx.exe, version 10.0.0.1364, faulting module
    avgxpl.dll, version 10.0.0.1385, fault address 0x00136302.

    Error - 02/08/2011 10:28:06 | Computer Name = JOHNREYNOLDSM11 | Source = Application Error | ID = 1000
    Description = Faulting application avgnsx.exe, version 10.0.0.1364, faulting module
    ntdll.dll, version 5.1.2600.6055, fault address 0x00011689.

    Error - 02/08/2011 10:32:05 | Computer Name = JOHNREYNOLDSM11 | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 02/08/2011 10:32:11 | Computer Name = JOHNREYNOLDSM11 | Source = Application Hang | ID = 1001
    Description = Fault bucket 1180947459.

    Error - 02/08/2011 10:32:23 | Computer Name = JOHNREYNOLDSM11 | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
    module avgxpl.dll, version 10.0.0.1385, fault address 0x0012bb7e.

    Error - 02/08/2011 10:39:04 | Computer Name = JOHNREYNOLDSM11 | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
    module flash10p.ocx, version 10.2.159.1, fault address 0x0038a620.

    Error - 02/08/2011 10:39:08 | Computer Name = JOHNREYNOLDSM11 | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
    module jscript.dll, version 5.8.6001.23141, fault address 0x00018ef0.

    Error - 02/08/2011 10:39:15 | Computer Name = JOHNREYNOLDSM11 | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
    module iertutil.dll, version 8.0.6001.19072, fault address 0x0010dc19.

    Error - 02/08/2011 10:43:15 | Computer Name = JOHNREYNOLDSM11 | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
    module ntdll.dll, version 5.1.2600.6055, fault address 0x00029efc.

    [ System Events ]
    Error - 02/08/2011 09:33:46 | Computer Name = JOHNREYNOLDSM11 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service WSearch with
    arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

    Error - 02/08/2011 09:40:16 | Computer Name = JOHNREYNOLDSM11 | Source = Service Control Manager | ID = 7034
    Description = The TrueSuiteService service terminated unexpectedly. It has done
    this 1 time(s).

    Error - 02/08/2011 09:49:01 | Computer Name = JOHNREYNOLDSM11 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service WSearch with
    arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

    Error - 02/08/2011 09:56:24 | Computer Name = JOHNREYNOLDSM11 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service WSearch with
    arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

    Error - 02/08/2011 10:03:50 | Computer Name = JOHNREYNOLDSM11 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service WSearch with
    arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

    Error - 02/08/2011 10:08:31 | Computer Name = JOHNREYNOLDSM11 | Source = Dhcp | ID = 1002
    Description = The IP address lease 62.40.58.220 for the Network Card with network
    address 001E101F648E has been denied by the DHCP server 89.204.180.177 (The DHCP
    Server sent a DHCPNACK message).

    Error - 02/08/2011 10:10:33 | Computer Name = JOHNREYNOLDSM11 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service StiSvc with
    arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

    Error - 02/08/2011 10:11:22 | Computer Name = JOHNREYNOLDSM11 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service WSearch with
    arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

    Error - 02/08/2011 10:47:22 | Computer Name = JOHNREYNOLDSM11 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service WSearch with
    arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

    Error - 02/08/2011 11:26:21 | Computer Name = JOHNREYNOLDSM11 | Source = Dhcp | ID = 1002
    Description = The IP address lease 89.204.180.179 for the Network Card with network
    address 001E101F648E has been denied by the DHCP server 95.83.206.201 (The DHCP
    Server sent a DHCPNACK message).


    < End of report >


  • #5
    ASJ112
    Site Banned Posts: 1,167 ✭✭✭ASJ112


    not much showing

    do you have the log from DDS ?

    [2011/08/02 15:43:38 | 000,607,017 | ---- | M] (Swearware) -- C:\Documents and Settings\John Reynolds\Desktop\dds.com



    open OTL paste this in the custom scan/fixes box at the bottom


    :OTL
    O32 - AutoRun File - [2009/12/22 18:16:52 | 000,131,072 | R--- | M] () - E:\AutoRun.exe -- [ CDFS ]
    O32 - AutoRun File - [2007/11/07 16:41:52 | 000,000,047 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
    O33 - MountPoints2\{18c7488d-e85e-11df-bd1f-002710038390}\Shell - "" = AutoRun
    O33 - MountPoints2\{18c7488d-e85e-11df-bd1f-002710038390}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{18c7488d-e85e-11df-bd1f-002710038390}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/12/22 18:16:52 | 000,131,072 | R--- | M] ()
    O33 - MountPoints2\{18c7488f-e85e-11df-bd1f-002710038390}\Shell - "" = AutoRun
    O33 - MountPoints2\{18c7488f-e85e-11df-bd1f-002710038390}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{18c7488f-e85e-11df-bd1f-002710038390}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/12/22 18:16:52 | 000,131,072 | R--- | M] ()
    O33 - MountPoints2\{18c74893-e85e-11df-bd1f-002710038390}\Shell - "" = AutoRun
    O33 - MountPoints2\{18c74893-e85e-11df-bd1f-002710038390}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{18c74893-e85e-11df-bd1f-002710038390}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/12/22 18:16:52 | 000,131,072 | R--- | M] ()
    O33 - MountPoints2\{18c74895-e85e-11df-bd1f-002710038390}\Shell - "" = AutoRun
    O33 - MountPoints2\{18c74895-e85e-11df-bd1f-002710038390}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{18c74895-e85e-11df-bd1f-002710038390}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/12/22 18:16:52 | 000,131,072 | R--- | M] ()
    O33 - MountPoints2\{18c74898-e85e-11df-bd1f-002710038390}\Shell - "" = AutoRun
    O33 - MountPoints2\{18c74898-e85e-11df-bd1f-002710038390}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{18c74898-e85e-11df-bd1f-002710038390}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/12/22 18:16:52 | 000,131,072 | R--- | M] ()
    O33 - MountPoints2\{24d9281e-f45e-11df-bd29-002710038390}\Shell - "" = AutoRun
    O33 - MountPoints2\{24d9281e-f45e-11df-bd29-002710038390}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{24d9281e-f45e-11df-bd29-002710038390}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/12/22 18:16:52 | 000,131,072 | R--- | M] ()
    O33 - MountPoints2\{5f36c9d0-44f4-11e0-be17-002710038390}\Shell - "" = AutoRun
    O33 - MountPoints2\{5f36c9d0-44f4-11e0-be17-002710038390}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{5f36c9d0-44f4-11e0-be17-002710038390}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/12/22 18:16:52 | 000,131,072 | R--- | M] ()
    O33 - MountPoints2\{ddc02a54-4485-11e0-be15-002710038390}\Shell - "" = AutoRun
    O33 - MountPoints2\{ddc02a54-4485-11e0-be15-002710038390}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{ddc02a54-4485-11e0-be15-002710038390}\Shell\AutoRun\command - "" = E:\NokiaPCIA_Autorun.exe
    O33 - MountPoints2\{fa2cbcea-e858-11df-bd1e-002710038390}\Shell - "" = AutoRun
    O33 - MountPoints2\{fa2cbcea-e858-11df-bd1e-002710038390}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{fa2cbcea-e858-11df-bd1e-002710038390}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/12/22 18:16:52 | 000,131,072 | R--- | M] ()
    O33 - MountPoints2\{fa2cbcee-e858-11df-bd1e-002710038390}\Shell - "" = AutoRun
    O33 - MountPoints2\{fa2cbcee-e858-11df-bd1e-002710038390}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{fa2cbcee-e858-11df-bd1e-002710038390}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/12/22 18:16:52 | 000,131,072 | R--- | M] ()
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [17 C:\Documents and Settings\John Reynolds\Desktop\*.tmp files -> C:\Documents and Settings\John Reynolds\Desktop\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [2011/07/29 18:55:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\cd.dat
    :commands
    [emptytemp]
    [emptyflash]
    [CREATERESTOREPOINT]
    [RESETHOSTS]



    click run fix, reboot the PC and post the log it gives ( its saved in C:\OTL\ )


  • #6
    Gekko
    Registered Users, Registered Users 2 Posts: 1,189 ✭✭✭Gekko


    Thanks - logs from DDS:

    DDS (Ver_2011-06-23.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 04/11/2010 19:45:50
    System Uptime: 02/08/2011 14:29:26 (3 hours ago)
    .
    Motherboard: TOSHIBA | | Portable PC
    Processor: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz | rPGA988A Socket | 2393/mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 298 GiB total, 275.288 GiB free.
    D: is CDROM ()
    E: is CDROM (CDFS)
    F: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Intel(R) 82577LC Gigabit Network Connection
    Device ID: PCI\VEN_8086&DEV_10EB&SUBSYS_00011179&REV_06\3&11583659&0&C8
    Manufacturer: Intel
    Name: Intel(R) 82577LC Gigabit Network Connection
    PNP Device ID: PCI\VEN_8086&DEV_10EB&SUBSYS_00011179&REV_06\3&11583659&0&C8
    Service: e1kexpress
    .
    Class GUID: {36FC9E60-C465-11CF-8056-444553540000}
    Description:
    Device ID: ROOT\USB\0000
    Manufacturer:
    Name:
    PNP Device ID: ROOT\USB\0000
    Service:
    .
    ==== System Restore Points ===================
    .
    RP153: 04/05/2011 18:17:34 - System Checkpoint
    RP154: 05/05/2011 02:45:10 - Removed HiJackThis
    RP155: 05/05/2011 02:46:27 - Removed Skype Toolbars
    RP156: 06/05/2011 15:26:47 - System Checkpoint
    RP157: 09/05/2011 03:48:50 - System Checkpoint
    RP158: 10/05/2011 14:14:06 - System Checkpoint
    RP159: 11/05/2011 14:24:09 - System Checkpoint
    RP160: 12/05/2011 03:37:10 - Software Distribution Service 3.0
    RP161: 14/05/2011 19:11:27 - System Checkpoint
    RP162: 16/05/2011 12:27:39 - System Checkpoint
    RP163: 19/05/2011 23:31:41 - System Checkpoint
    RP164: 21/05/2011 21:32:47 - System Checkpoint
    RP165: 24/05/2011 13:42:45 - System Checkpoint
    RP166: 27/05/2011 12:38:16 - System Checkpoint
    RP167: 30/05/2011 13:38:29 - System Checkpoint
    RP168: 31/05/2011 13:53:43 - System Checkpoint
    RP169: 02/06/2011 15:05:11 - System Checkpoint
    RP170: 04/06/2011 00:35:03 - System Checkpoint
    RP171: 06/06/2011 15:00:01 - System Checkpoint
    RP172: 08/06/2011 13:26:13 - System Checkpoint
    RP173: 09/06/2011 15:13:47 - System Checkpoint
    RP174: 13/06/2011 16:23:11 - System Checkpoint
    RP175: 14/06/2011 18:17:20 - System Checkpoint
    RP176: 16/06/2011 02:35:36 - Software Distribution Service 3.0
    RP177: 17/06/2011 15:03:19 - System Checkpoint
    RP178: 18/06/2011 23:43:22 - System Checkpoint
    RP179: 20/06/2011 11:13:36 - System Checkpoint
    RP180: 21/06/2011 14:51:32 - System Checkpoint
    RP181: 22/06/2011 17:15:27 - System Checkpoint
    RP182: 27/06/2011 15:09:45 - System Checkpoint
    RP183: 28/06/2011 15:24:23 - System Checkpoint
    RP184: 29/06/2011 14:55:54 - Software Distribution Service 3.0
    RP185: 30/06/2011 20:02:43 - System Checkpoint
    RP186: 01/07/2011 20:32:25 - System Checkpoint
    RP187: 04/07/2011 01:50:05 - System Checkpoint
    RP188: 06/07/2011 01:21:03 - System Checkpoint
    RP189: 07/07/2011 14:07:25 - System Checkpoint
    RP190: 08/07/2011 15:22:10 - System Checkpoint
    RP191: 11/07/2011 13:48:03 - System Checkpoint
    RP192: 12/07/2011 14:03:14 - System Checkpoint
    RP193: 14/07/2011 04:06:20 - Software Distribution Service 3.0
    RP194: 15/07/2011 19:46:49 - System Checkpoint
    RP195: 18/07/2011 15:33:11 - System Checkpoint
    RP196: 19/07/2011 20:01:00 - System Checkpoint
    RP197: 21/07/2011 14:58:18 - System Checkpoint
    RP198: 25/07/2011 14:01:12 - System Checkpoint
    RP199: 27/07/2011 15:12:14 - System Checkpoint
    RP200: 29/07/2011 16:04:31 - System Checkpoint
    RP201: 31/07/2011 02:56:39 - System Checkpoint
    RP202: 01/08/2011 06:10:01 - System Checkpoint
    RP203: 02/08/2011 16:09:27 - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Reader X (10.1.0)
    Agfa ScanWise 1.60
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AuthenTec TrueSuite
    AVG 2011
    AVG PC Tuneup 2011
    Bluetooth Stack for Windows by Toshiba
    Bonjour
    Compatibility Pack for the 2007 Office system
    GOM Player
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB2443685)
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Management Engine Components
    Intel(R) Network Connections Drivers
    Intel(R) Rapid Storage Technology
    iTunes
    Java(TM) 6 Update 14
    Malwarebytes' Anti-Malware version 1.51.1.1800
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Suite Activation Assistant
    Microsoft Office Word MUI (English) 2007
    Microsoft Office Word Viewer 2003
    Microsoft Office XP Standard
    Microsoft Software Update for Web Folders (English) 12
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    MSVC80_x86
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nokia Connectivity Cable Driver
    Nokia PC Internet Access
    Nokia PC Suite
    O2 Broadband
    OGA Notifier 2.0.0048.0
    PC Connectivity Solution
    Picasa 3
    QuickTime
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    Realtek High Definition Audio Driver
    RealUpgrade 1.1
    RICOH R5U230 Media Driver ver.2.08.03.03
    Security Task Manager 1.8c
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2509488)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Office 2007 System (KB2541012)
    Security Update for Microsoft Office Excel 2007 (KB2541007)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Skype™ 5.3
    Sophos Anti-Rootkit 1.5.4
    Temp File Cleaner
    TOSHIBA 180 Degrees Rotation Utility
    TOSHIBA Assist
    TOSHIBA ConfigFree
    TOSHIBA Controls
    TOSHIBA Direct Disc Writer
    TOSHIBA Disc Creator
    TOSHIBA Display Devices Change Utility
    TOSHIBA DVD PLAYER
    TOSHIBA HDD Protection
    TOSHIBA HDD/SSD Alert
    TOSHIBA Hotkey Utility for Display Devices
    TOSHIBA Manuals
    TOSHIBA Mobile Extension3
    Toshiba Online Product Information
    TOSHIBA Password Utility
    TOSHIBA PC Diagnostic Tool
    TOSHIBA PC Health Monitor
    TOSHIBA Power Saver
    TOSHIBA Security Assist
    TOSHIBA TouchPad On/Off Utility V2.5.1.0
    TOSHIBA USB Sleep and Charge Utility
    TOSHIBA Utilities
    TOSHIBA Web Camera Application
    TOSHIBA Zooming Utility
    Uninstall for TOSHIBA Mobile Extension3
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Windows Internet Explorer 8 (KB2362765)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB973687)
    Vuze
    WebFldrs XP
    Windows Driver Package - Nokia Modem (03/05/2008 3.7)
    Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1)
    Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
    Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
    Windows Internet Explorer 8
    Windows Media Format Runtime
    Windows Media Player 10
    WinRAR archiver
    WinZip 15.0
    Wireless Hotkey
    .
    ==== Event Viewer Messages From Past Week ========
    .
    31/07/2011 19:48:07, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
    30/07/2011 22:53:31, error: Dhcp [1002] - The IP address lease 89.204.176.147 for the Network Card with network address 001E101F0812 has been denied by the DHCP server 89.204.195.93 (The DHCP Server sent a DHCPNACK message).
    30/07/2011 22:05:46, error: Dhcp [1002] - The IP address lease 95.83.202.37 for the Network Card with network address 001E101F051B has been denied by the DHCP server 89.204.176.145 (The DHCP Server sent a DHCPNACK message).
    30/07/2011 21:17:16, error: Dhcp [1002] - The IP address lease 62.40.48.52 for the Network Card with network address 001E101F051B has been denied by the DHCP server 95.83.202.38 (The DHCP Server sent a DHCPNACK message).
    30/07/2011 19:28:31, error: Dhcp [1002] - The IP address lease 89.204.204.255 for the Network Card with network address 001E101FE948 has been denied by the DHCP server 62.40.48.49 (The DHCP Server sent a DHCPNACK message).
    30/07/2011 03:24:04, error: Service Control Manager [7031] - The Expat Shield Service service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    30/07/2011 03:23:50, error: Service Control Manager [7031] - The Expat Shield Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    30/07/2011 03:23:26, error: Service Control Manager [7031] - The Expat Shield Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    30/07/2011 03:23:19, error: Service Control Manager [7031] - The Expat Shield Routing Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    30/07/2011 03:23:12, error: Service Control Manager [7031] - The Expat Shield Routing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    30/07/2011 03:23:09, error: Service Control Manager [7034] - The Expat Shield Monitoring Service service terminated unexpectedly. It has done this 1 time(s).
    29/07/2011 16:32:34, error: Dhcp [1002] - The IP address lease 62.40.53.72 for the Network Card with network address 001E101F5224 has been denied by the DHCP server 62.40.51.209 (The DHCP Server sent a DHCPNACK message).
    29/07/2011 01:41:48, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: atapi PCIIde
    28/07/2011 17:24:59, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    28/07/2011 13:51:24, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    28/07/2011 02:24:12, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.DebugCRT. Reference error message: The referenced assembly is not installed on your system. .
    28/07/2011 02:24:12, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Real\RealPlayer\plugins\rmxrend.dll. Reference error message: The operation completed successfully. .
    28/07/2011 02:24:12, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.DebugCRT could not be found and Last Error was The referenced assembly is not installed on your system.
    27/07/2011 20:32:12, error: Dhcp [1002] - The IP address lease 89.204.183.112 for the Network Card with network address 001E101FCAB6 has been denied by the DHCP server 89.204.203.218 (The DHCP Server sent a DHCPNACK message).
    27/07/2011 16:05:27, error: Service Control Manager [7034] - The TrueSuiteService service terminated unexpectedly. It has done this 1 time(s).
    02/08/2011 17:01:39, error: Service Control Manager [7011] - Timeout (60000 milliseconds) waiting for a transaction response from the JavaQuickStarterService service.
    02/08/2011 16:32:26, error: Dhcp [1002] - The IP address lease 95.83.206.204 for the Network Card with network address 001E101F648E has been denied by the DHCP server 89.204.203.245 (The DHCP Server sent a DHCPNACK message).
    02/08/2011 16:26:21, error: Dhcp [1002] - The IP address lease 89.204.180.179 for the Network Card with network address 001E101F648E has been denied by the DHCP server 95.83.206.201 (The DHCP Server sent a DHCPNACK message).
    02/08/2011 15:08:31, error: Dhcp [1002] - The IP address lease 62.40.58.220 for the Network Card with network address 001E101F648E has been denied by the DHCP server 89.204.180.177 (The DHCP Server sent a DHCPNACK message).
    02/08/2011 14:32:31, error: Dhcp [1002] - The IP address lease 89.204.204.250 for the Network Card with network address 001E101F648E has been denied by the DHCP server 62.40.58.217 (The DHCP Server sent a DHCPNACK message).
    02/08/2011 03:18:03, error: Dhcp [1002] - The IP address lease 89.204.198.124 for the Network Card with network address 001E101F62F7 has been denied by the DHCP server 89.204.205.145 (The DHCP Server sent a DHCPNACK message).
    01/08/2011 15:58:21, error: Dhcp [1002] - The IP address lease 89.204.199.246 for the Network Card with network address 001E101FEA01 has been denied by the DHCP server 89.204.179.41 (The DHCP Server sent a DHCPNACK message).
    .
    ==== End Of File ===========================


    .
    DDS (Ver_2011-06-23.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by John Reynolds at 17:00:36 on 2011-08-02
    Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2864.1937 [GMT 1:00]
    .
    AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    AV: McAfee VirusScan *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Personal Firewall *Enabled*
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
    C:\Program Files\Fingerprint Sensor\atservice.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    svchost.exe
    C:\Program Files\AVG\AVG10\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exe
    C:\WINDOWS\system32\00THotkey.exe
    C:\Program Files\TOSHIBA\TouchED\TouchED.exe
    C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
    C:\Program Files\TOSHIBA\TNRotate\TNRotate.exe
    C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
    C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
    C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\WINDOWS\system32\thpsrv.exe
    C:\WINDOWS\system32\TFNF5.exe
    C:\WINDOWS\system32\TPSODDCtl.exe
    C:\Program Files\AVG\AVG10\avgemcx.exe
    C:\WINDOWS\system32\TPSMain.exe
    C:\Program Files\AVG\AVG10\avgtray.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\WINDOWS\system32\ThpSrv.exe
    C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
    C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
    C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
    C:\WINDOWS\system32\TODDSrv.exe
    C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
    C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
    C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
    C:\PROGRA~1\AVG\AVG10\avgrsx.exe
    C:\Program Files\AVG\AVG10\avgnsx.exe
    C:\Program Files\AVG\AVG10\avgcsrvx.exe
    C:\Program Files\AVG\AVG10\avgcsrvx.exe
    C:\Program Files\O2\O2 Broadband USB Modem\O2 Broadband\O2 Broadband.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://uk.yahoo.com/
    uSearch Page =
    uSearch Bar =
    mStart Page = hxxp://www.bigseekpro.com/tempcleaner/{ECB77AE7-BDC8-4FF2-8228-099A0D8A1FFC}
    uInternet Settings,ProxyOverride = <local>;*.local
    mSearchAssistant =
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
    BHO: TrueSuite Website Log On: {8590886e-ec8c-43c1-a32c-e4c2b0b6395b} - c:\program files\truesuite\TrueSuite.IEBHO.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [00THotkey] c:\windows\system32\00THotkey.exe
    mRun: [000StTHK] 000StTHK.exe
    mRun: [TouchED] c:\program files\toshiba\touched\TouchED.exe
    mRun: [TMERzCtl.EXE] c:\program files\toshiba\tme3\TMERzCtl.EXE /Service
    mRun: [TMESRV.EXE] c:\program files\toshiba\tme3\TMESRV31.EXE /Logon
    mRun: [TNRotate] %ProgramFiles%\TOSHIBA\TNRotate\TNRotate.exe
    mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
    mRun: [TosHKCW.exe] "c:\program files\toshiba\wireless hotkey\TosHKCW.exe"
    mRun: [TUSBSleepChargeSrv] %ProgramFiles%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
    mRun: [DDWMon] c:\program files\toshiba\toshiba direct disc writer\\ddwmon.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [TFncKy] TFncKy.exe
    mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
    mRun: [NDSTray.exe] NDSTray.exe
    mRun: [ThpSrv] c:\windows\system32\thpsrv /logon
    mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe
    mRun: [TFNF5] TFNF5.exe
    mRun: [TPSODDCtl] TPSODDCtl.exe
    mRun: [TPSMain] TPSMain.exe
    mRun: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
    mRun: [SystemTray] c:\program files\truesuite\TrueSuite.SysTray.exe
    mRun: [ClientAppLogon] c:\program files\truesuite\TrueSuite.ClientAppLogonExe.exe
    mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
    mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
    mRun: [TWebCamera] "c:\program files\toshiba\toshiba web camera application\TWebCamera.exe" autorun
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    dRun: [TOSHIBA Online Product Information] c:\program files\toshiba\toshiba online product information\topi.exe
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
    DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
    DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: igfxcui - igfxdev.dll
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-4-13 25680]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-4-13 32592]
    R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2009-6-29 29760]
    R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2009-5-11 6528]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-4-13 251728]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-4-13 34384]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-13 297168]
    R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.sys [2010-6-15 5888]
    R2 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2010-11-4 47104]
    R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2010-11-4 48128]
    R2 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2010-11-4 38400]
    R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [2007-3-26 105856]
    R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [2007-2-19 134016]
    R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [2008-4-30 4992]
    R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2010-11-4 671488]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-13 134480]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-4-13 30288]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-4-13 26192]
    R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2011-3-6 117504]
    R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2010-6-15 44800]
    R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-11-4 132352]
    R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-11-4 235520]
    R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2010-11-4 24064]
    S0 vuuhla;vuuhla;c:\windows\system32\drivers\ftgnstlx.sys --> c:\windows\system32\drivers\ftgnstlx.sys [?]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-11-4 1684736]
    S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [2010-6-15 160424]
    S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2011-3-6 101504]
    S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2011-3-6 63616]
    S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys --> c:\windows\system32\drivers\ewusbdev.sys [?]
    S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\e.tmp --> c:\windows\system32\E.tmp [?]
    .
    =============== Created Last 30 ================
    .
    .
    ==================== Find3M ====================
    .
    2011-07-06 18:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-07-06 18:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
    .
    ============= FINISH: 17:01:59.18 ===============


  • Advertisement
  • #7
    Gekko
    Registered Users, Registered Users 2 Posts: 1,189 ✭✭✭Gekko


    Here we are:

    All processes killed
    ========== OTL ==========
    File move failed. E:\AutoRun.exe scheduled to be moved on reboot.
    File move failed. E:\AUTORUN.INF scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{18c7488d-e85e-11df-bd1f-002710038390}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18c7488d-e85e-11df-bd1f-002710038390}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{18c7488d-e85e-11df-bd1f-002710038390}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18c7488d-e85e-11df-bd1f-002710038390}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{18c7488d-e85e-11df-bd1f-002710038390}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18c7488d-e85e-11df-bd1f-002710038390}\ not found.
    File move failed. E:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{18c7488f-e85e-11df-bd1f-002710038390}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18c7488f-e85e-11df-bd1f-002710038390}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{18c7488f-e85e-11df-bd1f-002710038390}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18c7488f-e85e-11df-bd1f-002710038390}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{18c7488f-e85e-11df-bd1f-002710038390}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18c7488f-e85e-11df-bd1f-002710038390}\ not found.
    File move failed. E:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{18c74893-e85e-11df-bd1f-002710038390}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18c74893-e85e-11df-bd1f-002710038390}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{18c74893-e85e-11df-bd1f-002710038390}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18c74893-e85e-11df-bd1f-002710038390}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{18c74893-e85e-11df-bd1f-002710038390}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18c74893-e85e-11df-bd1f-002710038390}\ not found.
    File move failed. E:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{18c74895-e85e-11df-bd1f-002710038390}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18c74895-e85e-11df-bd1f-002710038390}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{18c74895-e85e-11df-bd1f-002710038390}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18c74895-e85e-11df-bd1f-002710038390}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{18c74895-e85e-11df-bd1f-002710038390}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18c74895-e85e-11df-bd1f-002710038390}\ not found.
    File move failed. E:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{18c74898-e85e-11df-bd1f-002710038390}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18c74898-e85e-11df-bd1f-002710038390}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{18c74898-e85e-11df-bd1f-002710038390}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18c74898-e85e-11df-bd1f-002710038390}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{18c74898-e85e-11df-bd1f-002710038390}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18c74898-e85e-11df-bd1f-002710038390}\ not found.
    File move failed. E:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24d9281e-f45e-11df-bd29-002710038390}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24d9281e-f45e-11df-bd29-002710038390}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24d9281e-f45e-11df-bd29-002710038390}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24d9281e-f45e-11df-bd29-002710038390}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24d9281e-f45e-11df-bd29-002710038390}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24d9281e-f45e-11df-bd29-002710038390}\ not found.
    File move failed. E:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5f36c9d0-44f4-11e0-be17-002710038390}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5f36c9d0-44f4-11e0-be17-002710038390}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5f36c9d0-44f4-11e0-be17-002710038390}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5f36c9d0-44f4-11e0-be17-002710038390}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5f36c9d0-44f4-11e0-be17-002710038390}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5f36c9d0-44f4-11e0-be17-002710038390}\ not found.
    File move failed. E:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ddc02a54-4485-11e0-be15-002710038390}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ddc02a54-4485-11e0-be15-002710038390}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ddc02a54-4485-11e0-be15-002710038390}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ddc02a54-4485-11e0-be15-002710038390}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ddc02a54-4485-11e0-be15-002710038390}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ddc02a54-4485-11e0-be15-002710038390}\ not found.
    File E:\NokiaPCIA_Autorun.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fa2cbcea-e858-11df-bd1e-002710038390}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fa2cbcea-e858-11df-bd1e-002710038390}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fa2cbcea-e858-11df-bd1e-002710038390}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fa2cbcea-e858-11df-bd1e-002710038390}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fa2cbcea-e858-11df-bd1e-002710038390}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fa2cbcea-e858-11df-bd1e-002710038390}\ not found.
    File move failed. E:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fa2cbcee-e858-11df-bd1e-002710038390}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fa2cbcee-e858-11df-bd1e-002710038390}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fa2cbcee-e858-11df-bd1e-002710038390}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fa2cbcee-e858-11df-bd1e-002710038390}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fa2cbcee-e858-11df-bd1e-002710038390}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fa2cbcee-e858-11df-bd1e-002710038390}\ not found.
    File move failed. E:\AutoRun.exe scheduled to be moved on reboot.
    C:\WINDOWS\DUMP6234.tmp deleted successfully.
    C:\WINDOWS\DUMP62e0.tmp deleted successfully.
    C:\WINDOWS\DUMP6570.tmp deleted successfully.
    C:\WINDOWS\DUMP6f05.tmp deleted successfully.
    C:\Documents and Settings\John Reynolds\Desktop\~WRL0004.tmp deleted successfully.
    C:\Documents and Settings\John Reynolds\Desktop\~WRL0005.tmp deleted successfully.
    C:\Documents and Settings\John Reynolds\Desktop\~WRL0006.tmp deleted successfully.
    C:\Documents and Settings\John Reynolds\Desktop\~WRL0318.tmp deleted successfully.
    C:\Documents and Settings\John Reynolds\Desktop\~WRL0355.tmp deleted successfully.
    C:\Documents and Settings\John Reynolds\Desktop\~WRL0809.tmp deleted successfully.
    C:\Documents and Settings\John Reynolds\Desktop\~WRL1407.tmp deleted successfully.
    C:\Documents and Settings\John Reynolds\Desktop\~WRL1834.tmp deleted successfully.
    C:\Documents and Settings\John Reynolds\Desktop\~WRL2276.tmp deleted successfully.
    C:\Documents and Settings\John Reynolds\Desktop\~WRL2475.tmp deleted successfully.
    C:\Documents and Settings\John Reynolds\Desktop\~WRL2660.tmp deleted successfully.
    C:\Documents and Settings\John Reynolds\Desktop\~WRL3466.tmp deleted successfully.
    C:\Documents and Settings\John Reynolds\Desktop\~WRL3602.tmp deleted successfully.
    C:\Documents and Settings\John Reynolds\Desktop\~WRL3747.tmp deleted successfully.
    C:\Documents and Settings\John Reynolds\Desktop\~WRL3799.tmp deleted successfully.
    C:\Documents and Settings\John Reynolds\Desktop\~WRL3810.tmp deleted successfully.
    C:\Documents and Settings\John Reynolds\Desktop\~WRL3841.tmp deleted successfully.
    C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
    C:\WINDOWS\system32\cd.dat moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator

    User: All Users

    User: Default User

    User: John Reynolds
    ->Temp folder emptied: 3308271 bytes
    ->Temporary Internet Files folder emptied: 36798479 bytes
    ->Flash cache emptied: 456 bytes

    User: LocalService
    ->Temp folder emptied: 65536 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: NetworkService

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 16867 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 28037072 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 65.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Default User

    User: John Reynolds
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: NetworkService

    Total Flash Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point (0)
    C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    OTL by OldTimer - Version 3.2.26.1 log created on 08022011_170817

    Files\Folders moved on Reboot...
    File move failed. E:\AutoRun.exe scheduled to be moved on reboot.
    File move failed. E:\AUTORUN.INF scheduled to be moved on reboot.
    C:\WINDOWS\temp\Perflib_Perfdata_abc.dat moved successfully.

    Registry entries deleted on Reboot...


  • #8
    ASJ112
    Site Banned Posts: 1,167 ✭✭✭ASJ112


    open OTL click the None button at the top, paste this in the custom scan/fixes box


    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    SaveMBR:0
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    C:\*.*
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs


    click run scan post the log it gives. Also how is it running ?


  • #9
    Gekko
    Registered Users, Registered Users 2 Posts: 1,189 ✭✭✭Gekko


    thanks, it seems to be running ok now. Earlier when I realised it was infected it downloaded a huge chunk of data and the fan was louder than usual so I knew something was up. It seems all right again now.

    OTL logfile created on: 02/08/2011 17:54:11 - Run 3
    OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\John Reynolds\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    2.80 Gb Total Physical Memory | 2.01 Gb Available Physical Memory | 72.01% Memory free
    4.64 Gb Paging File | 3.95 Gb Available in Paging File | 85.16% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 298.09 Gb Total Space | 275.33 Gb Free Space | 92.36% Space Free | Partition Type: NTFS
    Drive E: | 30.94 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: JOHNREYNOLDSM11 | User Name: John Reynolds | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    MsConfig - Services: "ImapiService"
    MsConfig - Services: "idsvc"
    MsConfig - Services: "gusvc"
    MsConfig - Services: "TOSHIBA Bluetooth Service"
    MsConfig - Services: "seclogon"
    MsConfig - Services: "RasMan"
    MsConfig - Services: "RasAuto"
    MsConfig - Services: "HidServ"
    MsConfig - Services: "SwPrv"
    MsConfig - Services: "stisvc"
    MsConfig - Services: "FastUserSwitchingCompatibility"
    MsConfig - Services: "CryptSvc"
    MsConfig - Services: "BITS"
    MsConfig - Services: "ExpatShieldService"
    MsConfig - Services: "ExpatTrayService"
    MsConfig - Services: "ExpatWd"
    MsConfig - Services: "ExpatSrv"
    MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe - (TOSHIBA CORPORATION.)
    MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE - (Microsoft Corporation)
    MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe - (Microsoft Corporation)
    MsConfig - StartUpFolder: C:^Documents and Settings^John Reynolds^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
    MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
    MsConfig - StartUpReg: KernelFaultCheck - hkey= - key= - File not found
    MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
    MsConfig - State: "system.ini" - 0
    MsConfig - State: "win.ini" - 0
    MsConfig - State: "bootini" - 0
    MsConfig - State: "services" - 2
    MsConfig - State: "startup" - 2

    SafeBootMin: Base - Driver Group
    SafeBootMin: Boot Bus Extender - Driver Group
    SafeBootMin: Boot file system - Driver Group
    SafeBootMin: File system - Driver Group
    SafeBootMin: Filter - Driver Group
    SafeBootMin: MCODS - Reg Error: Value error.
    SafeBootMin: PCI Configuration - Driver Group
    SafeBootMin: PNP Filter - Driver Group
    SafeBootMin: Primary disk - Driver Group
    SafeBootMin: SCSI Class - Driver Group
    SafeBootMin: sermouse.sys - Driver
    SafeBootMin: System Bus Extender - Driver Group
    SafeBootMin: vga.sys - Driver
    SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

    SafeBootNet: Base - Driver Group
    SafeBootNet: Boot Bus Extender - Driver Group
    SafeBootNet: Boot file system - Driver Group
    SafeBootNet: File system - Driver Group
    SafeBootNet: Filter - Driver Group
    SafeBootNet: MCODS - Reg Error: Value error.
    SafeBootNet: NDIS Wrapper - Driver Group
    SafeBootNet: NetBIOSGroup - Driver Group
    SafeBootNet: NetDDEGroup - Driver Group
    SafeBootNet: Network - Driver Group
    SafeBootNet: NetworkProvider - Driver Group
    SafeBootNet: PCI Configuration - Driver Group
    SafeBootNet: PNP Filter - Driver Group
    SafeBootNet: PNP_TDI - Driver Group
    SafeBootNet: Primary disk - Driver Group
    SafeBootNet: SCSI Class - Driver Group
    SafeBootNet: sermouse.sys - Driver
    SafeBootNet: Streams Drivers - Driver Group
    SafeBootNet: System Bus Extender - Driver Group
    SafeBootNet: TDI - Driver Group
    SafeBootNet: vga.sys - Driver
    SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
    SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
    SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
    SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
    SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

    ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
    ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
    ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
    ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
    ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
    ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
    ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
    ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
    ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
    ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
    ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
    ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
    ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
    ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
    ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
    ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
    ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
    ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
    ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
    ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
    ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
    ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
    ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
    ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
    ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
    ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
    ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
    ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
    ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
    ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
    ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
    ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
    ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
    ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
    ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
    ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
    ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
    ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
    ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
    ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
    ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
    ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

    Drivers32: msacm.divxa32 - C:\WINDOWS\System32\msaud32_divx.acm (Microsoft Corporation)
    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

    ========== Custom Scans ==========


    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < C:\*.* >
    [2010/06/15 15:04:15 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2011/07/30 19:27:06 | 000,000,211 | RHS- | M] () -- C:\boot.ini
    [2010/06/15 15:04:15 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2011/08/02 17:18:00 | 3003,564,032 | -HS- | M] () -- C:\hiberfil.sys
    [2010/06/15 15:04:15 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2010/06/15 15:04:15 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2008/04/14 13:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2008/04/14 13:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2011/08/02 17:17:59 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
    [2011/08/02 17:54:16 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
    [2010/11/04 20:24:59 | 000,002,155 | ---- | M] () -- C:\RHDSetup.log
    [2010/06/16 00:31:53 | 000,000,070 | -H-- | M] () -- C:\SWSTAMP.TXT
    [2011/05/04 05:27:51 | 000,047,124 | ---- | M] () -- C:\TDSSKiller.2.5.0.0_04.05.2011_05.26.41_log.txt
    [2011/08/02 15:44:26 | 000,002,048 | ---- | M] () -- C:\Uninstall.dat

    < End of report >


  • #10
    ASJ112
    Site Banned Posts: 1,167 ✭✭✭ASJ112


    just one more thing


    open OTL paste this in the custom scan/fix box


    :files
    net start CryptSvc /c
    c:\windows\system32\drivers\ftgnstlx.sys
    :Services
    vuuhla


    click run fix post the log it gives.


    Then i'd download a new copy of MBAM, install + update it and run a quick scan with it and post the log


  • #11
    Gekko
    Registered Users, Registered Users 2 Posts: 1,189 ✭✭✭Gekko


    ========== FILES ==========
    < net start CryptSvc /c >
    The Cryptographic Services service is starting.
    The Cryptographic Services service was started successfully.
    C:\Documents and Settings\John Reynolds\Desktop\cmd.bat deleted successfully.
    C:\Documents and Settings\John Reynolds\Desktop\cmd.txt deleted successfully.
    File\Folder c:\windows\system32\drivers\ftgnstlx.sys not found.
    ========== SERVICES/DRIVERS ==========
    Service vuuhla stopped successfully!
    Service vuuhla deleted successfully!

    OTL by OldTimer - Version 3.2.26.1 log created on 08022011_181216

    Malwarebytes' Anti-Malware 1.51.1.1800
    www.malwarebytes.org

    Database version: 7357

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    02/08/2011 19:12:50
    mbam-log-2011-08-02 (19-12-50).txt

    Scan type: Quick scan
    Objects scanned: 163883
    Time elapsed: 3 minute(s), 10 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


  • Advertisement
  • #12
    ASJ112
    Site Banned Posts: 1,167 ✭✭✭ASJ112


    if there are no issues then we are all done

    open OTL click the cleanup button, and that's everything :)


Advertisement