[Inactive] INFECTED DATA RESTORE

Started By jffarid, Nov 10 2011 06:42 AM

This topic is locked
Go to first unread post

36 replies to this topic

#21 Broni

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 05:09 AM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 57d 10h 30m 28s

Posted 14 November 2011 - 04:18 PM

Yes, as my instructions say.

#22 jffarid Re: [Inactive] INFECTED DATA RESTORE

Member

19 posts
Joined: November 09, 2011
1 topics
Age: 49
Local time: 07:09 AM

Zodiac:Virgo
Gender:Male
OS:Windows XP
Country:

Offline

Time Online: 4h 17m 33s

Posted 14 November 2011 - 10:20 PM

Sorry for some reason I can not see the response you posted this afternoon to above. I ran both the ComboFix and Rkill, but I cant post anything, on page 2 the heading on right hand side there are two tabs "you cannot reply to this topic, you cannot start a new topic"

#23 Broni Re: [Inactive] INFECTED DATA RESTORE

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 05:09 AM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 57d 10h 30m 28s

Posted 14 November 2011 - 11:35 PM

You surely can reply since you just did.

#24 jffarid Re: [Inactive] INFECTED DATA RESTORE

Member

19 posts
Joined: November 09, 2011
1 topics
Age: 49
Local time: 07:09 AM

Zodiac:Virgo
Gender:Male
OS:Windows XP
Country:

Offline

Time Online: 4h 17m 33s

Posted 15 November 2011 - 03:51 AM

I was sending the messg from another lap top, the reason I couldnt post anything on the infected computer was because I was not logged in! here is the ComboFix log

ComboFix 11-11-14.01 - JOSHUA FARID 11/14/2011 15:31:07.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1329 [GMT -5:00]
Running from: c:\documents and settings\JOSHUA FARID\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Atefeh\Start Menu\Programs\System Restore
c:\documents and settings\Atefeh\Start Menu\Programs\System Restore\System Restore.lnk
c:\documents and settings\Atefeh\Start Menu\Programs\System Restore\Uninstall System Restore.lnk
c:\documents and settings\JOSHUA FARID\Start Menu\Programs\System Restore
c:\documents and settings\JOSHUA FARID\Start Menu\Programs\System Restore\System Restore.lnk
c:\documents and settings\JOSHUA FARID\Start Menu\Programs\System Restore\Uninstall System Restore.lnk
c:\documents and settings\JOSHUA FARID\WINDOWS
c:\program files\StartNow Toolbar
c:\program files\StartNow Toolbar\ReactivateFF.exe
c:\program files\StartNow Toolbar\ReactivateIE.exe
c:\program files\StartNow Toolbar\Resources\images\engine_images.png
c:\program files\StartNow Toolbar\Resources\images\engine_maps.png
c:\program files\StartNow Toolbar\Resources\images\engine_news.png
c:\program files\StartNow Toolbar\Resources\images\engine_videos.png
c:\program files\StartNow Toolbar\Resources\images\engine_web.png
c:\program files\StartNow Toolbar\Resources\images\icon_amazon.png
c:\program files\StartNow Toolbar\Resources\images\icon_ebay.png
c:\program files\StartNow Toolbar\Resources\images\icon_facebook.png
c:\program files\StartNow Toolbar\Resources\images\icon_games.png
c:\program files\StartNow Toolbar\Resources\images\icon_msn.png
c:\program files\StartNow Toolbar\Resources\images\icon_shopping.png
c:\program files\StartNow Toolbar\Resources\images\icon_travel.png
c:\program files\StartNow Toolbar\Resources\images\icon_twitter.png
c:\program files\StartNow Toolbar\Resources\images\startnow_logo.png
c:\program files\StartNow Toolbar\Resources\installer.xml
c:\program files\StartNow Toolbar\Resources\skin\chevron_button.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_hover.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_normal.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_background.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_left.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_middle.png
c:\program files\StartNow Toolbar\Resources\skin\separator.png
c:\program files\StartNow Toolbar\Resources\skin\splitter.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png
c:\program files\StartNow Toolbar\Resources\toolbar.xml
c:\program files\StartNow Toolbar\Resources\update.xml
c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe
c:\program files\StartNow Toolbar\Toolbar32.dll
c:\program files\StartNow Toolbar\ToolbarBroker.exe
c:\program files\StartNow Toolbar\ToolbarUpdaterService.exe
c:\program files\StartNow Toolbar\uninstall.dat
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\kb835221.exe
c:\windows\kb913800.exe
c:\windows\setupapi.log
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\_000010_.tmp.dll
c:\windows\system32\_000011_.tmp.dll
c:\windows\windows-kb870669-x86-enu.exe
c:\windows\windowsinstaller-kb893803-v2-x86.exe
c:\windows\windowsmedia10-kb917734-x86-enu.exe
c:\windows\windowsxp-kb307154-x86-enu.exe
c:\windows\windowsxp-kb873339-x86-enu.exe
c:\windows\windowsxp-kb884018-x86-enu.exe
c:\windows\windowsxp-kb884575-x86-enu.exe
c:\windows\windowsxp-kb885250-x86-enu.exe
c:\windows\windowsxp-kb885835-x86-enu.exe
c:\windows\windowsxp-kb885836-x86-enu.exe
c:\windows\windowsxp-kb886185-x86-enu.exe
c:\windows\windowsxp-kb887472-x86-enu.exe
c:\windows\windowsxp-kb887742-x86-enu.exe
c:\windows\windowsxp-kb888113-x86-enu.exe
c:\windows\windowsxp-kb888239-x86-enu.exe
c:\windows\windowsxp-kb888302-x86-enu.exe
c:\windows\windowsxp-kb888321-x86-enu.exe
c:\windows\windowsxp-kb890046-x86-enu.exe
c:\windows\windowsxp-kb890859-x86-enu.exe
c:\windows\windowsxp-kb891781-x86-enu.exe
c:\windows\windowsxp-kb892130-enu-x86.exe
c:\windows\WindowsXP-KB893056-x86-ENU.exe
c:\windows\windowsxp-kb893066-v2-x86-enu.exe
c:\windows\windowsxp-kb893357-v2-x86-enu.exe
c:\windows\windowsxp-kb893756-x86-enu.exe
c:\windows\windowsxp-kb894391-x86-enu.exe
c:\windows\windowsxp-kb896358-x86-enu.exe
c:\windows\windowsxp-kb896422-x86-enu.exe
c:\windows\windowsxp-kb896423-x86-enu.exe
c:\windows\windowsxp-kb896424-x86-enu.exe
c:\windows\windowsxp-kb896428-x86-enu.exe
c:\windows\windowsxp-kb896688-x86-enu.exe
c:\windows\windowsxp-kb896727-x86-enu.exe
c:\windows\windowsxp-kb899587-x86-enu.exe
c:\windows\windowsxp-kb899588-x86-enu.exe
c:\windows\windowsxp-kb899589-x86-enu.exe
c:\windows\windowsxp-kb899591-x86-enu.exe
c:\windows\windowsxp-kb900466-x86-enu.exe
c:\windows\windowsxp-kb900485-v2-x86-enu.exe
c:\windows\windowsxp-kb900725-x86-enu.exe
c:\windows\windowsxp-kb901017-x86-enu.exe
c:\windows\windowsxp-kb901214-x86-enu.exe
c:\windows\windowsxp-kb902400-x86-enu.exe
c:\windows\windowsxp-kb903235-x86-enu.exe
c:\windows\windowsxp-kb905414-x86-enu.exe
c:\windows\windowsxp-kb905749-x86-enu.exe
c:\windows\windowsxp-kb905915-x86-enu.exe
c:\windows\windowsxp-kb908519-x86-enu.exe
c:\windows\windowsxp-kb908531-x86-enu.exe
c:\windows\windowsxp-kb909667-x86-enu.exe
c:\windows\windowsxp-kb910437-x86-enu.exe
c:\windows\windowsxp-kb910728-x86-enu.exe
c:\windows\windowsxp-kb911280-x86-enu.exe
c:\windows\windowsxp-kb911562-x86-enu.exe
c:\windows\windowsxp-kb911567-x86-enu.exe
c:\windows\windowsxp-kb911927-x86-enu.exe
c:\windows\windowsxp-kb912919-x86-enu.exe
c:\windows\windowsxp-kb912945-x86-enu.exe
c:\windows\windowsxp-kb914388-x86-enu.exe
c:\windows\windowsxp-kb914389-x86-enu.exe
c:\windows\windowsxp-kb916281-x86-enu.exe
c:\windows\windowsxp-kb917159-x86-enu.exe
c:\windows\windowsxp-kb917344-x86-enu.exe
c:\windows\windowsxp-kb917953-x86-enu.exe
c:\windows\windowsxp-kb918439-x86-enu.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MYWEBSEARCHSERVICE
-------\Legacy_Updater_Service_for_StartNow_Toolbar
-------\Legacy_Updater_Service_for_StartNow_Toolbar
-------\Service_Updater Service for StartNow Toolbar
-------\Service_Updater Service for StartNow Toolbar
.
.
((((((((((((((((((((((((( Files Created from 2011-10-14 to 2011-11-14 )))))))))))))))))))))))))))))))
.
.
2011-11-09 15:26 . 2011-09-06 21:36 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-09 15:26 . 2011-09-06 21:37 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-09 15:26 . 2011-09-06 21:36 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-09 15:26 . 2011-09-06 21:36 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-09 15:26 . 2011-09-06 21:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-09 15:26 . 2011-09-06 21:36 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-11-09 15:26 . 2011-09-06 21:36 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-11-09 15:26 . 2011-09-06 21:33 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-11-09 15:25 . 2011-09-06 21:45 41184 ----a-w- c:\windows\avastSS.scr
2011-11-09 15:25 . 2011-09-06 21:45 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-09 15:25 . 2011-11-09 15:25 -------- d-----w- c:\program files\AVAST Software
2011-11-09 15:25 . 2011-11-09 15:25 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-11-09 14:53 . 2011-11-09 14:53 -------- d-----w- C:\TDSSKiller_Quarantine
2011-11-08 17:45 . 2011-11-08 17:45 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple Computer
2011-11-08 17:45 . 2011-11-08 17:45 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2011-11-08 16:23 . 2011-11-08 16:23 480310 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-10-18 23:18 . 2011-10-18 23:18 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-10 14:22 . 2006-08-10 07:48 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2006-08-10 07:32 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41 . 2008-07-29 23:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2006-08-10 07:32 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2006-08-10 07:32 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20 . 2006-08-10 07:32 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:48 . 2006-08-10 07:32 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2006-08-10 07:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2006-08-10 07:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2006-08-10 07:32 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2006-08-10 07:32 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-05-26 01:35 . 2011-04-04 16:36 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 21:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AROReminder"="c:\program files\Advanced Registry Optimizer\ARO.exe" [2007-03-23 2074752]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-20 39408]
"SmileboxTray"="c:\documents and settings\JOSHUA FARID\Application Data\Smilebox\SmileboxTray.exe" [2011-09-29 313160]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-04-05 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-04-05 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-04-05 118784]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-18 118784]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2006-08-27 217088]
"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 176128]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"VAIO Update 3"="c:\program files\Sony\VAIO Update 3\VAIOUpdt.exe" [2007-05-16 551032]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"PDF4 Registry Controller"="c:\program files\ScanSoft\PDF Professional 4.0\RegistryController.exe" [2006-10-05 46664]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-19 421888]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\documents and settings\JOSHUA FARID\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2009-3-10 3450608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-06-20 23:11 73728 ----a-w- c:\windows\system32\VESWinlogon.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^JOSHUA FARID^Start Menu^Programs^Startup^Adobe Media Player.lnk]
path=c:\documents and settings\JOSHUA FARID\Start Menu\Programs\Startup\Adobe Media Player.lnk
backup=c:\windows\pss\Adobe Media Player.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2010-09-22 23:11 640440 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2011-09-07 19:53 40376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 01:59 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-06-15 17:37 47408 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
2005-08-25 19:21 53248 ------w- c:\program files\Realtek\InstallShield\AzMixerSel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate]
2010-10-01 13:46 232912 ----a-w- c:\windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-09-28 16:11 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-06-15 20:33 141624 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-19 02:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2007-09-16 05:45 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 23:04 2879488 ----a-w- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmileboxTray]
2011-09-29 02:07 313160 ----a-w- c:\documents and settings\JOSHUA FARID\Application Data\Smilebox\SmileboxTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-04-20 02:37 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-19 00:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [11/9/2011 10:26 AM 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11/9/2011 10:26 AM 320856]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/9/2011 10:26 AM 20568]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/23/2010 1:56 PM 135664]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware\mbamservice.exe [11/9/2011 4:26 PM 366152]
R2 QuickBooksDB18;QuickBooksDB18;c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB18 --> c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB18 [?]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/10/2009 11:08 PM 19096]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [8/10/2006 2:33 AM 808448]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [9/28/2010 11:11 AM 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/23/2010 1:56 PM 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [12/6/2009 10:18 PM 17408]
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
2011-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-23 18:56]
.
2011-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-23 18:56]
.
2011-11-14 c:\windows\Tasks\User_Feed_Synchronization-{226BD022-C192-4D8A-88E4-6913A07715D7}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
2011-11-14 c:\windows\Tasks\User_Feed_Synchronization-{2F95BB85-2AAA-4374-98FE-796094BEC066}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZRxdm429YYUS&fl=0&ptb=x1AEA0xDY_J4FVmQ.u.S6Q&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Open with ScanSoft PDF Converter 4.0 - c:\program files\ScanSoft\PDF Professional 4.0\cnvres_eng.dll /100
IE: Transfer by Image Converter 2 Plus - c:\program files\Sony\Image Converter 2\menu.htm
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\JOSHUA FARID\Application Data\Mozilla\Firefox\Profiles\qwseaeg1.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z127&ocid=zdhp&install_date=20111110
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z127&form=ZGAADF&install_date=20111110&q=

.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-Mouse Suite 98 Daemon - ICO.EXE
HKLM-Run-SUWVpRINfa.exe - c:\documents and settings\All Users\Application Data\SUWVpRINfa.exe
HKLM-Run-wLFPFmouqaYX.exe - c:\documents and settings\All Users\Application Data\wLFPFmouqaYX.exe
HKLM_ActiveSetup-Neat ADF Scanner 2008 - reg copy HKLM\Software\The Neat Company\Neat ADF Scanner 2008 HKCU\Software\The Neat Company\Neat ADF Scanner 2008
AddRemove-StartNow Toolbar - c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-14 15:55
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0faf80b5-e1c2-47c2-bd53-e46a59dd4ef5}]
@Denied: (Full) (Everyone)
"Model"=dword:00000113
"Therad"=dword:0000001a
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):3b,18,e9,2f,4b,d1,23,ea,5c,b2,49,63,b2,5d,f0,f2,df,c2,8e,c5,1b,
27,b9,81,1b,61,9b,a4,b4,9a,a9,1e,a8,d1,cd,de,5e,94,7d,8f,00,00,00,00,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1196)
c:\windows\system32\VESWinlogon.dll
.
- - - - - - - > 'explorer.exe'(444)
c:\windows\system32\WININET.dll
c:\program files\Stardock\ObjectDock\DockShellHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\windows\eHome\ehmsas.exe
c:\program files\Apoint\Apntex.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-11-14 16:06:41 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-14 21:06
.
Pre-Run: 65,618,231,296 bytes free
Post-Run: 66,526,883,840 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - B0BAAB2B9975546E831E96C2F043BA4D
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Rkill was run on 11/14/2011 at 17:06:16.
Operating System: Microsoft Windows XP

Processes terminated by Rkill or while it was running:
C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe

Please let me have your further instructions, I still have empty folders under all program files. I looked up the link you had for restoring them, there is no smtmp folder. I have also tried uise unhide- did not work; followed method 3-manual restore but I am not getting the .exe file under program files(since I downloaded Avast after the infection, it is in the program folder under all programs). Do I need to do these steps manually for each and every program? Thank you so much for your assistance thus far, you have been very gracious. I wish that there was program that would do this

Rkill completed on 11/14/2011 at 17:06:26.

#25 Broni Re: [Inactive] INFECTED DATA RESTORE

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 05:09 AM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 57d 10h 30m 28s

Posted 15 November 2011 - 03:58 AM

Quote

Do I need to do these steps manually for each and every program?

Unfortunately yes.

Please do NOT format your replies in "italics". It's harder for me to read.

Uninstall Advanced Registry Optimizer.
Registry cleaners/optimizers are not recommended for several reasons:

Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".

Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.

================================================================================

Combofix log looks clean now.
How is computer doing overall (except for those missing shortcuts)?

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the Scan All Users checkbox.
Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

#26 jffarid Re: [Inactive] INFECTED DATA RESTORE

Member

19 posts
Joined: November 09, 2011
1 topics
Age: 49
Local time: 07:09 AM

Zodiac:Virgo
Gender:Male
OS:Windows XP
Country:

Offline

Time Online: 4h 17m 33s

Posted 16 November 2011 - 06:40 PM

OTL logfile created on: 11/16/2011 1:15:37 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\JOSHUA FARID\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.07 Gb Available Physical Memory | 53.95% Memory free
3.33 Gb Paging File | 2.69 Gb Available in Paging File | 80.75% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 104.79 Gb Total Space | 60.85 Gb Free Space | 58.07% Space Free | Partition Type: NTFS

Computer Name: ATY | User Name: JOSHUA FARID | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/16 13:12:31 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JOSHUA FARID\Desktop\OTL.exe
PRC - [2011/09/06 16:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/09/06 16:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2008/10/22 21:59:35 | 001,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/15 20:46:28 | 000,551,032 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
PRC - [2006/08/27 16:46:54 | 000,217,088 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PRC - [2006/06/20 16:11:00 | 000,176,128 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2006/04/04 16:55:18 | 000,274,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2006/02/14 15:11:46 | 000,176,128 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
PRC - [2005/11/28 15:39:32 | 000,118,784 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2005/11/28 15:39:30 | 000,131,072 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2005/03/11 20:55:40 | 000,135,168 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
PRC - [2004/11/17 22:47:16 | 000,118,784 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe

========== Modules (No Company Name) ==========

MOD - [2011/11/16 11:53:21 | 001,616,896 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11111601\algo.dll
MOD - [2011/11/15 13:27:35 | 001,616,896 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11111501\algo.dll
MOD - [2011/11/15 06:59:54 | 000,241,528 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11111601\aswRep.dll
MOD - [2011/11/15 06:59:54 | 000,241,528 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11111501\aswRep.dll
MOD - [2011/02/04 16:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2010/02/05 13:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2008/10/22 21:59:35 | 001,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
MOD - [2008/10/22 21:59:35 | 000,362,376 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcnet.dll
MOD - [2008/04/14 05:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 05:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/03/24 23:50:40 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll
MOD - [2006/07/02 23:44:10 | 000,118,784 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2006/07/02 23:42:44 | 000,348,160 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
MOD - [2006/06/20 16:11:00 | 000,010,752 | ---- | M] () -- C:\Program Files\Sony\VAIO Event Service\VESBasePS.dll
MOD - [2004/07/20 20:04:00 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\TosBtHcrpAPI.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/09/06 16:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/09/17 13:35:06 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/10/22 21:59:35 | 001,251,720 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/02/27 04:24:12 | 000,020,480 | ---- | M] (Intuit) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2007/05/24 07:08:44 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2007/02/05 10:11:18 | 000,075,320 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2007/02/05 10:11:16 | 000,112,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service)
SRV - [2006/12/14 02:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 02:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 01:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006/09/13 10:32:12 | 000,128,536 | ---- | M] (iAnywhere Solutions, Inc.) [Auto | Stopped] -- C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe -- (QuickBooksDB18)
SRV - [2006/06/20 16:11:00 | 000,176,128 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2006/06/13 11:03:42 | 002,084,864 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2006/06/07 12:51:50 | 000,155,648 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2006/05/18 13:22:26 | 000,770,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2006/05/18 13:22:26 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2006/04/04 16:55:18 | 000,274,432 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2005/11/28 15:39:32 | 000,118,784 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2005/11/28 15:39:30 | 000,131,072 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2005/11/25 15:08:54 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2005/07/14 22:10:16 | 000,032,768 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Image Converter 2\IcVzMon.exe -- (Image Converter video recording monitor for VAIO Entertainment)
SRV - [2005/03/11 20:55:40 | 000,135,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe -- (SonicStageMonitoring)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/09/06 16:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/09/06 16:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/09/06 16:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/09/06 16:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/09/06 16:36:23 | 000,110,552 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/09/06 16:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/09/06 16:33:11 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/08/28 19:42:44 | 000,017,408 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\netaapl.sys -- (Netaapl)
DRV - [2009/05/26 12:19:56 | 000,019,096 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2007/09/16 00:45:46 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2007/01/24 14:46:00 | 000,808,448 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2006/12/14 14:51:27 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/07/24 17:38:20 | 000,990,592 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/07/24 17:38:20 | 000,727,808 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/07/24 17:38:20 | 000,208,256 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/07/03 01:16:30 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/06/14 11:04:00 | 004,299,264 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/05/23 10:56:00 | 000,245,248 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2006/04/13 20:00:00 | 000,108,928 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd)
DRV - [2006/03/16 10:45:00 | 000,037,632 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2006/03/15 10:52:00 | 000,052,864 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfsnd.sys -- (TosRfSnd) Bluetooth Audio Device (WDM)
DRV - [2006/02/24 01:37:00 | 000,040,192 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2006/02/10 11:17:00 | 000,047,488 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2006/02/08 17:33:00 | 000,062,848 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfhid.sys -- (Tosrfhid)
DRV - [2005/08/01 16:45:00 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005/07/11 18:58:00 | 000,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshidpt.sys -- (toshidpt)
DRV - [2005/01/06 13:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004/11/22 12:31:00 | 000,108,767 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2000/12/05 16:18:02 | 000,003,952 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)
DRV - [2000/11/09 19:15:08 | 000,048,896 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyNC.sys -- (SNC)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople

IE - HKU\S-1-5-21-3201687670-3693188784-1112880381-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = My Web Search
IE - HKU\S-1-5-21-3201687670-3693188784-1112880381-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultUrl = http://www.mywebsear...or={searchTerms}
IE - HKU\S-1-5-21-3201687670-3693188784-1112880381-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...l_date=20111110
IE - HKU\S-1-5-21-3201687670-3693188784-1112880381-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/?...l_date=20111110"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: avg@igeared:2.609.002.003
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20090630
FF - prefs.js..keyword.URL: "http://www.bing.com/...date=20111110="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\program files\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/11/09 10:25:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/25 20:35:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/14 20:53:17 | 000,000,000 | ---D | M]

[2009/03/23 17:22:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\JOSHUA FARID\Application Data\Mozilla\Extensions
[2011/11/10 18:50:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\JOSHUA FARID\Application Data\Mozilla\Firefox\Profiles\qwseaeg1.default\extensions
[2009/10/07 20:43:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\JOSHUA FARID\Application Data\Mozilla\Firefox\Profiles\qwseaeg1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/11 16:57:14 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Documents and Settings\JOSHUA FARID\Application Data\Mozilla\Firefox\Profiles\qwseaeg1.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2011/11/10 18:50:25 | 000,000,000 | ---D | M] (StartNow Toolbar) -- C:\Documents and Settings\JOSHUA FARID\Application Data\Mozilla\Firefox\Profiles\qwseaeg1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
[2011/06/20 16:27:23 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\JOSHUA FARID\Application Data\Mozilla\Firefox\Profiles\qwseaeg1.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/09/13 21:18:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\JOSHUA FARID\Application Data\Mozilla\Firefox\Profiles\qwseaeg1.default\extensions\staged
[2009/05/01 22:56:01 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\JOSHUA FARID\Application Data\Mozilla\Firefox\Profiles\qwseaeg1.default\searchplugins\ask.xml
[2011/11/10 18:50:24 | 000,001,945 | ---- | M] () -- C:\Documents and Settings\JOSHUA FARID\Application Data\Mozilla\Firefox\Profiles\qwseaeg1.default\searchplugins\bing-zugo.xml
[2009/05/10 01:15:01 | 000,009,899 | ---- | M] () -- C:\Documents and Settings\JOSHUA FARID\Application Data\Mozilla\Firefox\Profiles\qwseaeg1.default\searchplugins\mywebsearch.xml
[2011/04/04 11:36:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\JOSHUA FARID\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QWSEAEG1.DEFAULT\EXTENSIONS\{0538E3E3-7E9B-4D49-8831-A227C80A7AD3}.XPI
File not found (No name found) -- C:\PROGRAM FILES\AVG\AVG8\TOOLBAR\FIREFOX\AVG@IGEARED
[2011/05/25 20:35:33 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007/03/09 18:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java™ Platform SE 6 U13 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Java™ Platform SE 6 U13 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Documents and Settings\JOSHUA FARID\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\
CHR - Extension: Poppit = C:\Documents and Settings\JOSHUA FARID\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2011/11/14 15:54:44 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-3201687670-3693188784-1112880381-1005\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-3201687670-3693188784-1112880381-1005\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-3201687670-3693188784-1112880381-1005\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDF4 Registry Controller] C:\Program Files\ScanSoft\PDF Professional 4.0\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
O4 - HKLM..\Run: [VAIO Recovery] C:\WINDOWS\SONYSYS\VAIO Recovery\PartSeal.exe (Sony Electronics Inc)
O4 - HKLM..\Run: [VAIO Update 3] C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe (Sony Corporation)
O4 - HKU\S-1-5-21-3201687670-3693188784-1112880381-1005..\Run: [SmileboxTray] C:\Documents and Settings\JOSHUA FARID\Application Data\Smilebox\SmileboxTray.exe (Smilebox, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\JOSHUA FARID\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (Stardock)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3201687670-3693188784-1112880381-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3201687670-3693188784-1112880381-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3201687670-3693188784-1112880381-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3201687670-3693188784-1112880381-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8 - Extra context menu item: Open with ScanSoft PDF Converter 4.0 - C:\Program Files\ScanSoft\PDF Professional 4.0\cnvres_eng.dll ()
O8 - Extra context menu item: Transfer by Image Converter 2 Plus - C:\Program Files\Sony\Image Converter 2\menu.htm ()
O15 - HKU\S-1-5-21-3201687670-3693188784-1112880381-1005\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-3201687670-3693188784-1112880381-1005\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} http://esupport.sony.com/VaioInfo.CAB (VaioInfo.CMClass)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1281340870812 (WUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnime...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} http://java.sun.com/...-131_02-win.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{71767A93-9C01-4B51-A90C-BFDD0DF30F8C}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\JOSHUA FARID\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\JOSHUA FARID\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/08/10 02:51:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.dvsd - C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll (Sony Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/11/16 13:12:18 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\JOSHUA FARID\Desktop\OTL.exe
[2011/11/14 20:57:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/11/14 20:52:52 | 000,000,000 | ---D | C] -- C:\_AcroTemp
[2011/11/14 20:33:05 | 000,000,000 | ---D | C] -- C:\Program Files\ExplorerXP
[2011/11/14 20:33:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JOSHUA FARID\Start Menu\Programs\ExplorerXP
[2011/11/14 17:13:45 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/11/14 15:56:21 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/11/14 15:25:52 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/11/14 10:57:00 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/11/14 10:57:00 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/11/14 10:57:00 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/11/14 10:57:00 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/11/14 10:55:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/11/14 10:55:36 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/14 10:53:40 | 004,293,460 | R--- | C] (Swearware) -- C:\Documents and Settings\JOSHUA FARID\Desktop\ComboFix.exe
[2011/11/10 20:38:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JOSHUA FARID\My Documents\New Folder
[2011/11/10 20:38:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JOSHUA FARID\My Documents\New Folder (2)
[2011/11/10 20:38:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JOSHUA FARID\My Documents\My Widgets
[2011/11/10 20:37:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\JOSHUA FARID\My Documents\My Videos
[2011/11/10 20:37:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JOSHUA FARID\My Documents\My Smilebox Creations
[2011/11/10 20:37:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JOSHUA FARID\My Documents\2010 Tax Forms
[2011/11/10 20:37:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JOSHUA FARID\My Documents\2009 Tax Forms
[2011/11/10 20:37:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JOSHUA FARID\My Documents\2005-2006-2007 IRS TAX
[2011/11/10 20:37:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JOSHUA FARID\My Documents\USO
[2011/11/10 20:37:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JOSHUA FARID\My Documents\Symantec
[2011/11/10 20:37:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JOSHUA FARID\My Documents\Stardock
[2011/11/10 20:36:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JOSHUA FARID\My Documents\Secrets of Hypnosis Revealed
[2011/11/10 20:36:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JOSHUA FARID\My Documents\ScanSoft PDF Professional 4
[2011/11/10 20:36:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JOSHUA FARID\My Documents\Quicken Rental Property Manager
[2011/11/10 20:36:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JOSHUA FARID\My Documents\Quicken
[2011/11/10 20:36:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JOSHUA FARID\My Documents\OWN CAPITAL JUDGMENT12-02-2010
[2011/11/10 20:36:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JOSHUA FARID\My Documents\NLP
[2011/11/10 01:25:31 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\JOSHUA FARID\Desktop\dds.scr
[2011/11/10 00:36:49 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\JOSHUA FARID\Desktop\aswMBR.exe
[2011/11/09 16:23:39 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\JOSHUA FARID\Desktop\mbam-setup-1.51.2.1300.exe
[2011/11/09 10:26:23 | 000,020,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/11/09 10:26:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/11/09 10:26:22 | 000,320,856 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/11/09 10:26:19 | 000,052,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/11/09 10:26:19 | 000,034,392 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/11/09 10:26:18 | 000,442,200 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/11/09 10:26:17 | 000,110,552 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/11/09 10:26:17 | 000,104,536 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/11/09 10:26:16 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/11/09 10:25:54 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/11/09 10:25:53 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/11/09 10:25:36 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/11/09 10:25:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/11/09 09:53:16 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2011/11/09 09:07:45 | 000,000,000 | R--D | C] -- C:\Documents and Settings\JOSHUA FARID\Recent
[2011/11/08 12:45:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple Computer
[2011/11/08 12:45:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2011/10/20 05:33:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/10/18 18:20:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/10/18 18:18:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/10/18 18:18:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/10/18 18:11:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/10/18 18:11:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[73 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/16 13:22:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{226BD022-C192-4D8A-88E4-6913A07715D7}.job
[2011/11/16 13:20:00 | 000,000,394 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{2F95BB85-2AAA-4374-98FE-796094BEC066}.job
[2011/11/16 13:12:31 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JOSHUA FARID\Desktop\OTL.exe
[2011/11/14 22:59:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/14 22:29:54 | 000,002,109 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
[2011/11/14 22:29:54 | 000,001,836 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickBooks Pro 2008.lnk
[2011/11/14 21:25:41 | 000,684,297 | ---- | M] () -- C:\Documents and Settings\JOSHUA FARID\Desktop\unhide.exe
[2011/11/14 20:33:06 | 000,001,598 | ---- | M] () -- C:\Documents and Settings\JOSHUA FARID\Application Data\Microsoft\Internet Explorer\Quick Launch\ExplorerXP.lnk
[2011/11/14 20:33:06 | 000,001,580 | ---- | M] () -- C:\Documents and Settings\JOSHUA FARID\Desktop\ExplorerXP.lnk
[2011/11/14 20:32:34 | 000,420,137 | ---- | M] () -- C:\Documents and Settings\JOSHUA FARID\Desktop\explorerxpsetup.exe
[2011/11/14 17:38:04 | 000,216,064 | ---- | M] () -- C:\Documents and Settings\JOSHUA FARID\Desktop\AppPaths.exe
[2011/11/14 17:36:06 | 000,000,055 | ---- | M] () -- C:\Documents and Settings\JOSHUA FARID\Desktop\Windows XP Tips - Ramesh.url
[2011/11/14 17:35:33 | 000,007,252 | ---- | M] () -- C:\Documents and Settings\JOSHUA FARID\Desktop\admintools.zip
[2011/11/14 17:32:53 | 000,014,797 | ---- | M] () -- C:\Documents and Settings\JOSHUA FARID\Desktop\accrestore.zip
[2011/11/14 17:05:05 | 001,008,092 | ---- | M] () -- C:\Documents and Settings\JOSHUA FARID\Desktop\rkill.com
[2011/11/14 15:59:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/14 15:54:44 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/11/14 15:54:19 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/14 15:53:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/14 15:53:15 | 2137,182,208 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/14 15:26:20 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2011/11/14 10:56:15 | 004,293,460 | R--- | M] (Swearware) -- C:\Documents and Settings\JOSHUA FARID\Desktop\ComboFix.exe
[2011/11/11 11:29:18 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/11/10 19:15:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/11/10 19:01:58 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\JOSHUA FARID\Desktop\SystemLook.exe
[2011/11/10 18:51:49 | 001,545,505 | ---- | M] () -- C:\Documents and Settings\JOSHUA FARID\Desktop\tdsskiller.zip
[2011/11/10 18:50:08 | 000,738,040 | ---- | M] () -- C:\Documents and Settings\JOSHUA FARID\Desktop\st-softonic-sntb.exe
[2011/11/10 01:25:38 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\JOSHUA FARID\Desktop\dds.scr
[2011/11/10 01:23:43 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\JOSHUA FARID\Desktop\MBR.dat
[2011/11/10 00:36:49 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\JOSHUA FARID\Desktop\aswMBR.exe
[2011/11/09 21:17:54 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\JOSHUA FARID\Desktop\q9b8rnoe.exe
[2011/11/09 16:47:23 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/11/09 16:40:22 | 000,001,019 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/09 16:23:39 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\JOSHUA FARID\Desktop\mbam-setup-1.51.2.1300.exe
[2011/11/09 16:10:58 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\JOSHUA FARID\Desktop\MBRCheck.exe
[2011/11/09 15:35:36 | 001,563,952 | ---- | M] () -- C:\Documents and Settings\JOSHUA FARID\Desktop\tdsskiller.exe
[2011/11/09 10:26:23 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/11/08 15:59:47 | 000,000,456 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\9lVK7dmpdonxRW
[2011/11/08 15:59:35 | 000,000,304 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~9lVK7dmpdonxRW
[2011/11/08 15:59:35 | 000,000,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~9lVK7dmpdonxRWr
[2011/11/08 15:53:03 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/08 11:20:55 | 000,000,857 | ---- | M] () -- C:\Documents and Settings\JOSHUA FARID\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/11/01 16:52:24 | 000,000,440 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk
[2011/11/01 16:50:21 | 000,000,304 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjk
[2011/11/01 16:50:21 | 000,000,200 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjkr
[2011/11/01 16:50:07 | 000,000,839 | ---- | M] () -- C:\Documents and Settings\JOSHUA FARID\Desktop\System Restore.lnk
[2011/10/18 15:35:40 | 000,149,952 | ---- | M] () -- C:\Documents and Settings\JOSHUA FARID\My Documents\Aty's Metaphor_1.pdf
[2011/10/18 15:35:14 | 000,152,133 | ---- | M] () -- C:\Documents and Settings\JOSHUA FARID\My Documents\Aty's Metaphor.pdf
[73 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/14 22:29:54 | 000,002,109 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
[2011/11/14 22:29:54 | 000,001,836 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickBooks Pro 2008.lnk
[2011/11/14 20:56:52 | 000,002,371 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Acrobat Distiller 9.lnk
[2011/11/14 20:56:52 | 000,002,359 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Acrobat 9 Pro.lnk
[2011/11/14 20:33:06 | 000,001,598 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\Application Data\Microsoft\Internet Explorer\Quick Launch\ExplorerXP.lnk
[2011/11/14 20:33:06 | 000,001,580 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\Desktop\ExplorerXP.lnk
[2011/11/14 20:32:22 | 000,420,137 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\Desktop\explorerxpsetup.exe
[2011/11/14 17:38:04 | 000,216,064 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\Desktop\AppPaths.exe
[2011/11/14 17:36:06 | 000,000,055 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\Desktop\Windows XP Tips - Ramesh.url
[2011/11/14 17:35:32 | 000,007,252 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\Desktop\admintools.zip
[2011/11/14 17:32:53 | 000,014,797 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\Desktop\accrestore.zip
[2011/11/14 17:05:01 | 001,008,092 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\Desktop\rkill.com
[2011/11/14 15:26:20 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2011/11/14 15:26:02 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/11/14 10:57:00 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/11/14 10:57:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/11/14 10:57:00 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/11/14 10:57:00 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/11/14 10:57:00 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/11/10 20:37:43 | 000,093,919 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\My Documents\Wachovia Bank Letter.pdf
[2011/11/10 20:37:43 | 000,050,773 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\My Documents\Visa Signature Hilton Honors.pdf
[2011/11/10 20:37:42 | 017,646,372 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\My Documents\video.mp4
[2011/11/10 20:37:42 | 000,894,389 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\My Documents\Lease_for_Montreux_817- 2-10-11.pdf
[2011/11/10 20:37:42 | 000,267,288 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\My Documents\passport copy.pdf
[2011/11/10 20:37:42 | 000,246,941 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\My Documents\passport copy_1.pdf
[2011/11/10 20:37:42 | 000,213,306 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\My Documents\My credit report.pdf
[2011/11/10 20:37:42 | 000,209,893 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\My Documents\http___tweentribune.pdf
[2011/11/10 20:37:42 | 000,195,554 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\My Documents\tweentribune.com-content-schools-want-trick-you-eating-r0001.tif
[2011/11/10 20:37:42 | 000,195,554 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\My Documents\tweentribune.com-content-schools-want-trick-you-eating-r.tif
[2011/11/10 20:37:42 | 000,133,200 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\My Documents\US Airways checked baggage $78.TIF
[2011/11/10 20:37:42 | 000,105,827 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\My Documents\Sandals Payment.pdf
[2011/11/10 20:37:42 | 000,102,985 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\My Documents\Orbach and Waters Motion Hearing.pdf
[2011/11/10 20:37:42 | 000,089,408 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\My Documents\Orange Park Condo 8-30-10.pdf
[2011/11/10 20:37:42 | 000,077,676 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\My Documents\Loan to Hamed for Sam's Boat.pdf
[2011/11/10 20:37:42 | 000,075,765 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\My Documents\PO For Global Furniture Florida.pdf
[2011/11/10 20:37:42 | 000,059,034 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\My Documents\Monthly expens.xltx
[2011/11/10 20:37:42 | 000,047,801 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\My Documents\NCL-Star Feb-March 2010 Expense sheet.pdf
[2011/11/10 20:37:42 | 000,041,113 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\My Documents\KENMORE AIR WebReservation Confirmation #729873.pdf
[2011/11/10 20:37:42 | 000,011,132 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\My Documents\the secrets of hypnosis revealed.pdf
[2011/11/10 20:37:42 | 000,000,372 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\My Documents\spider.sav
[2011/11/10 20:37:41 | 002,763,264 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\My Documents\BBQInvitation.pps
[2011/11/10 20:37:41 | 002,494,443 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\My Documents\DSC03933.JPG
[2011/11/10 20:37:41 | 002,152,633 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\My Documents\DSC03922.JPG
[2011/11/10 20:37:41 | 002,099,501 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\My Documents\DSC03930.JPG
[2011/11/10 20:37:41 | 001,371,654 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\My Documents\FUNNY.bmp
[2011/11/10 20:37:41 | 000,352,116 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\My Documents\Diners Club 2009 year end summary.pdf
[2011/11/10 20:37:41 | 000,327,747 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\My Documents\Diners Club 2010 YEAR END Summary.pdf
[2011/11/10 20:37:41 | 000,225,360 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\My Documents\Dad's Cataracts info.pdf
[2011/11/10 20:37:41 | 000,141,748 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\My Documents\cc_20110913_224648.reg
[2011/11/10 20:37:41 | 000,029,236 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\My Documents\Chapter 5 Study Guide.tif
[2011/11/10 20:37:41 | 000,004,156 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\My Documents\DC Expense NCL Star.csv
[2011/11/10 20:37:41 | 000,000,162 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\My Documents\cc_20111009_111503.reg
[2011/11/10 20:37:40 | 003,224,793 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\My Documents\Ava's birthday 211.JPG
[2011/11/10 20:37:40 | 000,246,515 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\My Documents\Annual Credit Report.pdf
[2011/11/10 20:37:40 | 000,194,004 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\My Documents\Amex-Delta 2010 Year End Summary.pdf
[2011/11/10 20:37:40 | 000,152,133 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\My Documents\Aty's Metaphor.pdf
[2011/11/10 20:37:40 | 000,149,952 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\My Documents\Aty's Metaphor_1.pdf
[2011/11/10 20:37:39 | 000,105,857 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\My Documents\Alex's Purchase.pdf
[2011/11/10 20:37:38 | 001,686,310 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\My Documents\4.jpg
[2011/11/10 20:37:38 | 000,379,441 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\My Documents\20100511121711470784000000-1.pdf
[2011/11/10 20:37:38 | 000,276,882 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\My Documents\2006 IRS-TAX.pdf
[2011/11/10 19:01:57 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\Desktop\SystemLook.exe
[2011/11/10 18:50:00 | 001,545,505 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\Desktop\tdsskiller.zip
[2011/11/10 18:50:00 | 000,738,040 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\Desktop\st-softonic-sntb.exe
[2011/11/10 15:36:12 | 000,684,297 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\Desktop\unhide.exe
[2011/11/10 01:23:43 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\Desktop\MBR.dat
[2011/11/09 21:17:52 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\Desktop\q9b8rnoe.exe
[2011/11/09 19:52:47 | 2137,182,208 | -HS- | C] () -- C:\hiberfil.sys
[2011/11/09 16:47:23 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/11/09 16:40:22 | 000,001,019 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/09 16:10:57 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\Desktop\MBRCheck.exe
[2011/11/09 15:35:27 | 001,563,952 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\Desktop\tdsskiller.exe
[2011/11/09 10:26:23 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/11/08 15:59:35 | 000,000,304 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~9lVK7dmpdonxRW
[2011/11/08 15:59:35 | 000,000,224 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~9lVK7dmpdonxRWr
[2011/11/08 15:58:35 | 000,000,456 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\9lVK7dmpdonxRW
[2011/11/08 11:20:54 | 000,000,857 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/11/01 16:50:21 | 000,000,200 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjkr
[2011/11/01 16:50:20 | 000,000,304 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjk
[2011/11/01 16:50:07 | 000,000,839 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\Desktop\System Restore.lnk
[2011/11/01 16:49:58 | 000,000,440 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk
[2011/10/18 18:12:11 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/12 17:53:16 | 000,000,320 | ---- | C] () -- C:\WINDOWS\reimage.ini
[2011/03/12 22:43:02 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\LWLLHttpsUpload2.dll
[2011/03/12 22:43:02 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\regobj.dll
[2010/10/07 19:50:43 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS71.DLL
[2010/09/13 12:10:21 | 000,000,116 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2010/07/10 19:19:48 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\Application Data\wklnhst.dat
[2010/03/14 13:53:22 | 000,056,072 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/06/08 22:23:52 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2009/05/10 09:56:51 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/29 11:02:06 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2007/10/28 10:22:54 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2007/04/04 14:57:19 | 000,001,168 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/03/10 22:09:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2007/03/10 22:02:06 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\Local Settings\Application Data\fusioncache.dat
[2006/12/14 14:54:52 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/12/14 14:54:52 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/12/14 14:54:52 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/12/14 14:54:52 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/12/14 14:54:52 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/12/14 14:54:52 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/12/14 14:54:12 | 000,000,004 | ---- | C] () -- C:\WINDOWS\Pix11.dat
[2006/12/14 14:45:57 | 000,002,150 | ---- | C] () -- C:\WINDOWS\System32\tmmute.ini
[2006/12/14 14:44:19 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2006/12/14 14:43:03 | 000,000,076 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/12/14 14:41:15 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/12/14 14:34:47 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2006/08/10 04:53:16 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/08/10 04:46:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI
[2006/08/10 03:54:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2006/08/10 03:34:49 | 000,111,552 | ---- | C] () -- C:\WINDOWS\setup.exe
[2006/08/10 03:25:29 | 000,000,031 | ---- | C] () -- C:\WINDOWS\System32\elcric.dat
[2006/08/10 02:57:42 | 000,000,811 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/08/10 02:53:45 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/08/10 02:47:26 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/08/10 02:33:16 | 000,000,758 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/08/10 02:32:53 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/08/10 02:32:52 | 000,407,214 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/08/10 02:32:52 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/08/10 02:32:52 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/08/10 02:32:51 | 000,063,342 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/08/10 02:32:51 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/08/10 02:32:50 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/08/10 02:32:50 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/08/10 02:32:47 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/08/10 02:32:47 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/08/10 02:32:44 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/08/10 02:32:40 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/08/09 19:40:28 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/08/09 19:39:41 | 000,269,392 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/08/09 13:44:08 | 000,610,304 | ---- | C] () -- C:\WINDOWS\System32\lpykrp.exe
[2006/08/09 13:24:32 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/11/01 20:53:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/09/02 17:44:00 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/08/05 16:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/07/23 00:30:00 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/07/20 20:04:00 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 17:43:00 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/06/12 15:21:12 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\winchip.dll

========== LOP Check ==========

[2011/11/09 10:25:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2010/09/28 10:59:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2010/04/22 19:01:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
[2011/03/15 20:05:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Individual Software
[2009/07/15 02:46:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2010/07/10 18:19:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2011/10/09 10:32:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ReviverSoft
[2010/05/05 16:21:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/09/13 11:48:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Neat Company
[2010/04/26 12:08:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zeon
[2010/07/10 19:08:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/12/06 22:25:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/05/10 04:56:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/10/10 15:09:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JOSHUA FARID\Application Data\DMCache
[2010/08/26 18:36:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JOSHUA FARID\Application Data\ImageDesktop.05649D22AD17CD0568B375F4F8A4050AC163CA8B.1
[2011/03/15 20:07:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JOSHUA FARID\Application Data\Individual Software
[2009/05/09 00:12:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JOSHUA FARID\Application Data\InterVideo
[2011/03/12 22:43:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JOSHUA FARID\Application Data\LiveMetrics
[2011/03/12 22:41:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JOSHUA FARID\Application Data\LiveWare
[2010/09/13 12:10:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JOSHUA FARID\Application Data\Neat
[2010/09/13 12:10:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JOSHUA FARID\Application Data\Nuance
[2011/11/16 13:05:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JOSHUA FARID\Application Data\Sammsoft
[2010/04/26 12:17:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JOSHUA FARID\Application Data\ScanSoft
[2011/11/10 14:26:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JOSHUA FARID\Application Data\Smilebox
[2010/04/26 12:13:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JOSHUA FARID\Application Data\Zeon
[2011/11/16 13:22:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{226BD022-C192-4D8A-88E4-6913A07715D7}.job
[2011/11/16 13:20:00 | 000,000,394 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{2F95BB85-2AAA-4374-98FE-796094BEC066}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2006/08/10 02:51:15 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2007/03/10 22:01:05 | 000,000,209 | ---- | M] () -- C:\Boot.bak
[2011/11/14 15:26:20 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/11/14 16:06:43 | 000,024,742 | ---- | M] () -- C:\ComboFix.txt
[2006/08/10 02:51:15 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/11/14 15:53:15 | 2137,182,208 | -HS- | M] () -- C:\hiberfil.sys
[2006/08/10 02:51:15 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2006/08/10 02:51:15 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2006/03/15 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/02/08 10:40:57 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/11/14 15:53:14 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
[2009/01/29 11:09:06 | 000,000,466 | ---- | M] () -- C:\RHDSetup.log
[2011/11/14 17:06:26 | 000,000,401 | ---- | M] () -- C:\rkill.log
[2007/07/06 23:18:47 | 000,000,064 | ---- | M] () -- C:\T4Metrics.log
[2011/11/10 18:51:22 | 000,000,412 | ---- | M] () -- C:\TDSSKiller.2.5.1.0_10.11.2011_18.51.16_log.txt
[2011/11/09 09:28:02 | 000,052,026 | ---- | M] () -- C:\TDSSKiller.2.6.16.0_09.11.2011_09.26.11_log.txt
[2011/11/09 09:53:31 | 000,110,284 | ---- | M] () -- C:\TDSSKiller.2.6.16.0_09.11.2011_09.44.48_log.txt
[2011/11/09 15:37:52 | 000,052,470 | ---- | M] () -- C:\TDSSKiller.2.6.16.0_09.11.2011_15.37.15_log.txt
[2011/11/10 18:57:32 | 000,053,102 | ---- | M] () -- C:\TDSSKiller.2.6.17.0_10.11.2011_18.52.14_log.txt

< %systemroot%\Fonts\*.com >
[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/08/10 02:50:39 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2004/10/08 12:00:00 | 000,018,432 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD71.DLL
[2004/10/08 12:00:00 | 000,055,808 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP71.DLL
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/04/09 12:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2011/09/06 16:45:29 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/08/09 19:39:03 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2006/08/09 19:39:03 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2006/08/09 19:39:03 | 000,901,120 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >
[2004/05/05 20:59:01 | 000,004,096 | ---- | M] () -- C:\WINDOWS\system32\Thumbs.db
[73 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2007/03/10 22:02:33 | 000,000,170 | -HS- | M] () -- C:\Documents and Settings\JOSHUA FARID\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2011/07/12 18:30:02 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\JOSHUA FARID\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/11/14 17:38:04 | 000,216,064 | ---- | M] () -- C:\Documents and Settings\JOSHUA FARID\Desktop\AppPaths.exe
[2007/07/06 19:07:56 | 002,633,928 | ---- | M] (Sammsoft ) -- C:\Documents and Settings\JOSHUA FARID\Desktop\AROTrial.exe
[2011/11/10 00:36:49 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\JOSHUA FARID\Desktop\aswMBR.exe
[2011/11/14 10:56:15 | 004,293,460 | R--- | M] (Swearware) -- C:\Documents and Settings\JOSHUA FARID\Desktop\ComboFix.exe
[2011/11/14 20:32:34 | 000,420,137 | ---- | M] () -- C:\Documents and Settings\JOSHUA FARID\Desktop\explorerxpsetup.exe
[2010/06/24 19:48:23 | 038,808,920 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\JOSHUA FARID\Desktop\FileFormatConverters.exe
[2011/11/09 16:23:39 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\JOSHUA FARID\Desktop\mbam-setup-1.51.2.1300.exe
[2009/06/10 23:05:41 | 003,371,384 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\JOSHUA FARID\Desktop\mbam-setup.exe
[2011/11/09 16:10:58 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\JOSHUA FARID\Desktop\MBRCheck.exe
[2010/11/29 13:33:45 | 088,445,384 | ---- | M] () -- C:\Documents and Settings\JOSHUA FARID\Desktop\NeatWorks_v4.9.1_UPDATE.exe
[2011/11/16 13:12:31 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JOSHUA FARID\Desktop\OTL.exe
[2011/11/09 21:17:54 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\JOSHUA FARID\Desktop\q9b8rnoe.exe
[2010/09/28 10:57:08 | 298,702,320 | ---- | M] (Intuit, Inc. ) -- C:\Documents and Settings\JOSHUA FARID\Desktop\QuickBooksPro2008.exe
[2010/07/09 13:26:48 | 012,284,664 | ---- | M] (ReviverSoft LLC.) -- C:\Documents and Settings\JOSHUA FARID\Desktop\RegistryReviverSetup.exe
[2010/09/28 10:50:34 | 000,559,256 | ---- | M] () -- C:\Documents and Settings\JOSHUA FARID\Desktop\Setup_QuickBooks_Pro_2008.exe
[2011/11/10 18:50:08 | 000,738,040 | ---- | M] () -- C:\Documents and Settings\JOSHUA FARID\Desktop\st-softonic-sntb.exe
[2011/11/10 19:01:58 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\JOSHUA FARID\Desktop\SystemLook.exe
[2011/11/09 15:35:36 | 001,563,952 | ---- | M] () -- C:\Documents and Settings\JOSHUA FARID\Desktop\tdsskiller.exe
[2011/11/14 21:25:41 | 000,684,297 | ---- | M] () -- C:\Documents and Settings\JOSHUA FARID\Desktop\unhide.exe
[2009/06/10 22:59:51 | 001,358,454 | ---- | M] () -- C:\Documents and Settings\JOSHUA FARID\Desktop\wrar39b2.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >
[2009/11/18 21:11:43 | 000,726,008 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\JOSHUA FARID\gotomypc_438.exe

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2007/03/10 22:02:32 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\JOSHUA FARID\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/04/26 12:09:13 | 000,000,358 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2009/10/20 22:33:18 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\JOSHUA FARID\Cookies\desktop.ini
[2011/11/16 13:12:06 | 000,098,304 | ---- | M] () -- C:\Documents and Settings\JOSHUA FARID\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 21:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >
[2006/07/11 01:18:22 | 000,577,536 | ---- | M] (Intel Corporation) -- C:\WINDOWS\Installer\iProInst.exe
[2005/08/01 16:24:00 | 001,003,215 | ---- | M] () -- C:\WINDOWS\Installer\ms_office_trial.exe
[4 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/14 05:41:52 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 03:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 03:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 09:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 23:00:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/14 05:42:30 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2004/08/04 03:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2004/08/04 03:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2004/08/04 03:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 03:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 03:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-11-11 16:32:05

< >

Here is the Extras.txt log
OTL Extras logfile created on: 11/16/2011 1:15:37 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\JOSHUA FARID\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.07 Gb Available Physical Memory | 53.95% Memory free
3.33 Gb Paging File | 2.69 Gb Available in Paging File | 80.75% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 104.79 Gb Total Space | 60.85 Gb Free Space | 58.07% Space Free | Partition Type: NTFS

Computer Name: ATY | User Name: JOSHUA FARID | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-3201687670-3693188784-1112880381-1005\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe:*:Enabled:QuickBooks 2008 Data Manager -- (iAnywhere Solutions, Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony MP4 Shared Library
"{04605217-DD32-4090-9D9A-E5345222B9E1}" =
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio DigitalMedia Data
"{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}" = Symantec KB-DocID:2003093015493306
"{0DF00135-D5A7-476A-BFB3-EDFF2840076A}" = VAIO Wireless LAN Setup Utility
"{11A53AF3-CAA5-4C29-887E-CCA7CEE2689B}" = Neat Mobile Scanner Driver
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1BEF9285-5530-426B-A5F1-5836B95C7EB1}" = VAIO Original Screen Saver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 13
"{27337663-2619-11D4-99DC-0000F49094C7}" = Memory Stick Formatter
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{2EA7CF7E-0C76-44A5-B0CF-A1D171476E42}" = VAIO Breeze Wallpaper
"{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37ADBECF-1420-4557-B8CC-BED57053C3FF}" = Click to DVD Tutorial
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{4E993095-28F2-4060-9101-99C1FD1195C0}" = VAIO Central
"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 5.0
"{57F5920A-9897-4830-BD4A-BE85DA9734FF}" = Neat Mobile Scanner 2008 Driver
"{58155B30-6BE9-4268-A059-149629149C63}" = Neat ADF Scanner Driver
"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 5.0
"{59452470-A902-477F-9338-9B88101681BD}" = Setting Utility Series
"{5958CAC6-373E-402F-84FE-0A699AA920B9}" = LAN Setting Utility
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5B82682E-C555-45DA-8E2C-CE6525427AC9}" = Click to DVD 2.5.30
"{5E8A1B08-0FBD-4543-9646-F2C2D0D05750}" = Macromedia Flash Player 8
"{639BB4D3-AA30-4A7B-8CB5-6DE681AD6659}" = VAIO Light Flo Wallpaper
"{63B8FB69-A1B6-425D-B67D-5257B7A1F663}" = Image Converter 2 Plus
"{685BCC47-B8EC-45EC-BBCE-77DF2451502C}" = DVgate Plus
"{691F4068-81BF-49E3-B32E-FE3E16400111}" = Microsoft Digital Image Starter Edition 2006 Library
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6EDB3FC5-8B7C-422A-B4FB-1D919F44F2C0}" = Neat Mobile Scanner (Silver) Driver
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77FA266F-10D7-58BD-B156-2ACB06CE9A97}" = ImageDesktop
"{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 5.0
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7BD1EAE4-2E08-4087-8600-44B0ACB0C887}" = NeatWorks Core Files
"{7F815C5F-D2A4-4173-B7C0-55A9D6F87E38}" = MobileMe Control Panel
"{80EE18E6-F16C-11D4-8BE8-006097C9A3ED}" = ISScript
"{82081533-F045-469E-BD53-F16839E445C3}" = VAIO Support Central
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{894A9DFD-6102-40AB-9C4A-1DCA60032D64}" = Quicken Rental Property Manager 2.0
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8ECB8220-F422-4BEB-9596-97033C533702}" = QuickBooks Pro 2008
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{908994F4-EBD2-40E0-B8F3-7004FA54E909}" = VAIO Media Tutorial
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for VAIO
"{9455959E-D588-EFAE-329C-F66CC797F32A}" = Adobe Media Player
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9B953606-000E-491C-B74D-78ECFDD520A0}" = OpenMG Metadata Extractor for Windows Media Player
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9E158BB9-37B9-464B-837E-CC1D5766291B}" = VAIO Update 3
"{9E319E96-ED8E-4B01-9775-C521A1869A25}" = VAIO Power Management
"{9E407618-D9CD-4F39-9490-9ED45294073D}" = Click to DVD 2.0.03 Menu Data
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.3
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4A42670-82B9-4A58-8955-20271DBBF29F}" = Neat ADF Scanner 2008 Driver
"{A87EBA79-93DB-4A87-B9BA-62F8FB12D993}" = ImageStation
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A947C2B3-7445-42C4-9063-EE704CACCB22}" = VAIO Hardware Diagnostics
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio DigitalMedia Audio
"{AC76BA86-1033-0000-7760-000000000004}" = Adobe Acrobat 9 Pro
"{AC76BA86-1033-0000-7760-000000000004}_946" = Adobe Acrobat 9.4.6 - CPSID_83708
"{AC76BA86-1033-0000-7760-000000000004}{AC76BA86-1033-0000-7760-000000000004}" = Adobe Acrobat 9 Pro
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 5.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio DigitalMedia Copy
"{B2B30EC0-FB6A-43BB-9B38-0C3B32D75B40}_is1" = Sony Download Taxi 1.5.0.0
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B909BA86-4494-4778-BD8B-0AC060D650E4}" = ScanSoft PDF Professional 4
"{BA46CCF2-2C59-4DEB-93DC-7000B7C53B4E}" = VAIOSurveySA
"{BE56FEF0-1A0F-4719-B3AD-34B5087AFA6D}" = Sony Video Shared Library
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D0448678-1203-4158-A58F-B3D0B616BF9E}" = Sony Certificate PCH
"{D9952D4E-766C-4CD3-BF2E-A2C3D8B15EF3}" = VAIO Backup Utility
"{E3D278BD-FC97-4F87-BB1F-689AE0CB9122}" = Macromedia Flash Player 8 Plugin
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FB714F13-10C9-48DB-91C9-DDBCCCBF9370}" = VAIO Original Screen Saver VAIO Cozy Screen SD Wide Contents
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FE3BF611-9B8B-44DC-A424-F8C4BA122A1D}" = VAIO Security Center
"8098B27A42D62758176B34DA12C58EA558120A43" = Windows Driver Package - Intel Corporation (ialm) Display (03/23/2006 6.14.10.4543)
"A43CFA4B36AFAC445B311D32C227FD46BAB30299" = Windows Driver Package - Marvell (yukonwxp) Net (05/23/2006 8.56.1.3)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AOL Search Enhancement" = Search Enhancement by AOL Search
"avast" = avast! Free Antivirus
"Belltech Business Cards Designer Pro 2.3_is1" = Belltech Business Cards Designer Pro 2.3
"Bewitched" = Bewitched (remove only)
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2C06&SUBSYS_104D1700" = Soft Data Fax Modem with SmartCP
"ExplorerXP" = ExplorerXP (remove only)
"FoxyTunesForFirefox" = FoxyTunes for Firefox
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
"InstallShield_{BA46CCF2-2C59-4DEB-93DC-7000B7C53B4E}" = VAIOSurveySA
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"JRE 1.3.1_02" = Java 2 Runtime Environment Standard Edition v1.3.1_02
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MouseSuite98" = Sony USB Mouse
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NeatWorks" = NeatWorks
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"ObjectDock" = ObjectDock
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01
"PictureItSuiteTrial_v11" = Microsoft Digital Image Starter Edition 2006
"Professor Teaches Business Planning" = Professor Teaches Business Planning
"ProInst" = Intel® PROSet/Wireless Software
"RealPlayer 6.0" = RealPlayer Basic
"The Da Vinci Code" = The Da Vinci Code (remove only)
"The Logo Creator v5" = The Logo Creator v5
"ViewpointMediaPlayer" = Viewpoint Media Player (Remove Only)
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wheel of Fortune" = Wheel of Fortune (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3201687670-3693188784-1112880381-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Smilebox" = Smilebox

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

< End of report >
The machine is a bit sluggish but works okay. Here is the OTL log:

#27 Broni Re: [Inactive] INFECTED DATA RESTORE

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 05:09 AM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 57d 10h 30m 28s

Posted 16 November 2011 - 11:38 PM

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
PRC - [2008/10/22 21:59:35 | 001,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
MOD - [2008/10/22 21:59:35 | 001,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
MOD - [2008/10/22 21:59:35 | 000,362,376 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcnet.dll
DRV - [2006/12/14 14:51:27 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-21-3201687670-3693188784-1112880381-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = My Web Search
IE - HKU\S-1-5-21-3201687670-3693188784-1112880381-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultUrl = http://www.mywebsear...or={searchTerms}
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.order.1: "Ask"
File not found (No name found) -- C:\PROGRAM FILES\AVG\AVG8\TOOLBAR\FIREFOX\AVG@IGEARED
[2011/11/10 18:50:25 | 000,000,000 | ---D | M] (StartNow Toolbar) -- C:\Documents and Settings\JOSHUA FARID\Application Data\Mozilla\Firefox\Profiles\qwseaeg1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
[2009/05/01 22:56:01 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\JOSHUA FARID\Application Data\Mozilla\Firefox\Profiles\qwseaeg1.default\searchplugins\ask.xml
[2011/11/10 18:50:24 | 000,001,945 | ---- | M] () -- C:\Documents and Settings\JOSHUA FARID\Application Data\Mozilla\Firefox\Profiles\qwseaeg1.default\searchplugins\bing-zugo.xml
[2009/05/10 01:15:01 | 000,009,899 | ---- | M] () -- C:\Documents and Settings\JOSHUA FARID\Application Data\Mozilla\Firefox\Profiles\qwseaeg1.default\searchplugins\mywebsearch.xml
O3 - HKU\S-1-5-21-3201687670-3693188784-1112880381-1005\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-3201687670-3693188784-1112880381-1005\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O15 - HKU\S-1-5-21-3201687670-3693188784-1112880381-1005\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-3201687670-3693188784-1112880381-1005\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} http://java.sun.com/...-131_02-win.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
[2011/11/10 20:37:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JOSHUA FARID\My Documents\Symantec
[73 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2011/11/08 15:59:47 | 000,000,456 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\9lVK7dmpdonxRW
[2011/11/08 15:59:35 | 000,000,304 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~9lVK7dmpdonxRW
[2011/11/08 15:59:35 | 000,000,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~9lVK7dmpdonxRWr
[2011/11/01 16:52:24 | 000,000,440 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk
[2011/11/01 16:50:21 | 000,000,304 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjk
[2011/11/01 16:50:21 | 000,000,200 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjkr
[2011/11/01 16:50:07 | 000,000,839 | ---- | M] () -- C:\Documents and Settings\JOSHUA FARID\Desktop\System Restore.lnk
[2011/11/08 11:20:54 | 000,000,857 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk


:Services

:Reg

:Files
C:\Program Files\Common Files\Symantec Shared

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.

========================================================================

1. Update your Java version here: http://www.java.com/...d/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.

==================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program
Tick the box next to YES, I accept the Terms of Use
Click Start
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click on List of found threats
Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
NOTE. If Eset won't find any threats, it won't produce any log.

#28 jffarid Re: [Inactive] INFECTED DATA RESTORE

Member

19 posts
Joined: November 09, 2011
1 topics
Age: 49
Local time: 07:09 AM

Zodiac:Virgo
Gender:Male
OS:Windows XP
Country:

Offline

Time Online: 4h 17m 33s

Posted 17 November 2011 - 03:33 AM

OTL logfile created on: 11/16/2011 1:15:37 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\JOSHUA FARID\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.07 Gb Available Physical Memory | 53.95% Memory free
3.33 Gb Paging File | 2.69 Gb Available in Paging File | 80.75% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 104.79 Gb Total Space | 60.85 Gb Free Space | 58.07% Space Free | Partition Type: NTFS

Computer Name: ATY | User Name: JOSHUA FARID | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/16 13:12:31 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JOSHUA FARID\Desktop\OTL.exe
PRC - [2011/09/06 16:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/09/06 16:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2008/10/22 21:59:35 | 001,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/15 20:46:28 | 000,551,032 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
PRC - [2006/08/27 16:46:54 | 000,217,088 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PRC - [2006/06/20 16:11:00 | 000,176,128 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2006/04/04 16:55:18 | 000,274,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2006/02/14 15:11:46 | 000,176,128 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
PRC - [2005/11/28 15:39:32 | 000,118,784 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2005/11/28 15:39:30 | 000,131,072 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2005/03/11 20:55:40 | 000,135,168 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
PRC - [2004/11/17 22:47:16 | 000,118,784 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe

========== Modules (No Company Name) ==========

MOD - [2011/11/16 11:53:21 | 001,616,896 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11111601\algo.dll
MOD - [2011/11/15 13:27:35 | 001,616,896 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11111501\algo.dll
MOD - [2011/11/15 06:59:54 | 000,241,528 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11111601\aswRep.dll
MOD - [2011/11/15 06:59:54 | 000,241,528 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11111501\aswRep.dll
MOD - [2011/02/04 16:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2010/02/05 13:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2008/10/22 21:59:35 | 001,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
MOD - [2008/10/22 21:59:35 | 000,362,376 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcnet.dll
MOD - [2008/04/14 05:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 05:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/03/24 23:50:40 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll
MOD - [2006/07/02 23:44:10 | 000,118,784 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2006/07/02 23:42:44 | 000,348,160 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
MOD - [2006/06/20 16:11:00 | 000,010,752 | ---- | M] () -- C:\Program Files\Sony\VAIO Event Service\VESBasePS.dll
MOD - [2004/07/20 20:04:00 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\TosBtHcrpAPI.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/09/06 16:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/09/17 13:35:06 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/10/22 21:59:35 | 001,251,720 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/02/27 04:24:12 | 000,020,480 | ---- | M] (Intuit) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2007/05/24 07:08:44 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2007/02/05 10:11:18 | 000,075,320 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2007/02/05 10:11:16 | 000,112,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service)
SRV - [2006/12/14 02:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 02:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 01:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006/09/13 10:32:12 | 000,128,536 | ---- | M] (iAnywhere Solutions, Inc.) [Auto | Stopped] -- C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe -- (QuickBooksDB18)
SRV - [2006/06/20 16:11:00 | 000,176,128 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2006/06/13 11:03:42 | 002,084,864 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2006/06/07 12:51:50 | 000,155,648 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2006/05/18 13:22:26 | 000,770,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2006/05/18 13:22:26 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2006/04/04 16:55:18 | 000,274,432 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2005/11/28 15:39:32 | 000,118,784 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2005/11/28 15:39:30 | 000,131,072 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2005/11/25 15:08:54 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2005/07/14 22:10:16 | 000,032,768 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Image Converter 2\IcVzMon.exe -- (Image Converter video recording monitor for VAIO Entertainment)
SRV - [2005/03/11 20:55:40 | 000,135,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe -- (SonicStageMonitoring)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/09/06 16:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/09/06 16:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/09/06 16:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/09/06 16:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/09/06 16:36:23 | 000,110,552 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/09/06 16:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/09/06 16:33:11 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/08/28 19:42:44 | 000,017,408 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\netaapl.sys -- (Netaapl)
DRV - [2009/05/26 12:19:56 | 000,019,096 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2007/09/16 00:45:46 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2007/01/24 14:46:00 | 000,808,448 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2006/12/14 14:51:27 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/07/24 17:38:20 | 000,990,592 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/07/24 17:38:20 | 000,727,808 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/07/24 17:38:20 | 000,208,256 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/07/03 01:16:30 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/06/14 11:04:00 | 004,299,264 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/05/23 10:56:00 | 000,245,248 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2006/04/13 20:00:00 | 000,108,928 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd)
DRV - [2006/03/16 10:45:00 | 000,037,632 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2006/03/15 10:52:00 | 000,052,864 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfsnd.sys -- (TosRfSnd) Bluetooth Audio Device (WDM)
DRV - [2006/02/24 01:37:00 | 000,040,192 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2006/02/10 11:17:00 | 000,047,488 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2006/02/08 17:33:00 | 000,062,848 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfhid.sys -- (Tosrfhid)
DRV - [2005/08/01 16:45:00 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005/07/11 18:58:00 | 000,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshidpt.sys -- (toshidpt)
DRV - [2005/01/06 13:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004/11/22 12:31:00 | 000,108,767 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2000/12/05 16:18:02 | 000,003,952 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)
DRV - [2000/11/09 19:15:08 | 000,048,896 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyNC.sys -- (SNC)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople

IE - HKU\S-1-5-21-3201687670-3693188784-1112880381-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = My Web Search
IE - HKU\S-1-5-21-3201687670-3693188784-1112880381-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultUrl = http://www.mywebsear...or={searchTerms}
IE - HKU\S-1-5-21-3201687670-3693188784-1112880381-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...l_date=20111110
IE - HKU\S-1-5-21-3201687670-3693188784-1112880381-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/?...l_date=20111110"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: avg@igeared:2.609.002.003
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20090630
FF - prefs.js..keyword.URL: "http://www.bing.com/...date=20111110="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\program files\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/11/09 10:25:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/25 20:35:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/14 20:53:17 | 000,000,000 | ---D | M]

[2009/03/23 17:22:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\JOSHUA FARID\Application Data\Mozilla\Extensions
[2011/11/10 18:50:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\JOSHUA FARID\Application Data\Mozilla\Firefox\Profiles\qwseaeg1.default\extensions
[2009/10/07 20:43:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\JOSHUA FARID\Application Data\Mozilla\Firefox\Profiles\qwseaeg1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/11 16:57:14 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Documents and Settings\JOSHUA FARID\Application Data\Mozilla\Firefox\Profiles\qwseaeg1.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2011/11/10 18:50:25 | 000,000,000 | ---D | M] (StartNow Toolbar) -- C:\Documents and Settings\JOSHUA FARID\Application Data\Mozilla\Firefox\Profiles\qwseaeg1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
[2011/06/20 16:27:23 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\JOSHUA FARID\Application Data\Mozilla\Firefox\Profiles\qwseaeg1.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/09/13 21:18:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\JOSHUA FARID\Application Data\Mozilla\Firefox\Profiles\qwseaeg1.default\extensions\staged
[2009/05/01 22:56:01 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\JOSHUA FARID\Application Data\Mozilla\Firefox\Profiles\qwseaeg1.default\searchplugins\ask.xml
[2011/11/10 18:50:24 | 000,001,945 | ---- | M] () -- C:\Documents and Settings\JOSHUA FARID\Application Data\Mozilla\Firefox\Profiles\qwseaeg1.default\searchplugins\bing-zugo.xml
[2009/05/10 01:15:01 | 000,009,899 | ---- | M] () -- C:\Documents and Settings\JOSHUA FARID\Application Data\Mozilla\Firefox\Profiles\qwseaeg1.default\searchplugins\mywebsearch.xml
[2011/04/04 11:36:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\JOSHUA FARID\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QWSEAEG1.DEFAULT\EXTENSIONS\{0538E3E3-7E9B-4D49-8831-A227C80A7AD3}.XPI
File not found (No name found) -- C:\PROGRAM FILES\AVG\AVG8\TOOLBAR\FIREFOX\AVG@IGEARED
[2011/05/25 20:35:33 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007/03/09 18:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java™ Platform SE 6 U13 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Java™ Platform SE 6 U13 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Documents and Settings\JOSHUA FARID\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\
CHR - Extension: Poppit = C:\Documents and Settings\JOSHUA FARID\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2011/11/14 15:54:44 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-3201687670-3693188784-1112880381-1005\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-3201687670-3693188784-1112880381-1005\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-3201687670-3693188784-1112880381-1005\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDF4 Registry Controller] C:\Program Files\ScanSoft\PDF Professional 4.0\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
O4 - HKLM..\Run: [VAIO Recovery] C:\WINDOWS\SONYSYS\VAIO Recovery\PartSeal.exe (Sony Electronics Inc)
O4 - HKLM..\Run: [VAIO Update 3] C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe (Sony Corporation)
O4 - HKU\S-1-5-21-3201687670-3693188784-1112880381-1005..\Run: [SmileboxTray] C:\Documents and Settings\JOSHUA FARID\Application Data\Smilebox\SmileboxTray.exe (Smilebox, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\JOSHUA FARID\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (Stardock)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3201687670-3693188784-1112880381-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3201687670-3693188784-1112880381-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3201687670-3693188784-1112880381-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3201687670-3693188784-1112880381-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8 - Extra context menu item: Open with ScanSoft PDF Converter 4.0 - C:\Program Files\ScanSoft\PDF Professional 4.0\cnvres_eng.dll ()
O8 - Extra context menu item: Transfer by Image Converter 2 Plus - C:\Program Files\Sony\Image Converter 2\menu.htm ()
O15 - HKU\S-1-5-21-3201687670-3693188784-1112880381-1005\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-3201687670-3693188784-1112880381-1005\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} http://esupport.sony.com/VaioInfo.CAB (VaioInfo.CMClass)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1281340870812 (WUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnime...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} http://java.sun.com/...-131_02-win.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{71767A93-9C01-4B51-A90C-BFDD0DF30F8C}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\JOSHUA FARID\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\JOSHUA FARID\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/08/10 02:51:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.dvsd - C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll (Sony Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/11/16 13:12:18 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\JOSHUA FARID\Desktop\OTL.exe
[2011/11/14 20:57:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/11/14 20:52:52 | 000,000,000 | ---D | C] -- C:\_AcroTemp
[2011/11/14 20:33:05 | 000,000,000 | ---D | C] -- C:\Program Files\ExplorerXP
[2011/11/14 20:33:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JOSHUA FARID\Start Menu\Programs\ExplorerXP
[2011/11/14 17:13:45 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/11/14 15:56:21 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/11/14 15:25:52 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/11/14 10:57:00 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/11/14 10:57:00 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/11/14 10:57:00 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/11/14 10:57:00 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/11/14 10:55:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/11/14 10:55:36 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/14 10:53:40 | 004,293,460 | R--- | C] (Swearware) -- C:\Documents and Settings\JOSHUA FARID\Desktop\ComboFix.exe
[2011/11/10 20:38:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JOSHUA FARID\My Documents\New Folder
[2011/11/10 20:38:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JOSHUA FARID\My Documents\New Folder (2)
[2011/11/10 20:38:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JOSHUA FARID\My Documents\My Widgets
[2011/11/10 20:37:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\JOSHUA FARID\My Documents\My Videos
[2011/11/10 20:37:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JOSHUA FARID\My Documents\My Smilebox Creations
[2011/11/10 20:37:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JOSHUA FARID\My Documents\2010 Tax Forms
[2011/11/10 20:37:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JOSHUA FARID\My Documents\2009 Tax Forms
[2011/11/10 20:37:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JOSHUA FARID\My Documents\2005-2006-2007 IRS TAX
[2011/11/10 20:37:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JOSHUA FARID\My Documents\USO
[2011/11/10 20:37:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JOSHUA FARID\My Documents\Symantec
[2011/11/10 20:37:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JOSHUA FARID\My Documents\Stardock
[2011/11/10 20:36:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JOSHUA FARID\My Documents\Secrets of Hypnosis Revealed
[2011/11/10 20:36:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JOSHUA FARID\My Documents\ScanSoft PDF Professional 4
[2011/11/10 20:36:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JOSHUA FARID\My Documents\Quicken Rental Property Manager
[2011/11/10 20:36:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JOSHUA FARID\My Documents\Quicken
[2011/11/10 20:36:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JOSHUA FARID\My Documents\OWN CAPITAL JUDGMENT12-02-2010
[2011/11/10 20:36:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JOSHUA FARID\My Documents\NLP
[2011/11/10 01:25:31 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\JOSHUA FARID\Desktop\dds.scr
[2011/11/10 00:36:49 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\JOSHUA FARID\Desktop\aswMBR.exe
[2011/11/09 16:23:39 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\JOSHUA FARID\Desktop\mbam-setup-1.51.2.1300.exe
[2011/11/09 10:26:23 | 000,020,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/11/09 10:26:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/11/09 10:26:22 | 000,320,856 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/11/09 10:26:19 | 000,052,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/11/09 10:26:19 | 000,034,392 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/11/09 10:26:18 | 000,442,200 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/11/09 10:26:17 | 000,110,552 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/11/09 10:26:17 | 000,104,536 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/11/09 10:26:16 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/11/09 10:25:54 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/11/09 10:25:53 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/11/09 10:25:36 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/11/09 10:25:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/11/09 09:53:16 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2011/11/09 09:07:45 | 000,000,000 | R--D | C] -- C:\Documents and Settings\JOSHUA FARID\Recent
[2011/11/08 12:45:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple Computer
[2011/11/08 12:45:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2011/10/20 05:33:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/10/18 18:20:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/10/18 18:18:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/10/18 18:18:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/10/18 18:11:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/10/18 18:11:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[73 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/16 13:22:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{226BD022-C192-4D8A-88E4-6913A07715D7}.job
[2011/11/16 13:20:00 | 000,000,394 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{2F95BB85-2AAA-4374-98FE-796094BEC066}.job
[2011/11/16 13:12:31 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JOSHUA FARID\Desktop\OTL.exe
[2011/11/14 22:59:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/14 22:29:54 | 000,002,109 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
[2011/11/14 22:29:54 | 000,001,836 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickBooks Pro 2008.lnk
[2011/11/14 21:25:41 | 000,684,297 | ---- | M] () -- C:\Documents and Settings\JOSHUA FARID\Desktop\unhide.exe
[2011/11/14 20:33:06 | 000,001,598 | ---- | M] () -- C:\Documents and Settings\JOSHUA FARID\Application Data\Microsoft\Internet Explorer\Quick Launch\ExplorerXP.lnk
[2011/11/14 20:33:06 | 000,001,580 | ---- | M] () -- C:\Documents and Settings\JOSHUA FARID\Desktop\ExplorerXP.lnk
[2011/11/14 20:32:34 | 000,420,137 | ---- | M] () -- C:\Documents and Settings\JOSHUA FARID\Desktop\explorerxpsetup.exe
[2011/11/14 17:38:04 | 000,216,064 | ---- | M] () -- C:\Documents and Settings\JOSHUA FARID\Desktop\AppPaths.exe
[2011/11/14 17:36:06 | 000,000,055 | ---- | M] () -- C:\Documents and Settings\JOSHUA FARID\Desktop\Windows XP Tips - Ramesh.url
[2011/11/14 17:35:33 | 000,007,252 | ---- | M] () -- C:\Documents and Settings\JOSHUA FARID\Desktop\admintools.zip
[2011/11/14 17:32:53 | 000,014,797 | ---- | M] () -- C:\Documents and Settings\JOSHUA FARID\Desktop\accrestore.zip
[2011/11/14 17:05:05 | 001,008,092 | ---- | M] () -- C:\Documents and Settings\JOSHUA FARID\Desktop\rkill.com
[2011/11/14 15:59:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/14 15:54:44 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/11/14 15:54:19 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/14 15:53:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/14 15:53:15 | 2137,182,208 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/14 15:26:20 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2011/11/14 10:56:15 | 004,293,460 | R--- | M] (Swearware) -- C:\Documents and Settings\JOSHUA FARID\Desktop\ComboFix.exe
[2011/11/11 11:29:18 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/11/10 19:15:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/11/10 19:01:58 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\JOSHUA FARID\Desktop\SystemLook.exe
[2011/11/10 18:51:49 | 001,545,505 | ---- | M] () -- C:\Documents and Settings\JOSHUA FARID\Desktop\tdsskiller.zip
[2011/11/10 18:50:08 | 000,738,040 | ---- | M] () -- C:\Documents and Settings\JOSHUA FARID\Desktop\st-softonic-sntb.exe
[2011/11/10 01:25:38 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\JOSHUA FARID\Desktop\dds.scr
[2011/11/10 01:23:43 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\JOSHUA FARID\Desktop\MBR.dat
[2011/11/10 00:36:49 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\JOSHUA FARID\Desktop\aswMBR.exe
[2011/11/09 21:17:54 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\JOSHUA FARID\Desktop\q9b8rnoe.exe
[2011/11/09 16:47:23 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/11/09 16:40:22 | 000,001,019 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/09 16:23:39 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\JOSHUA FARID\Desktop\mbam-setup-1.51.2.1300.exe
[2011/11/09 16:10:58 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\JOSHUA FARID\Desktop\MBRCheck.exe
[2011/11/09 15:35:36 | 001,563,952 | ---- | M] () -- C:\Documents and Settings\JOSHUA FARID\Desktop\tdsskiller.exe
[2011/11/09 10:26:23 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/11/08 15:59:47 | 000,000,456 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\9lVK7dmpdonxRW
[2011/11/08 15:59:35 | 000,000,304 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~9lVK7dmpdonxRW
[2011/11/08 15:59:35 | 000,000,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~9lVK7dmpdonxRWr
[2011/11/08 15:53:03 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/08 11:20:55 | 000,000,857 | ---- | M] () -- C:\Documents and Settings\JOSHUA FARID\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/11/01 16:52:24 | 000,000,440 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk
[2011/11/01 16:50:21 | 000,000,304 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjk
[2011/11/01 16:50:21 | 000,000,200 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjkr
[2011/11/01 16:50:07 | 000,000,839 | ---- | M] () -- C:\Documents and Settings\JOSHUA FARID\Desktop\System Restore.lnk
[2011/10/18 15:35:40 | 000,149,952 | ---- | M] () -- C:\Documents and Settings\JOSHUA FARID\My Documents\Aty's Metaphor_1.pdf
[2011/10/18 15:35:14 | 000,152,133 | ---- | M] () -- C:\Documents and Settings\JOSHUA FARID\My Documents\Aty's Metaphor.pdf
[73 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/14 22:29:54 | 000,002,109 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
[2011/11/14 22:29:54 | 000,001,836 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickBooks Pro 2008.lnk
[2011/11/14 20:56:52 | 000,002,371 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Acrobat Distiller 9.lnk
[2011/11/14 20:56:52 | 000,002,359 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Acrobat 9 Pro.lnk
[2011/11/14 20:33:06 | 000,001,598 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\Application Data\Microsoft\Internet Explorer\Quick Launch\ExplorerXP.lnk
[2011/11/14 20:33:06 | 000,001,580 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\Desktop\ExplorerXP.lnk
[2011/11/14 20:32:22 | 000,420,137 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\Desktop\explorerxpsetup.exe
[2011/11/14 17:38:04 | 000,216,064 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\Desktop\AppPaths.exe
[2011/11/14 17:36:06 | 000,000,055 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\Desktop\Windows XP Tips - Ramesh.url
[2011/11/14 17:35:32 | 000,007,252 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\Desktop\admintools.zip
[2011/11/14 17:32:53 | 000,014,797 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\Desktop\accrestore.zip
[2011/11/14 17:05:01 | 001,008,092 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\Desktop\rkill.com
[2011/11/14 15:26:20 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2011/11/14 15:26:02 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/11/14 10:57:00 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/11/14 10:57:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/11/14 10:57:00 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/11/14 10:57:00 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/11/14 10:57:00 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/11/10 20:37:43 | 000,093,919 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\My Documents\Wachovia Bank Letter.pdf
[2011/11/10 20:37:43 | 000,050,773 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\My Documents\Visa Signature Hilton Honors.pdf
[2011/11/10 20:37:42 | 017,646,372 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\My Documents\video.mp4
[2011/11/10 20:37:42 | 000,894,389 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\My Documents\Lease_for_Montreux_817- 2-10-11.pdf
[2011/11/10 20:37:42 | 000,267,288 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\My Documents\passport copy.pdf
[2011/11/10 20:37:42 | 000,246,941 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\My Documents\passport copy_1.pdf
[2011/11/10 20:37:42 | 000,213,306 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\My Documents\My credit report.pdf
[2011/11/10 20:37:42 | 000,209,893 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\My Documents\http___tweentribune.pdf
[2011/11/10 20:37:42 | 000,195,554 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\My Documents\tweentribune.com-content-schools-want-trick-you-eating-r0001.tif
[2011/11/10 20:37:42 | 000,195,554 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\My Documents\tweentribune.com-content-schools-want-trick-you-eating-r.tif
[2011/11/10 20:37:42 | 000,133,200 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\My Documents\US Airways checked baggage $78.TIF
[2011/11/10 20:37:42 | 000,105,827 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\My Documents\Sandals Payment.pdf
[2011/11/10 20:37:42 | 000,102,985 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\My Documents\Orbach and Waters Motion Hearing.pdf
[2011/11/10 20:37:42 | 000,089,408 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\My Documents\Orange Park Condo 8-30-10.pdf
[2011/11/10 20:37:42 | 000,077,676 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\My Documents\Loan to Hamed for Sam's Boat.pdf
[2011/11/10 20:37:42 | 000,075,765 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\My Documents\PO For Global Furniture Florida.pdf
[2011/11/10 20:37:42 | 000,059,034 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\My Documents\Monthly expens.xltx
[2011/11/10 20:37:42 | 000,047,801 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\My Documents\NCL-Star Feb-March 2010 Expense sheet.pdf
[2011/11/10 20:37:42 | 000,041,113 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\My Documents\KENMORE AIR WebReservation Confirmation #729873.pdf
[2011/11/10 20:37:42 | 000,011,132 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\My Documents\the secrets of hypnosis revealed.pdf
[2011/11/10 20:37:42 | 000,000,372 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\My Documents\spider.sav
[2011/11/10 20:37:41 | 002,763,264 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\My Documents\BBQInvitation.pps
[2011/11/10 20:37:41 | 002,494,443 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\My Documents\DSC03933.JPG
[2011/11/10 20:37:41 | 002,152,633 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\My Documents\DSC03922.JPG
[2011/11/10 20:37:41 | 002,099,501 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\My Documents\DSC03930.JPG
[2011/11/10 20:37:41 | 001,371,654 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\My Documents\FUNNY.bmp
[2011/11/10 20:37:41 | 000,352,116 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\My Documents\Diners Club 2009 year end summary.pdf
[2011/11/10 20:37:41 | 000,327,747 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\My Documents\Diners Club 2010 YEAR END Summary.pdf
[2011/11/10 20:37:41 | 000,225,360 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\My Documents\Dad's Cataracts info.pdf
[2011/11/10 20:37:41 | 000,141,748 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\My Documents\cc_20110913_224648.reg
[2011/11/10 20:37:41 | 000,029,236 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\My Documents\Chapter 5 Study Guide.tif
[2011/11/10 20:37:41 | 000,004,156 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\My Documents\DC Expense NCL Star.csv
[2011/11/10 20:37:41 | 000,000,162 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\My Documents\cc_20111009_111503.reg
[2011/11/10 20:37:40 | 003,224,793 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\My Documents\Ava's birthday 211.JPG
[2011/11/10 20:37:40 | 000,246,515 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\My Documents\Annual Credit Report.pdf
[2011/11/10 20:37:40 | 000,194,004 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\My Documents\Amex-Delta 2010 Year End Summary.pdf
[2011/11/10 20:37:40 | 000,152,133 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\My Documents\Aty's Metaphor.pdf
[2011/11/10 20:37:40 | 000,149,952 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\My Documents\Aty's Metaphor_1.pdf
[2011/11/10 20:37:39 | 000,105,857 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\My Documents\Alex's Purchase.pdf
[2011/11/10 20:37:38 | 001,686,310 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\My Documents\4.jpg
[2011/11/10 20:37:38 | 000,379,441 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\My Documents\20100511121711470784000000-1.pdf
[2011/11/10 20:37:38 | 000,276,882 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\My Documents\2006 IRS-TAX.pdf
[2011/11/10 19:01:57 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\Desktop\SystemLook.exe
[2011/11/10 18:50:00 | 001,545,505 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\Desktop\tdsskiller.zip
[2011/11/10 18:50:00 | 000,738,040 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\Desktop\st-softonic-sntb.exe
[2011/11/10 15:36:12 | 000,684,297 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\Desktop\unhide.exe
[2011/11/10 01:23:43 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\Desktop\MBR.dat
[2011/11/09 21:17:52 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\Desktop\q9b8rnoe.exe
[2011/11/09 19:52:47 | 2137,182,208 | -HS- | C] () -- C:\hiberfil.sys
[2011/11/09 16:47:23 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/11/09 16:40:22 | 000,001,019 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/09 16:10:57 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\Desktop\MBRCheck.exe
[2011/11/09 15:35:27 | 001,563,952 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\Desktop\tdsskiller.exe
[2011/11/09 10:26:23 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/11/08 15:59:35 | 000,000,304 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~9lVK7dmpdonxRW
[2011/11/08 15:59:35 | 000,000,224 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~9lVK7dmpdonxRWr
[2011/11/08 15:58:35 | 000,000,456 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\9lVK7dmpdonxRW
[2011/11/08 11:20:54 | 000,000,857 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/11/01 16:50:21 | 000,000,200 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjkr
[2011/11/01 16:50:20 | 000,000,304 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjk
[2011/11/01 16:50:07 | 000,000,839 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\Desktop\System Restore.lnk
[2011/11/01 16:49:58 | 000,000,440 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk
[2011/10/18 18:12:11 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/12 17:53:16 | 000,000,320 | ---- | C] () -- C:\WINDOWS\reimage.ini
[2011/03/12 22:43:02 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\LWLLHttpsUpload2.dll
[2011/03/12 22:43:02 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\regobj.dll
[2010/10/07 19:50:43 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS71.DLL
[2010/09/13 12:10:21 | 000,000,116 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2010/07/10 19:19:48 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\Application Data\wklnhst.dat
[2010/03/14 13:53:22 | 000,056,072 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/06/08 22:23:52 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2009/05/10 09:56:51 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/29 11:02:06 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2007/10/28 10:22:54 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2007/04/04 14:57:19 | 000,001,168 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/03/10 22:09:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2007/03/10 22:02:06 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\JOSHUA FARID\Local Settings\Application Data\fusioncache.dat
[2006/12/14 14:54:52 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/12/14 14:54:52 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/12/14 14:54:52 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/12/14 14:54:52 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/12/14 14:54:52 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/12/14 14:54:52 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/12/14 14:54:12 | 000,000,004 | ---- | C] () -- C:\WINDOWS\Pix11.dat
[2006/12/14 14:45:57 | 000,002,150 | ---- | C] () -- C:\WINDOWS\System32\tmmute.ini
[2006/12/14 14:44:19 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2006/12/14 14:43:03 | 000,000,076 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/12/14 14:41:15 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/12/14 14:34:47 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2006/08/10 04:53:16 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/08/10 04:46:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI
[2006/08/10 03:54:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2006/08/10 03:34:49 | 000,111,552 | ---- | C] () -- C:\WINDOWS\setup.exe
[2006/08/10 03:25:29 | 000,000,031 | ---- | C] () -- C:\WINDOWS\System32\elcric.dat
[2006/08/10 02:57:42 | 000,000,811 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/08/10 02:53:45 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/08/10 02:47:26 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/08/10 02:33:16 | 000,000,758 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/08/10 02:32:53 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/08/10 02:32:52 | 000,407,214 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/08/10 02:32:52 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/08/10 02:32:52 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/08/10 02:32:51 | 000,063,342 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/08/10 02:32:51 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/08/10 02:32:50 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/08/10 02:32:50 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/08/10 02:32:47 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/08/10 02:32:47 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/08/10 02:32:44 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/08/10 02:32:40 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/08/09 19:40:28 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/08/09 19:39:41 | 000,269,392 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/08/09 13:44:08 | 000,610,304 | ---- | C] () -- C:\WINDOWS\System32\lpykrp.exe
[2006/08/09 13:24:32 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/11/01 20:53:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/09/02 17:44:00 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/08/05 16:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/07/23 00:30:00 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/07/20 20:04:00 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 17:43:00 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/06/12 15:21:12 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\winchip.dll

========== LOP Check ==========

[2011/11/09 10:25:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2010/09/28 10:59:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2010/04/22 19:01:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
[2011/03/15 20:05:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Individual Software
[2009/07/15 02:46:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2010/07/10 18:19:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2011/10/09 10:32:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ReviverSoft
[2010/05/05 16:21:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/09/13 11:48:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Neat Company
[2010/04/26 12:08:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zeon
[2010/07/10 19:08:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/12/06 22:25:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/05/10 04:56:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/10/10 15:09:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JOSHUA FARID\Application Data\DMCache
[2010/08/26 18:36:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JOSHUA FARID\Application Data\ImageDesktop.05649D22AD17CD0568B375F4F8A4050AC163CA8B.1
[2011/03/15 20:07:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JOSHUA FARID\Application Data\Individual Software
[2009/05/09 00:12:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JOSHUA FARID\Application Data\InterVideo
[2011/03/12 22:43:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JOSHUA FARID\Application Data\LiveMetrics
[2011/03/12 22:41:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JOSHUA FARID\Application Data\LiveWare
[2010/09/13 12:10:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JOSHUA FARID\Application Data\Neat
[2010/09/13 12:10:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JOSHUA FARID\Application Data\Nuance
[2011/11/16 13:05:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JOSHUA FARID\Application Data\Sammsoft
[2010/04/26 12:17:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JOSHUA FARID\Application Data\ScanSoft
[2011/11/10 14:26:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JOSHUA FARID\Application Data\Smilebox
[2010/04/26 12:13:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JOSHUA FARID\Application Data\Zeon
[2011/11/16 13:22:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{226BD022-C192-4D8A-88E4-6913A07715D7}.job
[2011/11/16 13:20:00 | 000,000,394 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{2F95BB85-2AAA-4374-98FE-796094BEC066}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2006/08/10 02:51:15 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2007/03/10 22:01:05 | 000,000,209 | ---- | M] () -- C:\Boot.bak
[2011/11/14 15:26:20 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/11/14 16:06:43 | 000,024,742 | ---- | M] () -- C:\ComboFix.txt
[2006/08/10 02:51:15 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/11/14 15:53:15 | 2137,182,208 | -HS- | M] () -- C:\hiberfil.sys
[2006/08/10 02:51:15 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2006/08/10 02:51:15 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2006/03/15 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/02/08 10:40:57 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/11/14 15:53:14 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
[2009/01/29 11:09:06 | 000,000,466 | ---- | M] () -- C:\RHDSetup.log
[2011/11/14 17:06:26 | 000,000,401 | ---- | M] () -- C:\rkill.log
[2007/07/06 23:18:47 | 000,000,064 | ---- | M] () -- C:\T4Metrics.log
[2011/11/10 18:51:22 | 000,000,412 | ---- | M] () -- C:\TDSSKiller.2.5.1.0_10.11.2011_18.51.16_log.txt
[2011/11/09 09:28:02 | 000,052,026 | ---- | M] () -- C:\TDSSKiller.2.6.16.0_09.11.2011_09.26.11_log.txt
[2011/11/09 09:53:31 | 000,110,284 | ---- | M] () -- C:\TDSSKiller.2.6.16.0_09.11.2011_09.44.48_log.txt
[2011/11/09 15:37:52 | 000,052,470 | ---- | M] () -- C:\TDSSKiller.2.6.16.0_09.11.2011_15.37.15_log.txt
[2011/11/10 18:57:32 | 000,053,102 | ---- | M] () -- C:\TDSSKiller.2.6.17.0_10.11.2011_18.52.14_log.txt

< %systemroot%\Fonts\*.com >
[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/08/10 02:50:39 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2004/10/08 12:00:00 | 000,018,432 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD71.DLL
[2004/10/08 12:00:00 | 000,055,808 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP71.DLL
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/04/09 12:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2011/09/06 16:45:29 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/08/09 19:39:03 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2006/08/09 19:39:03 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2006/08/09 19:39:03 | 000,901,120 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >
[2004/05/05 20:59:01 | 000,004,096 | ---- | M] () -- C:\WINDOWS\system32\Thumbs.db
[73 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2007/03/10 22:02:33 | 000,000,170 | -HS- | M] () -- C:\Documents and Settings\JOSHUA FARID\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2011/07/12 18:30:02 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\JOSHUA FARID\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/11/14 17:38:04 | 000,216,064 | ---- | M] () -- C:\Documents and Settings\JOSHUA FARID\Desktop\AppPaths.exe
[2007/07/06 19:07:56 | 002,633,928 | ---- | M] (Sammsoft ) -- C:\Documents and Settings\JOSHUA FARID\Desktop\AROTrial.exe
[2011/11/10 00:36:49 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\JOSHUA FARID\Desktop\aswMBR.exe
[2011/11/14 10:56:15 | 004,293,460 | R--- | M] (Swearware) -- C:\Documents and Settings\JOSHUA FARID\Desktop\ComboFix.exe
[2011/11/14 20:32:34 | 000,420,137 | ---- | M] () -- C:\Documents and Settings\JOSHUA FARID\Desktop\explorerxpsetup.exe
[2010/06/24 19:48:23 | 038,808,920 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\JOSHUA FARID\Desktop\FileFormatConverters.exe
[2011/11/09 16:23:39 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\JOSHUA FARID\Desktop\mbam-setup-1.51.2.1300.exe
[2009/06/10 23:05:41 | 003,371,384 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\JOSHUA FARID\Desktop\mbam-setup.exe
[2011/11/09 16:10:58 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\JOSHUA FARID\Desktop\MBRCheck.exe
[2010/11/29 13:33:45 | 088,445,384 | ---- | M] () -- C:\Documents and Settings\JOSHUA FARID\Desktop\NeatWorks_v4.9.1_UPDATE.exe
[2011/11/16 13:12:31 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JOSHUA FARID\Desktop\OTL.exe
[2011/11/09 21:17:54 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\JOSHUA FARID\Desktop\q9b8rnoe.exe
[2010/09/28 10:57:08 | 298,702,320 | ---- | M] (Intuit, Inc. ) -- C:\Documents and Settings\JOSHUA FARID\Desktop\QuickBooksPro2008.exe
[2010/07/09 13:26:48 | 012,284,664 | ---- | M] (ReviverSoft LLC.) -- C:\Documents and Settings\JOSHUA FARID\Desktop\RegistryReviverSetup.exe
[2010/09/28 10:50:34 | 000,559,256 | ---- | M] () -- C:\Documents and Settings\JOSHUA FARID\Desktop\Setup_QuickBooks_Pro_2008.exe
[2011/11/10 18:50:08 | 000,738,040 | ---- | M] () -- C:\Documents and Settings\JOSHUA FARID\Desktop\st-softonic-sntb.exe
[2011/11/10 19:01:58 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\JOSHUA FARID\Desktop\SystemLook.exe
[2011/11/09 15:35:36 | 001,563,952 | ---- | M] () -- C:\Documents and Settings\JOSHUA FARID\Desktop\tdsskiller.exe
[2011/11/14 21:25:41 | 000,684,297 | ---- | M] () -- C:\Documents and Settings\JOSHUA FARID\Desktop\unhide.exe
[2009/06/10 22:59:51 | 001,358,454 | ---- | M] () -- C:\Documents and Settings\JOSHUA FARID\Desktop\wrar39b2.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >
[2009/11/18 21:11:43 | 000,726,008 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\JOSHUA FARID\gotomypc_438.exe

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2007/03/10 22:02:32 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\JOSHUA FARID\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/04/26 12:09:13 | 000,000,358 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2009/10/20 22:33:18 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\JOSHUA FARID\Cookies\desktop.ini
[2011/11/16 13:12:06 | 000,098,304 | ---- | M] () -- C:\Documents and Settings\JOSHUA FARID\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 21:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >
[2006/07/11 01:18:22 | 000,577,536 | ---- | M] (Intel Corporation) -- C:\WINDOWS\Installer\iProInst.exe
[2005/08/01 16:24:00 | 001,003,215 | ---- | M] () -- C:\WINDOWS\Installer\ms_office_trial.exe
[4 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/14 05:41:52 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 03:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 03:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 09:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 23:00:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/14 05:42:30 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2004/08/04 03:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2004/08/04 03:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2004/08/04 03:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 03:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 03:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-11-11 16:32:05

< >
< End of report >

C:\Documents and Settings\All Users\Application Data\ReviverSoft\RegistryReviver\InstallCache\{E31E4E05-4B6B-42A5-8623-EB530F8147F5}\RegistryReviver.msi a variant of Win32/SlowPCfighter application deleted - quarantined
C:\Documents and Settings\JOSHUA FARID\Desktop\RegistryReviverSetup.exe a variant of Win32/SlowPCfighter application cleaned by deleting - quarantined
C:\Documents and Settings\JOSHUA FARID\Desktop\st-softonic-sntb.exe a variant of Win32/Toolbar.Zugo application deleted - quarantined
C:\Qoobox\Quarantine\C\Program Files\StartNow Toolbar\ReactivateIE.exe.vir a variant of Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\StartNow Toolbar\Toolbar32.dll.vir a variant of Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\StartNow Toolbar\ToolbarBroker.exe.vir a variant of Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe.vir a variant of Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\System Volume Information\_restore{2FF74256-477D-4B01-939A-D41C1BBFE2C6}\RP506\A0150075.msi a variant of Win32/SlowPCfighter application deleted - quarantined
C:\System Volume Information\_restore{2FF74256-477D-4B01-939A-D41C1BBFE2C6}\RP506\A0150084.rbf a variant of Win32/SlowPCfighter application cleaned by deleting - quarantined
C:\System Volume Information\_restore{2FF74256-477D-4B01-939A-D41C1BBFE2C6}\RP515\A0153986.exe a variant of Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\System Volume Information\_restore{2FF74256-477D-4B01-939A-D41C1BBFE2C6}\RP515\A0153988.dll a variant of Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\System Volume Information\_restore{2FF74256-477D-4B01-939A-D41C1BBFE2C6}\RP515\A0153989.exe a variant of Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\System Volume Information\_restore{2FF74256-477D-4B01-939A-D41C1BBFE2C6}\RP515\A0153990.exe a variant of Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\System Volume Information\_restore{2FF74256-477D-4B01-939A-D41C1BBFE2C6}\RP517\A0155674.msi a variant of Win32/SlowPCfighter application deleted - quarantined
C:\System Volume Information\_restore{2FF74256-477D-4B01-939A-D41C1BBFE2C6}\RP517\A0155675.exe a variant of Win32/SlowPCfighter application cleaned by deleting - quarantined
C:\System Volume Information\_restore{2FF74256-477D-4B01-939A-D41C1BBFE2C6}\RP517\A0155676.exe a variant of Win32/Toolbar.Zugo application deleted - quarantined

#29 Broni Re: [Inactive] INFECTED DATA RESTORE

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 05:09 AM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 57d 10h 30m 28s

Posted 17 November 2011 - 03:35 AM

That's incorrect log. You clicked on "Scan" instead of "Fix" button.

#30 jffarid Re: [Inactive] INFECTED DATA RESTORE

Member

19 posts
Joined: November 09, 2011
1 topics
Age: 49
Local time: 07:09 AM

Zodiac:Virgo
Gender:Male
OS:Windows XP
Country:

Offline

Time Online: 4h 17m 33s

Posted 17 November 2011 - 03:39 AM

I believe that I hit the fix button, but I will do it again.

#31 jffarid Re: [Inactive] INFECTED DATA RESTORE

Member

19 posts
Joined: November 09, 2011
1 topics
Age: 49
Local time: 07:09 AM

Zodiac:Virgo
Gender:Male
OS:Windows XP
Country:

Offline

Time Online: 4h 17m 33s

Posted 17 November 2011 - 03:59 AM

All processes killed
========== OTL ==========
No active process named symlcsvc.exe was found!
Service symlcbrd stopped successfully!
Service symlcbrd deleted successfully!
C:\WINDOWS\system32\drivers\symlcbrd.sys moved successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
HKU\S-1-5-21-3201687670-3693188784-1112880381-1005\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultName| /E : value set successfully!
HKU\S-1-5-21-3201687670-3693188784-1112880381-1005\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultUrl| /E : value set successfully!
Prefs.js: "AVG Secure Search" removed from browser.search.defaultenginename
Prefs.js: "Ask" removed from browser.search.order.1
Folder C:\Documents and Settings\JOSHUA FARID\Application Data\Mozilla\Firefox\Profiles\qwseaeg1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\ not found.
File C:\Documents and Settings\JOSHUA FARID\Application Data\Mozilla\Firefox\Profiles\qwseaeg1.default\searchplugins\ask.xml not found.
File C:\Documents and Settings\JOSHUA FARID\Application Data\Mozilla\Firefox\Profiles\qwseaeg1.default\searchplugins\bing-zugo.xml not found.
File C:\Documents and Settings\JOSHUA FARID\Application Data\Mozilla\Firefox\Profiles\qwseaeg1.default\searchplugins\mywebsearch.xml not found.
Registry value HKEY_USERS\S-1-5-21-3201687670-3693188784-1112880381-1005\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_USERS\S-1-5-21-3201687670-3693188784-1112880381-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry key HKEY_USERS\S-1-5-21-3201687670-3693188784-1112880381-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3201687670-3693188784-1112880381-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\GD\\http deleted successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}
c:\winnt\Downloaded Program Files\jinstall_1_3_1_02.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Folder C:\Documents and Settings\JOSHUA FARID\My Documents\Symantec\ not found.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\PerfStringBackup.TMP deleted successfully.
C:\WINDOWS\System32\SET107.tmp deleted successfully.
C:\WINDOWS\System32\SET10E.tmp deleted successfully.
C:\WINDOWS\System32\SET10F.tmp deleted successfully.
C:\WINDOWS\System32\SET124.tmp deleted successfully.
C:\WINDOWS\System32\SET12B.tmp deleted successfully.
C:\WINDOWS\System32\SET12D.tmp deleted successfully.
C:\WINDOWS\System32\SET130.tmp deleted successfully.
C:\WINDOWS\System32\SET132.tmp deleted successfully.
C:\WINDOWS\System32\SET133.tmp deleted successfully.
C:\WINDOWS\System32\SET139.tmp deleted successfully.
C:\WINDOWS\System32\SET13C.tmp deleted successfully.
C:\WINDOWS\System32\SET13D.tmp deleted successfully.
C:\WINDOWS\System32\SET144.tmp deleted successfully.
C:\WINDOWS\System32\SET145.tmp deleted successfully.
C:\WINDOWS\System32\SET164.tmp deleted successfully.
C:\WINDOWS\System32\SET167.tmp deleted successfully.
C:\WINDOWS\System32\SET264.tmp deleted successfully.
C:\WINDOWS\System32\SET266.tmp deleted successfully.
C:\WINDOWS\System32\SET275.tmp deleted successfully.
C:\WINDOWS\System32\SET27C.tmp deleted successfully.
C:\WINDOWS\System32\SET27E.tmp deleted successfully.
C:\WINDOWS\System32\SET27F.tmp deleted successfully.
C:\WINDOWS\System32\SET290.tmp deleted successfully.
C:\WINDOWS\System32\SET297.tmp deleted successfully.
C:\WINDOWS\System32\SET2A3.tmp deleted successfully.
C:\WINDOWS\System32\SET2A4.tmp deleted successfully.
C:\WINDOWS\System32\SET2AA.tmp deleted successfully.
C:\WINDOWS\System32\SET2AB.tmp deleted successfully.
C:\WINDOWS\System32\SET2B2.tmp deleted successfully.
C:\WINDOWS\System32\SET2B7.tmp deleted successfully.
C:\WINDOWS\System32\SET2B9.tmp deleted successfully.
C:\WINDOWS\System32\SET2BC.tmp deleted successfully.
C:\WINDOWS\System32\SET2BE.tmp deleted successfully.
C:\WINDOWS\System32\SET2C1.tmp deleted successfully.
C:\WINDOWS\System32\SET2C2.tmp deleted successfully.
C:\WINDOWS\System32\SET2C7.tmp deleted successfully.
C:\WINDOWS\System32\SET2CE.tmp deleted successfully.
C:\WINDOWS\System32\SET2D7.tmp deleted successfully.
C:\WINDOWS\System32\SET2D8.tmp deleted successfully.
C:\WINDOWS\System32\SET2D9.tmp deleted successfully.
C:\WINDOWS\System32\SET2DA.tmp deleted successfully.
C:\WINDOWS\System32\SET2DC.tmp deleted successfully.
C:\WINDOWS\System32\SET9E.tmp deleted successfully.
C:\WINDOWS\System32\SET9F.tmp deleted successfully.
C:\WINDOWS\System32\SETA2.tmp deleted successfully.
C:\WINDOWS\System32\SETA3.tmp deleted successfully.
C:\WINDOWS\System32\SETA4.tmp deleted successfully.
C:\WINDOWS\System32\SETA5.tmp deleted successfully.
C:\WINDOWS\System32\SETA8.tmp deleted successfully.
C:\WINDOWS\System32\SETA9.tmp deleted successfully.
C:\WINDOWS\System32\SETAA.tmp deleted successfully.
C:\WINDOWS\System32\SETAD.tmp deleted successfully.
C:\WINDOWS\System32\SETB2.tmp deleted successfully.
C:\WINDOWS\System32\SETB3.tmp deleted successfully.
C:\WINDOWS\System32\SETB4.tmp deleted successfully.
C:\WINDOWS\System32\SETB5.tmp deleted successfully.
C:\WINDOWS\System32\SETBA.tmp deleted successfully.
C:\WINDOWS\System32\SETC2.tmp deleted successfully.
C:\WINDOWS\System32\SETC4.tmp deleted successfully.
C:\WINDOWS\System32\SETDA.tmp deleted successfully.
C:\WINDOWS\System32\SETE3.tmp deleted successfully.
C:\WINDOWS\System32\SETE8.tmp deleted successfully.
C:\WINDOWS\System32\SETE9.tmp deleted successfully.
C:\WINDOWS\System32\SETEA.tmp deleted successfully.
C:\WINDOWS\System32\SETEB.tmp deleted successfully.
C:\WINDOWS\System32\SETEC.tmp deleted successfully.
C:\WINDOWS\System32\SETEE.tmp deleted successfully.
C:\WINDOWS\System32\SETEF.tmp deleted successfully.
C:\WINDOWS\System32\SETF5.tmp deleted successfully.
C:\WINDOWS\System32\SETF6.tmp deleted successfully.
C:\WINDOWS\System32\SETFA.tmp deleted successfully.
C:\WINDOWS\003019_.tmp deleted successfully.
C:\Documents and Settings\All Users\Application Data\9lVK7dmpdonxRW moved successfully.
C:\Documents and Settings\All Users\Application Data\~9lVK7dmpdonxRW moved successfully.
C:\Documents and Settings\All Users\Application Data\~9lVK7dmpdonxRWr moved successfully.
C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk moved successfully.
C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjk moved successfully.
C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjkr moved successfully.
File C:\Documents and Settings\JOSHUA FARID\Desktop\System Restore.lnk not found.
File C:\Documents and Settings\JOSHUA FARID\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Program Files\Common Files\Symantec Shared\SPManifests folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\CCPD-LC folder moved successfully.
C:\Program Files\Common Files\Symantec Shared folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Atefeh
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 5537862 bytes
->FireFox cache emptied: 42735634 bytes
->Google Chrome cache emptied: 17841517 bytes
->Flash cache emptied: 58198 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 56502 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes

User: JOSHUA FARID
->Temp folder emptied: 370579217 bytes
->Temporary Internet Files folder emptied: 22133420 bytes
->Java cache emptied: 99115493 bytes
->FireFox cache emptied: 35857552 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 12865536 bytes
->Flash cache emptied: 1977878 bytes

User: LocalService
->Temp folder emptied: 65536 bytes
->Temporary Internet Files folder emptied: 9453702 bytes
->Java cache emptied: 38451 bytes
->Flash cache emptied: 19790 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 39 bytes
->Flash cache emptied: 26515 bytes

User: QBDataServiceUser18
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes

User: QBDataServiceUser18.JOSH
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 90 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 590.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Atefeh
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: JOSHUA FARID
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: QBDataServiceUser18
->Flash cache emptied: 0 bytes

User: QBDataServiceUser18.JOSH
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 11162011_195139

Files\Folders moved on Reboot...
C:\Documents and Settings\JOSHUA FARID\Local Settings\Temporary Internet Files\Content.IE5\UDOY4JJ0\fastbutton[1].htm moved successfully.
C:\Documents and Settings\JOSHUA FARID\Local Settings\Temporary Internet Files\Content.IE5\03ZIPNLR\page__st__20[1].htm moved successfully.
C:\Documents and Settings\JOSHUA FARID\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File move failed. C:\Documents and Settings\JOSHUA FARID\Local Settings\Temporary Internet Files\SuggestedSites.dat scheduled to be moved on reboot.
Registry entries deleted on Reboot...
D

#32 Broni Re: [Inactive] INFECTED DATA RESTORE

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 05:09 AM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 57d 10h 30m 28s

Posted 17 November 2011 - 04:01 AM

Now you're talking :)

#33 jffarid Re: [Inactive] INFECTED DATA RESTORE

Member

19 posts
Joined: November 09, 2011
1 topics
Age: 49
Local time: 07:09 AM

Zodiac:Virgo
Gender:Male
OS:Windows XP
Country:

Offline

Time Online: 4h 17m 33s

Posted 17 November 2011 - 05:27 PM

^{The fix log was placed in the OTL folder and I mistakingly attached the OTL log which was from previous scan on desk top.}

#34 Broni Re: [Inactive] INFECTED DATA RESTORE

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 05:09 AM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 57d 10h 30m 28s

Posted 17 November 2011 - 10:27 PM

Go on....

#35 jffarid Re: [Inactive] INFECTED DATA RESTORE

Member

19 posts
Joined: November 09, 2011
1 topics
Age: 49
Local time: 07:09 AM

Zodiac:Virgo
Gender:Male
OS:Windows XP
Country:

Offline

Time Online: 4h 17m 33s

Posted 17 November 2011 - 10:53 PM

That is all, I was just advising you that the initial log I posted was a mistake, I knew I had ran the fix it button. What is your next instruction? Is the computer clean now? How do I get all the program shot cuts back? Thanks