very slow and seems pre-occupied

For the last few weeks or months, y computer has slown down tremendously. When i try to google something. 7 times out of 10 Google will ask me to veryify that the request was not machine driven. The error message in googl;e is something like, "your computer/network is suspected of sending automated queries......"

Also for some applications the following message appears.
There is no disk in the drive. Please insert a disk into drive\Decice\Harddisk2\DR5
Cancel/try again/continue

Please help it seems that something is slowing me down but not sure what. have added all the logs you asked for. Please try and help.

thanks
harsha

OTL logfile created on: 3/28/2012 9:43:13 PM - Run 1
OTL by OldTimer - Version 3.2.39.1 Folder = F:\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19190)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.58 Gb Available Physical Memory | 52.89% Memory free
9.24 Gb Paging File | 7.86 Gb Available in Paging File | 85.05% Paging File free
Paging file location(s): d:\pagefile.sys 6500 7417 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 154.83 Gb Total Space | 64.78 Gb Free Space | 41.84% Space Free | Partition Type: NTFS
Drive D: | 7.30 Gb Total Space | 0.87 Gb Free Space | 11.87% Space Free | Partition Type: NTFS
Drive E: | 303.63 Gb Total Space | 57.61 Gb Free Space | 18.97% Space Free | Partition Type: NTFS
Drive F: | 2794.51 Gb Total Space | 2072.35 Gb Free Space | 74.16% Space Free | Partition Type: NTFS
Drive I: | 74.53 Gb Total Space | 15.11 Gb Free Space | 20.28% Space Free | Partition Type: NTFS

Computer Name: THATHIPOOH-PC | User Name: Thathi Pooh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/25 22:55:32 | 000,594,432 | ---- | M] (OldTimer Tools) -- F:\Downloads\OTL.com
PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/02/15 03:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\Thathi Pooh\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/06/01 20:42:28 | 000,071,432 | ---- | M] (Memeo) -- C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe
PRC - [2011/06/01 20:42:28 | 000,014,088 | ---- | M] (Memeo) -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
PRC - [2011/06/01 20:16:54 | 002,260,992 | ---- | M] (Axentra Corporation) -- C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
PRC - [2011/04/17 04:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\5.2.0.13\ccsvchst.exe
PRC - [2011/01/24 22:36:28 | 000,085,272 | ---- | M] (Memeo Inc.) -- C:\Program Files\Memeo\AutoBackup\MemeoUpdater.exe
PRC - [2011/01/24 22:35:36 | 000,025,824 | ---- | M] (Memeo) -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
PRC - [2011/01/24 22:35:30 | 000,324,320 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\InstantBackup.exe
PRC - [2009/12/29 11:27:16 | 000,995,328 | ---- | M] (D-Link Corp.) -- C:\Program Files\D-Link\DWA-125 revA\AirGCFG.exe
PRC - [2009/10/19 18:39:38 | 000,122,880 | ---- | M] (Wireless Service) -- C:\Program Files\D-Link\DWA-125 revA\WZCSLDR2.exe
PRC - [2009/07/07 19:49:20 | 000,040,960 | ---- | M] () -- C:\Program Files\D-Link\DWA-125 revA\ANIWConnService.exe
PRC - [2009/04/11 10:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/02/23 16:32:56 | 000,126,976 | ---- | M] (SAMSUNG ELECTRONICS) -- C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
PRC - [2006/09/15 13:21:54 | 000,675,840 | ---- | M] (Sonix) -- C:\Windows\vsnp2std.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/16 22:48:58 | 001,711,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6310a2050033b0b567428ca55bda4a1b\Microsoft.VisualBasic.ni.dll
MOD - [2012/02/16 22:47:36 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d0cf808e33a5123b33010b933d3b1597\System.ServiceProcess.ni.dll
MOD - [2012/02/16 22:47:33 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5c3bfd69e0c268baff0d169e11a6a784\System.Runtime.Remoting.ni.dll
MOD - [2012/02/16 22:47:30 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\2598077ccea480c6120d3a1ad4455be0\System.Web.ni.dll
MOD - [2012/02/16 22:47:06 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7fd6c62196829d1e2dce5a253145d51a\System.Configuration.ni.dll
MOD - [2012/02/16 22:45:40 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll
MOD - [2012/02/16 22:45:26 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\65450889f3742aada2a6c0cf8e6173e3\System.Windows.Forms.ni.dll
MOD - [2012/02/16 22:45:18 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\137696d0416b65dbc1561152971488b4\System.Drawing.ni.dll
MOD - [2012/02/16 22:45:08 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\029217106fa24787ff7a61b754f8ebf7\System.Data.ni.dll
MOD - [2012/02/16 22:44:28 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll
MOD - [2011/11/03 08:52:31 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\bcb66dbad2b45d05235b37a02f737eb5\Accessibility.ni.dll
MOD - [2011/11/03 08:52:30 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/06/01 20:46:02 | 000,030,984 | ---- | M] () -- C:\Program Files\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.SeagateSharePlusPlugin.dll
MOD - [2011/06/01 20:42:24 | 000,108,296 | ---- | M] () -- C:\Program Files\Seagate\Seagate Dashboard\Memeo.Progress.dll
MOD - [2011/06/01 20:16:54 | 000,971,776 | ---- | M] () -- C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\libxml2.dll
MOD - [2011/06/01 20:16:54 | 000,241,664 | ---- | M] () -- C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\libupnp.dll
MOD - [2011/01/24 22:35:58 | 002,896,608 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\Memeo.Client.UI.dll
MOD - [2011/01/24 22:35:54 | 000,026,848 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\Memeo.Client.DriveDetection.dll
MOD - [2011/01/24 22:35:30 | 000,324,320 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\InstantBackup.exe
MOD - [2010/10/28 11:56:40 | 000,315,392 | ---- | M] () -- C:\Program Files\D-Link\DWA-125 revA\ANPDApi.dll
MOD - [2010/03/23 02:59:46 | 000,504,293 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\sqlite3.dll
MOD - [2009/10/19 18:59:12 | 000,274,432 | ---- | M] () -- C:\Program Files\D-Link\DWA-125 revA\wlanapp.dll
MOD - [2009/03/30 08:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2008/12/27 20:55:46 | 000,089,600 | ---- | M] () -- C:\Program Files\Griffin Technology\iTalk Sync\CopyHook.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/01/04 13:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/06/01 20:42:28 | 000,014,088 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)
SRV - [2011/04/17 04:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\5.2.0.13\ccSvcHst.exe -- (N360)
SRV - [2011/01/24 22:35:36 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2009/10/07 16:50:26 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe -- (TeamViewer4)
SRV - [2009/08/21 09:27:26 | 000,126,976 | ---- | M] (Wireless Service) [Auto | Stopped] -- C:\Program Files\D-Link\DWA-125 revA\ANIWZCSdS.exe -- (D_Link_DWA-125)
SRV - [2009/07/07 19:49:20 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Program Files\D-Link\DWA-125 revA\ANIWConnService.exe -- (D_Link_DWA-125_WPS)
SRV - [2009/03/06 12:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) [Disabled | Stopped] -- C:\Windows\System32\atashost.exe -- (atashost)
SRV - [2008/02/18 14:36:14 | 001,553,704 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2008/01/21 06:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/07 00:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2007/06/03 15:39:32 | 000,016,384 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\BlackBYTE Free Speech Vista\bin\blackbyteserv.exe -- (OpenVPNService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS -- (SYMNDISV)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\N360\0308000.029\SYMFW.SYS -- (SYMFW)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012/03/06 16:04:10 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120327.002\IDSvix86.sys -- (IDSVix86)
DRV - [2012/03/02 22:58:02 | 000,820,856 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120317.002\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/02/04 14:03:59 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/02/04 14:03:59 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/11/01 10:07:26 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2011/11/01 10:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011/11/01 10:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011/11/01 10:07:24 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2011/11/01 10:07:24 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011/11/01 10:07:24 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2011/08/04 10:11:05 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120327.037\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/08/04 10:11:05 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120327.037\NAVENG.SYS -- (NAVENG)
DRV - [2011/06/26 04:56:44 | 000,028,256 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\appliand.sys -- (appliandMP)
DRV - [2011/06/26 04:56:44 | 000,028,256 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\appliand.sys -- (appliand)
DRV - [2011/06/05 09:29:31 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/05/06 14:30:36 | 000,016,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdrvio.sys -- (pwdrvio)
DRV - [2011/05/06 14:30:28 | 000,011,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdspio.sys -- (pwdspio)
DRV - [2011/04/21 05:37:49 | 000,331,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0502000.00D\symtdiv.sys -- (SYMTDIv)
DRV - [2011/03/31 07:00:09 | 000,516,216 | R--- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\N360\0502000.00D\srtsp.sys -- (SRTSP)
DRV - [2011/03/31 07:00:09 | 000,050,168 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0502000.00D\srtspx.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/15 06:31:23 | 000,744,568 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\0502000.00D\symefa.sys -- (SymEFA)
DRV - [2011/01/27 10:47:10 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\0502000.00D\symds.sys -- (SymDS)
DRV - [2011/01/27 09:07:05 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0502000.00D\ironx86.sys -- (SymIRON)
DRV - [2009/12/30 11:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/09/21 11:31:17 | 000,027,136 | ---- | M] (NCH Swift Sound) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nchssvad.sys -- (NCHSSVAD)
DRV - [2009/09/15 13:47:44 | 000,798,208 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Dnetr28u.sys -- (netr28u)
DRV - [2009/07/11 21:14:09 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2009/03/06 18:09:52 | 000,012,800 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\anodlwf.sys -- (anodlwf)
DRV - [2008/12/10 12:37:46 | 000,135,680 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/09/06 13:42:34 | 000,026,112 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0801.sys -- (tap0801)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/02/18 14:36:14 | 000,038,312 | ---- | M] (Nero AG) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\InCDRm.sys -- (incdrm)
DRV - [2008/02/18 14:36:14 | 000,036,648 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2008/02/18 14:36:14 | 000,016,040 | ---- | M] (Nero AG) [Recognizer | System | Unknown] -- C:\Windows\System32\drivers\InCDrec.sys -- (InCDrec)
DRV - [2008/02/18 14:36:04 | 000,118,952 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\Windows\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2008/01/24 01:25:32 | 000,027,136 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tapvpn.sys -- (tapvpn)
DRV - [2007/11/07 00:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2007/03/30 14:41:54 | 012,033,024 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2sxp.sys -- (SNP2STD) USB2.0 PC Camera (SNP2STD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {40439b93-f815-4122-8073-d03bed94c303}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{40439b93-f815-4122-8073-d03bed94c303}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-shoutcast-chromesbox-en-us
IE - HKLM\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://theacademic.org/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {C8929A7D-4606-4CB4-B62E-C8F77551274C}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{40439b93-f815-4122-8073-d03bed94c303}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-shoutcast-chromesbox-en-us
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
IE - HKCU\..\SearchScopes\{C8929A7D-4606-4CB4-B62E-C8F77551274C}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=1I7ADFA_en
IE - HKCU\..\SearchScopes\{EF20B2D8-708C-44D9-8DDD-50C16AE2EB0B}: "URL" = http://en.wikipedia.org/w/index.php?title=Special:Search&search={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.theacademic.org/"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\MpcStar\Codecs\Real\browser\plugins\nppl3260.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\MpcStar\Codecs\Real\browser\plugins\nprpjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010/09/05 20:40:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\ [2012/02/01 16:55:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_6_3 [2012/03/28 19:40:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_9.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0 [2012/01/27 12:04:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/18 22:34:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/05 23:43:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012/01/27 12:04:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: C:\Program Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Ltd\BullGuard\antispam\tbspamfilter

[2009/10/16 12:42:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thathi Pooh\AppData\Roaming\Mozilla\Extensions
[2012/02/17 01:27:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thathi Pooh\AppData\Roaming\Mozilla\Firefox\Profiles\0t6eje54.default\extensions
[2012/02/17 01:27:38 | 000,000,000 | ---D | M] (Freecorder Community Toolbar) -- C:\Users\Thathi Pooh\AppData\Roaming\Mozilla\Firefox\Profiles\0t6eje54.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2010/04/27 16:44:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Thathi Pooh\AppData\Roaming\Mozilla\Firefox\Profiles\0t6eje54.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/12 22:09:34 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Thathi Pooh\AppData\Roaming\Mozilla\Firefox\Profiles\0t6eje54.default\extensions\engine@conduit.com
[2012/02/24 17:33:29 | 000,002,359 | ---- | M] () -- C:\Users\Thathi Pooh\AppData\Roaming\Mozilla\Firefox\Profiles\0t6eje54.default\searchplugins\google-us.xml
[2011/11/11 08:41:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/28 19:40:45 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\COFFPLGN_2011_7_6_3
[2012/02/01 16:55:17 | 000,000,000 | ---D | M] (Symantec Intrusion Prevention) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPLGN
() (No name found) -- C:\USERS\THATHI POOH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0T6EJE54.DEFAULT\EXTENSIONS\AMZNUWL2@AMAZON.COM.XPI
[2012/03/18 22:34:03 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/12 09:21:55 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/12 09:21:55 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2006/09/19 01:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.2.0.13\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [D-Link D-Link DWA-125] C:\Program Files\D-Link\DWA-125 revA\AirGCFG.exe (D-Link Corp.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [Memeo AutoSync] C:\Program Files\Memeo\AutoSync\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [Memeo Instant Backup] C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [Seagate Dashboard] C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe ()
O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [WZCSLDR2] C:\Program Files\D-Link\DWA-125 revA\WZCSLDR2.exe (Wireless Service)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [EPSON Stylus CX4300 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATICAR.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [replay_telecorder_skype] File not found
O4 - Startup: C:\Users\Thathi Pooh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Thathi Pooh\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15109/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7239AC13-6A83-4F8E-8635-CA6376FFF840}: DhcpNameServer = 192.168.254.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Thathi Pooh\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Thathi Pooh\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {88485281-8b4b-4f8d-9ede-82e29a064277} - C:\Program Files\MarkAny\ContentSafer\MACSMANAGER.dll (MarkAny Cooperation.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/21 23:42:49 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/02/15 08:53:50 | 000,000,027 | ---- | M] () - F:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{02d73188-6e96-11de-8cf0-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{02d73188-6e96-11de-8cf0-806e6f6e6963}\Shell\AutoRun\command - "" = G:\autorun.exe
O33 - MountPoints2\{40661170-ceca-11de-a27e-00241d3c93ea}\Shell\AutoRun\command - "" = H:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe
O33 - MountPoints2\{40661170-ceca-11de-a27e-00241d3c93ea}\Shell\open\command - "" = H:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe
O33 - MountPoints2\{61edb4dd-471d-11df-8c96-00241d3c93ea}\Shell\AutoRun\command - "" = H:\installer.exe
O33 - MountPoints2\{61edb4dd-471d-11df-8c96-00241d3c93ea}\Shell\verb\command - "" = H:\installer.exe
O33 - MountPoints2\{83193d41-bcc2-11de-98bd-00241d3c93ea}\Shell\AutoRun\command - "" = H:\U3ROM/system32.exe
O33 - MountPoints2\{83193d41-bcc2-11de-98bd-00241d3c93ea}\Shell\explore\command - "" = H:\U3ROM/system32.exe
O33 - MountPoints2\{83193d41-bcc2-11de-98bd-00241d3c93ea}\Shell\open\command - "" = H:\U3ROM/system32.exe
O33 - MountPoints2\{98530c59-3d67-11e0-9a33-00241d3c93ea}\Shell - "" = AutoRun
O33 - MountPoints2\{98530c59-3d67-11e0-9a33-00241d3c93ea}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{dd9b73f0-5c20-11e0-8ffe-00241d3c93ea}\Shell - "" = AutoRun
O33 - MountPoints2\{dd9b73f0-5c20-11e0-8ffe-00241d3c93ea}\Shell\AutoRun\command - "" = I:\MI.exe
O33 - MountPoints2\{dda79276-c3f3-11df-9ad1-00241d3c93ea}\Shell - "" = AutoRun
O33 - MountPoints2\{dda79276-c3f3-11df-9ad1-00241d3c93ea}\Shell\AutoRun\command - "" = H:\NokiaPCIA_Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ImageMixer 3 SE Camera Monitor Ver.4.lnk - - File not found
MsConfig - StartUpFolder: C:^Users^Thathi Pooh^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
MsConfig - StartUpReg: BitComet - hkey= - key= - File not found
MsConfig - StartUpReg: EPSON Stylus CX4300 Series - hkey= - key= - File not found
MsConfig - StartUpReg: Freecorder FLV Service - hkey= - key= - File not found
MsConfig - StartUpReg: LGODDFU - hkey= - key= - C:\Program Files\lg_fwupdate\fwupdate.exe (BL)
MsConfig - StartUpReg: MAAgent - hkey= - key= - C:\Program Files\MarkAny\ContentSafer\MaAgent.exe ((주)마크애니)
MsConfig - StartUpReg: NBKeyScan - hkey= - key= - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe (Nero AG)
MsConfig - StartUpReg: nmapp - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: WinampAgent - hkey= - key= - File not found
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: atashost - C:\Windows\System32\atashost.exe (WebEx Communications, Inc.)
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vsmon - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.scg726 - C:\Windows\System32\scg726.acm (SHARP Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - ff_vfw.dll File not found
Drivers32: vidc.tscc - C:\Program Files\MpcStar\Codecs\tscc\tsccvid.dll (TechSmith Corporation)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/03/28 13:21:56 | 000,000,000 | ---D | C] -- C:\Users\Thathi Pooh\AppData\Local\{7D695D29-6484-43EB-B1BD-7110B9A8E311}
[2012/03/28 13:21:53 | 000,000,000 | ---D | C] -- C:\Users\Thathi Pooh\AppData\Local\{BDE602FB-3B87-40BE-8456-463CD39B9F3B}
[2012/03/27 18:21:17 | 000,000,000 | ---D | C] -- C:\Users\Thathi Pooh\AppData\Local\{F5E319AF-C924-43BD-B80C-D62B20D21409}
[2012/03/27 18:21:15 | 000,000,000 | ---D | C] -- C:\Users\Thathi Pooh\AppData\Local\{9D3F587A-7BA0-4C5F-9B21-629FB070CA47}
[2012/03/27 06:21:11 | 000,000,000 | ---D | C] -- C:\Users\Thathi Pooh\AppData\Local\{F6D5E598-1539-4C8E-8481-D6E332E1C196}
[2012/03/27 06:21:09 | 000,000,000 | ---D | C] -- C:\Users\Thathi Pooh\AppData\Local\{482E3238-416B-48B9-AC1F-E978522D2D2A}
[2012/03/26 18:21:05 | 000,000,000 | ---D | C] -- C:\Users\Thathi Pooh\AppData\Local\{F9F08BD6-0C63-4379-B051-DC59A8776C13}
[2012/03/26 18:21:02 | 000,000,000 | ---D | C] -- C:\Users\Thathi Pooh\AppData\Local\{6BD09716-63B6-408A-85BD-D150DEFC846C}
[2012/03/25 23:16:33 | 000,000,000 | ---D | C] -- C:\Users\Thathi Pooh\AppData\Local\NPE
[2012/03/25 22:57:16 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Thathi Pooh\Desktop\aswMBR.exe
[2012/03/25 22:35:20 | 000,000,000 | ---D | C] -- C:\Users\Thathi Pooh\AppData\Local\{668CD80F-6ECD-47F5-A02B-38CAC8236CB9}
[2012/03/25 22:35:17 | 000,000,000 | ---D | C] -- C:\Users\Thathi Pooh\AppData\Local\{3108BF1B-E8FC-4567-A104-9BDEA5D38733}
[2012/03/25 10:35:00 | 000,000,000 | ---D | C] -- C:\Users\Thathi Pooh\AppData\Local\{8D2CE574-1A73-4941-9D69-A9E0B1D2D87A}
[2012/03/25 10:34:58 | 000,000,000 | ---D | C] -- C:\Users\Thathi Pooh\AppData\Local\{BCDACD9E-E440-44A4-B1BE-2B79DEE97A92}
[2012/03/23 08:55:59 | 000,000,000 | ---D | C] -- C:\Users\Thathi Pooh\AppData\Local\{34900CBD-36FE-44A5-8E57-0849EDE6E21F}
[2012/03/23 08:55:53 | 000,000,000 | ---D | C] -- C:\Users\Thathi Pooh\AppData\Local\{9FF6C2F0-7882-4AD6-AA3B-BD92DBFEB856}
[2012/03/22 23:12:12 | 004,435,968 | ---- | C] (Google Inc.) -- C:\Windows\System32\GPhotos.scr
[2012/03/21 22:41:07 | 000,000,000 | ---D | C] -- C:\Users\Thathi Pooh\AppData\Local\{01DFFBD0-DC5E-4AA7-A42E-B907DDB58E8D}
[2012/03/21 22:41:05 | 000,000,000 | ---D | C] -- C:\Users\Thathi Pooh\AppData\Local\{8E63CA75-82FE-4CC8-AACD-4C6B5961BA16}
[2012/03/21 10:40:47 | 000,000,000 | ---D | C] -- C:\Users\Thathi Pooh\AppData\Local\{EE7B63F6-AF1B-44A5-85D9-DB91FE94D8A5}
[2012/03/21 10:40:41 | 000,000,000 | ---D | C] -- C:\Users\Thathi Pooh\AppData\Local\{EBF02A46-4484-4C9A-8389-4E52002D76A2}
[2012/03/21 00:49:22 | 000,000,000 | ---D | C] -- C:\Users\Thathi Pooh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012/03/20 19:02:11 | 000,000,000 | ---D | C] -- C:\Users\Thathi Pooh\AppData\Local\{7E0C0C25-1F7B-4968-B2CF-B15A53DD96CD}
[2012/03/20 19:02:07 | 000,000,000 | ---D | C] -- C:\Users\Thathi Pooh\AppData\Local\{C34007F6-F872-4BF3-8D92-29458F899653}
[2012/03/19 16:15:59 | 000,000,000 | ---D | C] -- C:\Users\Thathi Pooh\AppData\Local\{42CB6140-F353-4564-BCB1-37531C1AF931}
[2012/03/19 16:15:57 | 000,000,000 | ---D | C] -- C:\Users\Thathi Pooh\AppData\Local\{0A753374-1BE7-41E9-8DAF-F6FA37A7EB7F}
[2012/03/18 22:31:50 | 000,000,000 | ---D | C] -- C:\Users\Thathi Pooh\AppData\Local\{6092210E-4B8E-49C6-B5A5-D726ECC0083D}
[2012/03/18 22:31:48 | 000,000,000 | ---D | C] -- C:\Users\Thathi Pooh\AppData\Local\{496D5248-CC1A-4C7F-A825-1B144EA3ADB4}
[2012/03/18 08:10:13 | 000,000,000 | ---D | C] -- C:\Users\Thathi Pooh\AppData\Local\{4F7EBEE0-8452-45B3-98AB-EB834B77E08C}
[2012/03/18 08:10:09 | 000,000,000 | ---D | C] -- C:\Users\Thathi Pooh\AppData\Local\{AC66D9C4-8DF8-40F7-AA58-5ADB579DC16C}
[2012/03/17 18:57:45 | 000,000,000 | ---D | C] -- C:\Users\Thathi Pooh\AppData\Local\{56B71737-6409-49E7-814B-F8E59E1A1D1C}
[2012/03/17 18:57:42 | 000,000,000 | ---D | C] -- C:\Users\Thathi Pooh\AppData\Local\{3D5BCF3A-6F93-48FF-B46E-1287822FC492}
[2012/03/16 19:49:20 | 000,000,000 | ---D | C] -- C:\Users\Thathi Pooh\AppData\Local\{597A2263-EC71-4AF7-9DF6-4CDF07B92689}
[2012/03/16 19:48:42 | 000,000,000 | ---D | C] -- C:\Users\Thathi Pooh\AppData\Local\{8571F740-F200-4F31-B13A-4D3EC9255CA3}
[2012/03/15 21:48:05 | 000,000,000 | ---D | C] -- C:\Users\Thathi Pooh\AppData\Local\{EB2666CE-DE88-47A9-B5A5-E470F6FEA868}
[2012/03/15 21:48:03 | 000,000,000 | ---D | C] -- C:\Users\Thathi Pooh\AppData\Local\{BD1DFF17-F6E8-415B-B1E7-A2125355BF75}
[2012/03/14 22:02:39 | 000,000,000 | ---D | C] -- C:\Users\Thathi Pooh\AppData\Local\{F111861F-A0FD-482E-99DB-0E66E764F180}
[2012/03/14 22:02:36 | 000,000,000 | ---D | C] -- C:\Users\Thathi Pooh\AppData\Local\{6A1E0C12-02C4-4860-8FC5-9A6446B07F05}
[2012/03/14 07:05:13 | 000,000,000 | ---D | C] -- C:\Users\Thathi Pooh\AppData\Local\{711EEC27-62D6-4F45-B9C1-89B3CA59320A}
[2012/03/14 07:05:11 | 000,000,000 | ---D | C] -- C:\Users\Thathi Pooh\AppData\Local\{54823A60-D0B3-4BD1-AFF0-04B9C25F21C2}
[2012/03/14 01:12:54 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/03/14 01:12:52 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012/03/14 01:12:52 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/03/14 01:12:52 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012/03/14 01:12:52 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012/03/14 01:12:52 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012/03/14 01:12:14 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2012/03/13 19:05:07 | 000,000,000 | ---D | C] -- C:\Users\Thathi Pooh\AppData\Local\{863071F3-88F4-423F-AB11-D014565DC175}
[2012/03/13 19:05:04 | 000,000,000 | ---D | C] -- C:\Users\Thathi Pooh\AppData\Local\{E7E7CAE1-19E5-47C2-940D-652062A22D77}
[2012/03/10 22:15:43 | 000,000,000 | ---D | C] -- C:\Users\Thathi Pooh\AppData\Local\{377A917D-B500-4AF8-8C13-8B5CFFF26BE4}
[2012/03/10 22:15:41 | 000,000,000 | ---D | C] -- C:\Users\Thathi Pooh\AppData\Local\{51575192-76B8-4076-9AC8-3D8AB5568E2B}
[2012/03/10 12:42:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/03/10 12:41:51 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/03/10 12:41:49 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/03/10 10:15:25 | 000,000,000 | ---D | C] -- C:\Users\Thathi Pooh\AppData\Local\{97168F73-6032-447F-BCCF-9BBAE12317A2}
[2012/03/10 10:15:21 | 000,000,000 | ---D | C] -- C:\Users\Thathi Pooh\AppData\Local\{04C010AC-774B-4601-BA7D-EAFD2E032FAC}
[2012/03/09 11:58:36 | 000,000,000 | ---D | C] -- C:\Users\Thathi Pooh\AppData\Local\{AF2D79A9-901D-4DBE-BCAB-251048D3A556}
[2012/03/09 11:58:28 | 000,000,000 | ---D | C] -- C:\Users\Thathi Pooh\AppData\Local\{92E8A794-6F62-447B-97CD-EEF9E7837683}
[2012/03/08 23:30:25 | 000,000,000 | ---D | C] -- C:\Users\Thathi Pooh\AppData\Local\{2EE81C7B-48DB-4396-94DB-7E71DD57A505}
[2012/03/08 23:30:22 | 000,000,000 | ---D | C] -- C:\Users\Thathi Pooh\AppData\Local\{DD81E67A-3F42-4E1D-8DC9-8C8EFF41BEB4}
[2012/03/08 10:28:30 | 000,000,000 | ---D | C] -- C:\Users\Thathi Pooh\AppData\Local\{37CA2DE7-B888-4E48-A407-4DF3C61E730A}
[2012/03/08 10:28:28 | 000,000,000 | ---D | C] -- C:\Users\Thathi Pooh\AppData\Local\{7E489A2B-8C67-4F6A-B186-FF7528486C43}
[2012/03/07 22:28:11 | 000,000,000 | ---D | C] -- C:\Users\Thathi Pooh\AppData\Local\{B9E2249A-CE19-4918-A925-3A1B6AAE2A0D}
[2012/03/07 22:28:09 | 000,000,000 | ---D | C] -- C:\Users\Thathi Pooh\AppData\Local\{646A9D54-173F-4C7C-A932-55CD11882634}
[2012/03/07 10:27:52 | 000,000,000 | ---D | C] -- C:\Users\Thathi Pooh\AppData\Local\{D311C485-1A3D-4159-B75D-DEFA85B798C9}
[2012/03/07 10:27:50 | 000,000,000 | ---D | C] -- C:\Users\Thathi Pooh\AppData\Local\{80ED6C17-AF4E-40F1-81BF-75F90D89013B}
[2012/03/05 21:33:44 | 000,000,000 | ---D | C] -- C:\Users\Thathi Pooh\AppData\Local\{9724CD62-8715-473E-A7E3-AC1B6A09FB13}
[2012/03/05 21:33:42 | 000,000,000 | ---D | C] -- C:\Users\Thathi Pooh\AppData\Local\{4A803C46-0459-46EB-A625-3A2F10034D7D}
[2012/03/04 18:37:54 | 000,000,000 | ---D | C] -- C:\Users\Thathi Pooh\AppData\Local\{0E625902-4031-42B3-B884-730F3A1CF2CE}
[2012/03/04 18:37:47 | 000,000,000 | ---D | C] -- C:\Users\Thathi Pooh\AppData\Local\{2135EB0B-ECEB-4CA0-834E-D2D53577EBD1}
[2012/03/03 13:05:45 | 000,000,000 | ---D | C] -- C:\Users\Thathi Pooh\AppData\Local\{BFB2DC2E-F49B-4F24-B411-7C405055EF1D}
[2012/03/03 13:05:43 | 000,000,000 | ---D | C] -- C:\Users\Thathi Pooh\AppData\Local\{13843259-C6A7-438B-BC62-127E7F7A2DB0}
[2012/03/02 08:59:18 | 000,000,000 | ---D | C] -- C:\Users\Thathi Pooh\AppData\Local\{FA0642B0-CA18-4E07-AF3C-9171F4B55972}
[2012/03/02 08:59:16 | 000,000,000 | ---D | C] -- C:\Users\Thathi Pooh\AppData\Local\{DE688002-CCF6-4539-AC64-FDD04B0FE96C}
[2012/03/01 20:58:59 | 000,000,000 | ---D | C] -- C:\Users\Thathi Pooh\AppData\Local\{073DFFC2-C934-44C9-B0CC-6848FC66DCB1}
[2012/03/01 20:58:57 | 000,000,000 | ---D | C] -- C:\Users\Thathi Pooh\AppData\Local\{A7F26472-FC77-4082-8601-B6F89BEB917C}
[2012/03/01 08:56:07 | 000,000,000 | ---D | C] -- C:\Users\Thathi Pooh\AppData\Local\{CF5E07F8-4E52-4379-AD20-70B31F350CFB}
[2012/03/01 08:56:05 | 000,000,000 | ---D | C] -- C:\Users\Thathi Pooh\AppData\Local\{281C50A9-BEE9-4511-864B-98625E806E2C}
[2012/02/29 19:47:14 | 000,000,000 | ---D | C] -- C:\Users\Thathi Pooh\AppData\Local\{52C38772-5E6B-4EFA-89C5-9EB49831195D}
[2012/02/29 19:47:12 | 000,000,000 | ---D | C] -- C:\Users\Thathi Pooh\AppData\Local\{0320F406-0F0C-4085-8F89-3CA75AEA7101}
[2012/02/28 18:58:42 | 000,000,000 | ---D | C] -- C:\Users\Thathi Pooh\AppData\Local\{C6C0836C-8E46-42BC-B6FE-ACBE072C3C95}
[2012/02/28 18:58:40 | 000,000,000 | ---D | C] -- C:\Users\Thathi Pooh\AppData\Local\{F74C2738-9B70-4A9E-9713-33AD309AE07E}

========== Files - Modified Within 30 Days ==========

[2012/03/28 21:40:36 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/28 21:40:36 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/28 20:56:01 | 000,644,550 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/03/28 20:56:01 | 000,120,604 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/03/28 20:28:03 | 000,000,434 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{59258D2C-2DBF-4D9B-A91F-9F4134F4135C}.job
[2012/03/28 20:06:36 | 000,002,569 | ---- | M] () -- C:\Users\Thathi Pooh\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007.lnk
[2012/03/28 19:43:02 | 000,003,284 | ---- | M] () -- C:\Windows\System32\ANIWZCS{7239AC13-6A83-4F8E-8635-CA6376FFF840}
[2012/03/28 19:43:02 | 000,003,284 | ---- | M] () -- C:\Users\Thathi Pooh\AppData\Roaming\ANIWZCS{7239AC13-6A83-4F8E-8635-CA6376FFF840}
[2012/03/28 19:42:21 | 000,000,007 | ---- | M] () -- C:\Windows\System32\ANIWZCSUSERNAME
[2012/03/28 19:40:39 | 000,000,007 | ---- | M] () -- C:\Windows\System32\ANIWZCSUSERNAME{7239AC13-6A83-4F8E-8635-CA6376FFF840}
[2012/03/28 19:40:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/25 22:57:48 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Thathi Pooh\Desktop\aswMBR.exe
[2012/03/22 23:12:12 | 004,435,968 | ---- | M] (Google Inc.) -- C:\Windows\System32\GPhotos.scr
[2012/03/21 01:08:35 | 000,000,947 | ---- | M] () -- C:\Users\Thathi Pooh\Desktop\Dropbox.lnk
[2012/03/21 00:49:39 | 000,000,927 | ---- | M] () -- C:\Users\Thathi Pooh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/03/14 10:32:42 | 000,265,120 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/03/10 12:45:05 | 000,001,245 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2012/03/10 12:42:34 | 000,001,624 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/03/08 22:54:19 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2012/03/21 01:08:34 | 000,000,947 | ---- | C] () -- C:\Users\Thathi Pooh\Desktop\Dropbox.lnk
[2012/03/21 00:49:38 | 000,000,927 | ---- | C] () -- C:\Users\Thathi Pooh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/03/10 12:42:34 | 000,001,624 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/07/13 23:08:28 | 000,747,592 | ---- | C] () -- C:\Windows\System32\pwNative.exe
[2011/07/13 23:08:27 | 000,016,472 | ---- | C] () -- C:\Windows\System32\pwdrvio.sys
[2011/07/13 23:08:04 | 000,011,104 | ---- | C] () -- C:\Windows\System32\pwdspio.sys
[2011/05/12 22:30:09 | 000,001,940 | ---- | C] () -- C:\Users\Thathi Pooh\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/03/16 17:43:01 | 000,000,253 | ---- | C] () -- C:\Users\Thathi Pooh\AppData\Roaming\ANICONFIG_{7239AC13-6A83-4F8E-8635-CA6376FFF840}.ini
[2011/03/15 17:12:54 | 000,000,000 | ---- | C] () -- C:\Users\Thathi Pooh\AppData\Local\Schedule8.dat
[2011/02/10 05:54:58 | 003,973,120 | ---- | C] () -- C:\Windows\System32\ffmpeg2.exe
[2010/10/28 11:58:31 | 000,003,284 | ---- | C] () -- C:\Users\Thathi Pooh\AppData\Roaming\ANIWZCS{7239AC13-6A83-4F8E-8635-CA6376FFF840}
[2010/10/28 11:53:35 | 000,012,800 | ---- | C] () -- C:\Windows\System32\drivers\anodlwf.sys
[2010/10/28 11:53:34 | 000,013,931 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat

========== Custom Scans ==========

< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >
[2012/03/25 22:57:48 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Thathi Pooh\Desktop\aswMBR.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2012/03/18 22:34:03 | 000,125,880 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2012/03/18 22:34:03 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2012/03/18 22:34:02 | 000,016,824 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
[2012/03/18 22:34:02 | 000,269,240 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >
[2012/03/28 21:40:36 | 000,003,712 | -H-- | M] () Unable to obtain MD5 -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/28 21:40:36 | 000,003,712 | -H-- | M] () Unable to obtain MD5 -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2011/07/17 00:16:00 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2011/07/14 17:50:51 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2011/07/15 13:47:51 | 000,000,000 | ---D | M] -- C:\Program Files\Applian Director
[2011/07/16 23:21:55 | 000,000,000 | ---D | M] -- C:\Program Files\Applian Technologies
[2011/01/14 11:12:40 | 000,000,000 | ---D | M] -- C:\Program Files\BlackBYTE Free Speech Vista
[2011/10/15 11:23:15 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2011/07/17 00:16:00 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2009/09/08 01:11:03 | 000,000,000 | ---D | M] -- C:\Program Files\coolpro2
[2009/11/07 01:51:06 | 000,000,000 | ---D | M] -- C:\Program Files\Creative
[2009/07/25 22:38:56 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2010/10/28 11:53:34 | 000,000,000 | ---D | M] -- C:\Program Files\D-Link
[2009/07/28 00:27:12 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX
[2011/05/28 14:43:53 | 000,000,000 | ---D | M] -- C:\Program Files\e-Sword
[2010/08/20 12:26:08 | 000,000,000 | ---D | M] -- C:\Program Files\EPSON
[2011/11/04 00:30:46 | 000,000,000 | ---D | M] -- C:\Program Files\Everything
[2011/04/09 22:55:48 | 000,000,000 | ---D | M] -- C:\Program Files\FOTOBOOK
[2011/05/24 20:30:05 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2011/03/06 21:53:44 | 000,000,000 | ---D | M] -- C:\Program Files\Griffin Technology
[2011/11/02 05:51:42 | 000,000,000 | ---D | M] -- C:\Program Files\iExplorer
[2011/05/24 20:18:18 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield

Installation Information
[2009/07/11 21:14:06 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2012/02/16 22:38:32 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2012/03/10 12:41:51 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2012/03/10 12:42:32 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2010/08/20 11:46:33 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2009/10/21 03:36:33 | 000,000,000 | ---D | M] -- C:\Program Files\KYE
[2009/07/25 21:35:06 | 000,000,000 | ---D | M] -- C:\Program Files\Lame MP3 Codec
[2009/10/11 23:48:27 | 000,000,000 | ---D | M] -- C:\Program Files\lg_fwupdate
[2010/10/24 19:07:30 | 000,000,000 | ---D | M] -- C:\Program Files\Linksys
[2011/04/09 22:55:47 | 000,000,000 | ---D | M] -- C:\Program Files\LowRateVoip
[2009/07/25 21:27:22 | 000,000,000 | ---D | M] -- C:\Program Files\MarkAny
[2011/06/25 22:39:43 | 000,000,000 | ---D | M] -- C:\Program Files\Memeo
[2011/04/23 12:49:50 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2009/10/12 22:59:17 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ATS
[2006/11/02 16:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2011/07/15 01:35:31 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2012/02/16 22:40:48 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2009/07/12 00:38:41 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2011/07/15 02:41:10 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2011/07/15 01:35:20 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2011/07/13 23:29:30 | 000,000,000 | ---D | M] -- C:\Program Files\MiniTool Partition Wizard Professional Edition 6.0
[2010/08/11 22:56:56 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2012/03/18 22:34:04 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2011/07/19 16:53:43 | 000,000,000 | ---D | M] -- C:\Program Files\MpcStar
[2006/11/02 16:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/07/26 22:00:29 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2009/09/21 11:28:25 | 000,000,000 | ---D | M] -- C:\Program Files\NCH Software
[2009/07/25 23:00:04 | 000,000,000 | ---D | M] -- C:\Program Files\Nero
[2012/01/27 12:04:44 | 000,000,000 | ---D | M] -- C:\Program Files\Nokia
[2009/10/04 14:49:15 | 000,000,000 | ---D | M] -- C:\Program Files\Norton 360
[2009/10/11 23:51:36 | 000,000,000 | R--D | M] -- C:\Program Files\Norton Support
[2009/10/04 14:48:09 | 000,000,000 | ---D | M] -- C:\Program Files\NortonInstaller
[2010/11/20 23:08:54 | 000,000,000 | ---D | M] -- C:\Program Files\OpenCandyDemoInstaller
[2012/01/27 11:53:55 | 000,000,000 | ---D | M] -- C:\Program Files\PC Connectivity Solution
[2010/04/30 00:41:06 | 000,000,000 | ---D | M] -- C:\Program Files\Phoenix Technologies
[2009/12/09 23:57:41 | 000,000,000 | ---D | M] -- C:\Program Files\Quicken
[2011/10/29 08:21:48 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2011/06/05 00:35:52 | 000,000,000 | ---D | M] -- C:\Program Files\QuickVerse 2007
[2009/08/30 22:44:55 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2009/07/11 21:14:22 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2006/11/02 16:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2011/07/16 00:26:55 | 000,000,000 | ---D | M] -- C:\Program Files\Replay AV 8
[2012/02/06 16:08:48 | 000,000,000 | ---D | M] -- C:\Program Files\Replay Converter 4
[2011/07/16 00:31:09 | 000,000,000 | ---D | M] -- C:\Program Files\Replay Media Splitter
[2011/07/15 14:22:05 | 000,000,000 | ---D | M] -- C:\Program Files\Replay Music 4
[2011/07/16 00:15:29 | 000,000,000 | ---D | M] -- C:\Program Files\Replay Telecorder for Skype
[2011/07/14 00:43:27 | 000,000,000 | ---D | M] -- C:\Program Files\Replay Video Capture
[2011/09/23 19:36:27 | 000,000,000 | ---D | M] -- C:\Program Files\Replay Video Capture 5
[2009/07/25 21:27:10 | 000,000,000 | ---D | M] -- C:\Program Files\Samsung
[2011/06/25 22:37:36 | 000,000,000 | ---D | M] -- C:\Program Files\Seagate
[2009/07/12 20:25:04 | 000,000,000 | ---D | M] -- C:\Program Files\SilkQuit
[2011/03/03 19:18:28 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2012/03/10 21:47:58 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2011/06/05 09:29:31 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec
[2009/11/07 21:38:51 | 000,000,000 | ---D | M] -- C:\Program Files\TeamViewer
[2009/07/11 21:12:58 | 000,000,000 | -H-D | M] -- C:\Program Files\Temp
[2012/01/26 10:10:24 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2006/11/02 17:01:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/09/07 00:59:08 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2011/07/16 00:36:46 | 000,000,000 | ---D | M] -- C:\Program Files\VPL
[2011/07/14 16:39:47 | 000,000,000 | ---D | M] -- C:\Program Files\VS Revo Group
[2011/05/04 21:44:26 | 000,000,000 | ---D | M] -- C:\Program Files\Winamp
[2011/05/04 22:58:58 | 000,000,000 | ---D | M] -- C:\Program Files\WinDirStat
[2009/07/17 01:47:22 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2009/07/17 01:47:21 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2011/08/06 00:06:07 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2012/03/14 09:02:14 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2010/10/21 15:47:25 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2006/11/02 16:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/07/17 01:47:21 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2009/11/07 02:29:52 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2009/07/17 01:47:22 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2011/07/16 00:28:17 | 000,000,000 | ---D | M] -- C:\Program Files\WinPcap
[2010/10/24 19:08:50 | 000,000,000 | ---D | M] -- C:\Program Files\Wireless-G Internet Home Monitoring Camera
[2009/07/25 21:28:13 | 000,000,000 | ---D | M] -- C:\Program Files\XviD
[2009/11/23 10:51:05 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!
[2010/12/04 21:11:34 | 000,000,000 | ---D | M] -- C:\Program Files\YouSendIt

< MD5 for: AGP440.SYS >
[2008/01/21 06:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/21 06:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/21 06:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/21 06:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/21 06:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 13:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 10:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 10:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 10:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/21 06:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/21 06:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 13:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: DISK.SYS >
[2009/04/11 10:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\drivers\disk.sys
[2009/04/11 10:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_5c850fad\disk.sys
[2009/04/11 10:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6002.18005_none_fbb1faf0714e4ea6\disk.sys
[2008/01/21 06:23:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_90722180\disk.sys
[2008/01/21 06:23:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_f9c681e4742c835a\disk.sys
[2006/11/02 13:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) MD5=841AF4C4D41D3E3B2F244E976B0F7963 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_e0b0b355\disk.sys

< MD5 for: NETLOGON.DLL >
[2009/04/11 10:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 10:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/21 06:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 13:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/21 06:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/21 06:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/21 06:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-03-14 05:09:30

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/03/18 22:34:02 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/03/18 22:34:02 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/03/18 22:34:02 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/03/18 22:34:03 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/03/18 22:34:03 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/03/18 22:34:03 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/12/15 08:45:00 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/12/15 08:45:00 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/12/15 08:45:00 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/12/15 10:22:33 | 000,638,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/12/15 10:22:33 | 000,638,240 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/03/18 22:34:02 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/03/18 22:34:02 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/03/18 22:34:02 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/03/18 22:34:03 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/03/18 22:34:03 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/03/18 22:34:03 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/12/15 08:45:00 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/12/15 08:45:00 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/12/15 08:45:00 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/12/15 10:22:33 | 000,638,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/12/15 10:22:33 | 000,638,240 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:ECE4A64B

< End of report >



OTL Extras logfile created on: 3/28/2012 9:43:13 PM - Run 1
OTL by OldTimer - Version 3.2.39.1 Folder = F:\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19190)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.58 Gb Available Physical Memory | 52.89% Memory free
9.24 Gb Paging File | 7.86 Gb Available in Paging File | 85.05% Paging File free
Paging file location(s): d:\pagefile.sys 6500 7417 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 154.83 Gb Total Space | 64.78 Gb Free Space | 41.84% Space Free | Partition Type: NTFS
Drive D: | 7.30 Gb Total Space | 0.87 Gb Free Space | 11.87% Space Free | Partition Type: NTFS
Drive E: | 303.63 Gb Total Space | 57.61 Gb Free Space | 18.97% Space Free | Partition Type: NTFS
Drive F: | 2794.51 Gb Total Space | 2072.35 Gb Free Space | 74.16% Space Free | Partition Type: NTFS
Drive I: | 74.53 Gb Total Space | 15.11 Gb Free Space | 20.28% Space Free | Partition Type: NTFS

Computer Name: THATHIPOOH-PC | User Name: Thathi Pooh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\FOTOBOOK\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files\FOTOBOOK\Mein CEWE FOTOBUCH.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UacDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"FirstRunDisabled" = 0
"UacDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0519F38B-6627-49CE-A92C-1CF78548B854}" = rport=445 | protocol=6 | dir=out | app=system |
"{091D9B36-C8E3-489F-9B8F-54948BC4800A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{09DA597B-8418-4CA0-9541-8AB11FCC9E0D}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |
"{0DD31AEF-BE98-44C9-AABC-C90586CD47B3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{186D4742-B56A-4827-B483-7F0C1E4F034D}" = lport=138 | protocol=17 | dir=in | app=system |
"{19B79E3A-FB71-4142-80D4-AB364475E38C}" = lport=445 | protocol=6 | dir=in | app=system |
"{1A891B06-D9D2-4759-B297-7BA56E47FB1C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{40132282-200D-4BE4-9A70-76322F78D17E}" = rport=139 | protocol=6 | dir=out | app=system |
"{40A86A70-822C-4579-A924-A1290EEC70D8}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{45552173-2802-4724-9E12-3FBE0E3CFB90}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6558C5CF-E044-477C-9554-BB6D222833CA}" = rport=138 | protocol=17 | dir=out | app=system |
"{741FA57F-5B7A-4596-9C11-C4A2E9F32EF4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{825C3D2F-C732-44A4-9950-1D7EF662E461}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8E627E58-7FC1-42AE-AD39-C9AE4B25B294}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{90B40B83-A190-45F5-8CCB-BD473AB3D5F9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{915CC392-DD03-4309-93B9-48DC699D5941}" = rport=137 | protocol=17 | dir=out | app=system |
"{9F3CA56D-0020-4038-A2CF-FBEF6DDB4B63}" = lport=139 | protocol=6 | dir=in | app=system |
"{A5D523D3-748C-4951-93C3-D98076831069}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B50434BE-D46B-46C6-A22E-C494C155956F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{BE351F94-482B-4D30-9964-8FAB0AC849E2}" = lport=85 | protocol=6 | dir=in | name=broadwave web server |
"{C0D86906-9600-400D-8F24-BCC699E233D2}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E39C9785-9EEB-41BF-AEFF-A82528A7F44C}" = lport=137 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07CD7504-EE66-46BA-B4FD-405ED849AFC8}" = protocol=6 | dir=in | app=f:\bitcomet\bitcomet.exe |
"{0A78BD89-2EAB-4A5C-A750-FA87DA64EA58}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{125D04CB-E115-4000-A520-19887FF33F65}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{1A2308A2-9ACB-43B1-97B8-078348FDA6C0}" = protocol=17 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |
"{1E1534B8-F103-421A-92D6-9E25C9A05BC7}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{23E17A8B-6BFB-421D-88A1-EFC15E72C85D}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version4\teamviewer.exe |
"{2AB1726E-DA35-4937-8751-2FD0AB7FD6BF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3685B370-6B9C-4C27-868E-B5F5A6B45519}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{37BFAEDD-6FF4-4ADB-B780-8D9E6E3E7E71}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{38BE9DAD-0D63-476B-9AF5-5EB1218F10A1}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{4607FC40-9B26-4E82-AD34-B642B30B1950}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{5F753205-11B6-44B9-90EF-E6B100504FBE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{6AE0F59A-5845-4ED7-B52A-CAC7EEF06A85}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{7363BE36-B309-4495-9203-4A2368893D40}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{76A77281-6AE7-440B-8426-E4F02DC51A86}" = protocol=6 | dir=in | app=c:\program files\lowratevoip\lowratevoip.exe |
"{7CF839C9-C480-44B4-8D2D-3C600B0DDB2D}" = protocol=17 | dir=in | app=f:\bitcomet\bitcomet.exe |
"{7D87D2F3-42C7-4842-9327-E17585A91AE4}" = protocol=17 | dir=in | app=c:\users\thathi pooh\appdata\roaming\dropbox\bin\dropbox.exe |
"{819D6258-328B-4F01-BDE9-EEF5818FCDF6}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{961C9A37-8E2B-404C-8EB5-D93949BD2C4B}" = protocol=6 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |
"{9C17429A-1FC2-449C-B7C8-FC3F6E492975}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{9E8BCC88-8A25-43DB-9FA0-802051FCC15E}" = protocol=6 | dir=in | app=c:\users\thathi pooh\appdata\roaming\dropbox\bin\dropbox.exe |
"{A7A9CF7C-7266-4C0B-9543-C1DC39BCB1EB}" = dir=in | app=c:\program files\seagate\seagate dashboard\hipservagent\hipservagent.exe |
"{ABD267EF-971B-48D8-AF70-E98839222542}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{B025C8BB-ACED-49D8-A2A6-0A52891C26DB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{B87A474E-CB10-4C83-84A3-F4918BA7867E}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{BF8188B5-7B04-4A24-A4E5-A00183486D56}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version4\teamviewer.exe |
"{CC6B207A-0F38-418E-B11D-7CE0D851B5CF}" = protocol=17 | dir=in | app=c:\program files\lowratevoip\lowratevoip.exe |
"{CD00DFD3-A9F7-4837-9CDC-B51ABEE29B8F}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{D1FE3EDF-FAEF-4B20-B4BD-5F8A538E7F98}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{D3D3A902-9205-459E-845C-964ECEDE9B7D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E191D35F-E175-41F3-8A98-C3899E0D7FAD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F8738D29-9320-42DD-8B97-8EDA73EC1F87}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{FB4666B0-5150-4B4C-AE74-860891466A01}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{FCE91B4A-3DC8-4778-B7B5-54FFED77CCA6}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{0C722265-5261-42FE-A85E-8A94480CE392}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{D9AD25A9-A4A4-439A-9EE8-C81B413CFF42}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{60AF98B7-0005-4CFD-9BE9-AA03C84172E0}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{FECB59FB-0987-4173-B5FA-A0B3154357F3}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1193600A-134F-40F9-9F71-FEF54C93C629}" = YouSendIt Express
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BC77CEF-C52F-4092-BF87-0D4E6B86D860}" = Memeo Share
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 20
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{393E0058-AE7E-4D6C-BA44-B42B3FE29332}" = Slim 1320
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA68A73-DB9C-439D-9481-981C82BD008B}" = Nokia Connectivity Cable Driver
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG ODD Auto Firmware Update
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.3
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6CD62BBB-4D14-4BD4-8CEA-EDD3944EBE62}" = Nokia PC Internet Access
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6EB6C056-02BB-453E-8448-EC90B9794180}" = Nokia Multimedia Common Components 2.4
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{759142E8-25B0-42AE-B408-4215065D3F4B}" = Windows Live Family Safety
"{75B7F766-7998-44d8-A202-F1EC76A121BA}" = Memeo AutoSync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78106B9E-2730-4837-833E-B231792EDF43}" = e-Sword
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A181D43-86AE-4362-91BF-5C01A19653D7}_is1" = MiniTool Partition Wizard Professional Edition 6.0
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer
"{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1" = iExplorer 2.2.1.1
"{81784157-3D4D-4bc1-B988-B24C32A26DA8}" = Memeo Send
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}" = Camera RAW Plug-In for EPSON Creativity Suite
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E666407-AC41-46a2-9692-6C7BFCBFDD37}" = Memeo Instant Backup
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{92D1CEBC-7C72-4ECF-BFC6-C131EF3FE6A7}" = Nokia Suite
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A2AA4204-C05A-4013-888A-AD153139297F}" = PC Connectivity Solution
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}" = EPSON Easy Photo Print
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety
"{C3A11907-930D-41AC-A135-CC3B12F92011}" = Seagate Dashboard
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DC432844-6914-4421-910C-F1B05B3A761C}" = Nokia Music
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E45CACFE-0576-4375-A84F-C34B99A7B652}" = D-Link DWA-125
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}" = Quicken 2009
"{EE5B5B24-EEFC-4C8B-BF8B-256D705BAD89}" = Nokia Ovi Suite Software Updater
"{EF3E420F-2DCF-4C24-8E37-896801901033}" = Nero 7 Essentials
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"34EA302E7F4CBD17A19E33BBCB72363234956D7E" = Windows Driver Package - Nokia Modem (06/09/2010 4.5)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Applian Director2.01" = Applian Director
"Cool Edit Pro 2.0" = Cool Edit Pro 2.0
"EEEE705096F837B7907659F100C9FE6DA001970F" = Windows Driver Package - Nokia Modem (06/09/2010 7.01.0.7)
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"Everything" = Everything 1.2.1.371
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{1193600A-134F-40F9-9F71-FEF54C93C629}" = YouSendIt Express
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"iTalk Sync" = iTalk Sync 1.0
"JumpStart Advanced Play & Learn Time" = JumpStart Advanced Play & Learn Time
"Lame MP3 Codec (for the ACM)" = Lame ACM MP3 Codec
"LowRateVoip_is1" = LowRateVoip
"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"MpcStar" = MpcStar 5.3
"N360" = Norton 360
"Nokia PC Suite" = Nokia PC Suite
"Nokia Suite" = Nokia Suite
"Picasa 3" = Picasa 3
"RealPlayer 12.0" = RealPlayer
"Replay Converter 4" = Replay Converter 4
"Replay Media Catcher 4" = Replay Media Catcher 4 (4.3.2)
"Replay Music4.02" = Replay Music
"Replay Telecorder for Skype_is1" = Replay Telecorder for Skype 1.2.0.4
"Replay Video Capture5.2.1" = Replay Video Capture 5
"Replay Video Capture5.32" = Replay Video Capture 5
"Replay_AV_807" = Replay AV 8
"Replay_Media_Splitter_1.2" = Replay Media Splitter 1.10.1103.31
"SilkQuit_is1" = SilkQuit v2.60
"TeamViewer 4" = TeamViewer 4
"TVWiz" = Intel(R) TV Wizard
"UndeletePlus™_is1" = UndeletePlus™ 3.0.0.602
"Video Padlock1.14" = Video Padlock
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.0.2
"XviD_is1" = XviD MPEG-4 Video Codec

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"WinDirStat" = WinDirStat 1.1.2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/23/2012 1:37:13 AM | Computer Name = ThathiPooh-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/24/2012 3:35:22 AM | Computer Name = ThathiPooh-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/25/2012 2:21:51 AM | Computer Name = ThathiPooh-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/25/2012 3:33:48 PM | Computer Name = ThathiPooh-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/26/2012 2:54:22 AM | Computer Name = ThathiPooh-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/26/2012 2:55:22 AM | Computer Name = ThathiPooh-PC | Source = MsiInstaller | ID = 11325
Description =

Error - 3/26/2012 2:55:22 AM | Computer Name = ThathiPooh-PC | Source = MsiInstaller | ID = 1024
Description =

Error - 3/27/2012 3:05:15 PM | Computer Name = ThathiPooh-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/28/2012 5:18:55 AM | Computer Name = ThathiPooh-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/28/2012 11:42:03 AM | Computer Name = ThathiPooh-PC | Source = WinMgmt | ID = 10
Description =

[ OSession Events ]
Error - 9/12/2010 11:05:51 AM | Computer Name = ThathiPooh-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 7
seconds with 0 seconds of active time. This session ended with a crash.

Error - 9/12/2010 11:10:05 AM | Computer Name = ThathiPooh-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.

Error - 11/29/2010 2:01:36 PM | Computer Name = ThathiPooh-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 12/23/2010 4:46:25 PM | Computer Name = ThathiPooh-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

Error - 4/3/2011 6:38:34 AM | Computer Name = ThathiPooh-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/2/2011 11:18:51 AM | Computer Name = ThathiPooh-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/22/2011 3:50:35 PM | Computer Name = ThathiPooh-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 10/8/2011 3:42:20 PM | Computer Name = ThathiPooh-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.

Error - 12/31/2011 3:40:06 PM | Computer Name = ThathiPooh-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 3/22/2012 1:45:51 AM | Computer Name = ThathiPooh-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 3/23/2012 12:03:02 AM | Computer Name = ThathiPooh-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 3/23/2012 1:37:13 AM | Computer Name = ThathiPooh-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 3/24/2012 3:35:22 AM | Computer Name = ThathiPooh-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 3/25/2012 2:21:52 AM | Computer Name = ThathiPooh-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 3/25/2012 3:33:49 PM | Computer Name = ThathiPooh-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 3/26/2012 2:54:22 AM | Computer Name = ThathiPooh-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 3/27/2012 3:05:16 PM | Computer Name = ThathiPooh-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 3/28/2012 5:18:55 AM | Computer Name = ThathiPooh-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 3/28/2012 11:42:03 AM | Computer Name = ThathiPooh-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >



OTL Extras logfile created on: 3/28/2012 9:43:13 PM - Run 1
OTL by OldTimer - Version 3.2.39.1 Folder = F:\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19190)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.58 Gb Available Physical Memory | 52.89% Memory free
9.24 Gb Paging File | 7.86 Gb Available in Paging File | 85.05% Paging File free
Paging file location(s): d:\pagefile.sys 6500 7417 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 154.83 Gb Total Space | 64.78 Gb Free Space | 41.84% Space Free | Partition Type: NTFS
Drive D: | 7.30 Gb Total Space | 0.87 Gb Free Space | 11.87% Space Free | Partition Type: NTFS
Drive E: | 303.63 Gb Total Space | 57.61 Gb Free Space | 18.97% Space Free | Partition Type: NTFS
Drive F: | 2794.51 Gb Total Space | 2072.35 Gb Free Space | 74.16% Space Free | Partition Type: NTFS
Drive I: | 74.53 Gb Total Space | 15.11 Gb Free Space | 20.28% Space Free | Partition Type: NTFS

Computer Name: THATHIPOOH-PC | User Name: Thathi Pooh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\FOTOBOOK\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files\FOTOBOOK\Mein CEWE FOTOBUCH.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UacDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"FirstRunDisabled" = 0
"UacDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0519F38B-6627-49CE-A92C-1CF78548B854}" = rport=445 | protocol=6 | dir=out | app=system |
"{091D9B36-C8E3-489F-9B8F-54948BC4800A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{09DA597B-8418-4CA0-9541-8AB11FCC9E0D}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |
"{0DD31AEF-BE98-44C9-AABC-C90586CD47B3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{186D4742-B56A-4827-B483-7F0C1E4F034D}" = lport=138 | protocol=17 | dir=in | app=system |
"{19B79E3A-FB71-4142-80D4-AB364475E38C}" = lport=445 | protocol=6 | dir=in | app=system |
"{1A891B06-D9D2-4759-B297-7BA56E47FB1C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{40132282-200D-4BE4-9A70-76322F78D17E}" = rport=139 | protocol=6 | dir=out | app=system |
"{40A86A70-822C-4579-A924-A1290EEC70D8}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{45552173-2802-4724-9E12-3FBE0E3CFB90}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6558C5CF-E044-477C-9554-BB6D222833CA}" = rport=138 | protocol=17 | dir=out | app=system |
"{741FA57F-5B7A-4596-9C11-C4A2E9F32EF4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{825C3D2F-C732-44A4-9950-1D7EF662E461}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8E627E58-7FC1-42AE-AD39-C9AE4B25B294}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{90B40B83-A190-45F5-8CCB-BD473AB3D5F9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{915CC392-DD03-4309-93B9-48DC699D5941}" = rport=137 | protocol=17 | dir=out | app=system |
"{9F3CA56D-0020-4038-A2CF-FBEF6DDB4B63}" = lport=139 | protocol=6 | dir=in | app=system |
"{A5D523D3-748C-4951-93C3-D98076831069}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B50434BE-D46B-46C6-A22E-C494C155956F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{BE351F94-482B-4D30-9964-8FAB0AC849E2}" = lport=85 | protocol=6 | dir=in | name=broadwave web server |
"{C0D86906-9600-400D-8F24-BCC699E233D2}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E39C9785-9EEB-41BF-AEFF-A82528A7F44C}" = lport=137 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07CD7504-EE66-46BA-B4FD-405ED849AFC8}" = protocol=6 | dir=in | app=f:\bitcomet\bitcomet.exe |
"{0A78BD89-2EAB-4A5C-A750-FA87DA64EA58}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{125D04CB-E115-4000-A520-19887FF33F65}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{1A2308A2-9ACB-43B1-97B8-078348FDA6C0}" = protocol=17 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |
"{1E1534B8-F103-421A-92D6-9E25C9A05BC7}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{23E17A8B-6BFB-421D-88A1-EFC15E72C85D}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version4\teamviewer.exe |
"{2AB1726E-DA35-4937-8751-2FD0AB7FD6BF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3685B370-6B9C-4C27-868E-B5F5A6B45519}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{37BFAEDD-6FF4-4ADB-B780-8D9E6E3E7E71}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{38BE9DAD-0D63-476B-9AF5-5EB1218F10A1}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{4607FC40-9B26-4E82-AD34-B642B30B1950}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{5F753205-11B6-44B9-90EF-E6B100504FBE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{6AE0F59A-5845-4ED7-B52A-CAC7EEF06A85}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{7363BE36-B309-4495-9203-4A2368893D40}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{76A77281-6AE7-440B-8426-E4F02DC51A86}" = protocol=6 | dir=in | app=c:\program files\lowratevoip\lowratevoip.exe |
"{7CF839C9-C480-44B4-8D2D-3C600B0DDB2D}" = protocol=17 | dir=in | app=f:\bitcomet\bitcomet.exe |
"{7D87D2F3-42C7-4842-9327-E17585A91AE4}" = protocol=17 | dir=in | app=c:\users\thathi pooh\appdata\roaming\dropbox\bin\dropbox.exe |
"{819D6258-328B-4F01-BDE9-EEF5818FCDF6}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{961C9A37-8E2B-404C-8EB5-D93949BD2C4B}" = protocol=6 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |
"{9C17429A-1FC2-449C-B7C8-FC3F6E492975}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{9E8BCC88-8A25-43DB-9FA0-802051FCC15E}" = protocol=6 | dir=in | app=c:\users\thathi pooh\appdata\roaming\dropbox\bin\dropbox.exe |
"{A7A9CF7C-7266-4C0B-9543-C1DC39BCB1EB}" = dir=in | app=c:\program files\seagate\seagate dashboard\hipservagent\hipservagent.exe |
"{ABD267EF-971B-48D8-AF70-E98839222542}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{B025C8BB-ACED-49D8-A2A6-0A52891C26DB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{B87A474E-CB10-4C83-84A3-F4918BA7867E}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{BF8188B5-7B04-4A24-A4E5-A00183486D56}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version4\teamviewer.exe |
"{CC6B207A-0F38-418E-B11D-7CE0D851B5CF}" = protocol=17 | dir=in | app=c:\program files\lowratevoip\lowratevoip.exe |
"{CD00DFD3-A9F7-4837-9CDC-B51ABEE29B8F}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{D1FE3EDF-FAEF-4B20-B4BD-5F8A538E7F98}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{D3D3A902-9205-459E-845C-964ECEDE9B7D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E191D35F-E175-41F3-8A98-C3899E0D7FAD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F8738D29-9320-42DD-8B97-8EDA73EC1F87}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{FB4666B0-5150-4B4C-AE74-860891466A01}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{FCE91B4A-3DC8-4778-B7B5-54FFED77CCA6}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{0C722265-5261-42FE-A85E-8A94480CE392}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{D9AD25A9-A4A4-439A-9EE8-C81B413CFF42}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{60AF98B7-0005-4CFD-9BE9-AA03C84172E0}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{FECB59FB-0987-4173-B5FA-A0B3154357F3}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1193600A-134F-40F9-9F71-FEF54C93C629}" = YouSendIt Express
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BC77CEF-C52F-4092-BF87-0D4E6B86D860}" = Memeo Share
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 20
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{393E0058-AE7E-4D6C-BA44-B42B3FE29332}" = Slim 1320
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA68A73-DB9C-439D-9481-981C82BD008B}" = Nokia Connectivity Cable Driver
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG ODD Auto Firmware Update
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.3
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6CD62BBB-4D14-4BD4-8CEA-EDD3944EBE62}" = Nokia PC Internet Access
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6EB6C056-02BB-453E-8448-EC90B9794180}" = Nokia Multimedia Common Components 2.4
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{759142E8-25B0-42AE-B408-4215065D3F4B}" = Windows Live Family Safety
"{75B7F766-7998-44d8-A202-F1EC76A121BA}" = Memeo AutoSync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78106B9E-2730-4837-833E-B231792EDF43}" = e-Sword
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A181D43-86AE-4362-91BF-5C01A19653D7}_is1" = MiniTool Partition Wizard Professional Edition 6.0
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer
"{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1" = iExplorer 2.2.1.1
"{81784157-3D4D-4bc1-B988-B24C32A26DA8}" = Memeo Send
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}" = Camera RAW Plug-In for EPSON Creativity Suite
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E666407-AC41-46a2-9692-6C7BFCBFDD37}" = Memeo Instant Backup
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{92D1CEBC-7C72-4ECF-BFC6-C131EF3FE6A7}" = Nokia Suite
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A2AA4204-C05A-4013-888A-AD153139297F}" = PC Connectivity Solution
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}" = EPSON Easy Photo Print
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety
"{C3A11907-930D-41AC-A135-CC3B12F92011}" = Seagate Dashboard
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DC432844-6914-4421-910C-F1B05B3A761C}" = Nokia Music
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E45CACFE-0576-4375-A84F-C34B99A7B652}" = D-Link DWA-125
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}" = Quicken 2009
"{EE5B5B24-EEFC-4C8B-BF8B-256D705BAD89}" = Nokia Ovi Suite Software Updater
"{EF3E420F-2DCF-4C24-8E37-896801901033}" = Nero 7 Essentials
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"34EA302E7F4CBD17A19E33BBCB72363234956D7E" = Windows Driver Package - Nokia Modem (06/09/2010 4.5)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Applian Director2.01" = Applian Director
"Cool Edit Pro 2.0" = Cool Edit Pro 2.0
"EEEE705096F837B7907659F100C9FE6DA001970F" = Windows Driver Package - Nokia Modem (06/09/2010 7.01.0.7)
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"Everything" = Everything 1.2.1.371
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{1193600A-134F-40F9-9F71-FEF54C93C629}" = YouSendIt Express
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"iTalk Sync" = iTalk Sync 1.0
"JumpStart Advanced Play & Learn Time" = JumpStart Advanced Play & Learn Time
"Lame MP3 Codec (for the ACM)" = Lame ACM MP3 Codec
"LowRateVoip_is1" = LowRateVoip
"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"MpcStar" = MpcStar 5.3
"N360" = Norton 360
"Nokia PC Suite" = Nokia PC Suite
"Nokia Suite" = Nokia Suite
"Picasa 3" = Picasa 3
"RealPlayer 12.0" = RealPlayer
"Replay Converter 4" = Replay Converter 4
"Replay Media Catcher 4" = Replay Media Catcher 4 (4.3.2)
"Replay Music4.02" = Replay Music
"Replay Telecorder for Skype_is1" = Replay Telecorder for Skype 1.2.0.4
"Replay Video Capture5.2.1" = Replay Video Capture 5
"Replay Video Capture5.32" = Replay Video Capture 5
"Replay_AV_807" = Replay AV 8
"Replay_Media_Splitter_1.2" = Replay Media Splitter 1.10.1103.31
"SilkQuit_is1" = SilkQuit v2.60
"TeamViewer 4" = TeamViewer 4
"TVWiz" = Intel(R) TV Wizard
"UndeletePlus™_is1" = UndeletePlus™ 3.0.0.602
"Video Padlock1.14" = Video Padlock
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.0.2
"XviD_is1" = XviD MPEG-4 Video Codec

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"WinDirStat" = WinDirStat 1.1.2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/23/2012 1:37:13 AM | Computer Name = ThathiPooh-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/24/2012 3:35:22 AM | Computer Name = ThathiPooh-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/25/2012 2:21:51 AM | Computer Name = ThathiPooh-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/25/2012 3:33:48 PM | Computer Name = ThathiPooh-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/26/2012 2:54:22 AM | Computer Name = ThathiPooh-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/26/2012 2:55:22 AM | Computer Name = ThathiPooh-PC | Source = MsiInstaller | ID = 11325
Description =

Error - 3/26/2012 2:55:22 AM | Computer Name = ThathiPooh-PC | Source = MsiInstaller | ID = 1024
Description =

Error - 3/27/2012 3:05:15 PM | Computer Name = ThathiPooh-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/28/2012 5:18:55 AM | Computer Name = ThathiPooh-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/28/2012 11:42:03 AM | Computer Name = ThathiPooh-PC | Source = WinMgmt | ID = 10
Description =

[ OSession Events ]
Error - 9/12/2010 11:05:51 AM | Computer Name = ThathiPooh-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 7
seconds with 0 seconds of active time. This session ended with a crash.

Error - 9/12/2010 11:10:05 AM | Computer Name = ThathiPooh-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.

Error - 11/29/2010 2:01:36 PM | Computer Name = ThathiPooh-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 12/23/2010 4:46:25 PM | Computer Name = ThathiPooh-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

Error - 4/3/2011 6:38:34 AM | Computer Name = ThathiPooh-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/2/2011 11:18:51 AM | Computer Name = ThathiPooh-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/22/2011 3:50:35 PM | Computer Name = ThathiPooh-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 10/8/2011 3:42:20 PM | Computer Name = ThathiPooh-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.

Error - 12/31/2011 3:40:06 PM | Computer Name = ThathiPooh-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 3/22/2012 1:45:51 AM | Computer Name = ThathiPooh-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 3/23/2012 12:03:02 AM | Computer Name = ThathiPooh-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 3/23/2012 1:37:13 AM | Computer Name = ThathiPooh-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 3/24/2012 3:35:22 AM | Computer Name = ThathiPooh-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 3/25/2012 2:21:52 AM | Computer Name = ThathiPooh-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 3/25/2012 3:33:49 PM | Computer Name = ThathiPooh-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 3/26/2012 2:54:22 AM | Computer Name = ThathiPooh-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 3/27/2012 3:05:16 PM | Computer Name = ThathiPooh-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 3/28/2012 5:18:55 AM | Computer Name = ThathiPooh-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 3/28/2012 11:42:03 AM | Computer Name = ThathiPooh-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >

Appears to be a rootkit problem, by the sound of the first few lines...

We have excellent staff members here. I will introduce you to Houndmom, whom will take it from here.

Hello, Welcome to GeekPolice! I am Houndmom and I will be helping you get your computer cleaned up.


Please note the following information about the malware forum:

* Only Tech Officers, Global Moderators, Administrators, Malware Advisors,and Tech Advisors are allowed to give advice on removing malware from your computer.
* From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by the staff I noted above.
* Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
* If you have already asked for help somewhere, please post the link to the topic you were helped.
* We try our best to reply quickly, but for any reason we do not reply in two days, do one of two things:

Reply to this topic with the word BUMP, or
see this topic.

* Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

I am a student and will need to get approval prior to each step. I will return shortly with the first step.

I noticed aswMBR in your program list.
Have you already run aswMBR from the desktop? If so, could you post those results.

Thanks for your reply. here is the log file from the aswMBR programme.

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-31 16:40:16
-----------------------------
16:40:16.386 OS Version: Windows 6.0.6002 Service Pack 2
16:40:16.386 Number of processors: 4 586 0x1707
16:40:16.387 ComputerName: THATHIPOOH-PC UserName: Thathi Pooh
16:40:47.717 Initialize success
16:48:33.924 AVAST engine defs: 12033100
18:09:14.839 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:09:14.841 Disk 0 Vendor: ST3500418AS CC34 Size: 476938MB BusType: 3
18:09:14.870 Disk 0 MBR read successfully
18:09:14.872 Disk 0 MBR scan
18:09:15.015 Disk 0 Windows VISTA default MBR code
18:09:15.068 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 158546 MB offset 2048
18:09:15.088 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 310914 MB offset 324705843
18:09:15.116 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 7475 MB offset 961458120
18:09:15.122 Disk 0 scanning sectors +976768065
18:09:15.240 Disk 0 scanning C:\Windows\system32\drivers
18:09:25.693 Service scanning
18:09:46.457 Modules scanning
18:09:59.126 Disk 0 trace - called modules:
18:09:59.138 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
18:09:59.141 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x875cdac8]
18:09:59.145 3 CLASSPNP.SYS[8c19f8b3] -> nt!IofCallDriver -> [0x86378f08]
18:09:59.148 5 acpi.sys[8068f6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8637a528]
18:10:00.372 AVAST engine scan C:\Windows
18:10:03.723 AVAST engine scan C:\Windows\system32
18:13:44.031 AVAST engine scan C:\Windows\system32\drivers
18:14:00.232 AVAST engine scan C:\Users\Thathi Pooh
18:47:08.632 AVAST engine scan C:\ProgramData
18:53:57.527 Scan finished successfully
19:03:52.091 Disk 0 MBR has been saved successfully to "C:\Users\Thathi Pooh\Desktop\MBR.dat"
19:03:52.097 The log file has been saved successfully to "C:\Users\Thathi Pooh\Desktop\aswMBR.txt"


i look forward to hearing from you..

Hello again.
There are also signs of infected external hardware. What type of external device are you using with this computer (USB Drive, external hard drive etc.)?
Please let me know with the results of the following scans.

OTL Fix
Please run OTL.exe.

• Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  :OTL
  IE - HKCU\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No CLSID value found
  IE - HKCU\..\SearchScopes,DefaultScope = {C8929A7D-4606-4CB4-B62E-C8F77551274C}
  IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
  O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No CLSID value found.
  O32 - AutoRun File - [2009/10/21 23:42:49 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
  O32 - AutoRun File - [2010/02/15 08:53:50 | 000,000,027 | ---- | M] () - F:\Autorun.inf -- [ NTFS ]
  O33 - MountPoints2\{02d73188-6e96-11de-8cf0-806e6f6e6963}\Shell - "" = AutoRun
  O33 - MountPoints2\{40661170-ceca-11de-a27e-00241d3c93ea}\Shell\AutoRun\command - "" = H:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe
  O33 - MountPoints2\{40661170-ceca-11de-a27e-00241d3c93ea}\Shell\open\command - "" = H:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe
  O33 - MountPoints2\{98530c59-3d67-11e0-9a33-00241d3c93ea}\Shell - "" = AutoRun
  O33 - MountPoints2\{dd9b73f0-5c20-11e0-8ffe-00241d3c93ea}\Shell - "" = AutoRun
  O33 - MountPoints2\{dd9b73f0-5c20-11e0-8ffe-00241d3c93ea}\Shell\AutoRun\command - "" = I:\MI.exe
  O33 - MountPoints2\{dda79276-c3f3-11df-9ad1-00241d3c93ea}\Shell - "" = AutoRun
  
  
  :commands
  [resethosts]
  [createrestorepoint]
  [emptytemp]
  [emptyflash]
  
  
  
  
• Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  
  
• Click the red Run Fix button.
  
• A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTL.exe
  

Then:

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  
• Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

• Click on Yes, to continue scanning for malware.
  
• When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.
  

I use a 3TB external harddrive which is always plugged into the computer. i.e. it is never plugged anywhere else.I do use USB stick drives to give & receive data from friends. I syn and ipad & iphone with the PC regularly. These are the common external devices which i keep using. Here are the log files you requested.


All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{1392b8d2-5c05-419f-a8f6-b9f15a596612} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1392B8D2-5C05-419F-A8F6-B9F15A596612} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392B8D2-5C05-419F-A8F6-B9F15A596612}\ not found.
C:\autoexec.bat moved successfully.
F:\Autorun.inf moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02d73188-6e96-11de-8cf0-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02d73188-6e96-11de-8cf0-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{40661170-ceca-11de-a27e-00241d3c93ea}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40661170-ceca-11de-a27e-00241d3c93ea}\ not found.
File H:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{40661170-ceca-11de-a27e-00241d3c93ea}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40661170-ceca-11de-a27e-00241d3c93ea}\ not found.
File H:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{98530c59-3d67-11e0-9a33-00241d3c93ea}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98530c59-3d67-11e0-9a33-00241d3c93ea}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd9b73f0-5c20-11e0-8ffe-00241d3c93ea}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dd9b73f0-5c20-11e0-8ffe-00241d3c93ea}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd9b73f0-5c20-11e0-8ffe-00241d3c93ea}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dd9b73f0-5c20-11e0-8ffe-00241d3c93ea}\ not found.
File I:\MI.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dda79276-c3f3-11df-9ad1-00241d3c93ea}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dda79276-c3f3-11df-9ad1-00241d3c93ea}\ not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56468 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Thathi Pooh
->Temp folder emptied: 1504613 bytes
->Temporary Internet Files folder emptied: 2118704 bytes
->Java cache emptied: 50897701 bytes
->FireFox cache emptied: 49102397 bytes
->Flash cache emptied: 926 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2536962 bytes
RecycleBin emptied: 11007626826 bytes

Total Files Cleaned = 10,599.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Thathi Pooh
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.39.1 log created on 04022012_225845

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Here is the other log file from combofix.

ComboFix 12-04-01.03 - Thathi Pooh 04/02/2012 23:20:43.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3061.1516 [GMT 4:00]
Running from: c:\users\Thathi Pooh\Desktop\commy.exe
Command switches used :: /stepdel
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\iexplorer
c:\windows\PFRO.log
c:\program files\iexplorer\AxInterop.QTOControlLib.dll
c:\program files\iexplorer\ICSharpCode.SharpZipLib.dll
c:\program files\iexplorer\iExplorer.exe
c:\program files\iexplorer\Interop.QTOControlLib.dll
c:\program files\iexplorer\Interop.QTOLibrary.dll
c:\program files\iexplorer\isxdl.dll
c:\program files\iexplorer\MPCrashReporter.dll
c:\program files\iexplorer\MPUpdater.dll
c:\program files\iexplorer\msvcr71.dll
c:\program files\iexplorer\PodPhone2.dll
c:\program files\iexplorer\unins000.dat
c:\program files\iexplorer\unins000.exe
c:\program files\iexplorer\unins000.msg
c:\windows\system32\muzapp.exe
F:\Setup.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-03-02 to 2012-04-02 )))))))))))))))))))))))))))))))
.
.
2012-04-01 14:33 . 2012-04-01 14:33 -------- d-----w- c:\program files\iPod
2012-04-01 14:33 . 2012-04-01 14:33 -------- d-----w- c:\program files\iTunes
2012-03-25 19:16 . 2012-03-25 19:44 -------- d-----w- c:\users\Thathi Pooh\AppData\Local\NPE
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
2012-03-18 18:34 . 2012-03-18 18:34 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-18 18:34 . 2012-03-18 18:34 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-03-13 21:12 . 2012-02-02 15:16 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 21:12 . 2012-02-14 15:45 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-13 21:12 . 2012-02-14 15:45 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-13 21:12 . 2012-02-13 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-13 21:12 . 2012-02-13 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-03-13 21:12 . 2012-02-13 13:44 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 21:12 . 2012-01-31 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-03-13 21:12 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-03-13 21:12 . 2012-01-09 13:58 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-08 18:54 . 2011-07-14 21:18 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-15 07:01 . 2012-02-15 07:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 07:01 . 2012-02-15 07:01 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-01-26 06:10 . 2012-01-26 06:10 388096 ----a-r- c:\users\Thathi Pooh\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-03-18 18:34 . 2011-05-11 18:13 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Thathi Pooh\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Thathi Pooh\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Thathi Pooh\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-01-13 6711840]
"D-Link D-Link DWA-125"="c:\program files\D-Link\DWA-125 revA\AirGCFG.exe" [2009-12-29 995328]
"WZCSLDR2"="c:\program files\D-Link\DWA-125 revA\WZCSLDR2.exe" [2009-10-19 122880]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-01-13 1833504]
"Memeo Instant Backup"="c:\program files\Memeo\AutoBackup\MemeoLauncher2.exe" [2011-01-24 136416]
"Memeo AutoSync"="c:\program files\Memeo\AutoSync\MemeoLauncher2.exe" [2010-04-16 144608]
"Seagate Dashboard"="c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\users\Thathi Pooh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Thathi Pooh\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SilkQuit Meter.lnk - c:\program files\SilkQuit\SilkQuit.exe [2002-8-22 257536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ImageMixer 3 SE Camera Monitor Ver.4.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ImageMixer 3 SE Camera Monitor Ver.4.lnk
backup=c:\windows\pss\ImageMixer 3 SE Camera Monitor Ver.4.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Thathi Pooh^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmapp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-10-05 21:52 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX4300 Series]
2007-03-01 06:01 180736 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATICAR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
2007-02-26 06:40 249856 ----a-w- c:\program files\lg_fwupdate\fwupdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MAAgent]
2007-01-30 16:36 57344 ----a-w- c:\program files\MarkAny\ContentSafer\MaAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2007-09-17 05:36 1377576 ----a-w- c:\program files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-02 c:\windows\Tasks\User_Feed_Synchronization-{59258D2C-2DBF-4D9B-A91F-9F4134F4135C}.job
- c:\windows\system32\msfeedssync.exe [2012-02-16 04:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://theacademic.org/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.254.254
FF - ProfilePath - c:\users\Thathi Pooh\AppData\Roaming\Mozilla\Firefox\Profiles\0t6eje54.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.theacademic.org/
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-replay_telecorder_skype - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-BitComet - f:\bitcomet\BitComet.exe
MSConfigStartUp-Freecorder FLV Service - c:\program files\Freecorder\FLVSrvc.exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe
AddRemove-Nokia PC Suite - c:\programdata\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Nokia_PC_Suite_eng_web.exe
AddRemove-{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1 - c:\program files\iExplorer\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-02 23:42
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\5.2.0.13\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\5.2.0.13\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-04-02 23:49:09
ComboFix-quarantined-files.txt 2012-04-02 19:48
.
Pre-Run: 70,288,994,304 bytes free
Post-Run: 70,017,486,848 bytes free
.
- - End Of File - - 9F85F3B10C91EF6595171841F4156B5D

One more thing. I'm sorry but although I had disabled my Norton 360 antivirus, it did come back on during the combofix scan. No error messages were received.

Hello again.
We need to disinfect these external devices before we go any further. The infection that started these problems started from the auto-run on these drives.

Download Panda USB and AutoRun Vaccine and save it to your desktop.

* Extract (unzip) the file to your desktop and a folder named USBVaccine will be created.
* Open that folder and double-click on USBVaccine.exe to start the program.
* Click Run
* Click the button to Vaccinate computer.
* Insert your USB flash drive.
* When the name of the drive appears in the dialog box, click the button to Vaccinate USB drive(s).
* Exit Panda USB and AutoRun Vaccine when done.

Note: Computer AutoRun Vaccination will prevent any AutoRun file from running, regardless of whether the removable device is infected or not. USB Vaccination disables the autorun file so it cannot be read, modified or replaced by malicious code. The Panda Resarch Blog advises that once USB drives have been vaccinated, they cannot be reversed except with a format. If you do this, be sure to back up your data files first or they will be lost during the formatting process.

thanks for all your help so far Houndmom. I just want to double check something before I proceed.

Since my external device is an external harddrive that is permanently plugged into the computer what kind of limitations will apply to this after the vaccination? Basically not really sure what are the implications of disabling the autorun feature. Thanks for your help again.

Autorun automatically allows the programs, files etc. to start when the external device is plugged into the computer, whether it is malware or not.
When autorun is disabled the programs, files etc on the USB or external drive can still be opened and run but you have to choose and allow the file to run.
All vaccine does, disable its AUTORUN.INF file in order to prevent malware infections from spreading automatically.

thank you for the clarification. I have done the vaccination. Please let me know what I should do now?

Great.
Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic
  

a

Last edited by harshajayatunge on 8th April 2012, 4:49 am; edited 1 time in total

I was unable to run the progam on Internet Explorer. It kept freezing after I clicked on it. I had to run ESET using Firefox. I hope the results are similar. Thanks.


ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=b506a51a1b6c2941bde790bbc9b91e79
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-04-08 04:05:33
# local_time=2012-04-08 08:05:33 (+0400, Arabian Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 6267231 6267231 0 0
# compatibility_mode=3589 16777213 100 84 92776 84487951 0 0
# compatibility_mode=5892 16776574 100 100 47529851 171354583 0 0
# compatibility_mode=8192 67108863 100 0 549 549 0 0
# scanned=360184
# found=9
# cleaned=9
# scan_time=32477
C:\ProgramData\ReviverSoft\RegistryReviver\InstallCache\{E31E4E05-4B6B-42A5-8623-EB530F8147F5}\RegistryReviver.msi a variant of Win32/SlowPCfighter application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Thathi Pooh\AppData\Roaming\OpenCandy\OpenCandy_50A3A426FFAB4F6A8CC231B75858667B\AFIRegistryReviverSetup_silent.exe a variant of Win32/SlowPCfighter application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Thathi Pooh\AppData\Roaming\OpenCandy\OpenCandy_50A3A426FFAB4F6A8CC231B75858667B\AFIRegRevSilent_p2v1.exe a variant of Win32/SlowPCfighter application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Thathi Pooh\AppData\Roaming\OpenCandy\OpenCandy_50A3A426FFAB4F6A8CC231B75858667B\DLMgr_3_1.6.87.exe Win32/OpenCandy application (deleted - quarantined) 00000000000000000000000000000000 C
F:\Downloads\FCTBSetup.exe Win32/OpenCandy application (deleted - quarantined) 00000000000000000000000000000000 C
F:\Downloads\HSS-1.12-install-anchorfree-76-conduit.zip a variant of Win32/HotSpotShield application (deleted - quarantined) 00000000000000000000000000000000 C
F:\Downloads\registrybooster.exe a variant of Win32/RegistryBooster application (deleted - quarantined) 00000000000000000000000000000000 C
F:\Downloads\Scan\winzip155.exe Win32/OpenCandy application (deleted - quarantined) 00000000000000000000000000000000 C
F:\Thathi Pooh_Backup\2011-07-27_22-48-36\Memeo\2011-07-27_22-48-36\C_\ProgramData\ReviverSoft\RegistryReviver\InstallCache\{E31E4E05-4B6B-42A5-8623-EB530F8147F5}\RegistryReviver.msi a variant of Win32/SlowPCfighter application (deleted - quarantined) 00000000000000000000000000000000 C

Congratulations!! You are clean.
It is important for the tools we used to be removed. Please do the following to do this:
To uninstall ComboFix

• Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  
• In the field, type in ComboFix /uninstall

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

• Then, press Enter, or click OK.
  
• This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

OTL Cleanup
To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

• Click the CleanUp button.
  
• Select Yes when the "Begin cleanup Process?" prompt appears.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes.
  

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

I would like to share a few tips to keep your computer safer in the future:
1. Update JAVA
Please Uninstall old version of Java version 6 Update 20 in Add/Remove Programs.

The download for the current version Java 6 Update 31 can be found here
Choose your computer operating system, accept the agreement to allow download and install. Be sure to untick the Ask toolbar download box.

2. Change your passwords every month or so.
Try not to use the same password more than once at a time. Also, make your password something original, so that you can remember it. Use a variety of Capitols, numbers and lowercase letters to make it stronger. Never share this password with anybody. If you have to write it down to remember it, hide it from view.
Changing your password constantly makes it difficult for people to hack into your accounts.

3. Never open e-mail attachments from strangers unless you can trust them and you have security settings on your computer. Some junk e-mails may contain viruses or spyware that can harm your computer. These e-mails may be marked as "spam" or "junk", and then your e-mail program will take care of them from there.

4. It is Very Important for you to keep your Antivirus Program Updated. This can prevent future infections. When you suspect there may be an infection be sure to run it.
Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
http://www.spywarewarrior.com/rogue_anti-spyware.htm

5. Securing your computer

• Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  
• hpHosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.

Thanks for all your help. I cannot uninstall Combofix as it says cannot find file Combofix. Also I am traveling tonight so will only be able to reply to you when I'm back on the 20th. Like I said many thanks for your help. Really appreciate it.

So glad I could help you get back on track!
In this step, did you put a space between Combofix and /uninstall?
this will cause it not to uninstall if the space is missing.
Have a safe trip!!