First of all, Thank you to everybody who makes this kind of forum possible.

Not sure where to begin. On my laptop, toshiba satellite a105-s1712, when I boot up, the hard drive light will run almost constantlyand slow over all. I've checked for memory volume issues, but it doesn't seem to be running on virtual memory. I have 1.5GB of RAM, and don't peak over a gig most of the time. I have tried to run "Wise Registry Cleaner". I didn't see anything that needed to be fixed. I have run search and destroy in the past, as well as antivirus software from McAffe and AVG. I did get a hijackthis log if it's wanted.

It's late so I'm going to bed. Thank you.
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Robert at 22:12:42 on 2011-10-26
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.379 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
svchost.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\FarStone\GameDrive\GDTask.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Metamail Inc\Metamail Tray\Metamail Trust Manager.exe
C:\PROGRA~1\METAMA~1\METAMA~1\METAMA~2.EXE
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\system32\cidaemon.exe
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\WINDOWS\system32\taskmgr.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://us.mg205.mail.yahoo.com/dc/launch
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = actsvr.comcastonline.com:8100
uInternet Settings,ProxyOverride = cdn
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [GameDrive] c:\program files\farstone\gamedrive\gdtask.exe /AutoRestore
uRun: [AutoStartNPSAgent] c:\program files\samsung\samsung new pc studio\NPSAgent.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [TFncKy] TFncKy.exe
mRun: [TPSMain] TPSMain.exe
mRun: [PadTouch] c:\program files\toshiba\touch and launch\PadExe.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
mRun: [CoolSwitch] c:\windows\system32\taskswitch.exe
mRun: [RoxioDragToDisc] "c:\program files\roxio\easy media creator 7\drag to disc\DrgToDsc.exe"
mRun: [GameDrive] "c:\program files\farstone\gamedrive\GDTask.exe" /AutoRestore
mRun: [Auto EPSON Stylus CX5400 on MAIN] c:\windows\system32\spool\drivers\w32x86\3\e_s4i2g1.exe /p32 "auto epson stylus cx5400 on main" /o12 "\\main\EPSON" /M "Stylus CX5400"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\Hotsync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\metama~1.lnk - c:\program files\metamail inc\metamail tray\Metamail Trust Manager.exe
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: 164.109.25.72
Trusted Zone: 207.130.86.35
Trusted Zone: acura.com
Trusted Zone: acurainfo.programhq.com
Trusted Zone: acuraspinplay.programhq.com
Trusted Zone: ahm-ownerlink.com
Trusted Zone: ahmdealer.com
Trusted Zone: download.com\www
Trusted Zone: ebay.com\www
Trusted Zone: honda.com
Trusted Zone: honda.vo.llnwd.net
Trusted Zone: hondaadcmd.com
Trusted Zone: hondacars.com
Trusted Zone: hondainfo.programhq.com
Trusted Zone: hondamap.com
Trusted Zone: hondapqr.com
Trusted Zone: hondaprofessional.com
Trusted Zone: hondaspinplay.programhq.com
Trusted Zone: hondasso.com
Trusted Zone: pcsc.acurasrs.com
Trusted Zone: toshibadirect.com\www
Trusted Zone: yahoo.com
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {297DE2B6-509A-4B36-93C5-A65276606900} - hxxp://www.in.honda.com/rraaapps/rraasec/codebase/RRAAINAX/RraainAX.CAB
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://www.nick.com/common/groove/gx/GrooveAX27.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} - hxxps://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{A9217A62-15DD-4935-A0F4-F7304D867F42} : DhcpNameServer = 192.168.1.254
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168]
R1 gdxwdm;GDXWDM;c:\windows\system32\drivers\gdxwdm.sys [2003-5-24 59937]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-8-21 214664]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-8-18 7390560]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-4-18 238952]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 27216]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-4-18 36608]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-4 135664]
S2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe --> c:\progra~1\mcafee\viruss~1\mcshield.exe [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-4 135664]
S3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe --> c:\progra~1\mcafee\viruss~1\mcsysmon.exe [?]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-8-21 79816]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-8-21 35272]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-8-21 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-8-21 40552]
.
=============== Created Last 30 ================
.
2011-10-27 01:22:18 388096 ----a-r- c:\documents and settings\robert\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-10-27 01:22:16 -------- d-----w- c:\program files\Trend Micro
2011-10-27 00:48:58 -------- d-----w- c:\documents and settings\robert\local settings\application data\PCHealth
.
==================== Find3M ====================
.
2011-10-21 13:09:28 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-03 09:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 06:37:52 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2010-04-18 13:29:29 115331072 ----a-w- c:\program files\Samsung New PC Studio.msi
.
============= FINISH: 22:14:48.78 ===============

:snwelcome:


Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.





Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
http://public.avast.com/~gmerek/aswMBR1.png

On completion of the scan click save log, save it to your desktop and post in your next reply
http://public.avast.com/~gmerek/aswMBR2.png

I'll do it either tonight or tomorrow. Lots of stuff going on right now. I promise I'll get it done and report back ASAP.

Thank You,
Robert:cowboy:

Hello Robert,

aswMBR checks for Rootkits which are hidden malware programs , so let do that first to make sure its not rootkit related.

You have both AVG and McAfee running on your system, more than one is overkill and can cause problems like this, you should only have one AV, keep it updated and run regular scans. Your call but you need to uninstall one via Add Remove Programs in the Control Panel.


Also a word of warning about registry cleaners, there not recommended as removing the wrong entry or entries can make your system unbootable.

Lets see what aswMBR comes up with and we can go from there

OK, I ran the program last night. Should I reboot? I'll at least hibernate. Also, I thought I Uninstalled McAffe. I did that before I installed AVG. I double checked (included the add remove programs) I don't see anything related to McAffe.

Thank You
Robert

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-10-31 23:45:29
-----------------------------
23:45:29.984 OS Version: Windows 5.1.2600 Service Pack 3
23:45:29.984 Number of processors: 1 586 0xD08
23:45:29.984 ComputerName: MOBILE UserName:
23:45:32.265 Initialize success
23:49:05.625 AVAST engine defs: 11110100
23:51:51.968 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
23:51:51.968 Disk 0 Vendor: HTS541080G9SA00 MB4OC60D Size: 76319MB BusType: 3
23:51:54.000 Disk 0 MBR read successfully
23:51:54.000 Disk 0 MBR scan
23:51:54.078 Disk 0 Windows 7 default MBR code
23:51:54.078 Disk 0 scanning sectors +156301110
23:51:54.203 Disk 0 scanning C:\WINDOWS\system32\drivers
23:52:16.500 Service scanning
23:52:17.468 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
23:52:18.046 Modules scanning
23:52:37.359 Disk 0 trace - called modules:
23:52:37.390 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys spwa.sys hal.dll >>UNKNOWN [0x8a10c938]<<
23:52:37.390 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a0a0ab8]
23:52:37.718 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a03eb00]
23:52:38.453 AVAST engine scan C:\WINDOWS
23:53:06.750 AVAST engine scan C:\WINDOWS\system32
23:55:54.671 AVAST engine scan C:\WINDOWS\system32\drivers
23:56:16.000 AVAST engine scan C:\Documents and Settings\Virginia1
00:30:05.531 AVAST engine scan C:\Documents and Settings\All Users
00:46:45.687 Scan finished successfully
02:06:52.500 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Virginia1\Desktop\MBR.dat"
02:06:52.500 The log file has been saved successfully to "C:\Documents and Settings\Virginia1\Desktop\aswMBR.txt"

Hi Robert,

aswMBR looks fine. Just copy and paste the logs we ask for into the thread in lew of attaching them, its easier for us to analyze.

As far as McAfee, I dont see it fully installed, just bits and pieces, try running this uninstaller if it can find it, the free version is fine
http://www.revouninstaller.com/revo_uninstaller_free_download.html


Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)


Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please





OTL by OldTimer

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

I wonder if the file Malwarebytes found is a real piece of malwarel or not.

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8066

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/2/2011 8:23:54 AM
mbam-log-2011-11-02 (08-23-54).txt

Scan type: Quick scan
Objects scanned: 305620
Time elapsed: 1 hour(s), 0 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\DelUS.bat (Malware.Trace) -> Quarantined and deleted successfully.

Well, if Malwarebytes removed it it must be bad .

Waiting for the OTL log

OTL logfile created on: 11/2/2011 8:51:30 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Virginia1\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.25 Gb Total Physical Memory | 0.46 Gb Available Physical Memory | 36.96% Memory free
2.35 Gb Paging File | 1.71 Gb Available in Paging File | 72.74% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 66.52 Gb Total Space | 16.71 Gb Free Space | 25.12% Space Free | Partition Type: NTFS
Drive D: | 7.68 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 7.76 Gb Total Space | 0.47 Gb Free Space | 6.07% Space Free | Partition Type: NTFS

Computer Name: MOBILE | User Name: Virginia1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Virginia1\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe ()
PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Palm\Hotsync.exe (PalmSource, Inc)
PRC - C:\Program Files\TOSHIBA\Tvs\TvsTray.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Metamail Inc\Metamail Reader\Metamail Secure Server.exe (Metamail Corp.)
PRC - C:\Program Files\Metamail Inc\Metamail Tray\Metamail Trust Manager.exe (Metamail Corp.)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe (TOSHIBA Corp.)
PRC - C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
PRC - C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe (TOSHIBA)
PRC - C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe (Sonic Solutions)
PRC - C:\WINDOWS\system32\acs.exe ()
PRC - C:\WINDOWS\system32\TPSMain.exe (TOSHIBA Corporation)
PRC - C:\WINDOWS\system32\TPSBattM.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\TOSHIBA\IVP\ISM\pinger.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
PRC - C:\WINDOWS\system32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.)
PRC - C:\Program Files\FarStone\GameDrive\gdtask.exe (FarStone Technology Inc.)
PRC - C:\WINDOWS\system32\TaskSwitch.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe ()
MOD - C:\Program Files\HP\Digital Imaging\Smart Web Printing\NeoLoggingLib.dll ()
MOD - C:\Program Files\Free Download Manager\iefdm2.dll ()
MOD - C:\WINDOWS\system32\TCtrlIO.dll ()
MOD - C:\WINDOWS\system32\acs.exe ()
MOD - C:\Program Files\Common Files\Roxio Shared\DLLShared\apm.dll ()
MOD - C:\WINDOWS\system32\FsLodLib.dll ()
MOD - C:\WINDOWS\system32\TaskSwitch.exe ()


========== Win32 Services (SafeList) ==========

SRV - (McSysmon) -- File not found
SRV - (McShield) -- File not found
SRV - (iPod Service) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (ACDaemon) -- File not found
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (FsUsbExService) -- C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)
SRV - (TAPPSRV) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe (TOSHIBA Corp.)
SRV - (Swupdtmr) -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe ()
SRV - (ACS) -- C:\WINDOWS\system32\acs.exe ()
SRV - (CFSvcs) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (DVD-RAM_Service) -- C:\WINDOWS\system32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.)


========== Driver Services (SafeList) ==========

DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys ()
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (PalmUSBD) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys (PalmSource, Inc.)
DRV - (BVRPMPR5) -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS (Avanquest Software)
DRV - (dtscsi) -- C:\WINDOWS\System32\Drivers\dtscsi.sys (DT Soft Ltd.)
DRV - (Tvs) -- C:\WINDOWS\system32\drivers\Tvs.sys (TOSHIBA Corporation)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (TVALD) -- C:\WINDOWS\system32\drivers\NBSMI.sys (Toshiba Corporation)
DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.)
DRV - (tbiosdrv) -- C:\WINDOWS\system32\drivers\tbiosdrv.sys ()
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (cdudf_xp) -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys (Sonic Solutions)
DRV - (dvd_2K) -- C:\WINDOWS\System32\drivers\dvd_2k.sys (Sonic Solutions)
DRV - (Cdralw2k) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (Cdr4_xp) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (DVDVRRdr_xp) -- C:\WINDOWS\System32\drivers\DVDVRRdr_xp.sys (Windows (R) 2000 DDK provider)
DRV - (UDFReadr) -- C:\WINDOWS\System32\drivers\Udfreadr.sys (Sonic Solutions)
DRV - (mmc_2K) -- C:\WINDOWS\System32\drivers\mmc_2k.sys (Sonic Solutions)
DRV - (pwd_2k) -- C:\WINDOWS\System32\drivers\Pwd_2k.sys (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (meiudf) -- C:\WINDOWS\system32\drivers\meiudf.sys (Matsushita Electric Industrial Co.,Ltd.)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation )
DRV - (KR10N) -- C:\WINDOWS\system32\drivers\KR10N.sys (TOSHIBA CORPORATION)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (ElbyDelay) -- C:\WINDOWS\system32\drivers\ElbyDelay.sys (Elaborate Bytes AG)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (gdxwdm) -- C:\WINDOWS\system32\drivers\gdxwdm.sys (FarStone Inc.)
DRV - (Netdevio) -- C:\WINDOWS\system32\drivers\Netdevio.sys (TOSHIBA Corporation.)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = cdn
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = actsvr.comcastonline.com:8100

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = cdn
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = actsvr.comcastonline.com:8100

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart

IE - HKU\S-1-5-21-1365152189-766300769-3890912586-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-1365152189-766300769-3890912586-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1365152189-766300769-3890912586-1009\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1365152189-766300769-3890912586-1009\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1365152189-766300769-3890912586-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/login_verify2?&.src=ym
IE - HKU\S-1-5-21-1365152189-766300769-3890912586-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@palmsource.com/installer,version=1.0: C:\PROGRA~1\Palm\PACKAG~1\NPInstal.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2011/02/26 23:56:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/10/21 09:43:15 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/02/26 08:47:04 | 000,431,774 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 14864 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKU\S-1-5-21-1365152189-766300769-3890912586-1009\..\Toolbar\WebBrowser: (no name) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Auto EPSON Stylus CX5400 on MAIN] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P32 "Auto EPSON Stylus CX5400 on MAIN" /O12 "\\MAIN\EPSON" /M "Stylus CX5400" File not found
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CoolSwitch] C:\WINDOWS\system32\TaskSwitch.exe ()
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [GameDrive] C:\Program Files\FarStone\GameDrive\GDTask.exe (FarStone Technology Inc.)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe (TOSHIBA)
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe (Sonic Solutions)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TFncKy] TFncKy.exe File not found
O4 - HKLM..\Run: [THotkey] C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe ()
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKU\S-1-5-21-1365152189-766300769-3890912586-1009..\Run: [GameDrive] C:\Program Files\FarStone\GameDrive\gdtask.exe (FarStone Technology Inc.)
O4 - HKU\S-1-5-21-1365152189-766300769-3890912586-1009..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKU\S-1-5-21-1365152189-766300769-3890912586-1009..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB0.0; .NET CLR 1.1.4322; FDM; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.nickjr.com/kids-games/little-bears-jigsaw-puzzle.html" File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe (PalmSource, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Metamail Trust Manager.lnk = C:\Program Files\Metamail Inc\Metamail Tray\Metamail Trust Manager.exe (Metamail Corp.)
O4 - Startup: C:\Documents and Settings\Kids\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk = File not found
O4 - Startup: C:\Documents and Settings\Virginia1\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk = File not found
O4 - Startup: C:\Documents and Settings\Virginia1\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 8256
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1365152189-766300769-3890912586-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKU\S-1-5-21-1365152189-766300769-3890912586-1009\..Trusted Domains: honda.com ([www.in] http in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {297DE2B6-509A-4B36-93C5-A65276606900} http://www.in.honda.com/rraaapps/rraasec/codebase/RRAAINAX/RraainAX.CAB (RRAAINAX_02.RRAAINAX)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://www.nick.com/common/groove/gx/GrooveAX27.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab (DDRevision Class)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe (Reg Error: Key error.)
O16 - DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} https://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller.cab (WebBrowserType Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A9217A62-15DD-4935-A0F4-F7304D867F42}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Virginia1\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Virginia1\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/11/04 22:30:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2002/07/15 09:56:14 | 000,000,073 | R--- | M] () - D:\AUTORUN.INF -- [ UDF ]
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - F:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2331c990-def9-11db-adb5-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{2331c990-def9-11db-adb5-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2331c990-def9-11db-adb5-00038a000015}\Shell\AutoRun\command - "" = G:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/02 08:50:10 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Virginia1\Desktop\OTL.exe
[2011/11/02 00:52:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Virginia1\Application Data\Malwarebytes
[2011/11/02 00:52:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/02 00:52:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/11/02 00:52:36 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/11/02 00:52:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/02 00:47:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Virginia1\Start Menu\Programs\Revo Uninstaller
[2011/11/02 00:47:15 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011/10/26 22:11:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/10/26 22:03:08 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/10/26 22:03:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/10/26 21:22:16 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/10/21 09:13:33 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/10/21 09:13:33 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/10/21 09:13:33 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2005/11/04 22:59:49 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/02 08:50:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Virginia1\Desktop\OTL.exe
[2011/11/02 08:45:06 | 136,766,677 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/11/02 08:40:21 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/02 08:40:16 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/02 08:38:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/02 08:27:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/02 08:27:33 | 1340,329,984 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/02 00:47:17 | 000,000,928 | ---- | M] () -- C:\Documents and Settings\Virginia1\Desktop\Revo Uninstaller.lnk
[2011/11/01 09:30:58 | 000,096,079 | ---- | M] () -- C:\Documents and Settings\Virginia1\Desktop\ARP.JPG
[2011/11/01 02:06:52 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Virginia1\Desktop\MBR.dat
[2011/10/31 03:01:42 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/27 20:17:24 | 000,016,542 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/10/24 10:27:27 | 000,247,104 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/23 19:37:20 | 000,443,456 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/23 19:37:20 | 000,072,556 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/21 09:46:31 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/10/21 09:09:28 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/02 00:47:17 | 000,000,928 | ---- | C] () -- C:\Documents and Settings\Virginia1\Desktop\Revo Uninstaller.lnk
[2011/11/01 09:30:58 | 000,096,079 | ---- | C] () -- C:\Documents and Settings\Virginia1\Desktop\ARP.JPG
[2011/11/01 02:06:52 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Virginia1\Desktop\MBR.dat
[2011/03/18 23:08:37 | 000,077,375 | ---- | C] () -- C:\WINDOWS\hpqins05.dat.temp
[2010/05/03 21:09:11 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/18 09:37:52 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010/04/18 09:37:52 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2010/04/18 09:31:37 | 000,069,632 | ---- | C] () -- C:\Program Files\2057.MST
[2010/04/18 09:31:37 | 000,013,822 | ---- | C] () -- C:\Program Files\0x0809.ini
[2010/04/18 09:31:32 | 115,331,072 | ---- | C] () -- C:\Program Files\Samsung New PC Studio.msi
[2010/03/13 21:59:23 | 000,077,375 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
[2010/01/03 11:41:29 | 000,118,907 | ---- | C] () -- C:\WINDOWS\hpoins31.dat.temp
[2010/01/03 11:41:29 | 000,000,945 | ---- | C] () -- C:\WINDOWS\hpomdl31.dat.temp
[2009/12/12 19:13:59 | 000,023,156 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
[2009/08/30 04:10:16 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/08/21 16:58:40 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\AitVirtualComInstall.exe
[2009/07/20 20:10:48 | 000,307,200 | ---- | C] () -- C:\WINDOWS\System32\InstallVCOM.exe
[2008/12/02 22:36:51 | 000,146,758 | ---- | C] () -- C:\WINDOWS\hpoins31.dat
[2008/12/02 22:36:51 | 000,000,945 | ---- | C] () -- C:\WINDOWS\hpomdl31.dat
[2008/10/05 22:20:10 | 000,000,273 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2008/08/27 11:57:36 | 000,000,048 | ---- | C] () -- C:\WINDOWS\LoadLib.INI
[2008/07/14 17:36:51 | 000,000,157 | ---- | C] () -- C:\WINDOWS\disney.ini
[2008/06/22 17:16:05 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/05/10 19:36:19 | 000,000,377 | ---- | C] () -- C:\WINDOWS\ereg077.dat
[2008/05/10 19:17:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2008/05/04 17:39:34 | 000,002,560 | ---- | C] () -- C:\WINDOWS\System32\ViaClassCoInstaller.dll
[2008/04/06 17:50:02 | 000,011,079 | -H-- | C] () -- C:\Program Files\folder.htt
[2008/03/14 13:28:47 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT4.DAT
[2008/02/26 20:06:34 | 000,106,496 | ---- | C] () -- C:\Documents and Settings\Virginia1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/26 19:21:35 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Virginia1\Local Settings\Application Data\fusioncache.dat
[2007/12/29 17:25:41 | 000,000,098 | ---- | C] () -- C:\WINDOWS\DMI.ini
[2007/10/28 15:40:42 | 000,066,936 | -HS- | C] () -- C:\WINDOWS\dlinfo_0.drv
[2007/10/28 14:11:08 | 000,061,440 | ---- | C] () -- C:\WINDOWS\diabunin.exe
[2007/10/25 17:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/05/23 23:02:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\FSDataSvr.sys
[2007/05/23 22:49:31 | 000,005,501 | ---- | C] () -- C:\WINDOWS\System32\dptlcg32.dll
[2007/03/26 18:46:41 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/02/28 21:15:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSBrow.INI
[2006/12/24 03:12:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2006/12/24 00:29:10 | 000,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/11/25 00:55:09 | 000,000,762 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2006/11/16 13:06:14 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT.DAT
[2006/11/15 22:34:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\JDSecure31.INI
[2006/11/13 21:17:08 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\ControlWZCS.exe
[2006/11/13 21:17:06 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\acs.exe
[2006/11/13 21:17:01 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2006/11/13 21:16:47 | 000,270,336 | ---- | C] () -- C:\WINDOWS\System32\PlugPlayPCIDevice.exe
[2006/11/13 21:16:47 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\MFCFirstRemove.exe
[2006/11/13 17:55:33 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/11/30 19:16:05 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2005/11/30 19:16:05 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2005/11/30 19:16:05 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2005/11/30 19:16:05 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2005/11/29 18:52:15 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2005/11/29 18:22:11 | 000,000,140 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ1.dat
[2005/11/29 18:22:11 | 000,000,140 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ0.dat
[2005/11/29 18:22:08 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005/11/29 18:22:08 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2005/11/29 18:16:48 | 000,004,528 | R--- | C] () -- C:\WINDOWS\System32\SETBROWS.EXE
[2005/11/11 18:12:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/11/07 13:00:07 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/07 12:27:47 | 000,000,012 | ---- | C] () -- C:\WINDOWS\dirsaver.ini
[2005/11/05 00:09:15 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/11/05 00:07:42 | 000,000,262 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/11/05 00:05:40 | 000,000,172 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2005/11/05 00:03:51 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/11/05 00:03:51 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/11/05 00:03:51 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/11/05 00:03:51 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/11/05 00:03:51 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/11/05 00:03:51 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/11/04 23:31:32 | 000,036,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys
[2005/11/04 23:27:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2005/11/04 22:59:49 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2005/11/04 22:31:54 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/11/04 22:28:04 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/11/04 22:26:52 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/11/04 20:56:25 | 000,000,341 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/04 20:53:47 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2005/11/04 20:53:47 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2005/11/04 20:53:47 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2005/11/04 20:53:47 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2005/11/04 20:53:47 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2005/11/04 20:53:16 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/11/04 20:53:10 | 000,443,456 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/11/04 20:53:10 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/11/04 20:53:10 | 000,072,556 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/11/04 20:53:10 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/11/04 20:53:08 | 000,004,688 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/11/04 20:53:06 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/11/04 20:53:02 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/11/04 20:52:54 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/11/04 20:52:54 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/11/04 20:52:40 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/11/04 20:52:29 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/11/04 14:23:06 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/11/04 14:22:17 | 000,247,104 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/24 19:20:28 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2005/06/10 19:59:16 | 000,095,617 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2003/05/27 06:33:30 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\GDExtend.dll
[2003/05/21 03:25:08 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\VDExtend.dll
[2003/04/15 11:27:34 | 000,006,362 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartCdx.sys
[2003/04/11 12:49:28 | 000,040,960 | ---- | C] () -- C:\WINDOWS\DxpApp.exe
[2003/04/11 11:53:30 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fsmesbox.dll
[2003/04/11 11:53:30 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\FsLodLib.dll
[2003/02/14 09:56:14 | 000,016,384 | ---- | C] () -- C:\WINDOWS\FSRunCmd.exe
[2002/03/19 21:30:00 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\msvdm.dll
[2002/03/19 21:30:00 | 000,045,632 | ---- | C] () -- C:\WINDOWS\System32\TaskSwitch.exe
[1997/06/13 20:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== LOP Check ==========

[2011/06/24 20:48:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/06/24 20:47:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/11/20 19:40:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2008/07/05 00:09:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
[2009/05/03 22:57:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2011/06/24 19:57:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kingsoft
[2011/06/24 20:51:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/01/21 22:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/04/20 15:30:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
[2005/11/05 00:09:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/02/26 22:47:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{E53F90E0-D7CA-4310-8844-F6E688407890}
[2005/11/04 23:39:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\toshiba
[2011/06/25 09:58:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kids\Application Data\AVG10
[2007/06/05 09:18:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kids\Application Data\FarStone
[2009/06/06 21:04:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kids\Application Data\HotSync
[2006/11/26 22:10:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kids\Application Data\InterVideo
[2005/11/04 23:39:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kids\Application Data\toshiba
[2011/06/24 20:12:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Kingsoft
[2011/07/21 11:55:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Makayla\Application Data\AVG10
[2008/04/16 22:13:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Makayla\Application Data\FarStone
[2009/05/05 12:54:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Makayla\Application Data\HotSync
[2008/04/21 22:49:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Makayla\Application Data\InterVideo
[2008/07/13 21:44:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Makayla\Application Data\School Zone Preferences
[2005/11/04 23:39:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Makayla\Application Data\toshiba
[2007/05/23 23:04:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Virginia\Application Data\FarStone
[2007/01/06 21:39:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Virginia\Application Data\InterVideo
[2006/11/15 15:16:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Virginia\Application Data\toshiba
[2011/06/26 22:02:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Virginia1\Application Data\AVG10
[2008/02/26 19:52:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Virginia1\Application Data\FarStone
[2009/05/04 21:26:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Virginia1\Application Data\HotSync
[2008/02/26 19:50:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Virginia1\Application Data\InterVideo
[2011/05/26 18:31:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Virginia1\Application Data\OpenOffice.org
[2008/02/26 19:43:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Virginia1\Application Data\toshiba
[2011/09/12 18:52:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 157 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:773DA865

< End of report >

OTL Extras logfile created on: 11/2/2011 8:51:30 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Virginia1\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.25 Gb Total Physical Memory | 0.46 Gb Available Physical Memory | 36.96% Memory free
2.35 Gb Paging File | 1.71 Gb Available in Paging File | 72.74% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 66.52 Gb Total Space | 16.71 Gb Free Space | 25.12% Space Free | Partition Type: NTFS
Drive D: | 7.68 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 7.76 Gb Total Space | 0.47 Gb Free Space | 6.07% Space Free | Partition Type: NTFS

Computer Name: MOBILE | User Name: Virginia1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Value error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"427:UDP" = 427:UDP:*:Enabled:SLP_Port(427)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"20001:UDP" = 20001:UDP:*:Enabled:MicroSAN
"80:TCP" = 80:TCP:*:Enabled:Web
"427:UDP" = 427:UDP:*:Enabled:SLP_Port(427)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Documents and Settings\Robert\Local Settings\Temp\7zS0EAA\setup\HPZnui01.exe" = C:\Documents and Settings\Robert\Local Settings\Temp\7zS0EAA\setup\HPZnui01.exe:*:Enabled:hpznui01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- (TOSHIBA Corporation)
"C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe" = C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe:*:Enabled:ConfigFree SUMMIT Engine -- (TOSHIBA CORPORATION)
"C:\Program Files\EA GAMES\Battlefield Vietnam\bfvietnam.exe" = C:\Program Files\EA GAMES\Battlefield Vietnam\bfvietnam.exe:*:Enabled:bfvietnam -- ()
"C:\Program Files\EA GAMES\Medal of Honor Pacific Assault(tm)\mohpa.exe" = C:\Program Files\EA GAMES\Medal of Honor Pacific Assault(tm)\mohpa.exe:*:Enabled:Medal of Honor Pacific Assault(tm)
"C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" = C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe:*:Enabled:McAfee Data Backup
"C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\age2_x1.icd" = C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\age2_x1.icd:*:Enabled:Age of Empires II Expansion -- (Microsoft Corporation)
"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD" = C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD:*:Enabled:Age of Empires II -- (Microsoft Corporation)
"C:\Program Files\Atari\Risk II\RiskII.exe" = C:\Program Files\Atari\Risk II\RiskII.exe:*:Enabled:Risk II -- (Deep Red Games Ltd)
"C:\Program Files\FarStone\GameDrive\MGR.exe" = C:\Program Files\FarStone\GameDrive\MGR.exe:*:Disabled:VirtualDrive MGR -- (FarStone Technology Inc.)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe" = C:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe:*:Enabled:BF1942 -- ()
"C:\Program Files\Diablo\diablo.exe" = C:\Program Files\Diablo\diablo.exe:*:Disabled:Diablo -- (Blizzard Entertainment)
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Disabled:AOL
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Disabled:AOL
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Disabled:AOL
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Disabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL
"C:\Program Files\Common Files\AOL\1131163763\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1131163763\EE\AOLServiceHost.exe:*:Disabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Disabled:AOL
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Disabled:AOL Application Loader -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Disabled:AOLTopSpeed
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Disabled:AOLTsMon
"D:\Autorun.exe" = D:\Autorun.exe:*:Disabled:CD navigator
"C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE" = C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Enabled:SAgent4
"C:\Program Files\Hasbro Interactive\Battleship SURFACE THUNDER\Battleship2.exe" = C:\Program Files\Hasbro Interactive\Battleship SURFACE THUNDER\Battleship2.exe:*:Enabled:Battleship SURFACE THUNDER -- (Meyer/Glass Interactive-10955 Golden West Drive-Hunt Valley-MD-21031)
"C:\Documents and Settings\Robert\Local Settings\Temp\7zS0EAA\setup\HPZnui01.exe" = C:\Documents and Settings\Robert\Local Settings\Temp\7zS0EAA\setup\HPZnui01.exe:*:Enabled:hpznui01.exe
"D:\bin\IA\Core\MDM_Util.exe" = D:\bin\IA\Core\MDM_Util.exe:*:Enabled:MDM_Util
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server -- (PeeringPortal)
"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server -- (PeeringPortal)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{05832D65-6EDB-4D32-BA78-BCD0E2B91C02}" = Atheros Wireless LAN MiniPCI card Driver
"{05E740C4-0F88-4673-9DAF-549E41A6CB21}" = AVG 2011
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1943A043-5C85-4A16-A0D0-D687B2C1A40F}" = VirtualCom driver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{28F9CB51-2F81-40BF-9545-6FD1FCB1AC44}" = Risk II
"{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch
"{2DBE41DD-2129-4C65-A3D3-5647236A60F3}" = Quicken 2005
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A3D0CF8-60FF-4CEF-91A4-A1F001424602}" = DocProc
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CCC7F68-A437-4559-A840-F5E010934951}" = HP Driver Diagnostics
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{548EAC70-EE00-11DD-908C-005056806466}" = Google Earth
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5D96E2B1-D9AC-46E0-9073-425C5F63E338}" = Touch and Launch
"{612F4E20-3661-4D44-AD79-823F1B613FB3}" = HP Update
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility
"{64DD71BC-3109-4C88-9AD3-D5422644B722}" = TOSHIBA Hotkey Utility
"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{69BE47C2-36FE-4397-8199-85D8EAE69982}" = TOSHIBA TouchPad ON/Off Utility
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{70E1E357-E57C-4284-B04E-58196DC27BC1}" = PanoStandAlone
"{7184F382-8A6C-4B85-A3AC-B63734B1E241}" = SAMSUNG Mobile USB Driver
"{71D658CF-4E0D-4DA8-AA67-8C0B6F1C01FE}" = Atheros Client Utility
"{747D1B34-A1FC-4EF3-A6AE-E86F39CEFDE5}" = Roxio Easy Media Creator 7 Basic DVD Edition
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{78AC18A2-12A9-4102-B0B7-C7558182D212}" = C6300
"{78C68CB9-3DF5-44F3-AB9D-FA305C5EB85C}" = TOSHIBA Utilities
"{7BD42C12-74D1-4804-B24D-D21E25D4E3CF}" = PS_AIO_04_C6300_ProductContext
"{7D543DFE-6459-462A-9A62-B5B012B1DCF1}" = AVG 2011
"{800E784D-53E3-4948-B491-9E7FA5EACBDC}" = SmartWebPrinting
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{88D18C5E-5113-4A1E-8EC9-2B7E24688A14}" = PS_AIO_04_C6300_Software_Min
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B12BA86-ADAC-4BA6-B441-FFC591087252}" = TOSHIBA Virtual Sound
"{9074AFC0-CFDA-11DE-B484-005056806466}" = Google Earth
"{909354DE-C180-4B00-B61F-9A6D805E5796}" = Battlefield 1942 Secret Weapons of WWII Demo
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{95120000-0052-0409-0000-0000000FF1CE}" = Microsoft Office Visio Viewer 2007
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{99832252-D489-4276-B961-6D505CF0AFAA}" = PS_AIO_04_C6300_Software
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver
"{9EDC4EA1-558A-4297-9BCB-F36E572E6B1D}" = C6300_Help
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"{A7050037-F0EA-4BAB-BCD5-FC05507D6147}" = Alt-Tab Task Switcher Powertoy for Windows XP
"{A92A4DB0-CD37-42D1-BE1D-603D53C24328}" = Intel(R) Processor ID Utility
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BA8DF709-6BAB-4092-91E0-4D67EFC12A98}" = HP Photosmart C6300 All-In-One Driver Software 12.0 Rel .4
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{BE3F89C0-42D5-11D5-A40A-00105AC8331A}" = Metamail (Toshiba Registration Utility)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}" = ClearType Tuning Control Panel Applet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D07643A3-CE41-4286-8C78-EB9C83E76DDB}" = PunkBuster for Battlefield Vietnam
"{D5BB0907-4BB2-46A3-AA68-0173D111058D}" = GameDrive
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{E35B3C63-E958-4E31-A178-95D22024109A}" = Battlefield Vietnam(TM)
"{EBCCE08A-B3EE-40E7-96D7-31741D481015}" = No One Lives Forever 2
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EE3E60BC-F29F-4E7B-A110-B538387D34DA}" = No One Lives Forever - Game of the Year Edition
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F251B999-08A9-4704-999C-9962F0DFD88E}" = Virtual Desktop Manager Powertoy for Windows XP
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"{FD6034A3-655C-49F0-B496-D4CBFD74D7A7}" = Palm Desktop by ACCESS
"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Age of Empires" = Microsoft Age of Empires
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires Expansion 1.0" = Microsoft Age of Empires Expansion
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"All ATI Software" = ATI - Software Uninstall Utility
"Arthur's Kindergarten" = Arthur's Kindergarten
"Arthur's Math Games" = Arthur's Math Games
"ATI Display Driver" = ATI Display Driver
"AVG" = AVG 2011
"Battleship SURFACE THUNDER" = Battleship SURFACE THUNDER
"Caillou Ready For School" = Caillou Ready For School
"CareBears Catch A Star" = CareBears Catch A Star (remove only)
"CloneDVD2" = CloneDVD2
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Diablo" = Diablo
"Dogz" = Dogz (remove only)
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVDFab 7_is1" = DVDFab 7.0.9.3 (08/08/2010)
"E24870CB6AA1C3511635FF9020A3E9471287FBE7" = Windows Driver Package - MobileTop (sshpmdm) Modem (01/26/2008 2.6.0.0)
"ERUNT_is1" = ERUNT 1.1j
"F1562C4E4C283E13CDA36F5FD2989D4B7D232B6C" = Windows Driver Package - ATEQ S.A (usbser) Ports (04/02/2009 6.1.2600.0)
"First Thousand Words" = First Thousand Words
"Free Download Manager_is1" = Free Download Manager 2.5
"Google Updater" = Google Updater
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 12.0
"HPOCR" = OCR Software by I.R.I.S. 11.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{2DBE41DD-2129-4C65-A3D3-5647236A60F3}" = Quicken 2005
"InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"InterActual Player" = InterActual Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PC Diagnostic Tool" = TOSHIBA PC Diagnostic Tool
"Power Saver" = TOSHIBA Power Saver
"PuTTY_is1" = PuTTY version 0.60
"Revo Uninstaller" = Revo Uninstaller 1.93
"SAMSUNG Android USB Modem" = SAMSUNG Android USB Modem Software
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"SAMSUNG Mobile Modem V2" = SAMSUNG Mobile Modem V2 Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Download Driver" = SAMSUNG Mobile USB Download Driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Samsung Mobile USB Modem Device" = Samsung Mobile USB Modem Device Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"Scholastic's I SPY Junior Puppet Playhouse" = Scholastic's I SPY Junior Puppet Playhouse
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The Land Before Time Kindergarten Adventure" = The Land Before Time Kindergarten Adventure
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Transition Math K-1" = Transition Math K-1
"Tweak UI 2.10" = Tweak UI
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 5.9.4
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"YInstHelper" = Yahoo! Install Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/21/2011 9:44:34 AM | Computer Name = MOBILE | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb2572073,
P2 1033, P3 1618, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 10/23/2011 7:29:46 PM | Computer Name = MOBILE | Source = ESENT | ID = 481
Description = svchost (1268) An attempt to read from the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
at offset 675840 (0x00000000000a5000) for 4096 (0x00001000) bytes failed with system
error 23 (0x00000017): "Data error (cyclic redundancy check). ". The read operation
will fail with error -1022 (0xfffffc02). If this error persists then the file
may be damaged and may need to be restored from a previous backup.

Error - 10/23/2011 7:31:44 PM | Computer Name = MOBILE | Source = ESENT | ID = 481
Description = svchost (1268) An attempt to read from the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
at offset 610304 (0x0000000000095000) for 4096 (0x00001000) bytes failed with system
error 23 (0x00000017): "Data error (cyclic redundancy check). ". The read operation
will fail with error -1022 (0xfffffc02). If this error persists then the file
may be damaged and may need to be restored from a previous backup.

Error - 10/23/2011 7:32:01 PM | Computer Name = MOBILE | Source = ESENT | ID = 481
Description = svchost (1268) An attempt to read from the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
at offset 634880 (0x000000000009b000) for 4096 (0x00001000) bytes failed with system
error 23 (0x00000017): "Data error (cyclic redundancy check). ". The read operation
will fail with error -1022 (0xfffffc02). If this error persists then the file
may be damaged and may need to be restored from a previous backup.

Error - 10/23/2011 8:36:41 PM | Computer Name = MOBILE | Source = Application Hang | ID = 1002
Description = Hanging application RiskII.exe, version 1.0.0.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/23/2011 8:36:59 PM | Computer Name = MOBILE | Source = Application Hang | ID = 1001
Description = Fault bucket 02205014.

Error - 10/26/2011 8:47:52 PM | Computer Name = MOBILE | Source = Ci | ID = 4124
Description = Content index on c:\system volume information\catalog.wci is corrupt.
Please shutdown and restart the Indexing Service (cisvc).

Error - 10/26/2011 8:47:52 PM | Computer Name = MOBILE | Source = Ci | ID = 4126
Description = Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci.
Index will be automatically restored by refiltering all documents.

Error - 10/26/2011 9:25:22 PM | Computer Name = MOBILE | Source = ESENT | ID = 481
Description = svchost (1252) An attempt to read from the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
at offset 667648 (0x00000000000a3000) for 4096 (0x00001000) bytes failed with system
error 23 (0x00000017): "Data error (cyclic redundancy check). ". The read operation
will fail with error -1022 (0xfffffc02). If this error persists then the file
may be damaged and may need to be restored from a previous backup.

Error - 10/26/2011 10:01:58 PM | Computer Name = MOBILE | Source = ESENT | ID = 481
Description = svchost (1252) An attempt to read from the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
at offset 446464 (0x000000000006d000) for 4096 (0x00001000) bytes failed with system
error 23 (0x00000017): "Data error (cyclic redundancy check). ". The read operation
will fail with error -1022 (0xfffffc02). If this error persists then the file
may be damaged and may need to be restored from a previous backup.

[ System Events ]
Error - 11/2/2011 1:01:22 AM | Computer Name = MOBILE | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 11/2/2011 1:11:45 AM | Computer Name = MOBILE | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 11/2/2011 1:11:50 AM | Computer Name = MOBILE | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 11/2/2011 1:11:54 AM | Computer Name = MOBILE | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 11/2/2011 1:39:54 AM | Computer Name = MOBILE | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 11/2/2011 1:39:58 AM | Computer Name = MOBILE | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 11/2/2011 1:40:02 AM | Computer Name = MOBILE | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 11/2/2011 8:28:50 AM | Computer Name = MOBILE | Source = Service Control Manager | ID = 7000
Description = The McAfee Real-time Scanner service failed to start due to the following
error: %%3

Error - 11/2/2011 8:29:13 AM | Computer Name = MOBILE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
KR10N

Error - 11/2/2011 8:46:55 AM | Computer Name = MOBILE | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.


< End of report >

Nothing really jumping out at me, lets do this

Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL




:processes
killallprocesses

:OTL

:Services

:Reg

:Files
ipconfig /flushdns /c





:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.






ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.

Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.
Accept any security warnings from your browser.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png
Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.

All processes killed
========== PROCESSES ==========
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Virginia1\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Virginia1\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 41 bytes

User: Kids
->Temp folder emptied: 214948289 bytes
->Temporary Internet Files folder emptied: 1061733447 bytes
->Java cache emptied: 15 bytes
->Flash cache emptied: 64576 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 144862 bytes

User: Makayla
->Temp folder emptied: 35540853 bytes
->Temporary Internet Files folder emptied: 251323377 bytes
->Java cache emptied: 154768 bytes
->Flash cache emptied: 11122 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 849032 bytes

User: Owner

User: Robert
->Temp folder emptied: 30094128 bytes

User: Virginia
->Temp folder emptied: 27255467 bytes
->Temporary Internet Files folder emptied: 247865220 bytes
->Java cache emptied: 398450 bytes

User: Virginia1
->Temp folder emptied: 486755577 bytes
->Temporary Internet Files folder emptied: 455705768 bytes
->Java cache emptied: 29151629 bytes
->Flash cache emptied: 126760 bytes

User: Virginia2

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 56207298 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 143410612 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 2,901.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 11052011_105330

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Virginia1\Local Settings\Temp\Temporary Internet Files\Content.IE5\SH12WK4Q\2086-7311;u5=CCI;u6=5686,5686,287;u7=0422,0050,0322;u8=Y;u9=;u10=0164162680;u11=c7cc89e3-18a7-411a-ae0e-344dca9669d8;u12=2010-02-23;u13=;u14=;u15=;ord=1;num=4266352283188[1].htm not found!
File\Folder C:\Documents and Settings\Virginia1\Local Settings\Temp\Temporary Internet Files\Content.IE5\IGYQTQHG\2086-7311;u5=CCI;u6=5686,5686,287;u7=0422,0050,0322;u8=Y;u9=;u10=0164162680;u11=c7cc89e3-18a7-411a-ae0e-344dca9669d8;u12=2010-02-23;u13=;u14=;u15=;ord=1;num=6336014666217[1].htm not found!
File\Folder C:\Documents and Settings\Virginia1\Local Settings\Temp\Temporary Internet Files\Content.IE5\GIXDOK5C\2086-7311;u5=CCI;u6=5686,5686,287;u7=0422,0050,0322;u8=Y;u9=;u10=0164162680;u11=c7cc89e3-18a7-411a-ae0e-344dca9669d8;u12=2010-02-21;u13=;u14=;u15=;ord=1;num=1543614380659[1].htm not found!
File\Folder C:\Documents and Settings\Virginia1\Local Settings\Temp\Temporary Internet Files\Content.IE5\GIXDOK5C\2086-7311;u5=CCI;u6=5686,5686,287;u7=0422,0050,0322;u8=Y;u9=;u10=0164162680;u11=c7cc89e3-18a7-411a-ae0e-344dca9669d8;u12=2010-02-21;u13=;u14=;u15=;ord=1;num=2097503409642[1].htm not found!
File\Folder C:\Documents and Settings\Virginia1\Local Settings\Temp\Temporary Internet Files\Content.IE5\GIXDOK5C\2086-7311;u5=CCI;u6=5686,5686,287;u7=0422,0050,0322;u8=Y;u9=;u10=0164162680;u11=c7cc89e3-18a7-411a-ae0e-344dca9669d8;u12=2010-02-23;u13=;u14=;u15=;ord=1;num=1714112360204[1].htm not found!
C:\WINDOWS\temp\Perflib_Perfdata_7a8.dat moved successfully.

Registry entries deleted on Reboot...

C:\Documents and Settings\All Users\Documents\My Music\other music\friends forever t squad cute girl has orgasm on webcam.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan

Hi,

Sorry for the delay, been off for a few days .

I would delete this
C:\Documents and Settings\All Users\Documents\My Music\other music\friends forever t squad cute girl has orgasm on webcam.mp3


Download ComboFix from one of these locations:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)


* IMPORTANT !!! Save ComboFix.exe to your Desktop


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.


Double click on ComboFix.exe & follow the prompts.


As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.


Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



http://img.photobucket.com/albums/v706/ried7/RC1.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

ComboFix 11-11-06.01 - Virginia1 11/06/2011 10:40:14.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.537 [GMT -5:00]
Running from: C:\Documents and Settings\Virginia1\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


---- Previous Run -------

C:\Documents and Settings\All Users\Application Data\TEMP
C:\Documents and Settings\Default User\WINDOWS
C:\Documents and Settings\Kids\WINDOWS
C:\Documents and Settings\Makayla\WINDOWS
C:\Documents and Settings\Virginia\WINDOWS
C:\Documents and Settings\Virginia1\WINDOWS
C:\WINDOWS\system32\config\systemprofile\WINDOWS


((((((((((((((((((((((((( Files Created from 2011-10-06 to 2011-11-06 )))))))))))))))))))))))))))))))


2011-11-05 15:41:59 . 2011-11-05 15:41:59 -------- d-----w- C:\Program Files\ESET
2011-11-05 14:53:30 . 2011-11-05 14:53:31 -------- d-----w- C:\_OTL
2011-11-02 04:52:56 . 2011-11-02 04:52:56 -------- d-----w- C:\Documents and Settings\Virginia1\Application Data\Malwarebytes
2011-11-02 04:52:41 . 2011-11-02 04:52:41 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2011-11-02 04:52:36 . 2011-11-02 04:52:48 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2011-11-02 04:52:36 . 2011-08-31 21:00:50 22216 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2011-11-02 04:47:15 . 2011-11-02 04:47:15 -------- d-----w- C:\Program Files\VS Revo Group
2011-10-27 02:03:08 . 2011-10-27 02:03:28 -------- d-----w- C:\Program Files\ERUNT
2011-10-27 01:22:16 . 2011-10-27 01:22:16 -------- d-----w- C:\Program Files\Trend Micro
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-10-21 13:09:28 . 2011-06-23 00:48:52 414368 ----a-w- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2011-10-03 09:06:03 . 2010-06-12 00:54:26 472808 ----a-w- C:\WINDOWS\system32\deployJava1.dll
2011-10-03 06:37:52 . 2009-12-05 12:12:55 73728 ----a-w- C:\WINDOWS\system32\javacpl.cpl
2011-09-26 15:41:20 . 2008-07-29 23:59:58 611328 ----a-w- C:\WINDOWS\system32\uiautomationcore.dll
2011-09-26 15:41:20 . 2005-11-05 00:53:09 220160 ----a-w- C:\WINDOWS\system32\oleacc.dll
2011-09-26 15:41:14 . 2005-11-05 00:53:09 20480 ----a-w- C:\WINDOWS\system32\oleaccrc.dll
2011-09-09 09:12:13 . 2005-11-05 00:52:28 599040 ----a-w- C:\WINDOWS\system32\crypt32.dll
2011-09-06 13:20:51 . 2005-11-05 00:53:31 1858944 ----a-w- C:\WINDOWS\system32\win32k.sys
2011-08-22 23:48:55 . 2005-11-05 00:53:31 916480 ----a-w- C:\WINDOWS\system32\wininet.dll
2011-08-22 23:48:54 . 2005-11-05 00:52:51 43520 ----a-w- C:\WINDOWS\system32\licmgr10.dll
2011-08-22 23:48:54 . 2005-11-05 00:52:47 1469440 ------w- C:\WINDOWS\system32\inetcpl.cpl
2011-08-22 11:56:39 . 2005-11-05 00:52:46 385024 ----a-w- C:\WINDOWS\system32\html.iec
2011-08-17 13:49:54 . 2005-11-05 00:52:21 138496 ----a-w- C:\WINDOWS\system32\drivers\afd.sys
2010-04-18 13:29:29 . 2010-04-18 13:31:32 115331072 ----a-w- C:\Program Files\Samsung New PC Studio.msi


------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.

[-] 2008-04-14 00:11:56 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 00:11:56 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\lpk.dll
[-] 2008-04-14 00:11:56 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\dllcache\lpk.dll
[7] 2004-08-04 12:00:00 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\lpk.dll

((((((((((((((((((((((((((((( SnapShot@2011-11-06_14.25.38 )))))))))))))))))))))))))))))))))))))))))

+ 2011-11-06 14:57:55 . 2011-11-06 14:57:55 16384 C:\WINDOWS\Temp\Perflib_Perfdata_684.dat
+ 2011-11-06 14:57:43 . 2011-11-06 14:57:43 16384 C:\WINDOWS\Temp\Perflib_Perfdata_1f4.dat
+ 2005-11-05 00:53:10 . 2011-11-06 15:37:04 72582 C:\WINDOWS\system32\perfc009.dat
+ 2005-11-05 00:53:10 . 2011-11-06 15:37:04 443482 C:\WINDOWS\system32\perfh009.dat

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 08:32:20 65536]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-21 03:56:47 68856]
"GameDrive"="C:\Program Files\FarStone\GameDrive\gdtask.exe" [2003-05-21 14:34:38 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2005-11-10 19:14:06 15473664]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 01:05:00 344064]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-14 23:28:02 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-14 23:26:40 688218]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2005-11-25 21:07:16 352256]
"NDSTray.exe"="NDSTray.exe" [BU]
"Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [2005-11-10 18:24:50 73728]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 14:29:08 88203]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-08-01 13:10:00 122940]
"TFncKy"="TFncKy.exe" [BU]
"TPSMain"="TPSMain.exe" [2005-06-01 05:00:12 282624]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-07-15 18:52:42 1077322]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 00:13:20 122880]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 01:37:26 151552]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-20 01:30:00 45632]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2005-07-11 11:51:26 1695744]
"GameDrive"="C:\Program Files\FarStone\GameDrive\GDTask.exe" [2003-05-21 14:34:38 94208]
"Auto EPSON Stylus CX5400 on MAIN"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE" [BU]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 22:58:10 37296]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 04:59:06 937920]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2010-11-29 22:38:18 421888]
"hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 15:54:08 150016]
"AVG_TRAY"="C:\Program Files\AVG\AVG10\avgtray.exe" [2011-09-10 10:28:50 2338656]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 17:06:06 254696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 00:12:16 15360]

C:\Documents and Settings\Kids\Start Menu\Programs\Startup\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [N/A]

C:\Documents and Settings\Virginia1\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [N/A]
OpenOffice.org 3.3.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HotSync Manager.lnk - C:\Program Files\Palm\Hotsync.exe [2008-1-3 1392640]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
Metamail Trust Manager.lnk - C:\Program Files\Metamail Inc\Metamail Tray\Metamail Trust Manager.exe [2005-11-29 329472]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync\0C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= C:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"C:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield Vietnam\\bfvietnam.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"C:\\Program Files\\Atari\\Risk II\\RiskII.exe"=
"C:\\Program Files\\FarStone\\GameDrive\\MGR.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"=
"C:\\Program Files\\Diablo\\diablo.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Hasbro Interactive\\Battleship SURFACE THUNDER\\Battleship2.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"C:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
"C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"C:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"C:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"C:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
"C:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"20001:UDP"= 20001:UDP:MicroSAN
"427:UDP"= 427:UDP:SLP_Port(427)

R0 AVGIDSEH;AVGIDSEH;C:\WINDOWS\system32\drivers\AVGIDSEH.sys [2/22/2011 7:13:02 AM 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;C:\WINDOWS\system32\drivers\avgrkx86.sys [3/16/2011 3:03:20 PM 32592]
R0 sptd;sptd;C:\WINDOWS\system32\drivers\sptd.sys [11/27/2006 9:05:05 PM 691696]
R1 Avgldx86;AVG AVI Loader Driver;C:\WINDOWS\system32\drivers\avgldx86.sys [1/7/2011 5:41:46 AM 248656]
R1 Avgtdix;AVG TDI Driver;C:\WINDOWS\system32\drivers\avgtdix.sys [4/4/2011 11:59:56 PM 297168]
R1 gdxwdm;GDXWDM;C:\WINDOWS\system32\drivers\gdxwdm.sys [5/24/2003 4:34:46 AM 59937]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [8/18/2011 12:33:06 AM 7390560]
R2 avgwd;AVG WatchDog;C:\Program Files\AVG\AVG10\avgwdsvc.exe [2/8/2011 4:33:42 AM 269520]
R2 FsUsbExService;FsUsbExService;C:\WINDOWS\system32\FsUsbExService.Exe [4/18/2010 8:37:52 AM 238952]
R3 AVGIDSDriver;AVGIDSDriver;C:\WINDOWS\system32\drivers\AVGIDSDriver.sys [4/14/2011 8:28:42 PM 134480]
R3 AVGIDSFilter;AVGIDSFilter;C:\WINDOWS\system32\drivers\AVGIDSFilter.sys [2/10/2011 6:53:52 AM 24144]
R3 AVGIDSShim;AVGIDSShim;C:\WINDOWS\system32\drivers\AVGIDSShim.sys [2/10/2011 6:53:54 AM 27216]
R3 FsUsbExDisk;FsUsbExDisk;C:\WINDOWS\system32\FsUsbExDisk.Sys [4/18/2010 8:37:52 AM 36608]
S2 gupdate;Google Update Service (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [2/4/2010 8:40:16 PM 135664]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files\Google\Update\GoogleUpdate.exe [2/4/2010 8:40:16 PM 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys --> C:\WINDOWS\system32\drivers\mbamswissarmy.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - FSUSBEXDISK

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

Contents of the 'Scheduled Tasks' folder

2011-09-12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34:12 . 2008-07-30 16:34:12]

2011-11-06 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-05 01:40:16 . 2010-02-05 01:40:07]

2011-11-06 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-05 01:40:16 . 2010-02-05 01:40:07]


------- Supplementary Scan -------

uStart Page = https://login.yahoo.com/config/login_verify2?&.src=ym
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
Trusted Zone: honda.com\www.in
TCP: DhcpNameServer = 192.168.1.254

Hello dsmryder :),

ken545 will not be available for couple of days, so I will step in to help you.

The ComboFix log is incomplete, but we will come back to it if required later.

After reviewing the all the results so far, I think your hard disk is failing.

Some backup option for you as below, please backup your data if you have not, then we will check the hard disk.

These articles; System Backup for Windows XP (http://www.kellys-korner-xp.com/win_xp_backup.htm) and XP Backup (http://www.theeldergeek.com/backup_using_wizard.htm), explain the whats and hows using the Windows built-in backup tool.

Some good and free alternative third party backup or imaging softwares that you can consider are Cobian Backup (http://www.educ.umu.se/~cobian/cobianbackup.htm) and Macrium Reflect (http://www.macrium.com/reflectfree.asp). Tutorial for Cobian Backup can be found here (http://www.bleepingcomputer.com/tutorials/tutorial127.html) and Macrium Reflect here (http://www.howtogeek.com/howto/7363/macrium-reflect-is-a-free-and-easy-to-use-backup-utility/).

For paid version, Acronis True Image Home (http://www.acronis.com/homecomputing/) is a good option.

--------------------

Proceed this step after you have completed backup.

Check your hard disk for error

Go to Start > Run.... Copy and paste the following text into the white box:

cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt"
Click OK. A command prompt window will appear for a while. Please wait until it closes.
Post the contents of checkhd.txt. It is found on your desktop.

--------------------

Please post back:
1. chkdsk result

What do you think of gparted

Hello dsmryder :),

Frankly, I am not familiar with it. Does not appear to be a backup program.

Please post chkdsk result.

The type of the file system is NTFS.
Volume label is SQ003982P01.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
CHKDSK is verifying indexes (stage 2 of 3)...
CHKDSK is recovering lost files.
CHKDSK is verifying security descriptors (stage 3 of 3)...
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
Correcting errors in the master file table's (MFT) BITMAP attribute.
Correcting errors in the Volume Bitmap.
Windows found problems with the file system.
Run CHKDSK with the /F (fix) option to correct these.

69755094 KB total disk space.
50441324 KB in 134858 files.
60652 KB in 11391 indexes.
0 KB in bad sectors.
363574 KB in use by the system.
65536 KB occupied by the log file.
18889544 KB available on disk.

4096 bytes in each allocation unit.
17438773 total allocation units on disk.
4722386 allocation units available on disk.


I tried to perform some back_up options, I kept getting read and write errors.
I guess I should run chkdsk again? Could I use the same switches and redirects to get a text file?

Hello dsmryder :),

Could you provide me the exact error messages? Are you using the Windows backup tool or a third party backup software? If they are not working correctly, you could try copying all your important data to an external drive or burn them into CDs or DVDs.

--------------------

Go to Start > Run.... Copy and paste the following text into the white box:

cmd /c chkdsk c: /f
Chkdsk will proceed a fix and you may need to reboot your computer.
If you need help, please take a look at this Chkdsk tutorial (http://forums.whatthetech.com/How_run_CHKDSK_Windows_XP_t102348.html).

--------------------

Please download MiniToolBox© by farbar and save it to your desktop. Click here. (http://download.bleepingcomputer.com/farbar/MiniToolBox.exe)

Double click on MiniToolBox.exe to run it.
Please check (tick) the following options:
List last 10 Event Viewer Errors
List Installed Programs
List Users, Partitions and Memory size.
List Minidump Files
Click on the GO button. A log will open.
Please post the contents of this log. It can also be found on the desktop as Result.txt.

--------------------

Please post back:
1. if already done backup
2. how did the chkdsk fix go
3. MiniToolBox result
3. an update on how the computer is behaving

MiniToolBox by Farbar
Ran by Virginia1 (administrator) on 13-11-2011 at 23:51:50
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/06/2011 10:57:15 AM) (Source: ESENT) (User: )
Description: svchost (1312) An attempt to read from the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" at offset 659456 (0x00000000000a1000) for 4096 (0x00001000) bytes failed with system error 23 (0x00000017): "Data error (cyclic redundancy check). ". The read operation will fail with error -1022 (0xfffffc02). If this error persists then the file may be damaged and may need to be restored from a previous backup.

Error: (11/06/2011 10:54:12 AM) (Source: ESENT) (User: )
Description: svchost (1312) An attempt to read from the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" at offset 655360 (0x00000000000a0000) for 4096 (0x00001000) bytes failed with system error 23 (0x00000017): "Data error (cyclic redundancy check). ". The read operation will fail with error -1022 (0xfffffc02). If this error persists then the file may be damaged and may need to be restored from a previous backup.

Error: (11/06/2011 09:33:45 AM) (Source: ESENT) (User: )
Description: svchost (1284) An attempt to read from the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" at offset 659456 (0x00000000000a1000) for 4096 (0x00001000) bytes failed with system error 23 (0x00000017): "Data error (cyclic redundancy check). ". The read operation will fail with error -1022 (0xfffffc02). If this error persists then the file may be damaged and may need to be restored from a previous backup.

Error: (11/06/2011 09:28:16 AM) (Source: ESENT) (User: )
Description: svchost (1284) An attempt to read from the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" at offset 659456 (0x00000000000a1000) for 4096 (0x00001000) bytes failed with system error 23 (0x00000017): "Data error (cyclic redundancy check). ". The read operation will fail with error -1022 (0xfffffc02). If this error persists then the file may be damaged and may need to be restored from a previous backup.

Error: (11/06/2011 09:24:51 AM) (Source: ESENT) (User: )
Description: svchost (1284) An attempt to read from the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" at offset 655360 (0x00000000000a0000) for 4096 (0x00001000) bytes failed with system error 23 (0x00000017): "Data error (cyclic redundancy check). ". The read operation will fail with error -1022 (0xfffffc02). If this error persists then the file may be damaged and may need to be restored from a previous backup.

Error: (11/02/2011 09:04:28 PM) (Source: Application Error) (User: )
Description: Fault bucket -1649828481.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (11/02/2011 09:04:24 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.19154, fault address 0x00067a38.
Processing media-specific event for [iexplore.exe!ws!]

Error: (11/02/2011 09:03:48 PM) (Source: Application Error) (User: )
Description: Fault bucket -1649828481.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (11/02/2011 09:03:44 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.19154, fault address 0x00067a38.
Processing media-specific event for [iexplore.exe!ws!]

Error: (11/02/2011 09:02:46 PM) (Source: Application Error) (User: )
Description: Fault bucket -1649828481.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.


System errors:
=============
Error: (11/13/2011 11:39:24 PM) (Source: Service Control Manager) (User: )
Description: The McAfee Real-time Scanner service failed to start due to the following error:
%%3

Error: (11/13/2011 11:27:34 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.

Error: (11/12/2011 09:51:10 PM) (Source: Service Control Manager) (User: )
Description: The McAfee Real-time Scanner service failed to start due to the following error:
%%3

Error: (11/12/2011 09:25:58 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (11/12/2011 09:11:24 PM) (Source: Dhcp) (User: )
Description: Your computer has lost the lease to its IP address 192.168.1.64 on the
Network Card with network address 0011F5DF4A0D.

Error: (11/10/2011 09:46:16 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (11/10/2011 09:27:47 PM) (Source: Service Control Manager) (User: )
Description: The McAfee Real-time Scanner service failed to start due to the following error:
%%3

Error: (11/10/2011 07:23:08 PM) (Source: Service Control Manager) (User: )
Description: The McAfee Real-time Scanner service failed to start due to the following error:
%%3

Error: (11/06/2011 11:40:21 AM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (11/06/2011 11:28:32 AM) (Source: System Error) (User: )
Description: Error code 00000019, parameter1 00000020, parameter2 887f3158, parameter3 887f3570, parameter4 1a830001.


Microsoft Office Sessions:
=========================
Error: (11/06/2011 10:57:15 AM) (Source: ESENT)(User: )
Description: svchost1312C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb659456 (0x00000000000a1000)4096 (0x00001000)-1022 (0xfffffc02)23 (0x00000017)Data error (cyclic redundancy check).

Error: (11/06/2011 10:54:12 AM) (Source: ESENT)(User: )
Description: svchost1312C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb655360 (0x00000000000a0000)4096 (0x00001000)-1022 (0xfffffc02)23 (0x00000017)Data error (cyclic redundancy check).

Error: (11/06/2011 09:33:45 AM) (Source: ESENT)(User: )
Description: svchost1284C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb659456 (0x00000000000a1000)4096 (0x00001000)-1022 (0xfffffc02)23 (0x00000017)Data error (cyclic redundancy check).

Error: (11/06/2011 09:28:16 AM) (Source: ESENT)(User: )
Description: svchost1284C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb659456 (0x00000000000a1000)4096 (0x00001000)-1022 (0xfffffc02)23 (0x00000017)Data error (cyclic redundancy check).

Error: (11/06/2011 09:24:51 AM) (Source: ESENT)(User: )
Description: svchost1284C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb655360 (0x00000000000a0000)4096 (0x00001000)-1022 (0xfffffc02)23 (0x00000017)Data error (cyclic redundancy check).

Error: (11/02/2011 09:04:28 PM) (Source: Application Error)(User: )
Description: -1649828481

Error: (11/02/2011 09:04:24 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702mshtml.dll8.0.6001.1915400067a38

Error: (11/02/2011 09:03:48 PM) (Source: Application Error)(User: )
Description: -1649828481

Error: (11/02/2011 09:03:44 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702mshtml.dll8.0.6001.1915400067a38

Error: (11/02/2011 09:02:46 PM) (Source: Application Error)(User: )
Description: -1649828481


=========================== Installed Programs ============================

32 Bit HP CIO Components Installer (Version: 3.1.1)
7-Zip 4.65
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Adobe AIR (Version: 1.0.4990)
Adobe AIR (Version: 1.0.8.4990)
Adobe Flash Player 11 ActiveX (Version: 11.0.1.152)
Adobe Reader 9.4.6 (Version: 9.4.6)
Adobe Shockwave Player 11.5 (Version: 11.5.1.601)
Adobe SVG Viewer 3.0 (Version: 3.0)
Alt-Tab Task Switcher Powertoy for Windows XP (Version: 1.00.0001)
Apple Application Support (Version: 1.4.1)
Apple Software Update (Version: 2.1.1.116)
Arthur's Kindergarten
Arthur's Math Games
Atheros Client Utility (Version: 1.41.000)
Atheros Wireless LAN MiniPCI card Driver (Version: 1.26.000)
ATI - Software Uninstall Utility (Version: 6.14.10.1012)
ATI Control Panel (Version: 6.14.10.5160)
ATI Display Driver (Version: 8.162-050803a2-028209C-Toshiba)
AVG 2011 (Version: 10.0.1411)
AVG 2011 (Version: 10.0.2092)
Battlefield 1942
Battlefield 1942 Secret Weapons of WWII Demo
Battlefield Vietnam(TM)
Battleship SURFACE THUNDER
BufferChm (Version: 120.0.194.000)
C6300 (Version: 120.0.235.000)
C6300_Help (Version: 110.0.218.000)
Caillou Ready For School
CareBears Catch A Star (remove only)
CD/DVD Drive Acoustic Silencer (Version: 1.00.008)
ClearType Tuning Control Panel Applet (Version: 1.01.0000)
CloneDVD2
CustomerResearchQFolder (Version: 1.00.0000)
Destination Component (Version: 110.0.0.0)
DeviceDiscovery (Version: 120.0.194.000)
DeviceManagementQFolder (Version: 1.00.0000)
Diablo
DocProc (Version: 11.0.0.0)
DocProcQFolder (Version: 1.00.0000)
Dogz (remove only)
DVD-RAM Driver (Version: 5.0.2.0)
DVD Decrypter (Remove Only)
DVDFab 7.0.9.3 (08/08/2010)
ERUNT 1.1j
ESET Online Scanner v3
First Thousand Words
Free Download Manager 2.5
GameDrive (Version: 7.11)
Google Earth (Version: 5.0.11337.1968)
Google Earth (Version: 5.1.3533.1731)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.1.2003.1856)
Google Update Helper (Version: 1.3.21.69)
Google Updater (Version: 2.4.1536.6592)
GPBaseService2 (Version: 130.0.371.000)
High Definition Audio Driver Package - KB888111 (Version: 20040219.000000)
HiJackThis (Version: 1.0.0)
HP Customer Participation Program 12.0 (Version: 12.0)
HP Driver Diagnostics (Version: 1.03.0009)
HP Imaging Device Functions 12.0 (Version: 12.0)
HP Photosmart C6300 All-In-One Driver Software 12.0 Rel .4 (Version: 12.0)
HP Photosmart Essential 3.5 (Version: 3.5)
HP Smart Web Printing (Version: 4.05)
HP Solution Center 13.0 (Version: 13.0)
HP Update (Version: 5.002.008.001)
HPDiagnosticAlert (Version: 1.00.0000)
HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000)
HPPhotosmartEssential (Version: 2.04.0000)
HPProductAssistant (Version: 130.0.371.000)
Intel(R) Processor ID Utility (Version: 4.22.0000)
InterActual Player
InterVideo WinDVD for TOSHIBA (Version: 5.0-B11.529)
J2SE Runtime Environment 5.0 Update 4 (Version: 1.5.0.40)
Java Auto Updater (Version: 2.0.6.1)
Java(TM) 6 Update 2 (Version: 1.6.0.20)
Java(TM) 6 Update 22 (Version: 6.0.220)
Java(TM) 6 Update 29 (Version: 6.0.290)
Java(TM) 6 Update 5 (Version: 1.6.0.50)
Java(TM) 6 Update 7 (Version: 1.6.0.70)
Macromedia Flash Player 8 (Version: 8.0.22.0)
Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)
MarketResearch (Version: 120.0.226.000)
Metamail (Toshiba Registration Utility) (Version: 4.5)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Age of Empires
Microsoft Age of Empires Expansion
Microsoft Age of Empires II
Microsoft Age of Empires II: The Conquerors Expansion
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6425.1000)
Microsoft Office Visio Viewer 2007 (Version: 12.0.6425.1000)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
MSVCSetup (Version: 1.00.0000)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Network (Version: 120.0.194.000)
No One Lives Forever - Game of the Year Edition
No One Lives Forever 2
OCR Software by I.R.I.S. 11.0 (Version: 11.0)
Office 2003 Trial Assistant (Version: 1.0.0)
OpenOffice.org 3.3 (Version: 3.3.9567)
Palm Desktop by ACCESS (Version: 6.4.0.0)
PanoStandAlone (Version: 110.0.180.000)
PS_AIO_04_C6300_ProductContext (Version: 110.0.218.000)
PS_AIO_04_C6300_Software (Version: 110.0.218.000)
PS_AIO_04_C6300_Software_Min (Version: 120.0.235.000)
PunkBuster for Battlefield Vietnam
PuTTY version 0.60 (Version: 0.60)
Quicken 2005 (Version: 14.00.0000)
QuickTime (Version: 7.69.80.9)
REALTEK Gigabit and Fast Ethernet NIC Driver (Version: 1.70)
Realtek High Definition Audio Driver (Version: 2.02)
Revo Uninstaller 1.93 (Version: 1.93)
Risk II (Version: 1.00.000)
Roxio Easy Media Creator 7 Basic DVD Edition (Version: 7.2.0.15)
SAMSUNG Android USB Modem Software
SAMSUNG Mobile Composite Device Software
Samsung Mobile Modem Device Software
SAMSUNG Mobile Modem Driver Set
SAMSUNG Mobile Modem V2 Software
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Download Driver Software
SAMSUNG Mobile USB Driver (Version: 1.00.0000)
SAMSUNG Mobile USB Modem 1.0 Software
Samsung Mobile USB Modem Device Software
SAMSUNG Mobile USB Modem Software
Samsung New PC Studio (Version: 1.00.0000)
Samsung New PC Studio USB Driver Installer (Version: 1.00.0000)
SAMSUNG USB Mobile Device Software
Scan (Version: 12.0.0.0)
Scholastic's I SPY Junior Puppet Playhouse
SmartWebPrinting (Version: 120.0.194.000)
SolutionCenter (Version: 130.0.373.000)
Sonic DLA (Version: 5.1.0)
Sonic RecordNow! (Version: 7.31)
Spybot - Search & Destroy (Version: 1.6.2)
Status (Version: 110.0.180.000)
Status (Version: 120.0.194.000)
Synaptics Pointing Device Driver (Version: 7.12.4.0)
The Land Before Time Kindergarten Adventure
Toolbox (Version: 120.0.194.000)
TOSHIBA Assist
TOSHIBA ConfigFree (Version: 5.70.09)
TOSHIBA Controls
TOSHIBA Hotkey Utility (Version: 1.00.01SE)
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Saver (Version: 7.03.07.I)
TOSHIBA Software Modem (Version: 2.1.62 (SM2162ALD02))
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA TouchPad ON/Off Utility (Version: 1.00.01SE)
TOSHIBA Utilities (Version: 1.00.04SE)
TOSHIBA Virtual Sound
TOSHIBA Zooming Utility
Touch and Launch
Transition Math K-1
TrayApp (Version: 120.0.194.000)
Tweak UI
UnloadSupport (Version: 11.0.0)
Viewpoint Media Player
Virtual Desktop Manager Powertoy for Windows XP (Version: 1.00.0001)
VirtualCom driver (Version: 1.0.0)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 120.0.194.000)
Windows Driver Package - ATEQ S.A (usbser) Ports (04/02/2009 6.1.2600.0) (Version: 04/02/2009 6.1.2600.0)
Windows Driver Package - MobileTop (sshpmdm) Modem (01/26/2008 2.6.0.0) (Version: 01/26/2008 2.6.0.0)
Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0) (Version: 02/23/2007 2.5.0.0)
Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0) (Version: 02/23/2007 2.5.0.0)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.7.0018.5)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.5.0530.0)
Windows Internet Explorer 7 (Version: 20061027.150806)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR archiver
Wise Registry Cleaner 5.9.4 (Version: 5.9.4)
Wizard101 (Version: 1.0.0)
Yahoo! Install Manager

========================= Memory info: ===================================

Percentage of memory in use: 63%
Total physical RAM: 1278.17 MB
Available physical RAM: 465.76 MB
Total Pagefile: 2407.79 MB
Available Pagefile: 1736.21 MB
Total Virtual: 2047.88 MB
Available Virtual: 1995.75 MB

========================= Partitions: =====================================

1 Drive c: (SQ003982P01) (Fixed) (Total:66.52 GB) (Free:17.88 GB) NTFS
2 Drive d: (UBCD4Windows) (CDROM) (Total:0.73 GB) (Free:0 GB) CDFS
4 Drive f: () (Fixed) (Total:7.76 GB) (Free:0.47 GB) NTFS

========================= Users: ========================================

User accounts for \\MOBILE

Administrator ASPNET Guest
HelpAssistant Kids Makayla
Robert SUPPORT_388945a0 Virginia
Virginia1

========================= Minidump Files ==================================

C:\WINDOWS\Minidump\Mini010408-01.dmp
C:\WINDOWS\Minidump\Mini010710-01.dmp
C:\WINDOWS\Minidump\Mini012209-01.dmp
C:\WINDOWS\Minidump\Mini041208-01.dmp
C:\WINDOWS\Minidump\Mini041608-01.dmp
C:\WINDOWS\Minidump\Mini052408-01.dmp
C:\WINDOWS\Minidump\Mini060407-01.dmp
C:\WINDOWS\Minidump\Mini070609-01.dmp
C:\WINDOWS\Minidump\Mini070709-01.dmp
C:\WINDOWS\Minidump\Mini072108-01.dmp
C:\WINDOWS\Minidump\Mini101408-01.dmp
C:\WINDOWS\Minidump\Mini110509-01.dmp
C:\WINDOWS\Minidump\Mini110611-01.dmp
C:\WINDOWS\Minidump\Mini110611-02.dmp
C:\WINDOWS\Minidump\Mini122207-01.dmp
C:\WINDOWS\Minidump\Mini122207-02.dmp
C:\WINDOWS\Minidump\Mini122407-01.dmp

**** End of log ****

Not too worried about backing up my laptop, it's not my main computer. My backup attempts failed due to cyclick redundancy errors. If the harddrive is failing, that would explain a bunch. I didn't see the results of chkdsk /f, went to bed after starting it. But it didn't say anything to me. Is that good? After One of the first scans, the computer has been acting better, booting up faster, taking a lot less time to open programs. If the HDD is failing I'll just need to save my pennies to get a new one. I do appreciate y'all's help.
Thank you, Robert.

Hello dsmryder :),

Yes, everything is pointing to hard disk failure. Quite unfortunate things have to end this way.

To finish up, lets clear off the tools that were used and I will list some recommendations below for your new drive or laptop.


Go to Start > Run.... Copy and paste the following text into the white box:
ComboFix /uninstall
Click OK.
Run OTL by double clicking on OTL.exe. Click on CleanUp, proceed to reboot if prompted.
Delete the MiniToolBox and aswMBR files on your desktop.
Delete any logs on the desktop.

Some tips to help you stay clean and safe for the new set up:

1. Keep your Windows up to date. Enable Automatic Updates for Windows XP (http://www.bleepingcomputer.com/tutorials/tutorial35.html), Windows Vista (https://www.microsoft.com/windows/downloads/windowsupdate/learn/windowsvista.mspx) or Windows 7 (http://windows.microsoft.com/en-us/windows7/Turn-automatic-updating-on-or-off) to always update the latest security patches from Microsoft, or you can download from the Microsoft website. Otherwise, your computer will be vulnerable to new exploits or malwares.

2. Update your Antivirus program regularly, it is a must for constant protection against viruses. If you do not have one, Microsoft Security Essentials (http://www.microsoft.com/security_essentials/) and Avast (http://www.avast.com/eng/download-avast-home.html) are some great and free antivirus programs that you can try. For paid versions, Avast, ESET NOD32 (http://www.eset.com/products/nod32.php) and Kaspersky (http://www.kaspersky.com/kaspersky_anti-virus) are some good options. Please keep only one AV installed.

3. Install Malwarebytes' Anti-Malware if you haven't and use it occasionally. It is a new and powerful anti-malware tool (http://www.malwarebytes.org/mbam.php), totally free but for real-time protection you will have to pay a small one-time fee.

4. Install WinPatrol, a great protection program (http://www.winpatrol.com/) that helps you monitor for unwanted files or applications.

5. Use a hosts file to block the access of bad sites from your computer. Get yourself a MVPS Hosts (http://www.mvps.org/winhelp2002/hosts.htm) for this purpose.

6. Install Web of Trust (WOT). WOT (http://www.mywot.com/) keeps you from dangerous websites with warnings and blockings.

7. Protect your computer from removable or USB drive infections with MCShield (http://amf.mycity.rs/programs/mc/mcshield/), an effective method to prevent malware from spreading.

8. Keep all your softwares updated. Visit Secunia Software Inspector (http://secunia.com/software_inspector/) to find out if any updates required.

9. Also look up:
Computer Security - a short guide to staying safer online (http://www.malwareremoval.com/forum/viewtopic.php?f=4&t=54766)
PC Safety and Security - What Do I Need? By Glaswegian (http://www.techsupportforum.com/security-center/general-computer-security/525915-pc-safety-security-what-do-i-need.html)
How to prevent malware: By miekiemoes (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html)
So how did I get infected in the first place? By Tony Klein (http://forums.spybot.info/showthread.php?t=279)
Microsoft Online Safety (http://www.microsoft.com/protect/default.aspx)

Stay safe.

Your donation helps in improving Spybot-S&D! (http://www.safer-networking.org/en/donate/index.html)

I know. It's too late, but thank you.
I plan on dropping some coins in your change jar when I can

You are welcome and thank you as well :).

As your problems appear to have been resolved, this topic is now closed.

We are glad to be of help. If you are satisfied with our assistance and wish to donate to help with the costs of this volunteer site, please read :
Your donation helps in improving Spybot-S&D! (http://www.safer-networking.org/en/donate/index.html)