OTL logfile created on: 01/10/2009 9:16:53 PM - Run 1 OTL by OldTimer - Version 3.0.17.0 Folder = C:\in Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy 2.00 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 75.21% Memory free 4.00 Gb Paging File | 3.74 Gb Available in Paging File | 93.56% Paging File free Paging file location(s): C:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 232.82 Gb Total Space | 17.61 Gb Free Space | 7.57% Space Free | Partition Type: NTFS Drive D: | 1.76 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS E: Drive not present or media not loaded Drive F: | 581.58 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive K: | 465.76 Gb Total Space | 247.38 Gb Free Space | 53.11% Space Free | Partition Type: NTFS Drive P: | 82.19 Gb Total Space | 39.89 Gb Free Space | 48.53% Space Free | Partition Type: NTFS Drive V: | 465.76 Gb Total Space | 345.11 Gb Free Space | 74.10% Space Free | Partition Type: NTFS Computer Name: ORION2 Current User Name: drose Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2009/06/17 15:17:05 | 00,434,864 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe PRC - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe PRC - [2007/09/12 19:27:24 | 00,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe PRC - [2009/08/28 09:55:50 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe PRC - [2009/01/13 11:28:46 | 01,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe PRC - [2004/06/29 11:22:56 | 00,073,852 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe PRC - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2009/06/30 12:16:16 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe PRC - [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE PRC - [2008/12/26 01:08:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe PRC - [2009/08/28 09:56:04 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe PRC - [2009/08/28 09:55:59 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe PRC - [2000/06/26 08:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MsPMSPSv.exe PRC - [2004/06/29 11:23:32 | 00,135,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe PRC - [2003/09/17 10:43:36 | 00,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Surround Mixer\CTSysVol.exe PRC - [2009/08/28 09:55:54 | 02,007,832 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe PRC - [2009/07/25 05:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe PRC - [2007/06/05 15:17:08 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe PRC - [2007/07/23 10:33:58 | 05,803,368 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office Communicator\Communicator.exe PRC - [2006/10/18 20:05:26 | 00,204,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe PRC - [2009/03/05 16:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009/06/30 15:36:41 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Documents and Settings\drose\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2009/09/16 20:55:50 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2008/04/13 19:12:37 | 00,135,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\taskmgr.exe PRC - [2009/10/01 21:16:05 | 00,519,168 | ---- | M] (OldTimer Tools) -- C:\in\OTL.exe [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running]) SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped]) SRV - [2005/11/22 22:43:53 | 00,393,216 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Stopped]) SRV - [2005/11/22 22:05:00 | 00,520,192 | ---- | M] () -- C:\WINDOWS\System32\ati2sgag.exe -- (ATI Smart [Auto | Stopped]) SRV - [2007/09/12 19:27:24 | 00,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Running]) SRV - [2009/08/28 09:55:50 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running]) SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) SRV - [2009/01/13 11:28:46 | 01,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND [Auto | Running]) SRV - [2007/12/11 07:52:22 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped]) SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped]) SRV - [2009/04/29 08:38:06 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9c8cfbf3b8d0a [Auto | Stopped]) SRV - [2009/04/29 08:39:06 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped]) SRV - [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running]) SRV - [2004/06/29 11:22:56 | 00,073,852 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe -- (IAANTMon [Auto | Running]) SRV - [2005/11/14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped]) SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped]) SRV - [2008/11/20 14:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped]) SRV - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running]) SRV - [2007/09/12 19:27:24 | 02,999,664 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate [On_Demand | Stopped]) SRV - [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running]) SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped]) SRV - [2007/03/28 20:41:24 | 03,290,728 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost [Disabled | Stopped]) SRV - [2008/12/26 01:08:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running]) SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped]) SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped]) SRV - [2004/07/21 09:21:18 | 00,434,245 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe -- (PDEngine [Disabled | Stopped]) SRV - [2004/07/21 09:21:54 | 00,200,771 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDSched.exe -- (PDSched [Disabled | Stopped]) SRV - [2009/01/11 15:53:40 | 00,066,872 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrA.exe -- (PnkBstrA [Disabled | Stopped]) SRV - [2009/01/11 15:53:45 | 00,107,832 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe -- (PnkBstrB [Disabled | Stopped]) SRV - [2007/11/06 15:22:26 | 00,092,792 | ---- | M] (CACE Technologies) -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd [On_Demand | Stopped]) SRV - [2007/01/19 13:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [Disabled | Stopped]) SRV - [2009/06/17 15:17:05 | 00,434,864 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent [Auto | Running]) SRV - [2000/06/26 08:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MsPMSPSv.exe -- (WMDM PMSP Service [Auto | Running]) SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [Disabled | Stopped]) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://weatheroffice.ec.gc.ca/city/pages/mb-38_metric_e.html IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "http://www.drcs.ca/mythweb/|https://www.google.com/hosted/drcs.ca/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fhosted%2Fdrcs.ca%2F<mpl=yj_blanco<mplcache=2|http://weatheroffice.ec.gc.ca/city/pages/mb-38_metric_e.html" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1 FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5 FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.32.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:0.0.0 FF - prefs.js..extensions.enabledItems: {06997db0-c027-4d5f-bd37-b0d9230226ea}:0.52 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3 FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/06/29 08:10:07 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 03:00:38 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/04/25 14:37:36 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2009/09/04 17:32:19 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/16 20:55:54 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/16 20:55:54 | 00,000,000 | ---D | M] [2009/04/25 14:38:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\drose\Application Data\mozilla\Extensions [2008/08/06 06:24:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\drose\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009/04/25 14:38:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\drose\Application Data\mozilla\Extensions\mozswing@mozswing.org [2009/10/01 08:34:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\drose\Application Data\mozilla\Firefox\Profiles\g9woyp9f.default\extensions [2009/05/26 08:03:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\drose\Application Data\mozilla\Firefox\Profiles\g9woyp9f.default\extensions\{06997db0-c027-4d5f-bd37-b0d9230226ea} [2007/10/28 11:40:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\drose\Application Data\mozilla\Firefox\Profiles\g9woyp9f.default\extensions\{32537848-7D38-4ee2-B5A2-47562E69C59E} [2009/02/09 17:15:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\drose\Application Data\mozilla\Firefox\Profiles\g9woyp9f.default\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25c} [2009/08/17 21:53:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\drose\Application Data\mozilla\Firefox\Profiles\g9woyp9f.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2008/01/10 22:08:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\drose\Application Data\mozilla\Firefox\Profiles\g9woyp9f.default\extensions\firebug@software.joehewitt.com [2009/04/25 10:37:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\drose\Application Data\mozilla\Firefox\Profiles\g9woyp9f.default\extensions\webdavlauncher@benryan.com [2009/10/01 08:34:10 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2007/02/02 18:17:53 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/09/16 20:55:54 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/04/25 14:37:45 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [2009/05/13 05:24:16 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009/06/11 06:25:11 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [2009/08/17 21:42:47 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [2009/09/16 20:55:50 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2009/09/16 20:55:50 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2007/11/08 15:39:00 | 00,827,392 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\libeay32.dll [2009/07/25 05:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll [2008/10/17 13:29:52 | 01,332,224 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll [2008/09/15 19:12:12 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll [2007/02/04 13:26:26 | 01,124,080 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPFxViewer.dll [2006/11/29 17:32:30 | 01,440,560 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll [2007/11/08 15:39:00 | 00,864,256 | ---- | M] (VMware, Inc.) -- C:\Program Files\mozilla firefox\plugins\npmks.dll [2009/09/16 20:55:51 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll [2006/10/26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2008/10/14 22:33:30 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2008/11/22 09:23:05 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2008/11/22 09:23:05 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2008/11/22 09:23:05 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2008/11/22 09:23:05 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2008/11/22 09:23:05 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2008/11/22 09:23:05 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2008/11/22 09:23:05 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2007/11/08 15:39:00 | 00,159,744 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\ssleay32.dll [2009/08/15 07:15:45 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml [2009/08/15 07:15:45 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml [2009/08/15 07:15:45 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml [2009/08/15 07:15:45 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml [2009/08/15 07:15:45 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2009/08/15 07:15:45 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml [2009/08/15 07:15:45 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml O1 HOSTS File: (330021 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 11300 more lines... O2 - BHO: (VirtualCamera IEMenu Class) - {0246A1A7-820A-469A-85A7-7B7F01EB808C} - C:\Program Files\VirtualCamera\VirtualCameraMenu.dll (MorningSound Soft) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.) O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.32.0\gears.dll (Google Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found. O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\Surround Mixer\CTSysVol.exe (Creative Technology Ltd) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [COMMUNICATOR] C:\Program Files\Microsoft Office Communicator\Communicator.exe (Microsoft Corporation) O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\drose\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{F3C1DE9E-5E16-4BA9-B854-7B53A45E3579}\Icon3E5562ED7.ico () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.32.0\gears.dll (Google Inc.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 59 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Domains: ([]msn in My Computer) O15 - HKCU\..Trusted Domains: adobe.com ([www] http in Local intranet) O15 - HKCU\..Trusted Domains: vantagemedia.com ([vpn] https in Trusted sites) O15 - HKCU\..Trusted Domains: vantage-media.net ([webvpn] https in Local intranet) O15 - HKCU\..Trusted Domains: vm.local ([]* in Local intranet) O15 - HKCU\..Trusted Domains: vm.local ([]https in Trusted sites) O15 - HKCU\..Trusted Domains: vm.local ([dw02-drac] https in Local intranet) O15 - HKCU\..Trusted Domains: 61 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class) O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool) O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5) O16 - DPF: {0DA69429-A757-4D6F-A827-DB1AF052DDAF} https://mytbb.primus.ca/webportal/plugins/VA.cab () O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {2D0CBE69-DAFC-11D3-96D2-0020182E2E27} http://itanium2.dialcom.com/videoskype/spontania4skype083.cab (Reg Error: Key error.) O16 - DPF: {338095E4-1806-4BA3-AB51-38A3179200E9} https://vsh11.vm.local/ui/plugin/vmware-vmrc-win32-x86.cab (QuickMksAxCtl Class) O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/images/global/js/scanner/SysProExe.cab (Scanner.SysScanner) O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc.cab (Office Update Installation Engine) O16 - DPF: {43E4476A-6C11-4274-AFA4-DF665B26EAE0} https://webprd21-drac.vmc.local/plugins/vkvm/ActiveXVideoViewer.cab (Session Viewer) O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.4.cab (DLM Control) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://spaces.msn.com//PhotoUpload/MsnPUpld.cab (MSN Photo Upload Tool) O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} https://scan.safety.live.com/resource/download/scanner/en-us/wlscbase3401.cab (Windows Live Safety Center Base Module) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1102389630236 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177950273173 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {8F0DF9DB-AA5A-4ED0-9176-1C4A9C762C59} http://sametime.ceridian.ca/sametime/stmeetingroomclient/STJNILoader.cab (JNILoader Control) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {B2FC031D-8C74-46AE-8042-BCF4FC03C1EF} http://hpqc.vm.local/sabin/Spider91.cab (Loader Class v4) O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab (MsnMessengerSetupDownloadControl Class) O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine) O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CC49479E-93A8-455E-959A-C49BE895D87C} https://mytbb.primus.ca/webportal/plugins/VMPlayer.cab () O16 - DPF: {CCA1618B-7D6E-4432-8FA4-3E01A1AD78A8} https://dw01-drac.vm.local/plugins/vm/rac5vm.cab (rac5vm Control) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {DC120706-9372-4B2E-AD15-F2135F51F30A} https://bb01-drac.vm.local/plugins/vkvm/ActiveXVideoViewer.cab (Session Viewer) O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} Reg Error: Value error. (Reg Error: Key error.) O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} http://costco.pnimedia.com/upload/activex/v2_0_0_11/PCAXSetupv2.0.0.11.cab? (Photo Upload Plugin Class) O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.) O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\intu-qt2007 {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll (Intuit Canada, a general partnership/une société en nom collectif.) O18 - Protocol\Handler\intu-qt2008 {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - C:\Program Files\QuickTax 2008\ic2008pp.dll (Intuit Canada, a general partnership/une société en nom collectif.) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\WINDOWS\system32\wmfhotfix.dll) - C:\WINDOWS\System32\wmfhotfix.dll () O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O20 - Winlogon\Notify\ckpNotify: DllName - Reg Error: Value error. - Reg Error: Value error. File not found O24 - Desktop Components:0 (My Current Home Page) - About:Home O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005/12/11 21:18:18 | 00,000,095 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009/04/25 01:34:12 | 00,053,248 | R--- | M] () - D:\autorun.exe -- [ CDFS ] O32 - AutoRun File - [2009/04/25 01:34:12 | 00,053,248 | R--- | M] () - D:\autorun.exe -- [ CDFS ] O32 - AutoRun File - [2009/04/25 01:34:14 | 00,000,558 | R--- | M] () - D:\autorun.inf -- [ CDFS ] O32 - AutoRun File - [2001/08/23 07:00:00 | 00,000,110 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{55237e52-98a5-11dc-a041-001111704781}\Shell - "" = AutoRun O33 - MountPoints2\{55237e52-98a5-11dc-a041-001111704781}\Shell\Auto\command - "" = H:\auto.exe -- File not found O33 - MountPoints2\{55237e52-98a5-11dc-a041-001111704781}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\setup.exe -- File not found O34 - HKLM BootExecute: (PDBoot.exe) - C:\WINDOWS\System32\PDBoot.exe (Raxco Software, Inc.) O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found O34 - HKLM BootExecute: (tExecute) - File not found O34 - HKLM BootExecute: (settings...) - File not found O34 - HKLM BootExecute: (on\Explo) - File not found NetSvcs: 6to4 - Service key not found. File not found NetSvcs: Ias - Service key not found. File not found NetSvcs: Iprip - Service key not found. File not found NetSvcs: Irmon - Service key not found. File not found NetSvcs: NWCWorkstation - Service key not found. File not found NetSvcs: Nwsapagent - Service key not found. File not found NetSvcs: WmdmPmSp - Service key not found. File not found NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation) [color=#E56717]========== Files/Folders - Created Within 14 Days ==========[/color] [8 C:\WINDOWS\*.tmp files] [2009/10/01 21:14:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\drose\Application Data\Malwarebytes [2009/10/01 21:14:13 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/10/01 21:14:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2009/10/01 21:14:11 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/10/01 21:14:11 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/10/01 08:19:13 | 24,139,81696 | -HS- | C] () -- C:\hiberfil.sys [2009/09/30 20:25:15 | 00,000,000 | ---D | C] -- C:\bin [2009/09/29 22:24:02 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\drose\Desktop\HijackThis.lnk [2009/09/29 22:24:00 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2009/09/29 22:12:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2009/09/29 22:11:38 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\drose\Desktop\ERUNT.lnk [2009/09/29 22:11:34 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT [2009/09/29 21:49:38 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\drose\Desktop\Spybot - Search & Destroy.lnk [2009/09/29 21:49:22 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2009/09/29 21:46:26 | 00,000,000 | ---D | C] -- C:\UBCD4Win [2009/09/29 21:02:12 | 00,000,691 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Photocopier.lnk [2009/09/29 21:02:07 | 00,210,200 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\TWNPRO3.DLL [2009/09/29 21:02:07 | 00,122,880 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\TWNLIB3.DLL [2009/09/29 21:02:07 | 00,000,000 | ---D | C] -- C:\Program Files\Photocopier [2009/09/29 20:58:13 | 00,000,240 | -H-- | C] () -- C:\WINDOWS\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job [2009/09/29 20:58:07 | 00,000,278 | -H-- | C] () -- C:\WINDOWS\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job [2009/09/29 20:58:04 | 00,000,000 | ---- | C] () -- C:\WINDOWS\win32k.sys [2009/09/29 20:53:59 | 00,000,000 | ---D | C] -- C:\Program Files\CopyNook [2009/09/27 08:54:11 | 00,000,000 | ---D | C] -- C:\Program Files\Cisco [2009/09/27 08:52:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\drose\Local Settings\Application Data\Cisco [2009/09/27 08:16:21 | 00,001,848 | ---- | C] () -- C:\Documents and Settings\drose\Desktop\ASDM on vpn.vm.local.lnk [color=#E56717]========== Files - Modified Within 14 Days ==========[/color] [7 C:\WINDOWS\System32\*.tmp files] [8 C:\WINDOWS\*.tmp files] [2009/10/01 08:25:26 | 00,000,240 | -H-- | M] () -- C:\WINDOWS\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job [2009/10/01 08:23:59 | 00,555,168 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009/10/01 08:23:59 | 00,466,748 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2009/10/01 08:23:59 | 00,079,674 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2009/10/01 08:22:11 | 42,040,164 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm [2009/10/01 08:22:11 | 00,002,202 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg [2009/10/01 08:21:01 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2009/10/01 08:20:47 | 00,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk [2009/10/01 08:20:26 | 00,199,939 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2009/10/01 08:19:57 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009/10/01 08:19:51 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2009/10/01 08:19:39 | 00,000,278 | -H-- | M] () -- C:\WINDOWS\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job [2009/10/01 08:19:31 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009/10/01 08:19:19 | 00,000,000 | ---- | M] () -- C:\WINDOWS\win32k.sys [2009/10/01 08:19:15 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009/10/01 08:19:13 | 24,139,81696 | -HS- | M] () -- C:\hiberfil.sys [2009/09/30 20:41:01 | 00,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-688789844-839522115-1003UA.job [2009/09/30 20:31:37 | 00,159,472 | ---- | M] () -- C:\Documents and Settings\drose\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2009/09/30 20:20:09 | 00,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg [2009/09/29 22:24:02 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\drose\Desktop\HijackThis.lnk [2009/09/29 22:11:38 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\drose\Desktop\ERUNT.lnk [2009/09/29 22:08:51 | 00,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2009/09/29 21:49:39 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\drose\Desktop\Spybot - Search & Destroy.lnk [2009/09/29 21:48:36 | 00,001,241 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\UBCD4Win.lnk [2009/09/29 21:21:10 | 00,507,400 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009/09/29 21:02:12 | 00,000,691 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Photocopier.lnk [2009/09/29 20:40:02 | 03,712,564 | -H-- | M] () -- C:\Documents and Settings\drose\Local Settings\Application Data\IconCache.db [2009/09/29 20:38:45 | 00,000,600 | ---- | M] () -- C:\Documents and Settings\drose\Local Settings\Application Data\PUTTY.RND [2009/09/29 15:41:00 | 00,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-688789844-839522115-1003Core.job [2009/09/27 08:16:22 | 00,001,848 | ---- | M] () -- C:\Documents and Settings\drose\Desktop\ASDM on vpn.vm.local.lnk [2009/09/23 20:09:28 | 00,002,644 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2009/09/20 07:44:11 | 00,001,930 | -H-- | M] () -- C:\Documents and Settings\drose\My Documents\Default.rdp [color=#E56717]========== LOP Check ==========[/color] [2009/10/01 21:14:12 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data [2008/11/22 09:24:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} [2008/01/01 11:35:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems [2008/11/27 12:08:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications [2009/02/21 14:28:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery [2009/02/12 23:38:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA-SupportBridge [2009/04/09 20:55:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco [2009/06/26 22:43:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink [2007/12/11 08:01:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet [2009/03/28 15:08:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft [2005/01/16 15:05:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft(2) [2009/02/21 21:34:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit Canada [2007/12/22 20:40:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus! [2004/12/12 12:36:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN6 [2005/12/11 23:07:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle [2006/03/03 21:27:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio [2009/01/07 21:35:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Plus [2009/01/07 21:39:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Ultimate [2008/04/22 20:37:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft [2004/12/12 14:43:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc [2006/07/09 20:48:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spontania4Skype [2009/01/07 21:35:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Studio 12 [2009/01/11 15:55:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft [2007/10/14 14:29:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems [2007/12/08 11:47:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk [2009/10/01 21:14:19 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\drose\Application Data [2004/12/15 21:21:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\drose\Application Data\.BitTornado [2006/12/28 23:03:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\drose\Application Data\ACD Systems [2006/03/24 11:46:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\drose\Application Data\Ahead [2005/12/22 20:51:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\drose\Application Data\ATI [2005/06/20 01:01:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\drose\Application Data\Camfrog [2009/09/27 08:52:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\drose\Application Data\Cisco [2004/12/06 23:24:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\drose\Application Data\CyberLink [2008/11/08 15:30:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\drose\Application Data\Download Manager [2009/05/05 21:51:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\drose\Application Data\dvdcss [2007/12/13 01:01:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\drose\Application Data\F5 Networks [2009/01/08 20:52:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\drose\Application Data\GetRightToGo [2009/02/21 21:35:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\drose\Application Data\Intuit Canada [2004/12/06 23:33:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\drose\Application Data\Leadertech [2009/04/25 15:12:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\drose\Application Data\LimeWire [2004/12/12 12:36:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\drose\Application Data\MSN6 [2009/09/25 21:05:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\drose\Application Data\MySQL [2008/10/19 20:31:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\drose\Application Data\Notepad++ [2008/05/11 09:49:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\drose\Application Data\OfficeUpdate12 [2005/11/13 09:27:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\drose\Application Data\Pegasys Inc [2009/01/07 22:05:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\drose\Application Data\proDAD [2008/06/02 23:45:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\drose\Application Data\Regrun [2009/01/31 21:00:03 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\drose\Application Data\SecuROM [2005/12/31 09:36:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\drose\Application Data\SmartFTP [2007/09/25 14:20:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\drose\Application Data\Subversion [2005/03/28 11:36:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\drose\Application Data\Thunderbird [2008/11/26 06:44:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\drose\Application Data\TortoiseSVN [2009/09/29 20:38:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\drose\Application Data\uTorrent [2007/12/08 16:39:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\drose\Application Data\Vso [2007/09/25 14:03:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\drose\Application Data\Windows Desktop Search [2009/04/07 22:51:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\drose\Application Data\Wireshark [2002/08/29 07:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini [2009/10/01 08:19:51 | 00,000,882 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job [2009/10/01 08:21:01 | 00,000,886 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job [2009/09/29 15:41:00 | 00,000,926 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-688789844-839522115-1003Core.job [2009/09/30 20:41:01 | 00,000,978 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-688789844-839522115-1003UA.job [2009/10/01 08:19:31 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT [2009/10/01 08:25:26 | 00,000,240 | -H-- | M] () -- C:\WINDOWS\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job [2009/10/01 08:19:39 | 00,000,278 | -H-- | M] () -- C:\WINDOWS\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color] [color=#A23BEC]< %systemroot%\system32\eventlog.dll >[/color] [2008/04/13 19:11:53 | 00,061,952 | ---- | M] () -- C:\WINDOWS\system32\eventlog.dll [7 C:\WINDOWS\system32\*.tmp files] [color=#A23BEC]< %systemroot%\system32\scecli.dll >[/color] [2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll [7 C:\WINDOWS\system32\*.tmp files] [color=#A23BEC]< %systemroot%\netlogon.dll >[/color] [color=#A23BEC]< %systemroot%\system32\cngaudit.dll >[/color] [color=#A23BEC]< %systemroot%\system32\sceclt.dll >[/color] [color=#A23BEC]< %systemroot%\ntelogon.dll >[/color] [color=#A23BEC]< %systemroot%\system32\logevent.dll >[/color] [2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\logevent.dll [7 C:\WINDOWS\system32\*.tmp files] < End of report >