Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google Redirect (Search & Reader) Very Stubborn [Closed]


  • This topic is locked This topic is locked

#1
paulhami

paulhami

    New Member

  • Member
  • Pip
  • 3 posts
I tried to open what I thought was a legitimate message (video) from a bonafide Facebook friend...Now Google searches and efforts to go to blogs in Google Reader are redirected. I think some of the installed security software on my XP Pro system is not functioning properly either.

I have worked through all of the steps of the Malware and Spyware Cleaning Guide, but the problems remain. I'm pasting the logs below. Many thanks for any help that you are able to offer.

MBAM Log:

Malwarebytes' Anti-Malware 1.37
Database version: 2267
Windows 5.1.2600 Service Pack 3

6/12/2009 11:59:19 AM
mbam-log-2009-06-12 (11-59-19).txt

Scan type: Quick Scan
Objects scanned: 107545
Time elapsed: 5 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 6
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 2
Files Infected: 11

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\program files\podmena\podmena.dll (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\podmena (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\podmena (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\podmena (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\podmenadrv (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\podmenadrv (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\podmenadrv (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\podmena (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\websrvx (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\podmena (Trojan.Downloader) -> Delete on reboot.

Files Infected:
c:\program files\podmena\podmena.dll (Trojan.Agent) -> Delete on reboot.
c:\program files\podmena\podmena.sys (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\msmark2.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\9g2234wesdf3dfgjf23 (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\f5087.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\f23567.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\ro122366.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\ro122390.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\ro122458.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\ro122849.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\dk39fi4fe.dat (Worm.KoobFace) -> Quarantined and deleted successfully.

Rooter Log:

Rooter.exe (v1.0) by Eric_71
¨
Microsoft Windows XP Professional (5.1.2600) Service Pack 3
32_bits - x86 Family 6 Model 15 Stepping 13, GenuineIntel
¨
C:\ [Fixed-NTFS] .. ( Total:114470 Mo - Free:12835 Mo )
D:\ [CD_Rom]
¨
Scan : 12:32.33
Path : C:\Documents and Settings\phamilton\Desktop\Rooter.exe
User : phamilton ( Administrator -> YES )
¨
----------------------\\ Processes
¨
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (1716)
______ \??\C:\WINDOWS\system32\csrss.exe (1768)
______ \??\C:\WINDOWS\system32\winlogon.exe (1800)
______ C:\WINDOWS\system32\services.exe (1848)
______ C:\WINDOWS\system32\lsass.exe (1860)
______ C:\WINDOWS\system32\svchost.exe (2040)
______ C:\WINDOWS\system32\svchost.exe (288)
______ C:\WINDOWS\System32\svchost.exe (368)
______ C:\WINDOWS\system32\svchost.exe (860)
______ C:\WINDOWS\system32\svchost.exe (904)
______ C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (1260)
______ C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (1288)
______ C:\WINDOWS\system32\spoolsv.exe (1436)
______ C:\WINDOWS\system32\svchost.exe (240)
______ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (596)
______ C:\Program Files\Bonjour\mDNSResponder.exe (632)
______ C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (660)
______ C:\Program Files\Symantec AntiVirus\DefWatch.exe (984)
______ C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe (1012)
______ C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE (1076)
______ C:\ITOOLS\INTELL~1\private\ikusbsvc.exe (1172)
______ C:\Program Files\Java\jre6\bin\jqs.exe (1188)
______ C:\WINDOWS\System32\svchost.exe (1212)
______ C:\WINDOWS\System32\svchost.exe (1232)
______ C:\Program Files\Spyware Doctor\pctsAuxs.exe (1248)
______ C:\Program Files\Spyware Doctor\pctsSvc.exe (1516)
______ C:\PROGRA~1\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe (756)
______ C:\WINDOWS\system32\svchost.exe (780)
______ C:\Program Files\Symantec AntiVirus\Rtvscan.exe (808)
______ C:\WINDOWS\system32\TODDSrv.exe (960)
______ C:\WINDOWS\system32\wbem\wmiprvse.exe (2096)
______ C:\WINDOWS\System32\alg.exe (2536)
______ C:\WINDOWS\system32\wbem\unsecapp.exe (2548)
______ C:\WINDOWS\Explorer.EXE (2884)
______ C:\WINDOWS\RTHDCPL.EXE (3576)
______ C:\WINDOWS\system32\TPSMain.exe (3908)
______ C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe (4048)
______ C:\Program Files\TOSHIBA\TouchPad\TPTray.exe (564)
______ C:\WINDOWS\system32\ZoomingHook.exe (580)
______ C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (656)
______ C:\WINDOWS\system32\igfxtray.exe (712)
______ C:\WINDOWS\system32\TPSBattM.exe (716)
______ C:\WINDOWS\system32\hkcmd.exe (788)
______ C:\WINDOWS\system32\igfxpers.exe (1628)
______ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (1732)
______ C:\WINDOWS\system32\igfxsrvc.exe (264)
______ C:\Program Files\Crick Software\USBKeys2\USBKeys.exe (4080)
______ C:\Program Files\Common Files\Symantec Shared\ccApp.exe (2420)
______ C:\PROGRA~1\SYMANT~2\VPTray.exe (2468)
______ C:\Program Files\Winamp\winampa.exe (2520)
______ C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (2600)
______ C:\Program Files\Common Files\Real\Update_OB\realsched.exe (2820)
______ C:\Program Files\Synaptics\SynTP\SynToshiba.exe (2828)
______ C:\Program Files\Java\jre6\bin\jusched.exe (2924)
______ C:\Program Files\iTunes\iTunesHelper.exe (3108)
______ C:\Program Files\Spyware Doctor\pctsTray.exe (3220)
______ C:\WINDOWS\system32\ctfmon.exe (3984)
______ C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (3400)
______ C:\PROGRA~1\MI3AA1~1\wcescomm.exe (3664)
______ C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe (3700)
______ C:\Documents and Settings\phamilton\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (3580)
______ C:\Program Files\Type Booster\typebooster.exe (1056)
______ C:\Program Files\Registry Mechanic\RegMech.exe (216)
______ C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (3872)
______ C:\PROGRA~1\MI3AA1~1\rapimgr.exe (708)
______ C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (3864)
______ C:\ITOOLS\IntelliKeys USB\private\iksystray.exe (1600)
______ C:\Program Files\SqueezeCenter\SqueezeTray.exe (2696)
______ C:\Program Files\iPod\bin\iPodService.exe (4068)
______ C:\PROGRA~1\SQUEEZ~1\server\SQUEEZ~1.EXE (2032)
______ C:\Program Files\WordWeb\wweb32.exe (3680)
______ C:\Program Files\Yuuguu\jre\bin\javaw.exe (380)
______ C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (3120)
______ C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE (2568)
______ C:\Program Files\Mozilla Firefox\firefox.exe (2260)
______ C:\Documents and Settings\phamilton\Desktop\Rooter.exe (3936)
¨
----------------------\\ Device\Harddisk0\
¨
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
¨
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:120031478784)
¨
----------------------\\ Scheduled Tasks
¨
C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\Google Software Updater.job
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3341296880-2298546112-91892142-1356.job
C:\WINDOWS\Tasks\Norton PC Checkup Setup.job
C:\WINDOWS\Tasks\Norton Security Scan for phamilton.job
C:\WINDOWS\Tasks\SA.DAT
C:\WINDOWS\Tasks\WGASetup.job
¨
----------------------\\ Registry
¨
¨
----------------------\\ Files & Folders
¨
----------------------\\ Scan completed at 12:34.31
¨
C:\Rooter$\Rooter_1.txt - (12/06/2009 | 12:34.31)

OTL Log:

OTL logfile created on: 6/12/2009 12:36:12 PM - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\phamilton\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.80 Gb Available Physical Memory | 40.25% Memory free
3.33 Gb Paging File | 1.84 Gb Available in Paging File | 55.38% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 12.53 Gb Free Space | 11.21% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SETBC149373
Current User Name: phamilton
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
PRC - C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe ()
PRC - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE ()
PRC - C:\ITOOLS\IntelliKeys USB\private\ikusbsvc.exe (IntelliTools, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
PRC - C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
PRC - C:\Program Files\SqueezeCenter\server\Bin\MSWin32-x86-multi-thread\mysqld.exe ()
PRC - C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
PRC - C:\WINDOWS\system32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\system32\TPSMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe (COMPAL ELECTRONIC INC.)
PRC - C:\Program Files\TOSHIBA\TouchPad\TPTray.exe (COMPAL ELECTRONIC INC.)
PRC - C:\WINDOWS\system32\ZoomingHook.exe (TOSHIBA)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\TPSBattM.exe (TOSHIBA Corporation)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation)
PRC - C:\Program Files\Crick Software\USBKeys2\USBKeys.exe (Crick Software Ltd)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
PRC - C:\Program Files\Winamp\winampa.exe ()
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynToshiba.exe (Synaptics, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
PRC - C:\Program Files\Simple Star\PhotoShow 5\data\Xtras\mssysmgr.exe (Simple Star, Inc.)
PRC - C:\Documents and Settings\phamilton\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
PRC - C:\Program Files\Type Booster\typebooster.exe ()
PRC - C:\Program Files\Registry Mechanic\RegMech.exe (PC Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\ITOOLS\IntelliKeys USB\private\iksystray.exe (IntelliTools, Inc.)
PRC - C:\Program Files\SqueezeCenter\SqueezeTray.exe (SlimDevices - A Logitech Company)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\SqueezeCenter\server\squeezecenter.exe (SlimDevices - A Logitech Company)
PRC - C:\Program Files\WordWeb\wweb32.exe (Antony Lewis)
PRC - C:\Program Files\Yuuguu\jre\bin\javaw.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG)
PRC - C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\phamilton\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (ccEvtMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
SRV - (ccPwdSvc [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (Symantec Corporation)
SRV - (ccSetMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CVPND [Auto | Running]) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (DefWatch [Auto | Running]) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
SRV - (FlipShare Service [Auto | Running]) -- C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe ()
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (gusvc [Auto | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (hpqcxs08 [On_Demand | Stopped]) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (ICDSPTSV [On_Demand | Stopped]) -- C:\WINDOWS\system32\IcdSptSv.exe (Sony Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (IJPLMSVC [Auto | Running]) -- C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE ()
SRV - (IntelliKeys USB Service [Auto | Running]) -- C:\ITOOLS\IntelliKeys USB\private\ikusbsvc.exe (IntelliTools, Inc.)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (Net Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\system32\HPZinw12.dll (Hewlett-Packard)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NMIndexingService [On_Demand | Running]) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\system32\HPZipm12.dll (Hewlett-Packard)
SRV - (SavRoam [On_Demand | Stopped]) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec)
SRV - (sdAuxService [Auto | Running]) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (sdCoreService [Auto | Running]) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (SerialKeys [On_Demand | Stopped]) -- C:\WINDOWS\system32\skeys.exe (Microsoft Corporation)
SRV - (SNDSrvc [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
SRV - (SPBBCSvc [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
SRV - (SqueezeMySQL [Auto | Running]) -- C:\Program Files\SqueezeCenter\server\Bin\MSWin32-x86-multi-thread\mysqld.exe ()
SRV - (Symantec AntiVirus [Auto | Running]) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
SRV - (TODDSrv [Auto | Running]) -- C:\WINDOWS\system32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (WinDefend [Auto | Stopped]) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (61883 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\61883.sys (Microsoft Corporation)
DRV - (AgereSoftModem [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\AGRSM.sys (Agere Systems)
DRV - (ASPI32 [System | Running]) -- C:\WINDOWS\System32\drivers\aspi32.sys (Adaptec)
DRV - (Avc [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\avc.sys (Microsoft Corporation)
DRV - (CVirtA [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\CVirtA.sys (Cisco Systems, Inc.)
DRV - (CVPNDRVA [Auto | Running]) -- C:\WINDOWS\system32\Drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (DNE [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\dne2000.sys (Deterministic Networks, Inc.)
DRV - (eeCtrl [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\igxpmp32.sys (Intel Corporation)
DRV - (iastor75 [Boot | Running]) -- C:\WINDOWS\System32\drivers\iastor75.sys (Intel Corporation)
DRV - (ICDUSB2 [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\ICDUSB2.sys (Sony Corporation)
DRV - (ikfirm [Auto | Stopped]) -- C:\WINDOWS\system32\drivers\ikfirm.sys (IntelliTools, Inc.)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (MSDV [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\msdv.sys (Microsoft Corporation)
DRV - (NAVENG [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090605.003\NAVENG.SYS (Symantec Corporation)
DRV - (NAVEX15 [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090605.003\NAVEX15.SYS (Symantec Corporation)
DRV - (NETw4x32 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\NETw4x32.sys (Intel Corporation)
DRV - (PCTCore [Boot | Running]) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (RTLE8023xp [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Running]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SAVRT [System | Running]) -- C:\Program Files\Symantec AntiVirus\savrt.sys (Symantec Corporation)
DRV - (SAVRTPEL [System | Running]) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys (Symantec Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (Sentinel [Auto | Running]) -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS (Rainbow Technologies, Inc.)
DRV - (SPBBCDrv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (SymEvent [Disabled | Running]) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (SYMREDRV [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMTDI [System | Running]) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (tdcmdpst [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (tifm21 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
DRV - (TPwSav [System | Running]) -- C:\WINDOWS\system32\drivers\TPwSav.sys (TOSHIBA )
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (vmm [System | Running]) -- C:\WINDOWS\system32\Drivers\vmm.sys (Microsoft Corporation)
DRV - (VPCNetS2 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://setdata.setbc.org/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.setbc.org/
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...rchSource=3&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co...newswatch.com/"
FF - prefs.js..extensions.enabledItems: {81487e5d-d4e7-441b-b702-ab29eb3af951}:0.7.8
FF - prefs.js..extensions.enabledItems: {C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}:2.2.48
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..extensions.enabledItems: {7529D455-3392-4a17-A489-0C737D1DBAC0}:3.5
FF - prefs.js..extensions.enabledItems: {D1517460-5F8F-11DB-B0DE-0800200CA666}:1.5
FF - prefs.js..extensions.enabledItems: {C12D2FDC-2ECA-42a5-BA3C-DB93E0E8B70A}:4.4
FF - prefs.js..extensions.enabledItems: [email protected]:1.10
FF - prefs.js..extensions.enabledItems: {fc2b8f80-d9a5-4f51-8076-7c7ce3c67ee3}:3.1.6.13
FF - prefs.js..extensions.enabledItems: {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20090525
FF - prefs.js..extensions.enabledItems: [email protected]:0.2.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {0B37872F-D59F-4b47-B2FD-F37E3F979437}:2.2
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: {1f91cde0-c040-11da-a94d-0800200c9a66}:2.0.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.4.4
FF - prefs.js..extensions.enabledItems: {c07d1a49-9894-49ff-a594-38960ede8fb9}:3.0.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.1b4
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11
FF - prefs.js..extensions.enabledItems: {eb46c787-131a-4eb7-9b93-7f62ca550917}:0.3.5


FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/02/16 20:26:37 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2008/12/13 03:16:12 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/06/12 11:02:06 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/06/12 11:02:06 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.16\extensions\\Components: C:\PROGRAM FILES\MOZILLA THUNDERBIRD\COMPONENTS [2009/06/03 11:57:02 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.16\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA THUNDERBIRD\PLUGINS [2009/06/03 11:57:02 | 00,000,000 | ---D | M]

[2008/05/06 14:39:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\phamilton\Application Data\mozilla\Extensions
[2008/09/18 10:40:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\phamilton\Application Data\mozilla\Extensions\{6334D996-EA3E-4a0e-AA8D-15BA56B37241}
[2008/04/26 12:19:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\phamilton\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2008/05/06 14:39:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\phamilton\Application Data\mozilla\Extensions\[email protected]
[2009/06/11 18:46:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\phamilton\Application Data\mozilla\Firefox\Profiles\vh6bre3x.default\extensions
[2009/05/05 09:03:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\phamilton\Application Data\mozilla\Firefox\Profiles\vh6bre3x.default\extensions\{0B37872F-D59F-4b47-B2FD-F37E3F979437}
[2008/07/23 13:33:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\phamilton\Application Data\mozilla\Firefox\Profiles\vh6bre3x.default\extensions\{1f91cde0-c040-11da-a94d-0800200c9a66}
[2009/05/17 07:06:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\phamilton\Application Data\mozilla\Firefox\Profiles\vh6bre3x.default\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}
[2008/04/26 12:52:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\phamilton\Application Data\mozilla\Firefox\Profiles\vh6bre3x.default\extensions\{39ac0860-bbd7-11db-96f2-005056c00008}
[2008/07/08 23:40:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\phamilton\Application Data\mozilla\Firefox\Profiles\vh6bre3x.default\extensions\{7529D455-3392-4a17-A489-0C737D1DBAC0}
[2009/06/03 22:57:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\phamilton\Application Data\mozilla\Firefox\Profiles\vh6bre3x.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2008/07/08 01:35:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\phamilton\Application Data\mozilla\Firefox\Profiles\vh6bre3x.default\extensions\{81487e5d-d4e7-441b-b702-ab29eb3af951}
[2009/06/03 22:57:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\phamilton\Application Data\mozilla\Firefox\Profiles\vh6bre3x.default\extensions\{c07d1a49-9894-49ff-a594-38960ede8fb9}
[2008/05/23 02:45:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\phamilton\Application Data\mozilla\Firefox\Profiles\vh6bre3x.default\extensions\{C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}
[2008/07/08 23:40:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\phamilton\Application Data\mozilla\Firefox\Profiles\vh6bre3x.default\extensions\{C12D2FDC-2ECA-42a5-BA3C-DB93E0E8B70A}
[2008/07/08 23:40:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\phamilton\Application Data\mozilla\Firefox\Profiles\vh6bre3x.default\extensions\{D1517460-5F8F-11DB-B0DE-0800200CA666}
[2008/07/26 12:06:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\phamilton\Application Data\mozilla\Firefox\Profiles\vh6bre3x.default\extensions\{eb46c787-131a-4eb7-9b93-7f62ca550917}
[2008/05/21 21:44:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\phamilton\Application Data\mozilla\Firefox\Profiles\vh6bre3x.default\extensions\{f560e570-b373-11da-a94d-0800200c9a66}
[2008/12/24 11:49:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\phamilton\Application Data\mozilla\Firefox\Profiles\vh6bre3x.default\extensions\{fc2b8f80-d9a5-4f51-8076-7c7ce3c67ee3}
[2008/09/07 11:10:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\phamilton\Application Data\mozilla\Firefox\Profiles\vh6bre3x.default\extensions\[email protected]
[2009/05/17 07:06:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\phamilton\Application Data\mozilla\Firefox\Profiles\vh6bre3x.default\extensions\[email protected]
[2008/07/06 16:16:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\phamilton\Application Data\mozilla\Firefox\Profiles\vh6bre3x.default\extensions\[email protected]
[2009/02/25 11:44:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\phamilton\Application Data\mozilla\Firefox\Profiles\vh6bre3x.default\extensions\[email protected]
[2009/04/25 06:15:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\phamilton\Application Data\mozilla\Firefox\Profiles\vh6bre3x.default\extensions\[email protected]
[2009/04/25 06:15:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\phamilton\Application Data\mozilla\Firefox\Profiles\vh6bre3x.default\extensions\[email protected]
[2009/03/23 10:02:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\phamilton\Application Data\mozilla\Firefox\Profiles\vh6bre3x.default\extensions\[email protected]
[2009/05/04 11:02:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\phamilton\Application Data\mozilla\Firefox\Profiles\vh6bre3x.default\extensions\[email protected]
[2008/12/20 19:31:28 | 00,002,463 | ---- | M] () -- C:\Documents and Settings\phamilton\Application Data\Mozilla\FireFox\Profiles\vh6bre3x.default\searchplugins\diigo--google.xml
[2008/11/07 22:19:06 | 00,002,479 | ---- | M] () -- C:\Documents and Settings\phamilton\Application Data\Mozilla\FireFox\Profiles\vh6bre3x.default\searchplugins\diigo-customize-search.xml
[2008/06/22 17:36:54 | 00,001,196 | ---- | M] () -- C:\Documents and Settings\phamilton\Application Data\Mozilla\FireFox\Profiles\vh6bre3x.default\searchplugins\winamp-search.xml
[2009/06/11 18:46:31 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/06/12 11:02:06 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/05/08 14:36:20 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008/07/30 14:18:11 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2008/12/13 03:16:29 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2009/01/11 20:05:59 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/04/25 15:08:22 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/06/12 11:01:59 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/06/12 11:02:00 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/12/02 05:04:40 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/12/02 05:04:40 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/12/02 05:04:40 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/12/02 05:04:40 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/12/02 05:04:40 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/12/02 05:04:40 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/12/02 05:04:40 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (PDFCreator Toolbar Helper) - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Page-Reader Bar) - {24AC2D89-8566-4A52-850A-24FAF8DF57E0} - C:\Program Files\Text-Reader programs\PageReaderBar\TRPageReaderBar_.dll ()
O3 - HKLM\..\Toolbar: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {24AC2D89-8566-4A52-850A-24FAF8DF57E0} - C:\Program Files\Text-Reader programs\PageReaderBar\TRPageReaderBar_.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
O4 - HKLM..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe (COMPAL ELECTRONIC INC.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP (TOSHIBA CO.,LTD.)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" (PC Tools)
O4 - HKLM..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot (Scansoft, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKLM..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe (COMPAL ELECTRONIC INC.)
O4 - HKLM..\Run: [TPSMain] TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [USBKeys] C:\Program Files\Crick Software\USBKeys2\\USBKeys.exe -winstartup (Crick Software Ltd)
O4 - HKLM..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" ()
O4 - HKLM..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide (Microsoft Corporation)
O4 - HKLM..\Run: [WordQ carat flag] C:\Program Files\WordQ2\WordQcrs.exe ()
O4 - HKLM..\Run: [ZoomingHook] ZoomingHook.exe (TOSHIBA)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (Nero AG)
O4 - HKCU..\Run: [Google Update] "C:\Documents and Settings\phamilton\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (Google Inc.)
O4 - HKCU..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe" (Microsoft Corporation)
O4 - HKCU..\Run: [Miro] C:\Program Files\Participatory Culture Foundation\Miro\Miro.exe File not found
O4 - HKCU..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H (PC Tools)
O4 - HKCU..\Run: [Simple Star PhotoShow Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe (Simple Star, Inc.)
O4 - HKCU..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (Skype Technologies S.A.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [TypeBooster] "C:\Program Files\Type Booster\typebooster.exe" ()
O4 - HKLM..\RunOnce: [symPCCheckup] "C:\WINDOWS\system32\Adobe\Shockwave 11\symcheckupstub.exe" /reboot (Symantec Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\Hotsync.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\iksystray.lnk = C:\ITOOLS\IntelliKeys USB\private\iksystray.exe (IntelliTools, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SqueezeCenter Tray Tool.lnk = C:\Program Files\SqueezeCenter\SqueezeTray.exe (SlimDevices - A Logitech Company)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{871DF2BE-41D2-4334-AC33-839AF16FC8FE}\Icon3E5562ED7.ico ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WordQCRS.lnk = C:\Program Files\WordQ2\WordQcrs.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe (Antony Lewis)
O4 - Startup: C:\Documents and Settings\phamilton\Start Menu\Programs\Startup\palmOne Registration.lnk = C:\Program Files\palmOne\register.exe (palmOne/Leader Technologies)
O4 - Startup: C:\Documents and Settings\phamilton\Start Menu\Programs\Startup\Yuuguu.lnk = C:\Program Files\Yuuguu\jre\bin\javaw.exe (Sun Microsystems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogOff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra Button: Page-Reader Bar - {4E10D7B3-6DD5-4f59-BE02-CF9BD8D7DCD2} - C:\Program Files\Text-Reader programs\PageReaderBar\TRPageReaderBar_.dll ()
O9 - Extra 'Tools' menuitem : Page-Reader Bar - {4E10D7B3-6DD5-4f59-BE02-CF9BD8D7DCD2} - Reg Error: Value error. File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {3713F92E-2252-4A87-868E-C5F17704D4C6} http://www.rockyou.c...ageUploader.cab (RockYou Image Uploader Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1198280295734 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = setbcad.local
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - application/xhtml+xml - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter: - application/xhtml+xml; charset=iso-8859-1 - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter: - application/xhtml+xml; charset=utf-8 - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml; charset=iso-8859-1 - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter: - text/xml; charset=utf-8 - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (CSGina.dll) - C:\WINDOWS\system32\CSGina.dll ()
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/16 16:56:34 | 00,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0062a29b-cd8c-11dd-91af-0013e874f5cb}\Shell - "" = AutoRun
O33 - MountPoints2\{0062a29b-cd8c-11dd-91af-0013e874f5cb}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0062a29b-cd8c-11dd-91af-0013e874f5cb}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com -- File not found
O33 - MountPoints2\{0062a29b-cd8c-11dd-91af-0013e874f5cb}\Shell\Open\command - "" = resycled\boot.com e:
O33 - MountPoints2\{0b15ce42-8420-11dd-918b-0013e874f5cb}\Shell\AutoRun\command - "" = E:\Setup_FlipShare.exe -- File not found
O33 - MountPoints2\{0b15ce42-8420-11dd-918b-0013e874f5cb}\Shell\Setup FlipShare\command - "" = E:\Setup_FlipShare.exe -- File not found
O33 - MountPoints2\{0bee2875-f3c3-11dd-91c2-0013e874f5cb}\Shell - "" = AutoRun
O33 - MountPoints2\{0bee2875-f3c3-11dd-91c2-0013e874f5cb}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0bee2875-f3c3-11dd-91c2-0013e874f5cb}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{38562eda-a29e-11dd-919b-0013e874f5cb}\Shell\AutoRun\command - "" = E:\AccessApps\asuite.exe -- File not found
O33 - MountPoints2\{460187aa-1fef-11de-91e2-0013e874f5cb}\Shell - "" = AutoRun
O33 - MountPoints2\{460187aa-1fef-11de-91e2-0013e874f5cb}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{460187aa-1fef-11de-91e2-0013e874f5cb}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{b3d1f02f-bff9-11dd-91a7-0013e874f5cb}\Shell\AutoRun\command - "" = E:\.\Start.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/06/12 12:32:08 | 00,000,000 | ---D | M]

========== Files/Folders - Created Within 30 Days ==========

[3 C:\Documents and Settings\phamilton\My Documents\*.tmp files]
[3 C:\Documents and Settings\phamilton\Desktop\*.tmp files]
[2009/06/12 12:34:31 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/06/12 12:32:08 | 00,501,760 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\phamilton\Desktop\OTL.exe
[2009/06/12 12:31:55 | 00,128,933 | ---- | C] (Eric_71) -- C:\Documents and Settings\phamilton\Desktop\Rooter.exe
[2009/06/12 12:06:54 | 00,000,370 | ---- | C] () -- C:\WINDOWS\tasks\Norton PC Checkup Setup.job
[2009/06/12 12:00:57 | 00,000,000 | ---- | C] () -- C:\WINDOWS\TPTray.INI
[2009/06/12 12:00:57 | 00,000,000 | ---- | C] () -- C:\WINDOWS\CeEKey.INI
[2009/06/12 11:21:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\phamilton\Application Data\Malwarebytes
[2009/06/12 11:21:28 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/06/12 11:21:25 | 00,040,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/06/12 11:21:23 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/06/12 11:21:23 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/06/12 11:21:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/06/12 11:20:47 | 03,371,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\phamilton\Desktop\mbam-setup.exe
[2009/06/12 11:19:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/06/12 11:18:48 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\phamilton\Desktop\NTREGOPT.lnk
[2009/06/12 11:18:48 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\phamilton\Desktop\ERUNT.lnk
[2009/06/12 11:18:46 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/06/12 11:18:11 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\phamilton\Desktop\erunt_setup.exe
[2009/06/12 11:17:02 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\phamilton\Desktop\SysRestorePoint.exe
[2009/06/12 10:46:16 | 00,264,704 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\phamilton\Desktop\TFC.exe
[2009/06/11 18:48:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\phamilton\Desktop\GooredFixBackups
[2009/06/11 18:41:24 | 00,094,208 | ---- | C] () -- C:\Documents and Settings\phamilton\Desktop\GooredFix.exe
[2009/06/11 11:39:08 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\phamilton\Desktop\HijackThis.lnk
[2009/06/11 11:39:07 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/06/11 11:39:01 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\phamilton\Desktop\HJTInstall.exe
[2009/06/11 08:13:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/06/11 08:13:36 | 00,001,756 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2009/06/11 08:13:27 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/06/11 08:13:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\phamilton\Application Data\SUPERAntiSpyware.com
[2009/06/11 08:12:42 | 06,357,024 | ---- | C] () -- C:\Documents and Settings\phamilton\Desktop\SUPERAntiSpywarePro.exe
[2009/06/11 07:23:41 | 00,000,197 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/06/10 18:02:32 | 00,159,600 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2009/06/10 18:02:21 | 00,130,936 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2009/06/10 18:02:21 | 00,073,840 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2009/06/10 18:02:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/06/10 18:02:02 | 00,001,637 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2009/06/10 18:01:59 | 00,064,392 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2009/06/10 18:01:59 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009/06/10 18:01:47 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2009/06/10 18:01:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\phamilton\Application Data\PC Tools
[2009/06/10 18:01:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2009/06/10 18:01:36 | 00,000,738 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk
[2009/06/10 18:01:33 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\STKIT432.DLL
[2009/06/10 18:01:29 | 00,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic
[2009/06/10 18:00:21 | 24,449,664 | ---- | C] (PC Tools ) -- C:\Documents and Settings\phamilton\Desktop\sdsetup.exe
[2009/06/10 16:52:19 | 00,110,459 | ---- | C] () -- C:\Documents and Settings\phamilton\Desktop\Reservation BC Ferries.pdf
[2009/06/10 08:13:47 | 00,021,504 | ---- | C] () -- C:\Documents and Settings\phamilton\Desktop\Event Proposal Form.xls
[2009/06/10 08:12:04 | 00,009,593 | ---- | C] () -- C:\Documents and Settings\phamilton\Desktop\Expense Report.pdf
[2009/06/10 08:11:52 | 00,025,600 | ---- | C] () -- C:\Documents and Settings\phamilton\Desktop\Expense Report.xls
[2009/06/10 08:09:57 | 00,040,307 | ---- | C] () -- C:\Documents and Settings\phamilton\Desktop\Event Proposal Form.pdf
[2009/06/08 09:03:42 | 14,379,492 | ---- | C] () -- C:\Documents and Settings\phamilton\Desktop\ECOManual.pdf
[2009/06/08 06:57:31 | 00,039,424 | ---- | C] () -- C:\Documents and Settings\phamilton\Desktop\Songsheet for June 7th,2009.doc
[2009/06/07 17:56:16 | 25,935,229 | ---- | C] () -- C:\Documents and Settings\phamilton\Desktop\June 7 Service.mp3
[2009/06/07 13:51:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\phamilton\Desktop\Flight - Comox to Ontario, May 1st
[2009/06/07 13:47:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\phamilton\Desktop\Backyard Courtenay with Lynn & Emma
[2009/06/07 12:14:18 | 00,027,296 | ---- | C] () -- C:\Documents and Settings\phamilton\Desktop\June 7 Service.aup.bak
[2009/06/07 12:14:18 | 00,021,816 | ---- | C] () -- C:\Documents and Settings\phamilton\Desktop\June 7 Service.aup
[2009/06/07 12:14:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\phamilton\Desktop\June 7 Service_data
[2009/06/07 10:02:39 | 00,000,636 | ---- | C] () -- C:\Documents and Settings\phamilton\Desktop\Audacity.lnk
[2009/06/05 18:15:42 | 00,001,737 | ---- | C] () -- C:\Documents and Settings\phamilton\Desktop\Yuuguu.lnk
[2009/06/05 18:15:42 | 00,001,699 | ---- | C] () -- C:\Documents and Settings\phamilton\Start Menu\Programs\Startup\Yuuguu.lnk
[2009/06/05 18:15:30 | 00,000,000 | ---D | C] -- C:\Program Files\Yuuguu
[2009/06/05 18:14:07 | 10,981,088 | ---- | C] () -- C:\Documents and Settings\phamilton\Desktop\yuuguu-PC-installer.exe
[2009/06/05 16:00:30 | 00,768,562 | ---- | C] () -- C:\Documents and Settings\phamilton\Desktop\wpc54g_v31_driver_4.100.15.5_Vista.exe
[2009/06/05 15:53:28 | 19,045,881 | ---- | C] () -- C:\Documents and Settings\phamilton\Desktop\wpc54gv2_driver_utility_v2.02.zip
[2009/06/05 11:27:57 | 91,174,658 | ---- | C] () -- C:\Documents and Settings\phamilton\Desktop\WPC54G_utility.zip
[2009/06/03 14:07:38 | 00,001,167 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ECO PASS 1.06.lnk
[2009/06/03 14:06:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Prentke Romich Company
[2009/06/03 13:51:02 | 11,418,1514 | ---- | C] (Prentke Romich Company ) -- C:\Documents and Settings\phamilton\Desktop\ECO_PASS_AEN_INSTALL.exe
[2009/06/03 12:50:11 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\phamilton\Desktop\~$llo John.doc
[2009/06/03 12:09:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\phamilton\Desktop\PHOTOS and Video Clips
[2009/06/03 12:00:15 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/06/03 12:00:11 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/06/03 12:00:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/06/03 11:57:50 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/06/03 11:55:10 | 00,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/06/03 11:55:05 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009/06/03 09:10:19 | 00,029,696 | ---- | C] () -- C:\Documents and Settings\phamilton\Desktop\Hello John.doc
[2009/06/03 08:24:12 | 00,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2009/06/03 08:24:03 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2009/06/03 08:23:20 | 00,000,000 | ---D | C] -- C:\Program Files\HP
[2009/06/03 08:22:48 | 00,000,000 | -H-D | C] -- C:\Config.Msi
[2009/06/03 08:22:09 | 00,121,329 | ---- | C] () -- C:\WINDOWS\hpoins15.dat
[2009/06/03 08:22:09 | 00,001,037 | ---- | C] () -- C:\WINDOWS\hpomdl15.dat
[2009/06/03 08:21:58 | 00,307,237 | ---- | C] () -- C:\WINDOWS\System32\autorun.inf
[2009/05/31 15:43:17 | 00,646,656 | ---- | C] () -- C:\Documents and Settings\phamilton\My Documents\The Problem of Evil.ppt
[2009/05/31 15:43:12 | 00,100,864 | ---- | C] () -- C:\Documents and Settings\phamilton\My Documents\pptannouncements May 24th 2009.ppt
[2009/05/28 14:30:02 | 00,028,994 | ---- | C] () -- C:\Documents and Settings\phamilton\My Documents\CAP TSD.pdf
[2009/05/27 07:33:49 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft USB Flash Drive Manager
[2009/05/24 10:33:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\phamilton\Desktop\TarHeel Stories Complete
[2009/05/24 07:20:00 | 00,000,137 | ---- | C] () -- C:\WINDOWS\topocr.INI
[2009/05/24 07:19:32 | 00,000,000 | ---D | C] -- C:\Program Files\TopOCR
[2009/05/23 17:03:33 | 00,020,458 | ---- | C] () -- C:\Documents and Settings\phamilton\My Documents\scan.hta
[2009/05/23 17:03:33 | 00,014,249 | ---- | C] () -- C:\Documents and Settings\phamilton\My Documents\imsmanifest.xml
[2009/05/23 17:03:33 | 00,010,134 | ---- | C] () -- C:\Documents and Settings\phamilton\My Documents\page.ico
[2009/05/23 17:03:33 | 00,001,558 | ---- | C] () -- C:\Documents and Settings\phamilton\My Documents\Where's Your Heart.htm
[2009/05/23 17:03:33 | 00,000,047 | ---- | C] () -- C:\Documents and Settings\phamilton\My Documents\autorun.inf
[2009/05/23 17:03:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\phamilton\My Documents\Where's Your Heart_files
[2009/05/23 16:57:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\phamilton\My Documents\Slides
[2009/05/23 16:57:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\phamilton\My Documents\Audio
[2009/05/23 16:50:07 | 01,875,968 | ---- | C] () -- C:\Documents and Settings\phamilton\My Documents\Where's Your Heart.MSProducer
[2009/05/23 16:05:26 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Producer 2
[2009/05/23 16:05:20 | 00,420,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mpg4c32.dll
[2009/05/23 16:05:20 | 00,309,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmv8dmod.dll
[2009/05/22 12:11:54 | 00,029,696 | ---- | C] () -- C:\Documents and Settings\phamilton\My Documents\SD 85 Planning with Sue.doc
[2009/05/21 16:12:34 | 01,378,816 | ---- | C] () -- C:\Documents and Settings\phamilton\Desktop\A_wrinkle_in_time-Chapter_1_KES.kes
[2009/05/17 16:27:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\phamilton\Desktop\To Ontario & With Family Part 1
[2009/05/17 13:03:31 | 00,899,965 | ---- | C] () -- C:\Documents and Settings\phamilton\Desktop\Vitamin_D_Introductory_Guide.pdf
[2009/03/18 11:13:35 | 00,000,023 | ---- | C] () -- C:\WINDOWS\SEBRAN.INI
[2009/01/13 17:28:40 | 00,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2009/01/11 20:36:35 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\IcdSptSvps.dll
[2009/01/11 20:36:34 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\trc.dll
[2009/01/11 20:36:34 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\dsp_trc.dll
[2008/12/13 03:11:05 | 00,000,000 | ---- | C] () -- C:\WINDOWS\DVEdit.INI
[2008/09/06 16:38:11 | 00,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/08/23 00:49:46 | 00,050,472 | ---- | C] () -- C:\WINDOWS\System32\KESIMapiStub.dll
[2008/08/15 12:12:21 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\cdTextCtl.dll
[2008/08/15 05:51:37 | 00,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/08/15 05:51:37 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/08/15 05:51:35 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/08/15 05:48:39 | 00,000,107 | ---- | C] () -- C:\WINDOWS\VobEdit.INI
[2008/07/11 01:15:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\plclient.INI
[2008/05/29 14:06:51 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/05/16 08:54:50 | 00,233,525 | ---- | C] () -- C:\WINDOWS\System32\isutil.dll
[2008/05/16 08:54:49 | 00,000,271 | ---- | C] () -- C:\WINDOWS\apptune.ini
[2008/04/25 13:12:52 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2008/02/19 03:33:34 | 00,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2008/01/21 15:48:55 | 00,000,145 | ---- | C] () -- C:\WINDOWS\module.ini
[2008/01/21 13:39:16 | 00,000,520 | ---- | C] () -- C:\WINDOWS\netdet.ini
[2008/01/18 21:07:24 | 00,000,024 | ---- | C] () -- C:\WINDOWS\Progs_.ini
[2008/01/18 21:02:36 | 00,000,058 | ---- | C] () -- C:\WINDOWS\WiViK3.ini
[2008/01/18 16:59:46 | 00,000,350 | ---- | C] () -- C:\WINDOWS\ITOOLS_X.INI
[2007/12/28 18:38:12 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/11/13 19:20:54 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2007/11/13 19:20:54 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2007/11/13 19:20:54 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2007/11/13 19:20:54 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2007/11/13 19:20:54 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2007/11/13 19:20:54 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2007/10/26 19:28:18 | 00,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2007/10/26 19:28:04 | 00,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007/10/26 11:49:32 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\EBLib.DLL
[2007/10/25 23:06:27 | 00,910,464 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2007/10/25 23:06:27 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4833.dll
[2007/07/25 13:34:50 | 00,000,000 | ---- | C] () -- C:\WINDOWS\ToDisc.INI
[2007/07/24 10:42:19 | 00,000,165 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2007/06/12 19:45:56 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\TPeculiarity.dll
[2007/03/05 18:34:28 | 00,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2006/11/15 18:06:36 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\wa4jfw.dll
[2006/11/15 16:45:42 | 00,000,380 | ---- | C] () -- C:\WINDOWS\dcmuser.ini
[2006/01/05 22:49:34 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\HWS_Ctrl.dll
[2006/01/05 21:36:22 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\EKECioCtl.dll
[2006/01/04 14:59:52 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2005/08/26 19:21:48 | 00,221,259 | ---- | C] () -- C:\WINDOWS\System32\MD5.dll
[2004/08/04 01:00:00 | 00,001,024 | ---- | C] () -- C:\WINDOWS\System32\zuklmua.dll
[2004/08/04 01:00:00 | 00,000,799 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 01:00:00 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/08/04 01:00:00 | 00,000,204 | ---- | C] () -- C:\WINDOWS\System32\o9ylm7l.dll
[2004/08/04 01:00:00 | 00,000,016 | -H-- | C] () -- C:\WINDOWS\System32\kg9088y.dll
[2004/08/04 01:00:00 | 00,000,016 | -H-- | C] () -- C:\WINDOWS\System32\eev2ern.dll
[2004/06/12 19:55:32 | 00,274,432 | ---- | C] () -- C:\WINDOWS\System32\LAME_ENC.DLL
[2004/06/12 19:55:32 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\LameEncShim.dll
[2000/07/10 20:02:26 | 00,541,761 | ---- | C] () -- C:\WINDOWS\System32\Prdllw32.dll
[2000/07/10 20:01:10 | 00,243,425 | ---- | C] () -- C:\WINDOWS\System32\Pddllw32.dll
[1996/03/26 19:09:08 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\Pddllwnt.dll
[1995/08/23 18:45:58 | 00,002,016 | ---- | C] () -- C:\WINDOWS\Sg5w30.dll
[1995/08/23 18:45:54 | 00,214,899 | ---- | C] () -- C:\WINDOWS\Aplib2.dll
[1995/08/23 18:45:42 | 00,034,144 | ---- | C] () -- C:\WINDOWS\Aplib1.dll
[1995/08/23 18:45:40 | 00,006,784 | ---- | C] () -- C:\WINDOWS\Accupage.dll

========== Files - Modified Within 30 Days ==========

[3 C:\Documents and Settings\phamilton\My Documents\*.tmp files]
[3 C:\Documents and Settings\phamilton\Desktop\*.tmp files]
[2009/06/12 12:32:08 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\phamilton\Desktop\OTL.exe
[2009/06/12 12:31:56 | 00,128,933 | ---- | M] (Eric_71) -- C:\Documents and Settings\phamilton\Desktop\Rooter.exe
[2009/06/12 12:24:37 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/06/12 12:21:00 | 00,000,370 | ---- | M] () -- C:\WINDOWS\tasks\Norton PC Checkup Setup.job
[2009/06/12 12:08:43 | 00,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2009/06/12 12:06:37 | 00,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2009/06/12 12:05:54 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\phamilton\Local Settings\desktop.ini
[2009/06/12 12:04:59 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/06/12 12:04:32 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/06/12 12:04:15 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/06/12 12:04:01 | 21,374,44352 | -HS- | M] () -- C:\hiberfil.sys
[2009/06/12 12:00:57 | 00,000,000 | ---- | M] () -- C:\WINDOWS\TPTray.INI
[2009/06/12 12:00:57 | 00,000,000 | ---- | M] () -- C:\WINDOWS\CeEKey.INI
[2009/06/12 11:31:38 | 00,000,942 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3341296880-2298546112-91892142-1356.job
[2009/06/12 11:21:28 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/06/12 11:20:49 | 03,371,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\phamilton\Desktop\mbam-setup.exe
[2009/06/12 11:18:48 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\phamilton\Desktop\NTREGOPT.lnk
[2009/06/12 11:18:48 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\phamilton\Desktop\ERUNT.lnk
[2009/06/12 11:18:11 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\phamilton\Desktop\erunt_setup.exe
[2009/06/12 11:17:03 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\phamilton\Desktop\SysRestorePoint.exe
[2009/06/12 10:46:18 | 00,264,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\phamilton\Desktop\TFC.exe
[2009/06/11 18:41:25 | 00,094,208 | ---- | M] () -- C:\Documents and Settings\phamilton\Desktop\GooredFix.exe
[2009/06/11 11:39:08 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\phamilton\Desktop\HijackThis.lnk
[2009/06/11 11:23:08 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\phamilton\Desktop\HJTInstall.exe
[2009/06/11 08:13:36 | 00,001,756 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2009/06/11 08:12:43 | 06,357,024 | ---- | M] () -- C:\Documents and Settings\phamilton\Desktop\SUPERAntiSpywarePro.exe
[2009/06/11 07:36:27 | 00,512,968 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/06/11 07:29:18 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/06/11 07:23:41 | 00,000,197 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2009/06/10 18:02:02 | 00,001,637 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2009/06/10 18:01:36 | 00,000,738 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk
[2009/06/10 18:00:37 | 24,449,664 | ---- | M] (PC Tools ) -- C:\Documents and Settings\phamilton\Desktop\sdsetup.exe
[2009/06/10 18:00:01 | 00,000,416 | ---- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for phamilton.job
[2009/06/10 16:52:26 | 00,110,459 | ---- | M] () -- C:\Documents and Settings\phamilton\Desktop\Reservation BC Ferries.pdf
[2009/06/10 10:20:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/06/10 08:13:47 | 00,021,504 | ---- | M] () -- C:\Documents and Settings\phamilton\Desktop\Event Proposal Form.xls
[2009/06/10 08:12:04 | 00,009,593 | ---- | M] () -- C:\Documents and Settings\phamilton\Desktop\Expense Report.pdf
[2009/06/10 08:11:52 | 00,025,600 | ---- | M] () -- C:\Documents and Settings\phamilton\Desktop\Expense Report.xls
[2009/06/10 08:09:59 | 00,040,307 | ---- | M] () -- C:\Documents and Settings\phamilton\Desktop\Event Proposal Form.pdf
[2009/06/09 21:50:30 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/06/08 09:04:23 | 14,379,492 | ---- | M] () -- C:\Documents and Settings\phamilton\Desktop\ECOManual.pdf
[2009/06/08 06:58:12 | 00,021,816 | ---- | M] () -- C:\Documents and Settings\phamilton\Desktop\June 7 Service.aup
[2009/06/08 06:57:32 | 00,039,424 | ---- | M] () -- C:\Documents and Settings\phamilton\Desktop\Songsheet for June 7th,2009.doc
[2009/06/07 17:58:36 | 25,935,229 | ---- | M] () -- C:\Documents and Settings\phamilton\Desktop\June 7 Service.mp3
[2009/06/07 12:54:35 | 00,027,296 | ---- | M] () -- C:\Documents and Settings\phamilton\Desktop\June 7 Service.aup.bak
[2009/06/07 10:02:39 | 00,000,636 | ---- | M] () -- C:\Documents and Settings\phamilton\Desktop\Audacity.lnk
[2009/06/05 18:15:42 | 00,001,737 | ---- | M] () -- C:\Documents and Settings\phamilton\Desktop\Yuuguu.lnk
[2009/06/05 18:15:42 | 00,001,699 | ---- | M] () -- C:\Documents and Settings\phamilton\Start Menu\Programs\Startup\Yuuguu.lnk
[2009/06/05 18:14:26 | 10,981,088 | ---- | M] () -- C:\Documents and Settings\phamilton\Desktop\yuuguu-PC-installer.exe
[2009/06/05 16:00:30 | 00,768,562 | ---- | M] () -- C:\Documents and Settings\phamilton\Desktop\wpc54g_v31_driver_4.100.15.5_Vista.exe
[2009/06/05 15:54:17 | 19,045,881 | ---- | M] () -- C:\Documents and Settings\phamilton\Desktop\wpc54gv2_driver_utility_v2.02.zip
[2009/06/05 11:33:42 | 91,174,658 | ---- | M] () -- C:\Documents and Settings\phamilton\Desktop\WPC54G_utility.zip
[2009/06/03 14:07:38 | 00,001,167 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ECO PASS 1.06.lnk
[2009/06/03 14:03:45 | 11,418,1514 | ---- | M] (Prentke Romich Company ) -- C:\Documents and Settings\phamilton\Desktop\ECO_PASS_AEN_INSTALL.exe
[2009/06/03 12:50:11 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\phamilton\Desktop\~$llo John.doc
[2009/06/03 11:48:49 | 00,029,696 | ---- | M] () -- C:\Documents and Settings\phamilton\Desktop\Hello John.doc
[2009/06/03 08:24:50 | 00,121,329 | ---- | M] () -- C:\WINDOWS\hpoins15.dat
[2009/06/02 12:28:24 | 00,000,803 | ---- | M] () -- C:\Documents and Settings\phamilton\Start Menu\Programs\Startup\palmOne Registration.lnk
[2009/06/01 13:51:12 | 23,635,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/05/31 15:43:18 | 00,646,656 | ---- | M] () -- C:\Documents and Settings\phamilton\My Documents\The Problem of Evil.ppt
[2009/05/31 15:43:12 | 00,100,864 | ---- | M] () -- C:\Documents and Settings\phamilton\My Documents\pptannouncements May 24th 2009.ppt
[2009/05/28 14:30:02 | 00,028,994 | ---- | M] () -- C:\Documents and Settings\phamilton\My Documents\CAP TSD.pdf
[2009/05/28 05:34:57 | 00,000,137 | ---- | M] () -- C:\WINDOWS\topocr.INI
[2009/05/26 13:20:08 | 00,040,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/26 13:19:56 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/23 17:08:45 | 00,020,458 | ---- | M] () -- C:\Documents and Settings\phamilton\My Documents\scan.hta
[2009/05/23 17:08:45 | 00,014,249 | ---- | M] () -- C:\Documents and Settings\phamilton\My Documents\imsmanifest.xml
[2009/05/23 17:08:45 | 00,001,558 | ---- | M] () -- C:\Documents and Settings\phamilton\My Documents\Where's Your Heart.htm
[2009/05/23 16:57:51 | 01,875,968 | ---- | M] () -- C:\Documents and Settings\phamilton\My Documents\Where's Your Heart.MSProducer
[2009/05/22 12:26:16 | 00,029,696 | ---- | M] () -- C:\Documents and Settings\phamilton\My Documents\SD 85 Planning with Sue.doc
[2009/05/21 17:32:37 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\KESI Virtual Port
[2009/05/21 16:12:36 | 01,378,816 | ---- | M] () -- C:\Documents and Settings\phamilton\Desktop\A_wrinkle_in_time-Chapter_1_KES.kes
[2009/05/17 13:03:33 | 00,899,965 | ---- | M] () -- C:\Documents and Settings\phamilton\Desktop\Vitamin_D_Introductory_Guide.pdf

========== Alternate Data Streams ==========

@Alternate Data Stream - 157 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
< End of report >

OTL Extras Log:

OTL Extras logfile created on: 6/12/2009 12:36:12 PM - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\phamilton\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.80 Gb Available Physical Memory | 40.25% Memory free
3.33 Gb Paging File | 1.84 Gb Available in Paging File | 55.38% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 12.53 Gb Free Space | 11.21% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SETBC149373
Current User Name: phamilton
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"9000:TCP" = 9000:TCP:*:Enabled:SqueezeCenter 9000 tcp (UI)
"9090:TCP" = 9090:TCP:*:Enabled:SqueezeCenter 9090 tcp (CLI)
"3483:UDP" = 3483:UDP:*:Enabled:SqueezeCenter 3483 udp
"3483:TCP" = 3483:TCP:*:Enabled:SqueezeCenter 3483 tcp
"80:TCP" = 80:TCP:*:Enabled:websrvx
"53:TCP" = 53:TCP:*:Enabled:websrvx
"8085:TCP" = 8085:TCP:*:Enabled:podmena

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager (Microsoft Corporation)
C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager (Microsoft Corporation)
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application (Microsoft Corporation)
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook (Microsoft Corporation)
C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb Application File not found
C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:Orb File not found
C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer (RealNetworks, Inc.)
C:\Program Files\Photo Story 3 for Windows\PhotoStory3.exe:*:Enabled:Photo Story 3 for Windows (Microsoft Corp.)
C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test (Microsoft Corporation)
C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype (Skype Technologies S.A.)
C:\Program Files\Kurzweil Educational Systems\Kurzweil 3000\Kurzweil 3000.exe:*:Enabled:Kurzweil 3000 (Kurzweil Educational Systems, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook (Microsoft Corporation)
C:\Program Files\Kurzweil Educational Systems\Kurzweil 3000\Kurzweil 3000.exe:*:Enabled:Kurzweil 3000 (Kurzweil Educational Systems, Inc.)
C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager (Microsoft Corporation)
C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager (Microsoft Corporation)
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application (Microsoft Corporation)
C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb File not found
C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray File not found
C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client File not found
C:\Program Files\Java\jre1.6.0_05\bin\java.exe:*:Enabled:Java™ Platform SE binary (Sun Microsystems, Inc.)
C:\Program Files\Java\jre1.6.0_07\bin\java.exe:*:Enabled:Java™ Platform SE binary (Sun Microsystems, Inc.)
C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer (RealNetworks, Inc.)
C:\Program Files\WinHTTrack\WinHTTrack.exe:*:Enabled:WinHTTrack Website Copier, Web Site mirroring for professional and private purposes (HTTrack)
C:\Program Files\Participatory Culture Foundation\Miro\xulrunner\python\Miro_Downloader.exe:*:Enabled:Miro_Downloader File not found
C:\Documents and Settings\phamilton\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player (Octoshape ApS)
C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary (Sun Microsystems, Inc.)
C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour (Apple Inc.)
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)
C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype (Skype Technologies S.A.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{02EED746-8C5A-43C8-BB3D-D29C8B363A4D}" = TOSHIBA Zooming Utility
"{0313C46B-39DB-43AA-9A59-65140C5591AC}" = Flypaper
"{03DE8444-C8D0-4C7E-9434-673D88498E7B}" = VoiceText ™
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0D2908C8-C538-4F06-ACDE-7ED4D3408CAF}" = WordQ 2
"{115696CE-3579-43E2-BB61-71B58A198F41}" = SpeakQ
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2411" = CanoScan LiDE 70
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2413" = CanoScan LiDE 100 Scanner Driver
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{155FBB0D-0EE9-42D1-9E41-15E08F691033}" = Microsoft Producer for Microsoft Office PowerPoint 2003
"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java™ 6 Update 13
"{28DCED79-2257-3A6D-D8EE-47CB792393B0}" = NetBook Application
"{2A1E27FF-BE53-45B4-950F-060236E98E3D}" = TMPGEnc Plus 2.5
"{2C9E24F2-6008-4826-961F-F308F9152AE2}" = Clicker Paint US Standalone
"{2E97DE76-851A-48AA-A0D6-665860FAD9CA}" = Keyspan USB Serial Adapter
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{3295AFCE-FB46-4C37-8370-C7E6B1217FD5}" = VP Algebra
"{32F66A20-7614-11D4-BD11-00104BD3F987}" = MathPlayer
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A57482F-BEBC-47E4-ADA1-6302403C7E50}" = TOSHIBA Accessibility
"{3BDD70B7-0CAA-411B-BF2B-38080317B83D}" = MAGic 10.0
"{3D727061-E419-4851-95E2-49CAD5229D84}" = Crick Software USBKeys 2
"{3F692FA9-348B-4264-B4EA-DE6BFA45D8AE}" = Microsoft WorldWide Telescope
"{3F8EB641-6AD2-45DE-A8DD-91D7BDD39CDE}" = Microsoft USB Flash Drive Manager
"{3FADAA19-E595-44CA-A072-58B6B0851768}" = Norton Security Scan
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{549DF5F8-D7D3-40CE-A424-4FD17B0717CA}" = RealSpeak Solo 4.0 SAPI5 English/Spanish
"{57668A59-5A6E-4E5F-835E-34F7B8FF2F12}" = Clicker 5 English US Standalone
"{5A633ED0-E5D7-4D65-AB8D-53ED43510284}" = Symantec AntiVirus
"{5BCA8D15-BCB6-421E-9654-238B43456A4F}" = TOSHIBA Controls
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}" = iTunes
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C8B32D9-8DDA-412F-8FD6-C56356D69FBB}" = Kurzweil 3000 v.11
"{6EC9AEA4-4B16-4C2B-B760-6F378A7577B6}" = Freedom Scientific Video Intercept
"{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}" = DesignPro 5.4 Limited Edition
"{72BA5188-DF38-48DD-BB7D-C7D778890124}" = Freedom Scientific Talking Installer 8.0
"{7732DA71-2FB6-5C99-D0D9-58A2DB360895}" = FlipShare
"{7900D3A6-A9E8-4954-ACCB-AB15867978BF}" = TOSHIBA Hotkey Utility
"{791CAF6C-90A3-11D4-8306-00D0B72E1DB9}" = Sentinel System Driver
"{7CCEBC24-62DB-4280-A8EC-BFA49F167920}" = Software Update for Web Folders
"{7EADB65C-70E8-4C94-AD0A-221462D41A85}" = Camtasia Studio 5
"{804711DC-0886-11D7-AAC3-86FD5A8BD170}" = Minerva HPC2000
"{80977342-27E8-4FF7-8B6A-D8D89461DA7F}" = TouchPad On/Off Utility
"{820F4F44-9B10-4A5D-ACC5-4BC2EA3FFEEE}" = Kurzweil 3000 v.10
"{82CA0A0C-A3EC-4167-B694-909205B2EDEC}" = muvee Plugin 1.0
"{83073C45-3003-4671-9A86-243AAADD915A}" = Microsoft Calculator Plus
"{871DF2BE-41D2-4334-AC33-839AF16FC8FE}" = Cisco Systems VPN Client 5.0.02.0090
"{88908767-B7AD-4b0d-ACBC-FBCCF2761D31}" = HP Photosmart All-In-One Software 9.0
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A7CAA24-7B23-410B-A7C3-F994B0944160}" = Microsoft Virtual PC 2007
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{918F5120-9982-4872-BB51-97D3BB560897}" = OpenOffice.org 3.0 Beta
"{967C1374-BCB3-42AA-AE08-A5C56A956ACE}" = Freedom Scientific Braille
"{969535CC-AFD3-4C9A-831A-D1A62957E759}" = Ghotit Context Spell Checker
"{975C8028-51D8-44A9-9585-82E9810FE96A}" = hp LaserJet 1000
"{9F705393-9451-43EA-9540-5D11AB7CEBA4}" = VP Arithmetic
"{9FAB7FA0-1BCC-4F37-9EAD-5C2F05C5EAA4}" = Freedom Scientific Document Server
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A38D57D1-5F29-4691-B3DD-FE4B3A7B3AFE}" = TOSHIBA Power Saver
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AF187786-DF2E-4D26-BBFB-2BF3C5D372E0}" = TemplateMaker
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{B0D1E9CD-0AFA-395C-56ED-ADFC53E0E16D}" = KIDOZ
"{B208806F-A231-4FA0-AB3F-5C1B8979223E}" = Microsoft ActiveSync 4.0
"{B4E96960-5F6B-48B9-A5BD-6A5A9BB4F027}" = Avery Wizard 3.1
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BCE46757-7674-4416-BEDB-68205A60409E}" = Canon CanoScan Toolbox 4.1
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Professional
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFEF22D9-6492-4E80-9838-B4763B819BC9}" = Audio Graphing Calculator
"{D4481AFF-4218-4CF0-A68C-87E9EBAE3B86}" = WordTalkInstall
"{D5278828-3232-4AED-8F24-14020F9748D4}" = Special Cursors
"{D74A3A69-851C-447E-83D1-702E60A7258D}" = Freedom Scientific JAWS 8.0
"{DA0BF7AB-88EB-4675-8FA1-531EAD938821}" = SnagIt 8
"{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}" = Dragon NaturallySpeaking 9
"{E066DE16-50F3-4A8C-953C-E67118894B2F}" = Scientific Notebook 5.5
"{E28750A2-45F2-4b63-99F7-9F81A94B1E2D}" = PS_AIO_Software_min
"{E2AE73B4-9A5C-41F9-8A38-1B48B855460B}" = Co:Writer SE
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{ED8CCEA2-D5FB-498B-9F44-8FBBA07047AF}" = Click-N-Type
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F4DA19E5-A560-4313-8623-3493DCE3C681}" = Freedom Scientific Synthesizer Eloquence
"{FC6E3A15-4BB3-48E4-BE25-6D13C4379BA9}" = Write:OutLoud SE
"{FC98FBE9-E931-494C-8717-497185371033}" = Nero 7 Ultra Edition
"2+2 v.2.1a" = 2+2 v.2.1a
"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
"Acoustica CD/DVD Label Maker" = Acoustica CD/DVD Label Maker
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Audacity_is1" = Audacity 1.2.6
"Boardmaker Plus!" = Boardmaker Plus!
"Camtasia Studio 3" = Camtasia Studio 3
"CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program
"CanoScan Toolbox 5.0" = Canon CanoScan Toolbox 5.0
"ChatPC Editor" = ChatPC Editor
"Click'N Design 3D (V5)" = Click'N Design 3D (V5)
"com.myApp.NetBook.3AC0BB277CD6252F403A34D00E555927230DF2EF.1" = NetBook
"Community Signs for Windows ver.2.0" = Community Signs for Windows ver.2.0
"DSMT6" = MathType 6
"DVD Flick_is1" = DVD Flick
"DynaVox Palmtop-iChat Editor" = DynaVox Palmtop-iChat Editor
"DynaVox Series 4" = DynaVox Series 4
"DynaVox Series 5 Editing Software" = DynaVox Series 5 Editing Software
"ECO PASS 1.05_is1" = ECO PASS 1.05.0
"ECO PASS 1.06_is1" = ECO PASS 1.06.0
"ERUNT_is1" = ERUNT 1.1j
"FileZilla Client" = FileZilla Client 3.2.2.1
"Flickr Uploadr" = Flickr Uploadr 3.0.5
"FlickrDown" = FlickrDown
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"FreeOCR.net" = FreeOCR.net
"FSVI" = Freedom Scientific Video Intercept
"Going to the Dentist 1.0" = Going to the Dentist 1.0
"Google Updater" = Google Updater
"Google Video Uploader" = Google Video Uploader
"GoogleVideoPlayer" = Google Video Player
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HUFFYUV" = Huffyuv AVI lossless video codec (Remove Only)
"ICS Template Installer" = ICS Template Installer
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{02EED746-8C5A-43C8-BB3D-D29C8B363A4D}" = TOSHIBA Zooming Utility
"InstallShield_{2A1E27FF-BE53-45B4-950F-060236E98E3D}" = TMPGEnc Plus 2.5
"InstallShield_{3295AFCE-FB46-4C37-8370-C7E6B1217FD5}" = VP Algebra
"InstallShield_{3A57482F-BEBC-47E4-ADA1-6302403C7E50}" = TOSHIBA Accessibility
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{5BCA8D15-BCB6-421E-9654-238B43456A4F}" = TOSHIBA Controls
"InstallShield_{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}" = DesignPro 5.4 Limited Edition
"InstallShield_{7900D3A6-A9E8-4954-ACCB-AB15867978BF}" = TOSHIBA Hotkey Utility
"InstallShield_{80977342-27E8-4FF7-8B6A-D8D89461DA7F}" = TouchPad On/Off Utility
"InstallShield_{9F705393-9451-43EA-9540-5D11AB7CEBA4}" = VP Arithmetic
"InstallShield_{A38D57D1-5F29-4691-B3DD-FE4B3A7B3AFE}" = TOSHIBA Power Saver
"IntelliKeys USB and IntelliSwitch" = IntelliKeys USB and IntelliSwitch
"IntelliTools Classroom Suite" = IntelliTools Classroom Suite
"IrfanView" = IrfanView (remove only)
"iSofter DVD Ripper Platinum_is1" = iSofter DVD Ripper Platinum 1.0.2006.912
"JAWS8.0" = Freedom Scientific JAWS 8.0
"Jigs@w Puzzle Promo Creator_is1" = Jigs@w Puzzle Promo Creator 2.1
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LastFM_is1" = Last.fm 1.5.1.29527
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"Macromedia FlashPaper 2_is1" = Macromedia FlashPaper 2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mathpad" = Mathpad
"MathPad Plus: Fractions and Decimals 1.03 for Windows" = MathPad Plus: Fractions and Decimals 1.03 for Windows
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.11)" = Mozilla Firefox (3.0.11)
"Mozilla Thunderbird (2.0.0.16)" = Mozilla Thunderbird (2.0.0.16)
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"MultiMail" = MultiMail
"MWSnap 3" = MWSnap 3
"Nemonika" = Nemonika 1.1
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NSSSetup.{3FADAA19-E595-44CA-A072-58B6B0851768}" = Norton Security Scan (Symantec Corporation)
"Numbers Vol 1 1.0" = Numbers Vol 1 1.0
"Overlay Maker 3" = Overlay Maker 3
"Page-Reader Bar" = Page-Reader Bar
"Pathfinder PASS_is1" = Pathfinder PASS 3.00.1
"PDFCreator Toolbar" = PDFCreator Toolbar
"PhotoShow 5" = PhotoShow 5
"Picasa 3" = Picasa 3
"Pingus" = Pingus
"PowerTalk_is1" = PowerTalk 1.2.11
"PROPLUS" = Microsoft Office Professional Plus 2007
"RealPlayer 6.0" = RealPlayer
"Recuva" = Recuva (remove only)
"Registry Mechanic_is1" = Registry Mechanic 8.0
"Scratch" = Scratch
"Sight Words Buddy_is1" = Sight Words Buddy 1.0
"Sketch Effect" = Sketch Effect
"Slidestory" = Slidestory
"Sony Digital Voice Editor 2" = Sony Digital Voice Editor 2
"SpeedCrunch_is1" = SpeedCrunch 0.10
"SpringBoard PASS_is1" = SpringBoard PASS 3.03.2
"Spyware Doctor" = Spyware Doctor 6.0
"SqueezeCenter_is1" = SqueezeCenter 7.3.2
"SwitchIt! Maker 2" = SwitchIt! Maker 2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The Early Learning Suite_is1" = The Learning Suite 2.1.1
"The Most Commonly Used Words" = The Most Commonly Used Words
"TopOCR" = TopOCR 3.1
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Tux Paint Stamps_is1" = Tux Paint Stamps 2007-11-21
"Tux Paint_is1" = Tux Paint 0.9.15
"Type Booster_is1" = Type Booster 2.8
"UnityWebPlayer" = Unity Web Player
"Vantage-Vanguard PASS 5.00.0_is1" = Vantage-Vanguard PASS 5.00.0
"Vantage-Vanguard PASS_is1" = Vantage-Vanguard PASS 4.03.2
"Vu-Bar" = Vu-Bar
"VV_Outloud_40_En_US" = IBM ViaVoice Outloud Runtime v4.0 - US English
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.42-3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WordWeb" = WordWeb
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XMind" = XMind
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yuuguu" = Yuuguu
"Zac Browser English" = Zac Browser English

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe Acrobat Connect Add-in" = Adobe Acrobat Connect Add-in
"fe22c98b1da9cae8" = Ginger Spell
"Google Chrome" = Google Chrome
"Molecular Workbench V2.0" = Molecular Workbench V2.0
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/11/2009 10:29:09 AM | Computer Name = SETBC149373 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 6/11/2009 5:38:23 PM | Computer Name = SETBC149373 | Source = Google Update | ID = 20
Description =

Error - 6/11/2009 6:28:35 PM | Computer Name = SETBC149373 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 6/12/2009 4:12:46 AM | Computer Name = SETBC149373 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 6/12/2009 9:53:51 AM | Computer Name = SETBC149373 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 6/12/2009 9:54:32 AM | Computer Name = SETBC149373 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 6/12/2009 9:55:26 AM | Computer Name = SETBC149373 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 6/12/2009 11:04:50 AM | Computer Name = SETBC149373 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 6/12/2009 11:05:28 AM | Computer Name = SETBC149373 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 6/12/2009 11:05:55 AM | Computer Name = SETBC149373 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

[ OSession Events ]
Error - 8/11/2008 7:14:46 PM | Computer Name = SETBC149373 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/12/2008 12:19:17 PM | Computer Name = SETBC149373 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 61462
seconds with 0 seconds of active time. This session ended with a crash.

Error - 9/12/2008 6:12:51 PM | Computer Name = SETBC149373 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 8, Application Name: Microsoft Office Publisher, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 100438
seconds with 300 seconds of active time. This session ended with a crash.

Error - 9/18/2008 6:39:11 PM | Computer Name = SETBC149373 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 5304
seconds with 480 seconds of active time. This session ended with a crash.

Error - 9/25/2008 6:02:54 PM | Computer Name = SETBC149373 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 105902
seconds with 7680 seconds of active time. This session ended with a crash.

Error - 12/1/2008 5:33:02 PM | Computer Name = SETBC149373 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6324.5001, Microsoft Office Version: 12.0.6215.1000. This session lasted 87575
seconds with 960 seconds of active time. This session ended with a crash.

Error - 12/8/2008 2:19:48 AM | Computer Name = SETBC149373 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 288812
seconds with 8100 seconds of active time. This session ended with a crash.

Error - 1/8/2009 8:15:38 PM | Computer Name = SETBC149373 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 276241
seconds with 1800 seconds of active time. This session ended with a crash.

Error - 5/12/2009 12:40:38 PM | Computer Name = SETBC149373 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 233396
seconds with 2460 seconds of active time. This session ended with a crash.

Error - 5/21/2009 5:07:20 AM | Computer Name = SETBC149373 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 599791
seconds with 14940 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 6/11/2009 8:52:02 PM | Computer Name = SETBC149373 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 6/11/2009 9:27:05 PM | Computer Name = SETBC149373 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 6/11/2009 9:27:05 PM | Computer Name = SETBC149373 | Source = PlugPlayManager | ID = 12
Description = The device 'HL-DT-ST DVDRAM GSA-T20N' (IDE\CdRomHL-DT-ST_DVDRAM_GSA-T20N________________WT03____\324b37464b373031333320322020202020202020)
disappeared from the system without first being prepared for removal.

Error - 6/12/2009 4:12:09 AM | Computer Name = SETBC149373 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain SETBCAD due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 6/12/2009 6:15:02 AM | Computer Name = SETBC149373 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 6/12/2009 8:13:50 AM | Computer Name = SETBC149373 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain SETBCAD due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 6/12/2009 9:53:51 AM | Computer Name = SETBC149373 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain SETBCAD due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 6/12/2009 9:54:27 AM | Computer Name = SETBC149373 | Source = Service Control Manager | ID = 7000
Description = The ikfirm service failed to start due to the following error: %%1058

Error - 6/12/2009 11:04:49 AM | Computer Name = SETBC149373 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain SETBCAD due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 6/12/2009 11:05:23 AM | Computer Name = SETBC149373 | Source = Service Control Manager | ID = 7000
Description = The ikfirm service failed to start due to the following error: %%1058


< End of report >
  • 0

Advertisements


#2
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hi

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
  • 0

#3
paulhami

paulhami

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Many many thanks! After carefully following your instructions, and running ComboFix, my system seems to be functioning normally again. Google searches are no longer redirected, and Google Reader also seems to be working properly.

My first experience with geekstogo has been extremely positive. I will be recommending you highly, and probably write a blog post about this experience. --Paul

Below is a copy of the log created by ComboFix:

ComboFix 09-06-12.04 - phamilton 06/13/2009 6:26.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.683 [GMT -3:00]
Running from: c:\documents and settings\phamilton\Desktop\ComboFix.exe
AV: Norton AntiVirus 2005 *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\PHAMIL~1\LOCALS~1\Temp\jna33891.tmp
c:\docume~1\PHAMIL~1\LOCALS~1\Temp\pdk-phamilton-2032\054a515a11c7920cfc4d7faea7af4932\XS.dll
c:\docume~1\PHAMIL~1\LOCALS~1\Temp\pdk-phamilton-2032\0fdf6651ec58af7738a5f192a16308f3\WinError.dll
c:\docume~1\PHAMIL~1\LOCALS~1\Temp\pdk-phamilton-2032\12913763d8b9f06d2ca82771fcb306f1\Parser.dll
c:\docume~1\PHAMIL~1\LOCALS~1\Temp\pdk-phamilton-2032\14f8cfecb15e1c87916789ed739489ff\Expat.dll
c:\docume~1\PHAMIL~1\LOCALS~1\Temp\pdk-phamilton-2032\1c4c331123ae5269fbd179de68e18722\Socket.dll
c:\docume~1\PHAMIL~1\LOCALS~1\Temp\pdk-phamilton-2032\37dbb36b1afb4153f311e1937d13beb9\Win32.dll
c:\docume~1\PHAMIL~1\LOCALS~1\Temp\pdk-phamilton-2032\463172d63e5c347ebd2a2c9f3e30a769\Cwd.dll
c:\docume~1\PHAMIL~1\LOCALS~1\Temp\pdk-phamilton-2032\4698d6dad1d9192f189448cd2250e41c\Registry.dll
c:\docume~1\PHAMIL~1\LOCALS~1\Temp\pdk-phamilton-2032\480ac5427cb6705921c199c825f6feda\File.dll
c:\docume~1\PHAMIL~1\LOCALS~1\Temp\pdk-phamilton-2032\514f58c7649fa1fe7afd0239e90bf91d\SHA1.dll
c:\docume~1\PHAMIL~1\LOCALS~1\Temp\pdk-phamilton-2032\531074183cd92c8ee6e38095fed64379\Detector.dll
c:\docume~1\PHAMIL~1\LOCALS~1\Temp\pdk-phamilton-2032\563d7ead40b59c49009856a0b10f2014\Array.dll
c:\docume~1\PHAMIL~1\LOCALS~1\Temp\pdk-phamilton-2032\5665e9d91ffd5329b4b069811edd98e1\XS.dll
c:\docume~1\PHAMIL~1\LOCALS~1\Temp\pdk-phamilton-2032\619eb23c53abde1a9d9d6b8d81ccd746\Util.dll
c:\docume~1\PHAMIL~1\LOCALS~1\Temp\pdk-phamilton-2032\6b58dab08175faa9470d9b8f08345f77\Byte.dll
c:\docume~1\PHAMIL~1\LOCALS~1\Temp\pdk-phamilton-2032\6ecc81286663495601d2499da7def595\Zlib.dll
c:\docume~1\PHAMIL~1\LOCALS~1\Temp\pdk-phamilton-2032\776043a051266bed6315875a8a879b49\GD.dll
c:\docume~1\PHAMIL~1\LOCALS~1\Temp\pdk-phamilton-2032\804a82b53759189a7786eee16508a628\Unicode.dll
c:\docume~1\PHAMIL~1\LOCALS~1\Temp\pdk-phamilton-2032\8715287e64467664fda73ee36a680ad6\ReadKey.dll
c:\docume~1\PHAMIL~1\LOCALS~1\Temp\pdk-phamilton-2032\899240261dde99660e14431e6d8d1fe9\DBI.dll
c:\docume~1\PHAMIL~1\LOCALS~1\Temp\pdk-phamilton-2032\8d9ba91df5b696882e70aa59f4766acb\Storable.dll
c:\docume~1\PHAMIL~1\LOCALS~1\Temp\pdk-phamilton-2032\8ee7a6c9ed2bc0f12b37cc777e09a537\File.dll
c:\docume~1\PHAMIL~1\LOCALS~1\Temp\pdk-phamilton-2032\93e8018418e0dd3aeabcea5210c424d9\IO.dll
c:\docume~1\PHAMIL~1\LOCALS~1\Temp\pdk-phamilton-2032\95e9a2327e375c6b6f41bca6adf49352\Registry.dll
c:\docume~1\PHAMIL~1\LOCALS~1\Temp\pdk-phamilton-2032\9e11e8cf40c66b8d30f95ce783f2ac0b\Hostname.dll
c:\docume~1\PHAMIL~1\LOCALS~1\Temp\pdk-phamilton-2032\a507fccf2be25b878761a66bf411c201\mysql.dll
c:\docume~1\PHAMIL~1\LOCALS~1\Temp\pdk-phamilton-2032\ad76515ff4d1de346e3888790190a3c0\API.dll
c:\docume~1\PHAMIL~1\LOCALS~1\Temp\pdk-phamilton-2032\b1ef31ab16378a4b392b3d07f25c074a\Service.dll
c:\docume~1\PHAMIL~1\LOCALS~1\Temp\pdk-phamilton-2032\b2a041897a5d2e9486f60c2f6017af23\Peek.dll
c:\docume~1\PHAMIL~1\LOCALS~1\Temp\pdk-phamilton-2032\b5ac0b87ff26ec339558537436e82acd\HiRes.dll
c:\docume~1\PHAMIL~1\LOCALS~1\Temp\pdk-phamilton-2032\bbd2dcfa51103025d57caa776bc1047b\B.dll
c:\docume~1\PHAMIL~1\LOCALS~1\Temp\pdk-phamilton-2032\c0bb48510a66e6fdcb5936be6801222d\MD5.dll
c:\docume~1\PHAMIL~1\LOCALS~1\Temp\pdk-phamilton-2032\c537490a8d5597db7ef38c63a14dd378\Base64.dll
c:\docume~1\PHAMIL~1\LOCALS~1\Temp\pdk-phamilton-2032\c92f1c7d4396f53f4c5d352e2bd8c9a9\Syck.dll
c:\docume~1\PHAMIL~1\LOCALS~1\Temp\pdk-phamilton-2032\cd6be9554293967a36ad1075b097a79b\OLE.dll
c:\docume~1\PHAMIL~1\LOCALS~1\Temp\pdk-phamilton-2032\e247dd11d21a2bfdb97ad0cdd295b32d\Encode.dll
c:\docume~1\PHAMIL~1\LOCALS~1\Temp\pdk-phamilton-2032\e51718032942dd5fb4b1590be1ec8d83\Process.dll
c:\docume~1\PHAMIL~1\LOCALS~1\Temp\pdk-phamilton-2032\ea8f9cce13d067ab0d898ca399b403ed\Fcntl.dll
c:\docume~1\PHAMIL~1\LOCALS~1\Temp\pdk-phamilton-2032\f101a1002e0deeff9062f440b4956f0f\FastCalc.dll
c:\docume~1\PHAMIL~1\LOCALS~1\Temp\pdk-phamilton-2032\fa142febd5dc53f93f911452e1a99387\Hebrew.dll
c:\docume~1\PHAMIL~1\LOCALS~1\Temp\pdk-phamilton-2032\fb2e449d6244301907de33f5adebdb35\POSIX.dll
c:\docume~1\PHAMIL~1\LOCALS~1\Temp\pdk-phamilton-2032\perl58.dll
c:\docume~1\PHAMIL~1\LOCALS~1\Temp\pdk-phamilton-2696\0fdf6651ec58af7738a5f192a16308f3\WinError.dll
c:\docume~1\PHAMIL~1\LOCALS~1\Temp\pdk-phamilton-2696\1c4c331123ae5269fbd179de68e18722\Socket.dll
c:\docume~1\PHAMIL~1\LOCALS~1\Temp\pdk-phamilton-2696\37dbb36b1afb4153f311e1937d13beb9\Win32.dll
c:\docume~1\PHAMIL~1\LOCALS~1\Temp\pdk-phamilton-2696\463172d63e5c347ebd2a2c9f3e30a769\Cwd.dll
c:\docume~1\PHAMIL~1\LOCALS~1\Temp\pdk-phamilton-2696\4698d6dad1d9192f189448cd2250e41c\Registry.dll
c:\docume~1\PHAMIL~1\LOCALS~1\Temp\pdk-phamilton-2696\4e2f70cf514e42eb8319b6c42723ed06\Dumper.dll
c:\docume~1\PHAMIL~1\LOCALS~1\Temp\pdk-phamilton-2696\b1ef31ab16378a4b392b3d07f25c074a\Service.dll
c:\docume~1\PHAMIL~1\LOCALS~1\Temp\pdk-phamilton-2696\c147fa650a1a0662dceef2f7ea370a7d\List.dll
c:\docume~1\PHAMIL~1\LOCALS~1\Temp\pdk-phamilton-2696\e247dd11d21a2bfdb97ad0cdd295b32d\Encode.dll
c:\docume~1\PHAMIL~1\LOCALS~1\Temp\pdk-phamilton-2696\e51718032942dd5fb4b1590be1ec8d83\Process.dll
c:\docume~1\PHAMIL~1\LOCALS~1\Temp\pdk-phamilton-2696\perl58.dll
c:\documents and settings\phamilton\Application Data\.#
c:\documents and settings\phamilton\Local Settings\Temp\jna33891.tmp
c:\documents and settings\phamilton\Local Settings\Temp\pdk-phamilton-2032\054a515a11c7920cfc4d7faea7af4932\XS.dll
c:\documents and settings\phamilton\Local Settings\Temp\pdk-phamilton-2032\0fdf6651ec58af7738a5f192a16308f3\WinError.dll
c:\documents and settings\phamilton\Local Settings\Temp\pdk-phamilton-2032\12913763d8b9f06d2ca82771fcb306f1\Parser.dll
c:\documents and settings\phamilton\Local Settings\Temp\pdk-phamilton-2032\14f8cfecb15e1c87916789ed739489ff\Expat.dll
c:\documents and settings\phamilton\Local Settings\Temp\pdk-phamilton-2032\1c4c331123ae5269fbd179de68e18722\Socket.dll
c:\documents and settings\phamilton\Local Settings\Temp\pdk-phamilton-2032\37dbb36b1afb4153f311e1937d13beb9\Win32.dll
c:\documents and settings\phamilton\Local Settings\Temp\pdk-phamilton-2032\463172d63e5c347ebd2a2c9f3e30a769\Cwd.dll
c:\documents and settings\phamilton\Local Settings\Temp\pdk-phamilton-2032\4698d6dad1d9192f189448cd2250e41c\Registry.dll
c:\documents and settings\phamilton\Local Settings\Temp\pdk-phamilton-2032\480ac5427cb6705921c199c825f6feda\File.dll
c:\documents and settings\phamilton\Local Settings\Temp\pdk-phamilton-2032\514f58c7649fa1fe7afd0239e90bf91d\SHA1.dll
c:\documents and settings\phamilton\Local Settings\Temp\pdk-phamilton-2032\531074183cd92c8ee6e38095fed64379\Detector.dll
c:\documents and settings\phamilton\Local Settings\Temp\pdk-phamilton-2032\563d7ead40b59c49009856a0b10f2014\Array.dll
c:\documents and settings\phamilton\Local Settings\Temp\pdk-phamilton-2032\5665e9d91ffd5329b4b069811edd98e1\XS.dll
c:\documents and settings\phamilton\Local Settings\Temp\pdk-phamilton-2032\619eb23c53abde1a9d9d6b8d81ccd746\Util.dll
c:\documents and settings\phamilton\Local Settings\Temp\pdk-phamilton-2032\6b58dab08175faa9470d9b8f08345f77\Byte.dll
c:\documents and settings\phamilton\Local Settings\Temp\pdk-phamilton-2032\6ecc81286663495601d2499da7def595\Zlib.dll
c:\documents and settings\phamilton\Local Settings\Temp\pdk-phamilton-2032\776043a051266bed6315875a8a879b49\GD.dll
c:\documents and settings\phamilton\Local Settings\Temp\pdk-phamilton-2032\804a82b53759189a7786eee16508a628\Unicode.dll
c:\documents and settings\phamilton\Local Settings\Temp\pdk-phamilton-2032\8715287e64467664fda73ee36a680ad6\ReadKey.dll
c:\documents and settings\phamilton\Local Settings\Temp\pdk-phamilton-2032\899240261dde99660e14431e6d8d1fe9\DBI.dll
c:\documents and settings\phamilton\Local Settings\Temp\pdk-phamilton-2032\8d9ba91df5b696882e70aa59f4766acb\Storable.dll
c:\documents and settings\phamilton\Local Settings\Temp\pdk-phamilton-2032\8ee7a6c9ed2bc0f12b37cc777e09a537\File.dll
c:\documents and settings\phamilton\Local Settings\Temp\pdk-phamilton-2032\93e8018418e0dd3aeabcea5210c424d9\IO.dll
c:\documents and settings\phamilton\Local Settings\Temp\pdk-phamilton-2032\95e9a2327e375c6b6f41bca6adf49352\Registry.dll
c:\documents and settings\phamilton\Local Settings\Temp\pdk-phamilton-2032\9e11e8cf40c66b8d30f95ce783f2ac0b\Hostname.dll
c:\documents and settings\phamilton\Local Settings\Temp\pdk-phamilton-2032\a507fccf2be25b878761a66bf411c201\mysql.dll
c:\documents and settings\phamilton\Local Settings\Temp\pdk-phamilton-2032\ad76515ff4d1de346e3888790190a3c0\API.dll
c:\documents and settings\phamilton\Local Settings\Temp\pdk-phamilton-2032\b1ef31ab16378a4b392b3d07f25c074a\Service.dll
c:\documents and settings\phamilton\Local Settings\Temp\pdk-phamilton-2032\b2a041897a5d2e9486f60c2f6017af23\Peek.dll
c:\documents and settings\phamilton\Local Settings\Temp\pdk-phamilton-2032\b5ac0b87ff26ec339558537436e82acd\HiRes.dll
c:\documents and settings\phamilton\Local Settings\Temp\pdk-phamilton-2032\bbd2dcfa51103025d57caa776bc1047b\B.dll
c:\documents and settings\phamilton\Local Settings\Temp\pdk-phamilton-2032\c0bb48510a66e6fdcb5936be6801222d\MD5.dll
c:\documents and settings\phamilton\Local Settings\Temp\pdk-phamilton-2032\c537490a8d5597db7ef38c63a14dd378\Base64.dll
c:\documents and settings\phamilton\Local Settings\Temp\pdk-phamilton-2032\c92f1c7d4396f53f4c5d352e2bd8c9a9\Syck.dll
c:\documents and settings\phamilton\Local Settings\Temp\pdk-phamilton-2032\cd6be9554293967a36ad1075b097a79b\OLE.dll
c:\documents and settings\phamilton\Local Settings\Temp\pdk-phamilton-2032\e247dd11d21a2bfdb97ad0cdd295b32d\Encode.dll
c:\documents and settings\phamilton\Local Settings\Temp\pdk-phamilton-2032\e51718032942dd5fb4b1590be1ec8d83\Process.dll
c:\documents and settings\phamilton\Local Settings\Temp\pdk-phamilton-2032\ea8f9cce13d067ab0d898ca399b403ed\Fcntl.dll
c:\documents and settings\phamilton\Local Settings\Temp\pdk-phamilton-2032\f101a1002e0deeff9062f440b4956f0f\FastCalc.dll
c:\documents and settings\phamilton\Local Settings\Temp\pdk-phamilton-2032\fa142febd5dc53f93f911452e1a99387\Hebrew.dll
c:\documents and settings\phamilton\Local Settings\Temp\pdk-phamilton-2032\fb2e449d6244301907de33f5adebdb35\POSIX.dll
c:\documents and settings\phamilton\Local Settings\Temp\pdk-phamilton-2032\perl58.dll
c:\documents and settings\phamilton\Local Settings\Temp\pdk-phamilton-2696\0fdf6651ec58af7738a5f192a16308f3\WinError.dll
c:\documents and settings\phamilton\Local Settings\Temp\pdk-phamilton-2696\1c4c331123ae5269fbd179de68e18722\Socket.dll
c:\documents and settings\phamilton\Local Settings\Temp\pdk-phamilton-2696\37dbb36b1afb4153f311e1937d13beb9\Win32.dll
c:\documents and settings\phamilton\Local Settings\Temp\pdk-phamilton-2696\463172d63e5c347ebd2a2c9f3e30a769\Cwd.dll
c:\documents and settings\phamilton\Local Settings\Temp\pdk-phamilton-2696\4698d6dad1d9192f189448cd2250e41c\Registry.dll
c:\documents and settings\phamilton\Local Settings\Temp\pdk-phamilton-2696\4e2f70cf514e42eb8319b6c42723ed06\Dumper.dll
c:\documents and settings\phamilton\Local Settings\Temp\pdk-phamilton-2696\b1ef31ab16378a4b392b3d07f25c074a\Service.dll
c:\documents and settings\phamilton\Local Settings\Temp\pdk-phamilton-2696\c147fa650a1a0662dceef2f7ea370a7d\List.dll
c:\documents and settings\phamilton\Local Settings\Temp\pdk-phamilton-2696\e247dd11d21a2bfdb97ad0cdd295b32d\Encode.dll
c:\documents and settings\phamilton\Local Settings\Temp\pdk-phamilton-2696\e51718032942dd5fb4b1590be1ec8d83\Process.dll
c:\documents and settings\phamilton\Local Settings\Temp\pdk-phamilton-2696\perl58.dll
c:\windows\system32\AutoRun.inf

.
((((((((((((((((((((((((( Files Created from 2009-05-13 to 2009-06-13 )))))))))))))))))))))))))))))))
.

2009-06-12 15:34 . 2009-06-12 15:34 -------- d-----w- C:\Rooter$
2009-06-12 14:21 . 2009-06-12 14:21 -------- d-----w- c:\documents and settings\phamilton\Application Data\Malwarebytes
2009-06-12 14:21 . 2009-05-26 16:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-12 14:21 . 2009-06-12 14:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-12 14:21 . 2009-06-12 14:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-12 14:21 . 2009-05-26 16:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-12 14:18 . 2009-06-12 14:18 -------- d-----w- c:\program files\ERUNT
2009-06-11 14:39 . 2009-06-11 14:39 -------- d-----w- c:\program files\Trend Micro
2009-06-11 14:37 . 2009-06-11 14:37 152576 ----a-w- c:\documents and settings\phamilton\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-11 11:14 . 2009-06-13 09:35 117760 ----a-w- c:\documents and settings\phamilton\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-11 11:13 . 2009-06-11 11:13 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-06-11 11:13 . 2009-06-11 11:13 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-11 11:13 . 2009-06-11 11:13 -------- d-----w- c:\documents and settings\phamilton\Application Data\SUPERAntiSpyware.com
2009-06-10 21:02 . 2008-12-11 11:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-06-10 21:02 . 2009-04-03 14:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-06-10 21:02 . 2008-12-18 15:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-06-10 21:02 . 2009-06-13 09:40 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-10 21:01 . 2009-06-10 21:03 -------- d-----w- c:\program files\Common Files\PC Tools
2009-06-10 21:01 . 2008-12-10 14:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-06-10 21:01 . 2009-06-12 12:51 -------- d-----w- c:\program files\Spyware Doctor
2009-06-10 21:01 . 2009-06-10 21:01 -------- d-----w- c:\documents and settings\phamilton\Application Data\PC Tools
2009-06-10 21:01 . 2009-06-10 21:01 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-06-05 21:15 . 2009-06-13 09:41 -------- d-----w- c:\program files\Yuuguu
2009-06-04 01:57 . 2008-12-04 04:25 120832 ----a-w- c:\documents and settings\phamilton\Application Data\Mozilla\Firefox\Profiles\vh6bre3x.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\plugins\npietab.dll
2009-06-03 15:00 . 2009-06-03 15:00 -------- d-----w- c:\program files\iPod
2009-06-03 15:00 . 2009-06-03 15:00 -------- d-----w- c:\program files\iTunes
2009-06-03 15:00 . 2009-06-03 15:00 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-03 14:57 . 2009-06-03 14:57 -------- d-----w- c:\program files\Bonjour
2009-06-03 14:55 . 2009-06-03 14:55 -------- d-----w- c:\program files\Apple Software Update
2009-06-03 11:24 . 2009-06-03 11:24 -------- d-----w- c:\program files\Hewlett-Packard
2009-06-03 11:24 . 2009-06-03 11:24 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-06-03 11:23 . 2009-06-03 11:23 -------- d-----w- c:\program files\HP
2009-06-03 11:22 . 2009-06-03 11:24 121329 ----a-w- c:\windows\hpoins15.dat
2009-06-03 11:22 . 2007-09-21 15:15 1037 ------w- c:\windows\hpomdl15.dat
2009-05-27 10:33 . 2009-05-27 10:34 -------- d-----w- c:\program files\Microsoft USB Flash Drive Manager
2009-05-24 10:19 . 2009-05-24 10:19 -------- d-----w- c:\program files\TopOCR
2009-05-23 19:05 . 2009-05-23 19:05 -------- d-----w- c:\program files\Microsoft Producer 2
2009-05-23 19:05 . 2001-05-16 19:54 309616 ----a-w- c:\windows\system32\wmv8dmod.dll
2009-05-23 19:05 . 2001-05-11 15:18 420240 ----a-w- c:\windows\system32\mpg4c32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-13 09:41 . 2008-06-25 03:54 -------- d-----w- c:\documents and settings\phamilton\Application Data\Skype
2009-06-13 09:41 . 2008-01-10 17:53 -------- d-----w- c:\program files\Symantec AntiVirus
2009-06-13 09:41 . 2008-06-25 03:54 -------- d-----w- c:\documents and settings\phamilton\Application Data\skypePM
2009-06-12 13:54 . 2008-07-02 19:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-06-11 11:13 . 2008-01-09 23:56 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-11 10:31 . 2007-12-28 20:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-10 21:00 . 2008-06-02 05:04 -------- d-----w- c:\program files\Norton Security Scan
2009-06-09 09:58 . 2009-01-27 15:05 81920 ----a-w- c:\documents and settings\phamilton\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\connectaddin\connecthook.dll
2009-06-09 09:58 . 2009-01-27 15:05 190976 ----a-w- c:\documents and settings\phamilton\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\connectaddin\connectsprd.dll
2009-06-03 14:57 . 2007-12-21 23:15 -------- d-----w- c:\program files\QuickTime
2009-06-03 14:56 . 2008-09-19 01:22 -------- d-----w- c:\program files\Common Files\Apple
2009-05-21 18:16 . 2008-04-25 16:14 -------- d-----w- c:\program files\Canon
2009-05-21 18:16 . 2007-10-26 13:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-19 19:35 . 2009-02-15 15:57 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJPLM
2009-05-09 09:23 . 2009-05-09 09:23 -------- d-----w- c:\documents and settings\phamilton\Application Data\kidoz.BEE1A73C2823991A35AF9D460907E7449C6F543D.1
2009-05-09 09:23 . 2009-05-09 09:23 -------- d-----w- c:\program files\KIDOZ
2009-05-09 09:23 . 2009-05-09 09:23 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-05-09 09:22 . 2008-10-05 13:44 38208 ----a-w- c:\documents and settings\phamilton\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-05-08 12:55 . 2009-05-08 12:55 -------- d-----w- c:\program files\Unity
2009-05-07 15:32 . 2004-08-04 04:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-05 14:15 . 2008-12-10 17:16 153464 ----a-w- c:\documents and settings\phamilton\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-05 14:02 . 2009-05-05 14:02 -------- d-----w- c:\program files\Design Science
2009-05-05 11:38 . 2009-05-05 11:38 -------- d-----w- c:\program files\WordWeb
2009-05-05 10:22 . 2009-03-18 14:33 -------- d-----w- c:\program files\fxc
2009-05-04 22:51 . 2007-12-28 22:14 109988 ---ha-w- c:\windows\system32\mlfcache.dat
2009-05-04 17:32 . 2008-05-08 17:37 -------- d-----w- c:\documents and settings\phamilton\Application Data\OpenOffice.org3
2009-05-04 17:27 . 2008-05-08 17:37 1 ----a-w- c:\documents and settings\phamilton\Application Data\OpenOffice.org3\user\uno_packages\cache\stamp.sys
2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr
2009-04-29 10:02 . 2009-04-29 10:01 -------- d-----w- c:\documents and settings\All Users\Application Data\SqueezeCenter
2009-04-29 10:01 . 2009-04-29 10:01 -------- d-----w- c:\program files\SqueezeCenter
2009-04-29 04:56 . 2004-08-04 04:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-04 04:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-27 19:27 . 2009-04-27 19:27 -------- d-----w- c:\documents and settings\phamilton\Application Data\TypeBooster.com
2009-04-27 19:27 . 2009-04-27 19:27 -------- d-----w- c:\program files\Type Booster
2009-04-25 19:37 . 2009-04-25 19:37 -------- d-----w- c:\program files\Nemonika
2009-04-25 18:08 . 2007-07-25 22:18 -------- dc----w- c:\program files\Java
2009-04-25 18:07 . 2009-04-25 18:07 152576 ----a-w- c:\documents and settings\phamilton\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-24 16:12 . 2009-02-15 16:17 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJ
2009-04-24 12:32 . 2006-11-15 19:44 2000000 ----atw- c:\windows\system32\HJSMEM.DAT
2009-04-22 21:53 . 2007-12-28 21:20 -------- d-----w- c:\program files\Macromedia
2009-04-22 21:52 . 2009-04-22 21:52 -------- d-----w- c:\program files\The ACE Centre
2009-04-20 14:52 . 2008-04-27 16:08 -------- d-----w- c:\program files\Flickr Uploadr
2009-04-17 12:26 . 2004-08-04 04:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-04 04:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-12 22:54 . 2009-04-25 09:15 954368 ----a-w- c:\documents and settings\phamilton\Application Data\Mozilla\Firefox\Profiles\vh6bre3x.default\extensions\[email protected]\libs\PicLensHelper.exe
2009-04-12 22:54 . 2009-04-25 09:15 103424 ----a-w- c:\documents and settings\phamilton\Application Data\Mozilla\Firefox\Profiles\vh6bre3x.default\extensions\[email protected]\libs\pixomatic.dll
2009-04-12 22:54 . 2009-04-25 09:15 71652 ----a-w- c:\documents and settings\phamilton\Application Data\Mozilla\Firefox\Profiles\vh6bre3x.default\extensions\[email protected]\libs\avutil-49.dll
2009-04-12 22:54 . 2009-04-25 09:15 4534272 ----a-w- c:\documents and settings\phamilton\Application Data\Mozilla\Firefox\Profiles\vh6bre3x.default\extensions\[email protected]\libs\cooliris19.dll
2009-04-12 22:54 . 2009-04-25 09:15 344064 ----a-w- c:\documents and settings\phamilton\Application Data\Mozilla\Firefox\Profiles\vh6bre3x.default\extensions\[email protected]\libs\LaunchCooliris.exe
2009-04-12 22:54 . 2009-04-25 09:15 131868 ----a-w- c:\documents and settings\phamilton\Application Data\Mozilla\Firefox\Profiles\vh6bre3x.default\extensions\[email protected]\libs\avformat-52.dll
2009-04-12 22:54 . 2009-04-25 09:15 1161626 ----a-w- c:\documents and settings\phamilton\Application Data\Mozilla\Firefox\Profiles\vh6bre3x.default\extensions\[email protected]\libs\avcodec-51.dll
2009-04-12 22:54 . 2009-04-25 09:15 65536 ----a-w- c:\documents and settings\phamilton\Application Data\Mozilla\Firefox\Profiles\vh6bre3x.default\extensions\[email protected]\components\coolirisstub.dll
2009-04-10 14:14 . 2009-04-10 14:14 390664 ----a-w- c:\documents and settings\phamilton\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-04-02 19:29 . 2009-04-02 19:29 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-03-19 19:32 . 2009-03-19 19:32 23400 ----a-w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-19 19:32 . 2008-09-19 01:25 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2008-05-29 04:56 . 2008-05-29 04:56 14290 -c----w- c:\program files\settings.dat
2008-05-16 22:23 . 2008-05-16 22:23 35 -c----w- c:\program files\FlashDetector.ini
2001-07-07 02:47 . 2001-07-07 02:47 3149 -c--a-w- c:\program files\ReadMe.txt
2001-07-06 19:59 . 2001-07-06 19:59 372736 ----a-w- c:\program files\Dragnifier.exe
2009-01-13 20:28 . 2009-01-12 21:56 44360 -c--a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2009-01-13 20:28 . 2009-01-12 21:56 107928 -c--a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2009-01-12 21:56 . 2009-01-12 21:56 46408 -c--a-w- c:\program files\mozilla firefox\plugins\atmccli.dll
2009-01-12 21:56 . 2009-01-12 21:56 98712 -c--a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-16 147456]
"H/PC Connection Agent"="c:\progra~1\MI3AA1~1\wcescomm.exe" [2006-06-27 1207080]
"Simple Star PhotoShow Media Manager"="c:\progra~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe" [2008-03-21 353520]
"Google Update"="c:\documents and settings\phamilton\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-07 133104]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688]
"TypeBooster"="c:\program files\Type Booster\typebooster.exe" [2008-12-07 450560]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2009-05-27 2832280]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-05-26 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2006-04-12 638976]
"TPNF"="c:\program files\TOSHIBA\TouchPad\TPTray.exe" [2007-06-01 53248]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2007-04-10 159744]
"HWSetup"="c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 28672]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-01 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-01 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-01 138008]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-27 888832]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"WordQ carat flag"="c:\program files\WordQ2\WordQcrs.exe" [2006-02-14 24576]
"USBKeys"="c:\program files\Crick Software\USBKeys2\\USBKeys.exe" [2006-09-11 708608]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-04-08 48752]
"vptray"="c:\progra~1\SYMANT~2\VPTray.exe" [2005-04-17 85184]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-04-01 36352]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 155648]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-13 198160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-06-04 1182088]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2007-06-13 16377344]
"TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2005-06-01 282624]
"ZoomingHook"="ZoomingHook.exe" - c:\windows\system32\ZoomingHook.exe [2005-06-06 24576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"symPCCheckup"="c:\windows\system32\Adobe\Shockwave 11\symcheckupstub.exe" [2008-09-10 234872]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-04-29 124928]

c:\documents and settings\phamilton\Start Menu\Programs\Startup\
palmOne Registration.lnk - c:\program files\palmOne\register.exe [2008-9-26 2367488]
Yuuguu.lnk - c:\program files\Yuuguu\jre\bin\javaw.exe [2009-5-15 53346]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 15:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Kurzweil Educational Systems\\Kurzweil 3000\\Kurzweil 3000.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Java\\jre1.6.0_05\\bin\\java.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\bin\\java.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\WinHTTrack\\WinHTTrack.exe"=
"c:\\Documents and Settings\\phamilton\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"9000:TCP"= 9000:TCP:SqueezeCenter 9000 tcp (UI)
"9090:TCP"= 9090:TCP:SqueezeCenter 9090 tcp (CLI)
"3483:UDP"= 3483:UDP:SqueezeCenter 3483 udp
"3483:TCP"= 3483:TCP:SqueezeCenter 3483 tcp
"53:TCP"= 53:TCP:websrvx
"8085:TCP"= 8085:TCP:podmena

R0 iastor75;iastor75;c:\windows\system32\drivers\iastor75.sys [7/24/2007 10:43 AM 304920]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [6/10/2009 6:02 PM 130936]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/26/2009 10:05 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 10:05 AM 72944]
R2 FlipShare Service;FlipShare Service;c:\program files\Pure Digital Technologies\FlipShare\FlipShareService.exe [11/13/2008 6:17 PM 439616]
R2 IntelliKeys USB Service;IntelliKeys USB Service;c:\itools\INTELL~1\private\ikusbsvc.exe [1/18/2008 5:34 PM 221184]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [6/10/2009 6:01 PM 348752]
R2 SqueezeMySQL;SqueezeMySQL;c:\progra~1\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe --defaults-file=c:\docume~1\ALLUSE~1\APPLIC~1\SQUEEZ~1\Cache\my.cnf SqueezeMySQL --> c:\progra~1\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe --defaults-file=c:\docume~1\ALLUSE~1\APPLIC~1\SQUEEZ~1\Cache\my.cnf SqueezeMySQL [?]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 10:05 AM 7408]
S2 ikfirm;ikfirm;c:\windows\system32\drivers\ikfirm.sys [1/18/2008 5:34 PM 20280]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/4/2006 12:19 AM 13592]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [12/13/2008 3:00 AM 39048]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [4/17/2005 4:30 PM 124608]

--- Other Services/Drivers In Memory ---

*Deregistered* - EraserUtilDrv10910
*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Contents of the 'Scheduled Tasks' folder

2009-06-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 15:34]

2009-06-13 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-12-28 21:37]

2009-06-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3341296880-2298546112-91892142-1356.job
- c:\documents and settings\phamilton\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-07 22:40]

2009-06-13 c:\windows\Tasks\Norton PC Checkup Setup.job
- c:\windows\system32\Adobe\Shockwave 11\symcheckupstub.exe [2008-09-10 13:06]

2009-06-10 c:\windows\Tasks\Norton Security Scan for phamilton.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 11:18]

2009-06-13 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-05-12 01:18]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Miro - c:\program files\Participatory Culture Foundation\Miro\Miro.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.setbc.org/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
DPF: {3713F92E-2252-4A87-868E-C5F17704D4C6} - hxxp://www.rockyou.com/aurigma/RockYouImageUploader.cab
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-13 06:38
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1804)
c:\windows\system32\CSGina.dll
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\documents and settings\phamilton\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

- - - - - - - > 'explorer.exe'(4316)
c:\program files\Spyware Doctor\pctgmhk.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Microsoft Virtual PC\VPCShExH.DLL
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Canon\IJPLM\ijplmsvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Spyware Doctor\pctsSvc.exe
c:\progra~1\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\windows\system32\TODDSrv.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\CF5309.exe
c:\windows\system32\TPSBattM.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Crick Software\USBKeys2\USBKeys.exe
c:\program files\Synaptics\SynTP\SynToshiba.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\itools\IntelliKeys USB\private\iksystray.exe
c:\program files\SqueezeCenter\SqueezeTray.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\SQUEEZ~1\server\SQUEEZ~1.EXE
c:\program files\WordWeb\wweb32.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
.
**************************************************************************
.
Completion time: 2009-06-13 6:50 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-13 09:50

Pre-Run: 13,346,504,704 bytes free
Post-Run: 13,304,684,544 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

435 --- E O F --- 2009-06-11 10:31
  • 0

#4
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
glad to hear, looking good so far


Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean




Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






Go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

  • 0

#5
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP