ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/04 11:08
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP3
==================================================
Drivers
-------------------
Name: dump_iastor.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_iastor.sys
Address: 0xA74AB000 Size: 872448 File Visible: No Signed: -
Status: -
Name: nwfilter.sys
Image Path: nwfilter.sys
Address: 0xBA4BC000 Size: 15808 File Visible: No Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA2272000 Size: 49152 File Visible: No Signed: -
Status: -
SSDT
-------------------
#: 017 Function Name: NtAllocateVirtualMemory
Status: Hooked by "<unknown>" at address 0x8b049b70
#: 037 Function Name: NtCreateFile
Status: Hooked by "C:\WINDOWS\system32\drivers\pwipf6.sys" at address 0xacde68f0
#: 041 Function Name: NtCreateKey
Status: Hooked by "<unknown>" at address 0x8b001910
#: 047 Function Name: NtCreateProcess
Status: Hooked by "<unknown>" at address 0x8afe31f0
#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "C:\WINDOWS\system32\drivers\pwipf6.sys" at address 0xacde7c50
#: 050 Function Name: NtCreateSection
Status: Hooked by "C:\WINDOWS\system32\drivers\pwipf6.sys" at address 0xacde7530
#: 053 Function Name: NtCreateThread
Status: Hooked by "C:\WINDOWS\system32\drivers\pwipf6.sys" at address 0xacde7820
#: 057 Function Name: NtDebugActiveProcess
Status: Hooked by "C:\WINDOWS\system32\drivers\pwipf6.sys" at address 0xacde6de0
#: 063 Function Name: NtDeleteKey
Status: Hooked by "<unknown>" at address 0x8b0181c0
#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "<unknown>" at address 0x8afe3268
#: 116 Function Name: NtOpenFile
Status: Hooked by "C:\WINDOWS\system32\drivers\pwipf6.sys" at address 0xacde6aa0
#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\system32\drivers\pwipf6.sys" at address 0xacde5b00
#: 125 Function Name: NtOpenSection
Status: Hooked by "C:\WINDOWS\system32\drivers\pwipf6.sys" at address 0xacde6c70
#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\system32\drivers\pwipf6.sys" at address 0xacde70c0
#: 180 Function Name: NtQueueApcThread
Status: Hooked by "<unknown>" at address 0x8b049be8
#: 186 Function Name: NtReadVirtualMemory
Status: Hooked by "<unknown>" at address 0x8b049a80
#: 192 Function Name: NtRenameKey
Status: Hooked by "<unknown>" at address 0x8afe4488
#: 206 Function Name: NtResumeThread
Status: Hooked by "C:\WINDOWS\system32\drivers\pwipf6.sys" at address 0xacde5f80
#: 213 Function Name: NtSetContextThread
Status: Hooked by "<unknown>" at address 0x8b049cd8
#: 226 Function Name: NtSetInformationKey
Status: Hooked by "<unknown>" at address 0x8afe3358
#: 228 Function Name: NtSetInformationProcess
Status: Hooked by "<unknown>" at address 0x8b049f30
#: 229 Function Name: NtSetInformationThread
Status: Hooked by "<unknown>" at address 0x8b049d50
#: 247 Function Name: NtSetValueKey
Status: Hooked by "<unknown>" at address 0x8afe32e0
#: 253 Function Name: NtSuspendProcess
Status: Hooked by "<unknown>" at address 0x8b049eb8
#: 254 Function Name: NtSuspendThread
Status: Hooked by "<unknown>" at address 0x8b049c60
#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\WINDOWS\system32\drivers\pwipf6.sys" at address 0xacde59b0
#: 258 Function Name: NtTerminateThread
Status: Hooked by "C:\WINDOWS\system32\drivers\pwipf6.sys" at address 0xacde5e30
#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "<unknown>" at address 0x8b049af8
==EOF==
OTL logfile created on: 10/4/2009 11:14:26 AM - Run 1
OTL by OldTimer - Version 3.0.18.2 Folder = C:\Documents and Settings\Tom\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 3.73 Gb Available in Paging File | 93.28% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 107.07 Gb Total Space | 74.24 Gb Free Space | 69.34% Space Free | Partition Type: NTFS
Drive D: | 37.23 Gb Total Space | 7.06 Gb Free Space | 18.95% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: PTW2
Current User Name: Tom
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2005/08/04 02:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2007/02/27 17:35:04 | 00,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
PRC - [2006/02/14 12:00:00 | 00,106,496 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\pcAnywhere\awhost32.exe
PRC - [2006/10/09 17:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe
PRC - [2005/08/05 11:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe
PRC - [2005/06/17 05:55:58 | 00,086,140 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
PRC - [2008/12/18 11:47:08 | 09,158,656 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
PRC - [2008/10/22 05:25:30 | 00,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2008/07/31 15:19:40 | 00,353,672 | ---- | M] (Webroot Software Inc (www.webroot.com)) -- C:\Program Files\Webroot\Webroot Desktop Firewall\wdfsvc.exe
PRC - [2008/08/09 14:42:02 | 03,585,384 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
PRC - [2005/08/05 11:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
PRC - [2008/04/14 06:42:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/02/06 03:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2002/03/12 10:37:28 | 00,028,672 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\System32\NWTRAY.EXE
PRC - [2007/09/06 11:45:42 | 00,040,960 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\System32\iprntctl.exe
PRC - [2007/09/06 11:45:54 | 00,045,056 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\System32\iprntlgn.exe
PRC - [2004/11/24 17:09:40 | 00,266,240 | ---- | M] () -- C:\Program Files\Print Server\PTP\PSDiagnostic.exe
PRC - [2007/02/04 12:02:14 | 00,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
PRC - [2006/09/20 08:35:26 | 00,020,480 | ---- | M] () -- C:\WINDOWS\System32\spool\drivers\w32x86\3\WrtMon.exe
PRC - [2006/10/30 16:59:34 | 00,024,576 | ---- | M] () -- C:\WINDOWS\System32\spool\drivers\w32x86\3\WrtProc.exe
PRC - [2008/05/27 17:19:42 | 00,032,768 | ---- | M] (SHARP CORPORATION) -- C:\Program Files\Sharp\Sharpdesk\SharpTray.exe
PRC - [2008/05/26 04:28:04 | 00,704,512 | ---- | M] (SHARP CORPORATION) -- C:\Program Files\Sharp\Sharpdesk\FtpServer.exe
PRC - [2008/08/09 16:04:58 | 05,418,864 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
PRC - [2006/06/20 22:36:22 | 01,207,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2007/03/22 16:49:58 | 00,304,696 | ---- | M] (Sybase, Inc.) -- C:\Program Files\SQL Anywhere 10\Sybase Central 5.0.0\win32\scjview.exe
PRC - [2007/03/22 16:50:26 | 00,304,696 | ---- | M] (iAnywhere Solutions, Inc.) -- C:\Program Files\SQL Anywhere 10\win32\dbisqlg.exe
PRC - [2008/08/26 09:48:09 | 02,019,624 | ---- | M] (Uniblue Software) -- C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe
PRC - [2006/06/20 22:36:00 | 00,187,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2007/03/01 10:35:40 | 00,245,760 | ---- | M] () -- C:\Program Files\Bluetooth Mouse\MulMouse.exe
PRC - [2007/02/27 17:43:30 | 00,561,213 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007/02/27 17:41:50 | 01,409,108 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2008/05/26 04:21:08 | 00,548,864 | ---- | M] (SHARP CORPORATION) -- C:\Program Files\Sharp\Sharpdesk\nsapp.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/04/14 06:42:38 | 00,538,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\spider.exe
PRC - [2008/08/09 14:42:02 | 00,181,608 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
PRC - [2009/10/04 11:11:25 | 00,519,168 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tom\Desktop\OTL.exe
========== Win32 Services (SafeList) ==========
SRV - [2008/07/25 12:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2005/08/04 02:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2006/02/14 12:00:00 | 00,106,496 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\pcAnywhere\awhost32.exe -- (awhost32 [Auto | Running])
SRV - [2007/02/27 17:35:04 | 00,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins [Auto | Running])
SRV - [2008/07/25 12:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2005/01/18 09:17:56 | 00,036,864 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\System32\cusrvc.exe -- (cusrvc [On_Demand | Stopped])
SRV - [2007/03/07 15:47:46 | 00,076,848 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [Disabled | Stopped])
SRV - [2006/10/09 17:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe -- (ehRecvr [Auto | Running])
SRV - [2005/08/05 11:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe -- (ehSched [Auto | Running])
SRV - [2008/07/29 22:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/04/14 06:42:04 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/06/17 05:55:58 | 00,086,140 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe -- (IAANTMon [Auto | Running])
SRV - [2004/10/22 04:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 20:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2006/01/19 11:29:52 | 02,041,536 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate [On_Demand | Stopped])
SRV - File not found -- -- (mcmscsvc [Disabled | Stopped])
SRV - [2005/08/05 11:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
SRV - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Disabled | Stopped])
SRV - [2004/08/10 02:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped])
SRV - [2008/12/18 11:47:08 | 09,158,656 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe -- (MSSQL$MICROSOFTSMLBIZ [Auto | Running])
SRV - [2005/05/03 23:50:28 | 00,073,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -- (MSSQLServerADHelper [On_Demand | Stopped])
SRV - [2004/11/19 09:26:40 | 00,147,456 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
SRV - [2008/07/29 20:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2008/10/22 05:25:30 | 00,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService [Auto | Running])
SRV - [2007/05/24 07:08:44 | 00,061,440 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService [On_Demand | Stopped])
SRV - [2005/05/03 22:42:56 | 00,323,584 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE -- (SQLAgent$MICROSOFTSMLBIZ [On_Demand | Stopped])
SRV - [2008/07/31 15:19:40 | 00,353,672 | ---- | M] (Webroot Software Inc (www.webroot.com)) -- C:\Program Files\Webroot\Webroot Desktop Firewall\wdfsvc.exe -- (WDFNet [Auto | Running])
SRV - [2008/08/09 14:42:02 | 03,585,384 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- (WebrootSpySweeperService [Auto | Running])
SRV - [2000/09/28 23:58:42 | 00,129,536 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\WFXSVC.EXE -- (wfxsvc [Disabled | Stopped])
SRV - File not found -- -- (WinVNC4 [Auto | Stopped])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/24 03:00:23 | 00,000,000 | ---D | M]
Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.CPL (Microsoft Corporation)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [FtpServer.exe] C:\Program Files\Sharp\Sharpdesk\FtpServer.exe (SHARP CORPORATION)
O4 - HKLM..\Run: [IndexTray] C:\Program Files\Sharp\Sharpdesk\IndexTray.exe (SHARP CORPORATION)
O4 - HKLM..\Run: [iPrint Event Monitor] C:\WINDOWS\System32\iprntlgn.exe (Novell, Inc.)
O4 - HKLM..\Run: [iPrint Tray] C:\WINDOWS\System32\iprntctl.exe (Novell, Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] C:\WINDOWS\System32\dumprep.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NWTRAY] C:\WINDOWS\System32\NWTRAY.EXE (Novell, Inc.)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PrintServer Diagnostic] C:\Program Files\Print Server\PTP\PSDiagnostic.exe ()
O4 - HKLM..\Run: [QuickBooksDB18] C:\Program Files\Intuit\QuickBooks Basic\QBDBMgrN.exe (iAnywhere Solutions, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [SharpTray] C:\Program Files\Sharp\Sharpdesk\SharpTray.exe (SHARP CORPORATION)
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [TypeRegChecker] C:\Program Files\Sharp\Sharpdesk\TypeRegChecker.exe (SHARP CORPORATION)
O4 - HKLM..\Run: [Webroot Desktop Firewall] C:\Program Files\Webroot\Webroot Desktop Firewall\WDF.exe (Webroot Software Inc (www.webroot.com))
O4 - HKLM..\Run: [WrtMon.exe] C:\WINDOWS\System32\spool\drivers\w32x86\3\WrtMon.exe ()
O4 - HKCU..\Run: [DBISQL10] C:\Program Files\SQL Anywhere 10\win32\dbisqlg.exe (iAnywhere Solutions, Inc.)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SybaseCentral500] C:\Program Files\SQL Anywhere 10\Sybase Central 5.0.0\win32\scjview.exe (Sybase, Inc.)
O4 - HKCU..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe (Uniblue Software)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Mouse.lnk = C:\Program Files\Bluetooth Mouse\MulMouse.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: CompatibleRUPSecurity = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\wshbth.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: //@surf.mar@/ ([]money in Local intranet)
O16 - DPF: {00000032-9593-4264-8B29-930B3E4EDCCD} https://www.rooms.hp...VCInstall32.cab (HPVirtualRooms32 Class)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft....k/?linkid=67633 (Office Genuine Advantage Validation Tool)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://zone.msn.com/...UI.cab55579.cab (StagingUI Object)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.micr...veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} http://a516.g.akamai...cat-no-eula.cab (Citrix ICA Client)
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} http://zone.msn.com/...dy.cab55579.cab (MSN Games – Buddy Invite)
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} http://zone.msn.com/...at.cab55579.cab (ZonePAChat Object)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase5036.cab (Windows Live Safety Center Base Module)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...ows-i586-jc.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} http://www.portplus....es/MSSurVid.cab (SurroundVideoCtrl Object)
O16 - DPF: {A7B6FBFE-C894-4954-8377-D1CF19B4E07F} http://lws.dbcsmarts...ets/OcxLink.cab (Wapplink Control)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} http://zone.msn.com/...xy.cab55579.cab (MSN Games – Game Communicator)
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} http://pccheckup.del...ll/gtdownde.cab (Dell PC Checkup Installer Control)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcaf...128/mcfscan.cab (McFreeScan Class)
O16 - DPF: {F3C7C5EE-8BBA-4B6E-8147-3B315A41B85B} http://lws.dbcsmarts...all/install.cab (Reg Error: Key error.)
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} http://zone.msn.com/...on.cab64162.cab (MSN Games – Backgammon)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\system\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\system\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\system\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\system\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks Basic\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\system\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - Reg Error: Key error. File not found
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\system\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\system\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sds {79E0F14C-9C52-4218-89A7-7C4B0563D121} - C:\Program Files\Sharp\Sharpdesk\ExplorerExtensions.dll (SHARP CORPORATION)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (NWGINA.DLL) - C:\WINDOWS\System32\NWGINA.DLL (Novell, Inc.)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\PCANotify: DllName - PCANotify.dll - C:\WINDOWS\System32\PCANotify.dll (Symantec Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {A213B520-C6C2-11d0-AF9D-008029E1027E} - C:\Program Files\WinFax\WfxSeh32.Dll (Symantec Corporation)
O30 - LSA: Authentication Packages - (nwv1_0) - C:\WINDOWS\System32\nwv1_0.dll (Novell, Inc.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 02:43:04 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found
NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: MHN - C:\WINDOWS\System32\mhn.dll (Microsoft Corporation)
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
========== Files/Folders - Created Within 14 Days ==========
[2009/10/04 10:14:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/10/04 10:14:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Application Data\Malwarebytes
[2009/10/04 10:11:59 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/10/04 10:14:47 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/04 11:11:21 | 00,519,168 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tom\Desktop\OTL.exe
[2009/10/04 11:02:43 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Tom\Desktop\RootRepeal.exe
[2009/10/04 10:14:49 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/04 10:14:47 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/04 10:13:43 | 04,045,536 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Tom\Desktop\mbam-setup.exe
[2009/10/04 10:10:05 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Tom\Desktop\erunt_setup.exe
[2009/10/04 10:08:20 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\Tom\Desktop\SysRestorePoint.exe
[2009/10/04 09:57:40 | 00,271,872 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tom\Desktop\TFC.exe
========== Files - Modified Within 14 Days ==========
[2009/10/04 11:15:00 | 00,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{CCDD0B01-8238-4077-A14F-9A17B4D7A6AC}.job
[2009/10/04 11:11:25 | 00,519,168 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tom\Desktop\OTL.exe
[2009/10/04 11:03:07 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\settings.dat
[2009/10/04 11:02:49 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Tom\Desktop\RootRepeal.exe
[2009/10/04 10:14:52 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/04 10:13:55 | 04,045,536 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Tom\Desktop\mbam-setup.exe
[2009/10/04 10:12:03 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\NTREGOPT.lnk
[2009/10/04 10:12:03 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\ERUNT.lnk
[2009/10/04 10:10:11 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Tom\Desktop\erunt_setup.exe
[2009/10/04 10:08:20 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\Tom\Desktop\SysRestorePoint.exe
[2009/10/04 10:00:30 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/04 10:00:27 | 00,000,434 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2009/10/04 09:59:31 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/04 09:59:26 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/04 09:59:24 | 32,192,71680 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/04 09:57:41 | 00,271,872 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tom\Desktop\TFC.exe
[2009/10/04 04:29:00 | 00,000,368 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2009/10/04 02:00:00 | 00,001,684 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper_LC77CF802FC1846229CFAA9C981592A64.job
[2009/10/04 02:00:00 | 00,001,684 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper_L4072572A394B4A319843CB2443BEF175.job
[2009/10/04 00:38:04 | 00,000,184 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2009/10/03 13:08:23 | 00,000,572 | ---- | M] () -- C:\Documents and Settings\Tom\My Documents\spider.sav
[2009/10/02 02:00:00 | 00,001,684 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper_LA266B0840A684CB09A73AB6589ADF155.job
[2009/10/02 02:00:00 | 00,001,684 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper_L607310AC269C49609BBAE1AAE2B3448B.job
[2009/10/02 02:00:00 | 00,001,534 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeperFullSweep.job
[2009/09/30 18:25:17 | 00,607,840 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\cc_20090930_1824.reg
========== Files - No Company Name ==========
[2009/10/04 11:03:07 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\settings.dat
[2009/10/04 10:14:52 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/04 10:12:03 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\NTREGOPT.lnk
[2009/10/04 10:12:03 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\ERUNT.lnk
[2009/09/30 18:24:31 | 00,607,840 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\cc_20090930_1824.reg
[2009/02/25 21:23:40 | 00,061,678 | ---- | C] () -- C:\Documents and Settings\Tom\Application Data\PFP120JPR.{PB
[2009/02/25 21:23:40 | 00,012,358 | ---- | C] () -- C:\Documents and Settings\Tom\Application Data\PFP120JCM.{PB
[2008/12/24 13:34:19 | 00,876,102 | ---- | C] () -- C:\Documents and Settings\Tom\Application Data\fontlst2.opf
[2008/11/14 20:21:11 | 00,000,187 | ---- | C] () -- C:\Documents and Settings\Tom\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
[2008/05/03 20:05:10 | 00,002,508 | ---- | C] () -- C:\Documents and Settings\Tom\Application Data\$_hpcst$.hpc
[2008/01/14 13:31:05 | 00,000,088 | -HS- | C] () -- C:\Documents and Settings\Tom\Application Data\ZPUQPMQDC8BKG5QST7A9QKXGJU
[2008/01/07 17:53:11 | 00,000,600 | ---- | C] () -- C:\Documents and Settings\Tom\Local Settings\Application Data\PUTTY.RND
[2007/07/27 09:57:02 | 00,008,704 | ---- | C] () -- C:\Documents and Settings\Tom\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/10/07 20:20:10 | 00,009,728 | ---- | C] () -- C:\Documents and Settings\Tom\Application Data\dvd.bmk
[2006/06/14 20:27:34 | 00,112,024 | ---- | C] () -- C:\Documents and Settings\Tom\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2006/06/14 20:11:00 | 01,574,790 | -H-- | C] () -- C:\Documents and Settings\Tom\Local Settings\Application Data\IconCache.db
[2006/06/14 20:11:00 | 00,000,126 | ---- | C] () -- C:\Documents and Settings\Tom\Local Settings\Application Data\fusioncache.dat
[2006/06/14 20:11:00 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Tom\Application Data\desktop.ini
[2005/08/16 02:33:24 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
========== LOP Check ==========
[2009/10/04 10:14:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/05/17 21:27:53 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}
[2008/01/14 11:46:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Agilix
[2008/04/22 14:12:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2008/01/14 08:26:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2007/08/31 04:58:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2008/03/29 14:19:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2007/10/20 14:17:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
[2005/08/16 18:54:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2008/04/09 03:35:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2009/04/07 17:18:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/04/01 17:52:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Virus PLUS
[2008/07/02 21:36:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2008/12/24 13:08:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sharp
[2008/12/24 13:16:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sharpdesk
[2008/06/18 16:30:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 10
[2009/01/01 10:51:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TVU Networks
[2006/12/27 19:23:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/10/04 10:14:55 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Tom\Application Data
[2008/07/03 16:55:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Canon
[2009/02/25 21:23:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Corel
[2006/06/28 09:31:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Corel Photo Album
[2008/02/04 15:13:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\ICAClient
[2006/09/14 20:26:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Leadertech
[2009/08/29 19:22:29 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Tom\Application Data\Move Networks
[2009/01/27 19:02:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\NewSoft
[2008/07/02 21:36:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\ScanSoft
[2006/06/14 21:36:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Share-to-Web Upload Folder
[2008/12/24 13:34:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Sharpdesk
[2009/05/17 21:28:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Uniblue
[2007/03/03 11:03:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Viewpoint
[2004/08/10 03:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2008/12/24 13:18:43 | 00,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Indexing Task - Tom - test.job
[2008/01/17 17:14:50 | 00,000,336 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2008/01/17 17:14:49 | 00,000,328 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
[2009/04/01 18:04:19 | 00,000,390 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration.job
[2009/10/04 10:00:27 | 00,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Program Check.job
[2009/10/04 04:29:00 | 00,000,368 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure.job
[2009/10/04 09:59:31 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/10/04 11:15:00 | 00,000,418 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{CCDD0B01-8238-4077-A14F-9A17B4D7A6AC}.job
[2009/10/02 02:00:00 | 00,001,534 | ---- | M] () -- C:\WINDOWS\Tasks\wrSpySweeperFullSweep.job
[2009/10/04 02:00:00 | 00,001,684 | ---- | M] () -- C:\WINDOWS\Tasks\wrSpySweeper_L4072572A394B4A319843CB2443BEF175.job
[2009/10/02 02:00:00 | 00,001,684 | ---- | M] () -- C:\WINDOWS\Tasks\wrSpySweeper_L607310AC269C49609BBAE1AAE2B3448B.job
[2009/10/02 02:00:00 | 00,001,684 | ---- | M] () -- C:\WINDOWS\Tasks\wrSpySweeper_LA266B0840A684CB09A73AB6589ADF155.job
[2009/10/04 02:00:00 | 00,001,684 | ---- | M] () -- C:\WINDOWS\Tasks\wrSpySweeper_LC77CF802FC1846229CFAA9C981592A64.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< %systemroot%\system32\eventlog.dll >
[2008/04/14 06:41:54 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll
< %systemroot%\system32\scecli.dll >
[2008/04/14 06:42:06 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll
< %systemroot%\netlogon.dll >
< %systemroot%\system32\cngaudit.dll >
< %systemroot%\system32\sceclt.dll >
< %systemroot%\ntelogon.dll >
< %systemroot%\system32\logevent.dll >
< End of report >
what else can I do or send you to help correct this problem?