Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

AdAware won't run [Solved]

Started by Home Bass , Nov 14 2009 04:31 AM

  • This topic is locked This topic is locked

#1
Home Bass
Posted 14 November 2009 - 04:31 AM

Home Bass

    Member

  • Member
  • PipPip
  • 46 posts
Neither AdAware nor SpyBot ran. Looking at some of the posts in your forums led me to try renaming the executables. That resulted in SpyBot running successfully but AdAware still will not. I'm concerned my system may still have problems even after following the directions in your Guide. My system is also very slow to boot and shut down. I thank you in advance and hope you can help. Here are my MBAM, RootRepeal and OTL logs:

Malwarebytes' Anti-Malware 1.41
Database version: 3168
Windows 5.1.2600 Service Pack 3

11/14/2009 4:25:49 AM
mbam-log-2009-11-14 (04-25-49).txt

Scan type: Quick Scan
Objects scanned: 102756
Time elapsed: 10 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 1
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\VXNlcg (Adware.CommAd) -> Quarantined and deleted successfully.

Files Infected:
(No malicious items detected)


ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/14 05:04
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xEDFB2000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF79E0000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xEBA42000 Size: 49152 File Visible: No Signed: -
Status: -

Processes
-------------------
Path: C:\WINDOWS\system32\svchost.exe
PID: 432 Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\svchost.exe
PID: 448 Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\svchost.exe
PID: 656 Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\csrss.exe
PID: 1204 Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\svchost.exe
PID: 1600 Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\wbem\wmiprvse.exe
PID: 2232 Status: Locked to the Windows API!

Path: C:\Program Files\Windows Media Player\wmpnetwk.exe
PID: 2448 Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\alg.exe
PID: 2704 Status: Locked to the Windows API!

Path: C:\Program Files\Rogers Online Protection\Rogers Online Protection\Kav\Bin\ScanningProcess.exe
PID: 3140 Status: Locked to the Windows API!

SSDT
-------------------
#: 025 Function Name: NtClose
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xee0d62a0

#: 031 Function Name: NtConnectPort
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xee0d434e

#: 041 Function Name: NtCreateKey
Status: Hooked by "Lbd.sys" at address 0xf750087e

#: 047 Function Name: NtCreateProcess
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xee0d5fd0

#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xee0d6140

#: 050 Function Name: NtCreateSection
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xee0d6e10

#: 052 Function Name: NtCreateSymbolicLinkObject
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xee0d68ae

#: 053 Function Name: NtCreateThread
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xee0d77d0

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xee0d6450

#: 097 Function Name: NtLoadDriver
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xee0d3ea0

#: 116 Function Name: NtOpenFile
Status: Hooked by "kl1.sys" at address 0xf71af030

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xee0d5dc0

#: 125 Function Name: NtOpenSection
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xee0d6c3e

#: 173 Function Name: NtQuerySystemInformation
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xee0d7436

#: 200 Function Name: NtRequestWaitReplyPort
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xee0d4930

#: 206 Function Name: NtResumeThread
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xee0d7740

#: 213 Function Name: NtSetContextThread
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xee0d7b00

#: 224 Function Name: NtSetInformationFile
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xee0d80c0

#: 237 Function Name: NtSetSecurityObject
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xee0d2af0

#: 240 Function Name: NtSetSystemInformation
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xee0d6a90

#: 247 Function Name: NtSetValueKey
Status: Hooked by "Lbd.sys" at address 0xf7500bfe

#: 254 Function Name: NtSuspendThread
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xee0d76f0

#: 255 Function Name: NtSystemDebugControl
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xee0d41b0

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xee0d72ab

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xee0d6310

==EOF==


OTL logfile created on: 11/14/2009 5:07:23 AM - Run 1
OTL by OldTimer - Version 3.1.5.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.48 Mb Total Physical Memory | 324.78 Mb Available Physical Memory | 31.76% Memory free
2.40 Gb Paging File | 1.72 Gb Available in Paging File | 71.49% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 34.01 Gb Free Space | 45.63% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: USER-CB34E5069C
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/11/14 05:06:27 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2009/06/16 21:42:17 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/03/05 15:07:20 | 02,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/02/27 21:52:04 | 00,356,592 | ---- | M] (Rogers) -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\RPS.exe
PRC - [2009/02/27 21:52:04 | 00,356,592 | ---- | M] (Rogers) -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\RPS.exe
PRC - [2009/02/27 21:52:04 | 00,097,520 | ---- | M] (Rogers) -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\RpsSecurityAwareR.exe
PRC - [2009/02/27 21:52:04 | 00,097,520 | ---- | M] (Rogers) -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\RpsSecurityAwareR.exe
PRC - [2009/02/27 21:51:18 | 00,363,248 | ---- | M] (Rogers) -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\Fws.exe
PRC - [2009/02/27 13:13:52 | 03,228,912 | ---- | M] (Rogers) -- C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgent.exe
PRC - [2009/02/27 13:13:52 | 00,398,576 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgentComHandler.exe
PRC - [2008/05/21 16:26:10 | 00,451,896 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
PRC - [2008/05/16 05:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/05/16 05:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/04/28 06:23:28 | 00,414,984 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/06 19:40:54 | 00,815,104 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2007/11/06 19:40:54 | 00,815,104 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2007/11/06 19:40:54 | 00,815,104 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2007/09/15 01:27:20 | 01,015,808 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2007/09/06 12:28:18 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2007/03/09 10:09:58 | 00,063,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
PRC - [2006/11/03 18:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 18:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/10/18 20:05:26 | 00,204,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2006/07/04 22:26:02 | 00,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2005/08/03 20:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2005/08/03 20:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2005/01/04 10:50:52 | 00,405,583 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2004/12/08 16:23:22 | 00,790,528 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
PRC - [2004/12/03 13:24:20 | 00,290,816 | ---- | M] (Hewlett-Packard ) -- C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe
PRC - [2004/11/17 23:32:56 | 00,098,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HPQ\shared\hpqwmi.exe
PRC - [2004/08/25 11:26:46 | 00,442,368 | ---- | M] (FinePrint Software, LLC) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\fpdisp5a.exe
PRC - [2004/02/13 14:12:08 | 00,016,423 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
PRC - [2004/02/13 14:12:08 | 00,016,423 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
PRC - [2000/02/08 22:19:48 | 00,036,864 | ---- | M] (Roland) -- C:\Program Files\Roland\VSC32\vscvol.exe
PRC - [2000/02/07 02:02:44 | 00,036,864 | ---- | M] (Roland) -- C:\Program Files\Roland\VSC32\Vsc32Cnf.exe


========== Modules (SafeList) ==========

MOD - [2009/11/14 05:06:27 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2008/04/13 19:12:51 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/04/13 19:11:53 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2004/02/11 16:58:16 | 00,024,613 | ---- | M] (BackWeb) -- C:\Documents and Settings\Owner\Local Settings\Temp\IadHide5.dll
MOD - [2001/03/13 10:15:22 | 00,118,876 | ---- | M] (Roland) -- C:\WINDOWS\system32\vscapi.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/10/26 12:39:35 | 02,309,520 | ---- | M] () -- c:\Program Files\Common Files\Akamai\rswin_3600.dll -- (Akamai)
SRV - [2009/06/16 21:42:17 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/02/27 21:52:04 | 00,097,520 | ---- | M] (Rogers) -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\RpsSecurityAwareR.exe -- (Radialpoint Security Services)
SRV - [2009/02/27 21:51:18 | 00,363,248 | ---- | M] (Rogers) -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\Fws.exe -- (RP_FWS)
SRV - [2008/07/29 20:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/07/29 18:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/07/29 18:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/07/25 10:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/25 10:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2008/05/21 16:25:30 | 00,012,800 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe -- (nmraapache)
SRV - [2008/05/16 05:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/04/28 06:23:36 | 00,738,568 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe -- (PDEngine)
SRV - [2008/04/28 06:23:28 | 00,414,984 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe -- (PDAgent)
SRV - [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)
SRV - [2007/09/26 13:41:56 | 00,503,608 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2007/09/06 12:28:18 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2006/11/03 18:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - [2006/07/29 18:34:38 | 00,117,544 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.dll -- (usnsvc)
SRV - [2005/10/27 09:34:44 | 00,069,632 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2005/08/03 20:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2004/11/17 23:32:56 | 00,098,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HPQ\shared\hpqwmi.exe -- (hpqwmi)
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2009/11/02 22:21:31 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\system32\drivers\Pcouffin.sys -- (Pcouffin)
DRV - [2009/09/23 07:55:23 | 00,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/03/25 05:29:52 | 00,130,432 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2009/02/25 04:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/02/25 04:00:00 | 00,101,936 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/01/05 19:07:27 | 00,124,464 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/10/23 00:58:36 | 01,391,104 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/09/08 11:35:58 | 00,196,368 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2008/06/26 12:23:14 | 00,112,144 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\DRIVERS\kl1.sys -- (KL1)
DRV - [2008/05/16 05:10:32 | 00,023,992 | ---- | M] (Pure Networks, Inc.) -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/05/16 05:10:30 | 00,025,272 | ---- | M] (Pure Networks, Inc.) -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2008/04/25 05:38:22 | 00,071,184 | ---- | M] (Raxco Software, Inc.) -- C:\WINDOWS\system32\drivers\DefragFs.sys -- (DefragFS)
DRV - [2008/04/24 13:02:36 | 00,053,192 | ---- | M] (Radialpoint Inc.) -- C:\WINDOWS\system32\drivers\rp_skt32.sys -- (RPSKT)
DRV - [2008/04/13 13:36:41 | 00,063,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/09/15 01:09:44 | 00,213,696 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/04/19 10:36:50 | 00,048,384 | ---- | M] (Radialpoint, Inc.) -- C:\WINDOWS\system32\drivers\rp_pkt32.sys -- (RPPKT)
DRV - [2007/02/20 12:07:56 | 00,005,632 | ---- | M] () -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2006/06/18 23:37:34 | 00,036,864 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/11/03 03:00:00 | 00,046,080 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2005/08/03 20:10:18 | 01,273,344 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/03/22 13:39:54 | 00,013,059 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2005/03/22 13:39:44 | 00,200,192 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWATI.sys -- (HSFHWATI)
DRV - [2005/03/22 13:39:42 | 01,038,208 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2005/03/22 13:39:40 | 00,703,232 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/12/06 13:07:32 | 00,104,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wceusbsh.sys -- (wceusbsh)
DRV - [2004/11/23 12:57:56 | 00,280,192 | ---- | M] (Conexant Systems Inc.) -- C:\WINDOWS\system32\drivers\camchal.sys -- (CAMCHALA)
DRV - [2004/11/23 12:56:40 | 00,034,048 | ---- | M] (Conexant Systems Inc.) -- C:\WINDOWS\system32\drivers\camcaud.sys -- (CAMCAUD)
DRV - [2004/11/16 13:30:40 | 00,147,840 | ---- | M] (Texas Instruments) -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2004/10/07 20:16:04 | 00,035,840 | ---- | M] (Oak Technology Inc.) -- C:\WINDOWS\system32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/04 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/03 17:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2004/04/14 07:36:50 | 00,007,432 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2003/09/19 00:47:00 | 00,010,368 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/09/10 22:36:54 | 00,021,060 | ---- | M] (InterVideo, Inc.) -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2003/06/06 11:46:16 | 00,005,220 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2001/08/17 13:12:20 | 00,060,416 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\drivers\BrSerWdm.sys -- (BrSerWDM)
DRV - [2001/08/17 13:12:20 | 00,011,008 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2001/08/17 13:12:12 | 00,002,944 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\drivers\BrFilt.sys -- (brfilt)
DRV - [2001/08/17 12:12:22 | 00,010,368 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\drivers\BrUsbScn.sys -- (BrUsbScn)
DRV - [2001/04/16 08:16:58 | 00,951,284 | ---- | M] (Roland) -- C:\WINDOWS\system32\drivers\vsc.sys -- (vsc32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.search.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.search.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.c...ferrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.barrie-homes.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/06/16 21:42:24 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/16 21:33:34 | 00,000,000 | ---D | M]

[2009/06/16 21:47:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/06/16 21:47:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\[email protected]

O1 HOSTS File: (306675 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.pacimedia.com
O1 - Hosts: 127.0.0.1 www.pacimedia.com
O1 - Hosts: 127.0.0.1 www.pacimedia.com
O1 - Hosts: 127.0.0.1 www.pacimedia.com
O1 - Hosts: 127.0.0.1 www.pacimedia.com
O1 - Hosts: 127.0.0.1 as.adwave.com
O1 - Hosts: 127.0.0.1 sr.adwave.com
O1 - Hosts: 127.0.0.1 www.adwave.com
O1 - Hosts: 127.0.0.1 adwave.com
O1 - Hosts: 127.0.0.1 www.pacimedia.com
O1 - Hosts: 127.0.0.1 www.igetnet.com
O1 - Hosts: 127.0.0.1 code.ignphrases.com
O1 - Hosts: 127.0.0.1 clear-search.com
O1 - Hosts: 127.0.0.1 r1.clrsch.com
O1 - Hosts: 127.0.0.1 sds.clrsch.com
O1 - Hosts: 127.0.0.1 status.clrsch.com
O1 - Hosts: 127.0.0.1 www.clrsch.com
O1 - Hosts: 127.0.0.1 clr-sch.com
O1 - Hosts: 127.0.0.1 sds-qckads.com
O1 - Hosts: 127.0.0.1 status.qckads.com
O1 - Hosts: 127.0.0.1 www.qoolaid.com
O1 - Hosts: 127.0.0.1 www.qoologic.com
O1 - Hosts: 127.0.0.1 www.CLKPrecision.com
O1 - Hosts: 127.0.0.1 www.urllogic.com
O1 - Hosts: 10564 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (dsWebAllowBHO Class) - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll (Microsoft Corporation)
O2 - BHO: (PopKill Class) - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Rogers Online Protection\Rogers Online Protection\pkR.dll (Rogers)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [FinePrint Dispatcher v5] C:\WINDOWS\system32\spool\drivers\w32x86\3\fpdisp5a.exe (FinePrint Software, LLC)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [OPSE reminder] C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [RogersServicepointAgent.exe] C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgent.exe (Rogers)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vsc32cnf.exe] C:\Program Files\Roland\VSC32\Vsc32Cnf.exe (Roland)
O4 - HKLM..\Run: [vscvol.exe] C:\Program Files\Roland\VSC32\vscvol.exe (Roland)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [IndexCleaner] C:\Program Files\Rogers Online Protection\Rogers Online Protection\IdxClnR.exe (Rogers)
O4 - HKCU..\RunOnce: [IndexCleaner] C:\Program Files\Rogers Online Protection\Rogers Online Protection\IdxClnR.exe (Rogers)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Outlook\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Outlook\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\\DownloadPDF.exe ()
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: Interealty.com ([]* is out of zone range - 5)
O15 - HKCU\..Trusted Domains: MLXchange.com ([]* is out of zone range - 5)
O15 - HKCU\..Trusted Domains: MLXchange.com ([barrie] http in Trusted sites)
O15 - HKCU\..Trusted Domains: topproducer8i.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.micr...veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {0D859AF0-C75E-11D4-B760-00E0B81077E8} http://barrie.mlxcha...FileCruiser.cab (FileCruiser Class)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnote...ad/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {16FD824B-8E7B-11D2-9855-00802962956C} http://barrie.mlxcha...ol/Specfile.cab (Specfile Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} http://protect.micro...b?1134095294843 (MSSecurityAdvisor Class)
O16 - DPF: {284DAE3C-A691-11D3-AD58-00E0B8107A24} http://barrie.mlxcha...ontrol/SISC.cab (SISCtrl Class)
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} http://dlm.tools.aka...vex-2.2.0.5.cab (DownloadManager Control)
O16 - DPF: {3BB1D69B-A780-4BE1-876E-F3D488877135} http://download.micr...tualEarth3D.cab (SentinelProxy Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro.cce.h...ads/sysinfo.cab (SysData Class)
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} http://barrie.mlxcha...ectComboBox.cab (Interealty MultiSelect)
O16 - DPF: {4EC8E993-32C1-47F5-A07A-5B0574655AD4} http://us.dl1.yimg.c...ntr_current.cab (WXcom Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} https://scan.safety....lscbase3401.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1136857542687 (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} http://barrie.mlxcha...ClientUtils.cab (MLXchange Client Utils)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} http://a840.g.akamai...all/xscan53.cab (HouseCall Control)
O16 - DPF: {78523E50-56EB-11D3-B739-CAA1986A452F} http://barrie.mlxcha...ol/LiteGrid.cab (LiteGridCtl Class)
O16 - DPF: {7A7537FC-5988-11D3-8B33-00104B9E5A4A} http://barrie.mlxcha...IRCWebPrint.cab (IRCWwwPrint Class)
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} http://download.zone...canner37390.cab (ICSScanner Class)
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} http://barrie.mlxcha...ol/IRCSharc.cab (GeacRevw Control)
O16 - DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} https://www.topprodu...ads/arview2.cab (ActiveReports Viewer2)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {B198A72B-B4C3-42B5-B8DA-B364E76429AA} http://barrie.mlxcha...trol/WebDog.cab (Cerebus Class)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F060A272-A18A-11D3-B75B-00E0B81077E8} http://barrie.mlxcha...CustomCtrls.cab (DropList Class)
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} http://dlm.tools.aka...vex-2.2.3.0.cab (DLM Control)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: PUFLITE http://www.barrie-ho...rol/PUFLITE.CAB (Reg Error: Key error.)
O16 - DPF: TruePass EPF 7,0,100,730 https://blrscr3.egs-...sapplet-epf.cab (Reg Error: Key error.)
O16 - DPF: TruePass EPF 7,0,100,739 https://blrscr3.egs-...sapplet-epf.cab (Reg Error: Key error.)
O16 - DPF: WebConnect Pro 6.5.12 http://wc.harryfox.c...ebConnectDU.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.71.255.198
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\intu-qt2007 {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\intu-qt2008 {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - C:\Program Files\QuickTax 2008\ic2008pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.0.0812.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\aatp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.0.0812.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Pure Networks, Inc.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\wzcnotif: DllName - wzcdlg.dll - C:\WINDOWS\System32\wzcdlg.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/09/28 12:20:48 | 00,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{187564bc-cc2f-11db-bece-00904bea1133}\Shell - "" = AutoRun
O33 - MountPoints2\{187564bc-cc2f-11db-bece-00904bea1133}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{187564bc-cc2f-11db-bece-00904bea1133}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (PDBoot.exe) - C:\WINDOWS\System32\PDBoot.exe (Raxco Software, Inc.)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (SsiEfr.e) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/09/28 11:53:50 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: helpsvc - C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2009/11/14 05:06:23 | 00,529,408 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/11/14 05:03:43 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Owner\Desktop\RootRepeal.exe
[2009/11/14 04:09:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2009/11/14 04:09:11 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/11/14 04:08:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/11/14 04:08:53 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/14 04:08:47 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/14 04:07:03 | 04,045,536 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe
[2009/11/14 04:04:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/11/14 04:03:04 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/11/14 03:59:58 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Owner\Desktop\erunt_setup.exe
[2009/11/14 03:57:12 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\Owner\Desktop\SysRestorePoint.exe
[2009/11/14 03:44:48 | 00,339,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2009/11/05 12:53:44 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\PrivacIE
[2009/11/05 12:49:44 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\IETldCache
[2009/11/05 12:45:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/11/05 12:36:20 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/11/05 12:32:35 | 00,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll
[2009/11/05 12:32:28 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpshims.dll
[2009/11/05 12:32:26 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieproxy.dll
[2009/11/02 22:58:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\CopyToDvd
[2009/11/02 22:43:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\DVDVideoSoft
[2009/11/02 22:43:31 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2009/11/02 22:43:30 | 00,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2009/11/02 22:37:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\1ClickDVDCopy
[2009/11/02 22:21:31 | 00,047,360 | ---- | C] (VSO Software) -- C:\WINDOWS\System32\drivers\Pcouffin.sys
[2009/11/02 22:21:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\PcSetup
[2009/11/02 22:21:22 | 00,000,000 | ---D | C] -- C:\Program Files\LG Software Innovations
[2009/11/02 22:15:49 | 00,000,000 | ---D | C] -- C:\Program Files\Cute CD DVD Burner
[2009/10/17 17:02:11 | 00,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/10/17 12:37:00 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}

========== Files - Modified Within 30 Days ==========

[2009/11/14 05:06:29 | 30,223,904 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/11/14 05:06:27 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/11/14 05:06:26 | 01,376,800 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009/11/14 05:04:01 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\settings.dat
[2009/11/14 05:03:50 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Owner\Desktop\RootRepeal.exe
[2009/11/14 05:01:21 | 00,000,872 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/11/14 04:51:27 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/11/14 04:47:26 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/14 04:47:15 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/14 04:47:05 | 10,722,22208 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/14 04:46:11 | 00,130,028 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2009/11/14 04:46:09 | 00,405,740 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/11/14 04:45:42 | 11,272,192 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2009/11/14 04:45:42 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2009/11/14 04:09:21 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/14 04:07:44 | 04,045,536 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe
[2009/11/14 04:03:09 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk
[2009/11/14 04:03:09 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2009/11/14 04:00:10 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Owner\Desktop\erunt_setup.exe
[2009/11/14 03:57:32 | 00,444,596 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/14 03:57:31 | 00,072,306 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/14 03:57:28 | 00,526,678 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/14 03:57:13 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\Owner\Desktop\SysRestorePoint.exe
[2009/11/14 03:44:51 | 00,339,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2009/11/13 23:52:04 | 71,514,6240 | ---- | M] () -- C:\WINDOWS\outlook.pst
[2009/11/13 23:36:19 | 00,000,066 | ---- | M] () -- C:\WINDOWS\BBW_INFO.INI
[2009/11/13 23:15:08 | 00,000,392 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E9834806-95AE-4C9A-BE89-2033424A5102}.job
[2009/11/13 16:00:01 | 00,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\{DD9841C2-FF71-4992-9C78-E4A2079B987D}_USER-CB34E5069C_Owner.job
[2009/11/13 16:00:01 | 00,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\{0871E114-9034-457F-B776-6F8FB1FB2657}_USER-CB34E5069C_Owner.job
[2009/11/12 06:12:19 | 00,529,696 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/11 22:29:38 | 00,002,395 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/11/11 20:43:57 | 00,002,653 | ---- | M] () -- C:\WINDOWS\BRMFBIDI.INI
[2009/11/07 17:20:34 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/06 00:37:55 | 00,001,979 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2009/11/05 15:01:22 | 00,160,861 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\all_statements2009-04-01.zip
[2009/11/05 13:14:07 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/11/05 12:36:21 | 26,768,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/11/05 11:19:21 | 00,064,512 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Release Notes for Internet Explorer 8.doc
[2009/11/04 09:00:04 | 00,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\{480D9EB6-B594-4880-AF41-CA8CF972227D}_USER-CB34E5069C_Owner.job
[2009/11/02 22:43:40 | 00,000,892 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\DVDVideoSoft Free Studio.lnk
[2009/11/02 22:21:31 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\System32\drivers\Pcouffin.sys
[2009/11/02 22:21:29 | 00,001,000 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\1Click DVD Copy 4.2.lnk
[2009/11/02 22:16:07 | 00,000,730 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Cute CD DVD Burner.lnk
[2009/11/02 20:42:06 | 00,195,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2009/10/30 18:35:10 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/10/22 23:07:06 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/10/22 13:17:52 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/10/22 04:19:04 | 05,939,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2009/10/22 04:19:04 | 05,939,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll

========== Files Created - No Company Name ==========

[2009/11/14 05:04:01 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\settings.dat
[2009/11/14 04:09:21 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/14 04:03:09 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk
[2009/11/14 04:03:09 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2009/11/05 15:01:14 | 00,160,861 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\all_statements2009-04-01.zip
[2009/11/05 12:49:53 | 00,000,392 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E9834806-95AE-4C9A-BE89-2033424A5102}.job
[2009/11/05 11:19:20 | 00,064,512 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Release Notes for Internet Explorer 8.doc
[2009/11/02 22:43:40 | 00,000,892 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\DVDVideoSoft Free Studio.lnk
[2009/11/02 22:21:29 | 00,001,000 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\1Click DVD Copy 4.2.lnk
[2009/11/02 22:16:07 | 00,000,730 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Cute CD DVD Burner.lnk
[2009/10/22 23:07:05 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/10/22 13:17:52 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/10/22 13:17:52 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/10/17 12:36:54 | 00,000,872 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/05/29 11:26:48 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\WIN.INI
[2009/05/29 11:26:48 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\SYSTEM.INI
[2009/03/03 11:18:04 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2008/12/03 07:45:47 | 00,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/04/28 00:36:51 | 00,000,059 | ---- | C] () -- C:\WINDOWS\INTUIT.INI
[2008/03/08 15:13:25 | 00,000,056 | ---- | C] () -- C:\WINDOWS\LiveUpdate.INI
[2008/01/30 21:29:18 | 00,335,872 | ---- | C] () -- C:\WINDOWS\System32\ldf252.dll
[2007/12/28 13:57:50 | 00,000,532 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2007/12/28 13:06:11 | 00,000,367 | ---- | C] () -- C:\WINDOWS\System32\CNCMFP12.INI
[2007/12/25 12:33:16 | 00,000,332 | ---- | C] () -- C:\WINDOWS\System32\CNCMFP21.INI
[2007/12/25 12:20:22 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2007/12/25 12:18:47 | 00,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2007/10/18 10:55:15 | 00,021,942 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft Excel.ADR
[2007/07/12 20:24:31 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\custmon2k.dll
[2007/06/08 16:27:47 | 00,000,022 | ---- | C] () -- C:\WINDOWS\WS_FTP.INI
[2007/06/05 13:10:35 | 00,023,405 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Comma Separated Values (Windows).ADR
[2007/03/05 12:34:28 | 00,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/02/20 12:07:56 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/01/07 21:15:57 | 00,000,865 | ---- | C] () -- C:\WINDOWS\Common.ini
[2006/09/15 15:29:21 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2006/07/11 22:05:32 | 00,000,004 | ---- | C] () -- C:\WINDOWS\System32\mlcrs0ft.dll
[2006/07/05 13:29:15 | 05,300,386 | -H-- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2006/06/29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/04/10 11:17:26 | 00,000,066 | ---- | C] () -- C:\WINDOWS\BBW_INFO.INI
[2006/04/10 10:58:16 | 00,000,041 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/02/13 23:29:54 | 00,000,000 | ---- | C] () -- C:\WINDOWS\muveeapp.INI
[2006/01/16 08:58:20 | 00,000,024 | ---- | C] () -- C:\WINDOWS\qfnonl.ini
[2006/01/16 08:57:21 | 00,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI
[2006/01/16 08:57:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2006/01/16 08:57:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2006/01/11 22:29:43 | 00,000,032 | ---- | C] () -- C:\WINDOWS\thxcfg.ini
[2006/01/05 18:51:21 | 00,000,050 | ---- | C] () -- C:\WINDOWS\TPDataTransfer.ini
[2006/01/05 18:51:09 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll
[2005/12/28 10:31:23 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2005/12/28 10:31:23 | 00,000,036 | ---- | C] () -- C:\WINDOWS\kpcms.ini
[2005/11/09 13:03:09 | 00,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2005/11/09 13:03:09 | 00,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2005/11/09 07:13:46 | 00,127,608 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2005/11/09 06:49:18 | 00,071,749 | ---- | C] () -- C:\WINDOWS\hcextoutput.dll
[2005/11/09 06:49:18 | 00,000,823 | ---- | C] () -- C:\WINDOWS\tsc.ini
[2005/11/09 06:48:27 | 00,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2005/11/06 22:17:32 | 00,002,653 | ---- | C] () -- C:\WINDOWS\BRMFBIDI.INI
[2005/10/06 10:22:26 | 00,022,528 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/10/05 14:33:57 | 00,004,419 | ---- | C] () -- C:\WINDOWS\hpdj3600.ini
[2005/09/30 15:25:48 | 00,001,979 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2005/09/30 15:25:46 | 00,001,065 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2005/09/30 15:25:45 | 00,000,252 | ---- | C] () -- C:\WINDOWS\ADDRBOOK.INI
[2005/09/30 13:43:33 | 00,000,737 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/09/30 13:06:24 | 00,061,678 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PFP100JPR.{PB
[2005/09/30 13:06:24 | 00,012,358 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PFP100JCM.{PB
[2005/09/30 11:05:10 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\N2PUtil.dll
[2005/09/30 11:04:15 | 00,041,472 | ---- | C] () -- C:\WINDOWS\qvphook.dll
[2005/09/28 19:32:51 | 00,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2005/09/28 12:18:44 | 00,028,510 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/09/28 12:16:26 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/09/28 12:16:26 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/09/28 12:16:26 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/09/28 12:16:26 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/09/28 12:16:26 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/09/28 12:16:26 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/09/28 12:02:56 | 00,033,795 | ---- | C] () -- C:\WINDOWS\System32\pibdpub.dll
[2005/09/28 12:02:56 | 00,031,747 | ---- | C] () -- C:\WINDOWS\System32\hhmepro.dll
[2005/09/28 12:02:56 | 00,026,626 | ---- | C] () -- C:\WINDOWS\System32\ineyuni.dll
[2005/09/28 12:02:56 | 00,020,482 | ---- | C] () -- C:\WINDOWS\System32\elxsinh.dll
[2005/09/28 11:58:47 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\desktop.ini
[2005/09/28 07:38:30 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2004/10/26 12:30:14 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/11 16:37:04 | 00,217,088 | ---- | C] () -- C:\WINDOWS\System32\missouri.dll
[2004/08/04 07:00:00 | 00,249,270 | ---- | C] () -- C:\WINDOWS\System32\_004571_.tmp.dll
[2004/08/04 07:00:00 | 00,022,040 | ---- | C] () -- C:\WINDOWS\System32\_004539_.tmp.dll
[2004/08/04 07:00:00 | 00,002,395 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 07:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/01/12 21:46:34 | 00,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2003/01/14 15:12:10 | 00,000,304 | ---- | C] () -- C:\WINDOWS\dev.ini
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/12/05 18:51:00 | 00,059,392 | R--- | C] () -- C:\WINDOWS\streamhlp.dll
[2002/11/01 16:17:50 | 00,000,256 | ---- | C] () -- C:\WINDOWS\aucfg.ini
[2002/08/12 09:19:42 | 00,101,376 | ---- | C] () -- C:\WINDOWS\System32\Welsof32.dll
[2002/08/09 06:18:44 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\pandoras.dll
[2002/07/04 15:05:34 | 00,000,269 | ---- | C] () -- C:\WINDOWS\tmupdate.ini
[2002/01/08 16:57:34 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[2001/12/14 13:34:46 | 00,164,864 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2000/09/08 17:53:50 | 00,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll
[1999/07/23 13:46:48 | 00,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 10:53:20 | 00,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll
[1997/07/10 23:00:00 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1997/07/10 23:00:00 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/07/10 23:00:00 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2005/10/31 10:56:00 | 00,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe

< %SYSTEMDRIVE%\eventlog.dll /s /md5 >
[2004/08/04 07:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< %SYSTEMDRIVE%\scecli.dll /s /md5 >
[2004/08/04 07:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
[2004/08/04 07:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >

< %SYSTEMDRIVE%\sceclt.dll /s /md5 >

< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >

< %SYSTEMDRIVE%\logevent.dll /s /md5 >

< %SYSTEMDRIVE%\iaStor.sys /s /md5 >

< %SYSTEMDRIVE%\nvstor.sys /s /md5 >

< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[2004/08/04 07:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >

< %SYSTEMDRIVE%\viasraid.sys /s /md5 >

< %SYSTEMDRIVE%\AGP440.sys /s /md5 >
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >

========== Alternate Data Streams ==========

@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8E3D07DE
< End of report >


OTL Extras logfile created on: 11/14/2009 5:07:23 AM - Run 1
OTL by OldTimer - Version 3.1.5.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.48 Mb Total Physical Memory | 324.78 Mb Available Physical Memory | 31.76% Memory free
2.40 Gb Paging File | 1.72 Gb Available in Paging File | 71.49% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 34.01 Gb Free Space | 45.63% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: USER-CB34E5069C
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.hta [@ = htafile] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Outlook\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Outlook\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [ACDBrowse] -- "C:\PROGRA~1\ACDSYS~1\ACDSee\ACDSee.exe" "%1" (ACD Systems, Ltd.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service
"9420:TCP" = 9420:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface
"1736:TCP" = 1736:TCP:*:Enabled:Akamai NetSession Interface
"1614:TCP" = 1614:TCP:*:Enabled:Akamai NetSession Interface
"1154:TCP" = 1154:TCP:*:Enabled:Akamai NetSession Interface
"1621:TCP" = 1621:TCP:*:Enabled:Akamai NetSession Interface
"2876:TCP" = 2876:TCP:*:Enabled:Akamai NetSession Interface
"1579:TCP" = 1579:TCP:*:Enabled:Akamai NetSession Interface
"1687:TCP" = 1687:TCP:*:Enabled:Akamai NetSession Interface
"1098:TCP" = 1098:TCP:*:Enabled:Akamai NetSession Interface
"1987:TCP" = 1987:TCP:*:Enabled:Akamai NetSession Interface
"1720:TCP" = 1720:TCP:*:Enabled:Akamai NetSession Interface
"1740:TCP" = 1740:TCP:*:Enabled:Akamai NetSession Interface
"2554:TCP" = 2554:TCP:*:Enabled:Akamai NetSession Interface
"2691:TCP" = 2691:TCP:*:Enabled:Akamai NetSession Interface
"3746:TCP" = 3746:TCP:*:Enabled:Akamai NetSession Interface
"3998:TCP" = 3998:TCP:*:Enabled:Akamai NetSession Interface
"2432:TCP" = 2432:TCP:*:Enabled:Akamai NetSession Interface
"3477:TCP" = 3477:TCP:*:Enabled:Akamai NetSession Interface
"1756:TCP" = 1756:TCP:*:Enabled:Akamai NetSession Interface
"3964:TCP" = 3964:TCP:*:Enabled:Akamai NetSession Interface
"2158:TCP" = 2158:TCP:*:Enabled:Akamai NetSession Interface
"2319:TCP" = 2319:TCP:*:Enabled:Akamai NetSession Interface
"1722:TCP" = 1722:TCP:*:Enabled:Akamai NetSession Interface
"2791:TCP" = 2791:TCP:*:Enabled:Akamai NetSession Interface
"1120:TCP" = 1120:TCP:*:Enabled:Akamai NetSession Interface
"4443:TCP" = 4443:TCP:*:Enabled:Akamai NetSession Interface
"4392:TCP" = 4392:TCP:*:Enabled:Akamai NetSession Interface
"1708:TCP" = 1708:TCP:*:Enabled:Akamai NetSession Interface
"1187:TCP" = 1187:TCP:*:Enabled:Akamai NetSession Interface
"1177:TCP" = 1177:TCP:*:Enabled:Akamai NetSession Interface
"1186:TCP" = 1186:TCP:*:Enabled:Akamai NetSession Interface
"1415:TCP" = 1415:TCP:*:Enabled:Akamai NetSession Interface
"3010:TCP" = 3010:TCP:*:Enabled:Akamai NetSession Interface
"3394:TCP" = 3394:TCP:*:Enabled:Akamai NetSession Interface
"4589:TCP" = 4589:TCP:*:Enabled:Akamai NetSession Interface
"1410:TCP" = 1410:TCP:*:Enabled:Akamai NetSession Interface
"2328:TCP" = 2328:TCP:*:Enabled:Akamai NetSession Interface
"2787:TCP" = 2787:TCP:*:Enabled:Akamai NetSession Interface
"1916:TCP" = 1916:TCP:*:Enabled:Akamai NetSession Interface
"2100:TCP" = 2100:TCP:*:Enabled:Akamai NetSession Interface
"2370:TCP" = 2370:TCP:*:Enabled:Akamai NetSession Interface
"3101:TCP" = 3101:TCP:*:Enabled:Akamai NetSession Interface
"1456:TCP" = 1456:TCP:*:Enabled:Akamai NetSession Interface
"2082:TCP" = 2082:TCP:*:Enabled:Akamai NetSession Interface
"1563:TCP" = 1563:TCP:*:Enabled:Akamai NetSession Interface
"2620:TCP" = 2620:TCP:*:Enabled:Akamai NetSession Interface
"1334:TCP" = 1334:TCP:*:Enabled:Akamai NetSession Interface
"2108:TCP" = 2108:TCP:*:Enabled:Akamai NetSession Interface
"2577:TCP" = 2577:TCP:*:Enabled:Akamai NetSession Interface
"2889:TCP" = 2889:TCP:*:Enabled:Akamai NetSession Interface
"1185:TCP" = 1185:TCP:*:Enabled:Akamai NetSession Interface
"1753:TCP" = 1753:TCP:*:Enabled:Akamai NetSession Interface
"3119:TCP" = 3119:TCP:*:Enabled:Akamai NetSession Interface
"4192:TCP" = 4192:TCP:*:Enabled:Akamai NetSession Interface
"3657:TCP" = 3657:TCP:*:Enabled:Akamai NetSession Interface
"3692:TCP" = 3692:TCP:*:Enabled:Akamai NetSession Interface
"4190:TCP" = 4190:TCP:*:Enabled:Akamai NetSession Interface
"2118:TCP" = 2118:TCP:*:Enabled:Akamai NetSession Interface
"2642:TCP" = 2642:TCP:*:Enabled:Akamai NetSession Interface
"1111:TCP" = 1111:TCP:*:Enabled:Akamai NetSession Interface
"1885:TCP" = 1885:TCP:*:Enabled:Akamai NetSession Interface
"3066:TCP" = 3066:TCP:*:Enabled:Akamai NetSession Interface
"3198:TCP" = 3198:TCP:*:Enabled:Akamai NetSession Interface
"3525:TCP" = 3525:TCP:*:Enabled:Akamai NetSession Interface
"2234:TCP" = 2234:TCP:*:Enabled:Akamai NetSession Interface
"3011:TCP" = 3011:TCP:*:Enabled:Akamai NetSession Interface
"4250:TCP" = 4250:TCP:*:Enabled:Akamai NetSession Interface
"4462:TCP" = 4462:TCP:*:Enabled:Akamai NetSession Interface
"4908:TCP" = 4908:TCP:*:Enabled:Akamai NetSession Interface
"1902:TCP" = 1902:TCP:*:Enabled:Akamai NetSession Interface
"2535:TCP" = 2535:TCP:*:Enabled:Akamai NetSession Interface
"1620:TCP" = 1620:TCP:*:Enabled:Akamai NetSession Interface
"2559:TCP" = 2559:TCP:*:Enabled:Akamai NetSession Interface
"3791:TCP" = 3791:TCP:*:Enabled:Akamai NetSession Interface
"4085:TCP" = 4085:TCP:*:Enabled:Akamai NetSession Interface
"4552:TCP" = 4552:TCP:*:Enabled:Akamai NetSession Interface
"1929:TCP" = 1929:TCP:*:Enabled:Akamai NetSession Interface
"3515:TCP" = 3515:TCP:*:Enabled:Akamai NetSession Interface
"3531:TCP" = 3531:TCP:*:Enabled:Akamai NetSession Interface
"1867:TCP" = 1867:TCP:*:Enabled:Akamai NetSession Interface
"3894:TCP" = 3894:TCP:*:Enabled:Akamai NetSession Interface
"1705:TCP" = 1705:TCP:*:Enabled:Akamai NetSession Interface
"1148:TCP" = 1148:TCP:*:Enabled:Akamai NetSession Interface
"1540:TCP" = 1540:TCP:*:Enabled:Akamai NetSession Interface
"1654:TCP" = 1654:TCP:*:Enabled:Akamai NetSession Interface
"1960:TCP" = 1960:TCP:*:Enabled:Akamai NetSession Interface
"1961:TCP" = 1961:TCP:*:Enabled:Akamai NetSession Interface
"1586:TCP" = 1586:TCP:*:Enabled:Akamai NetSession Interface
"2484:TCP" = 2484:TCP:*:Enabled:Akamai NetSession Interface
"2915:TCP" = 2915:TCP:*:Enabled:Akamai NetSession Interface
"3218:TCP" = 3218:TCP:*:Enabled:Akamai NetSession Interface
"1426:TCP" = 1426:TCP:*:Enabled:Akamai NetSession Interface
"1491:TCP" = 1491:TCP:*:Enabled:Akamai NetSession Interface
"2550:TCP" = 2550:TCP:*:Enabled:Akamai NetSession Interface
"2611:TCP" = 2611:TCP:*:Enabled:Akamai NetSession Interface
"2428:TCP" = 2428:TCP:*:Enabled:Akamai NetSession Interface
"2774:TCP" = 2774:TCP:*:Enabled:Akamai NetSession Interface
"3452:TCP" = 3452:TCP:*:Enabled:Akamai NetSession Interface
"1129:TCP" = 1129:TCP:*:Enabled:Akamai NetSession Interface
"2597:TCP" = 2597:TCP:*:Enabled:Akamai NetSession Interface
"2738:TCP" = 2738:TCP:*:Enabled:Akamai NetSession Interface
"2977:TCP" = 2977:TCP:*:Enabled:Akamai NetSession Interface
"3688:TCP" = 3688:TCP:*:Enabled:Akamai NetSession Interface
"4782:TCP" = 4782:TCP:*:Enabled:Akamai NetSession Interface
"1058:TCP" = 1058:TCP:*:Enabled:Akamai NetSession Interface
"1675:TCP" = 1675:TCP:*:Enabled:Akamai NetSession Interface
"1957:TCP" = 1957:TCP:*:Enabled:Akamai NetSession Interface
"1731:TCP" = 1731:TCP:*:Enabled:Akamai NetSession Interface
"3038:TCP" = 3038:TCP:*:Enabled:Akamai NetSession Interface
"1233:TCP" = 1233:TCP:*:Enabled:Akamai NetSession Interface
"1210:TCP" = 1210:TCP:*:Enabled:Akamai NetSession Interface
"1075:TCP" = 1075:TCP:*:Enabled:Akamai NetSession Interface
"1277:TCP" = 1277:TCP:*:Enabled:Akamai NetSession Interface
"1076:TCP" = 1076:TCP:*:Enabled:Akamai NetSession Interface
"1100:TCP" = 1100:TCP:*:Enabled:Akamai NetSession Interface
"1074:TCP" = 1074:TCP:*:Enabled:Akamai NetSession Interface
"4607:TCP" = 4607:TCP:*:Enabled:Akamai NetSession Interface
"1087:TCP" = 1087:TCP:*:Enabled:Akamai NetSession Interface
"2280:TCP" = 2280:TCP:*:Enabled:Akamai NetSession Interface
"1080:TCP" = 1080:TCP:*:Enabled:Akamai NetSession Interface
"3074:TCP" = 3074:TCP:*:Enabled:Akamai NetSession Interface
"3128:TCP" = 3128:TCP:*:Enabled:Akamai NetSession Interface
"4001:TCP" = 4001:TCP:*:Enabled:Akamai NetSession Interface
"4515:TCP" = 4515:TCP:*:Enabled:Akamai NetSession Interface
"1082:TCP" = 1082:TCP:*:Enabled:Akamai NetSession Interface
"3487:TCP" = 3487:TCP:*:Enabled:Akamai NetSession Interface
"4765:TCP" = 4765:TCP:*:Enabled:Akamai NetSession Interface
"4994:TCP" = 4994:TCP:*:Enabled:Akamai NetSession Interface
"1056:TCP" = 1056:TCP:*:Enabled:Akamai NetSession Interface
"1253:TCP" = 1253:TCP:*:Enabled:Akamai NetSession Interface
"1079:TCP" = 1079:TCP:*:Enabled:Akamai NetSession Interface
"1744:TCP" = 1744:TCP:*:Enabled:Akamai NetSession Interface
"1049:TCP" = 1049:TCP:*:Enabled:Akamai NetSession Interface
"2489:TCP" = 2489:TCP:*:Enabled:Akamai NetSession Interface
"1099:TCP" = 1099:TCP:*:Enabled:Akamai NetSession Interface
"1729:TCP" = 1729:TCP:*:Enabled:Akamai NetSession Interface
"2199:TCP" = 2199:TCP:*:Enabled:Akamai NetSession Interface
"2447:TCP" = 2447:TCP:*:Enabled:Akamai NetSession Interface
"1081:TCP" = 1081:TCP:*:Enabled:Akamai NetSession Interface
"1446:TCP" = 1446:TCP:*:Enabled:Akamai NetSession Interface
"1767:TCP" = 1767:TCP:*:Enabled:Akamai NetSession Interface
"2084:TCP" = 2084:TCP:*:Enabled:Akamai NetSession Interface
"2398:TCP" = 2398:TCP:*:Enabled:Akamai NetSession Interface
"2890:TCP" = 2890:TCP:*:Enabled:Akamai NetSession Interface
"1073:TCP" = 1073:TCP:*:Enabled:Akamai NetSession Interface
"2434:TCP" = 2434:TCP:*:Enabled:Akamai NetSession Interface
"4134:TCP" = 4134:TCP:*:Enabled:Akamai NetSession Interface
"1091:TCP" = 1091:TCP:*:Enabled:Akamai NetSession Interface
"2848:TCP" = 2848:TCP:*:Enabled:Akamai NetSession Interface
"1397:TCP" = 1397:TCP:*:Enabled:Akamai NetSession Interface
"2372:TCP" = 2372:TCP:*:Enabled:Akamai NetSession Interface
"2687:TCP" = 2687:TCP:*:Enabled:Akamai NetSession Interface
"1372:TCP" = 1372:TCP:*:Enabled:Akamai NetSession Interface
"1441:TCP" = 1441:TCP:*:Enabled:Akamai NetSession Interface
"1103:TCP" = 1103:TCP:*:Enabled:Akamai NetSession Interface
"1693:TCP" = 1693:TCP:*:Enabled:Akamai NetSession Interface
"1105:TCP" = 1105:TCP:*:Enabled:Akamai NetSession Interface
"4815:TCP" = 4815:TCP:*:Enabled:Akamai NetSession Interface
"3076:TCP" = 3076:TCP:*:Enabled:Akamai NetSession Interface
"1114:TCP" = 1114:TCP:*:Enabled:Akamai NetSession Interface
"3811:TCP" = 3811:TCP:*:Enabled:Akamai NetSession Interface
"2383:TCP" = 2383:TCP:*:Enabled:Akamai NetSession Interface
"4036:TCP" = 4036:TCP:*:Enabled:Akamai NetSession Interface
"1065:TCP" = 1065:TCP:*:Enabled:Akamai NetSession Interface
"4406:TCP" = 4406:TCP:*:Enabled:Akamai NetSession Interface
"2868:TCP" = 2868:TCP:*:Enabled:Akamai NetSession Interface
"3025:TCP" = 3025:TCP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:*:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:*:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- ()
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- ()
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe:*:Enabled:QuickBooks 2006 Data Manager -- (Intuit, Inc.)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- (Microsoft Corporation)
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater -- ()
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- File not found
"C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe" = C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service -- (Pure Networks, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{01B93B3A-283F-411B-A648-69CABCACC986}" = Canon MF Drivers
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{132CA5D9-C745-4B0B-A3B2-8C7A6EC3EE7E}" = Canon MF Toolbox 4.7.0.0.mf04
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{154508C0-07C5-4659-A7A0-E49968750D21}" = HLPPDOCK
"{1B1B3FC3-5D41-42B6-85B1-27223246E438}" = RPS Zip
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{212F5777-1190-4DEF-8E4D-6B2F313B45E7}" = PerfectDisk
"{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}" = Windows Live Sign-in Assistant
"{22EC35BD-F8F2-45EB-8DCB-1C7FB65D0A71}" = QuickTax 2007
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2F1074A4-B6D4-4C4D-A728-C1EADDB188D9}" = RPS Security Cleanup
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator
"{316CDA1E-4760-4772-94B0-0FFC56D85700}" = RPS CRT
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37E31FCE-A048-4D8C-B167-31891BCF6585}" = muvee autoProducer 3.5 - SE
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3AB59D99-F209-4705-96A0-304C53D88958}" = RPS RpsCore
"{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK
"{3EBD3749-304E-4A4C-9575-C00E5F015217}" = Apple Mobile Device Support
"{426B3380-B8F7-4A69-9838-B1A8237F0B00}" = RPS Burn
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant
"{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2
"{47FBF7F9-FBD3-43EF-823B-7684D56C1962}" = Tabbed Browsing (Windows Live Toolbar)
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{54C8FE84-89C4-40E8-976C-439EB0729BD6}" = CardRd81
"{578B6EF9-119B-4FB8-8377-7DAFA9588B97}" = Network Magic
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6709A989-F0AC-43E5-9DE8-4100A85715BD}" = RPS Ad Blocker
"{68F129E0-EF23-4CCE-A03F-B2C1A6DC9013}" = Rogers Online Protection
"{69B02159-7622-4DBB-B9EE-F933039830AD}" = QuickBooks Pro 2006
"{6B350CA4-0031-0002-3131-34999AD85AEC}" = InterVideo WinDVD Creator
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{6F5F989B-D61A-48BF-B860-3EB95600155F}" = RPS Firewall
"{72A28FB5-718C-41EC-8956-7A4FEB850A73}" = Top Producer Outlook Connector 2.0
"{748F4870-8350-11D3-B0BF-080009FB4A19}" = HP Share-to-Web
"{78AD4938-7EE6-4DC0-A5BC-3AF82750A617}" = QuickTax Tracker
"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp
"{8784867F-AA3D-4258-837C-0DC6EBAFDB5E}" = RPS Ksdk
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91490409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Primary Interop Assemblies
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{9242140C-E909-45B4-8315-2A3CC0786FB0}" = PDFill PDF Editor 4.1 with Writer and Tools (Unicode)
"{94570A74-CA05-43A7-9B1E-38142CDDE93B}" = RPS AntiVirus
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{95120000-0038-0409-0000-0000000FF1CE}" = Time Zone Data Update Tool for Microsoft Office Outlook
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{97355297-21C8-40CD-96D3-48E58037A9B8}" = TI1620/1520
"{9743AF47-B746-4324-B4C4-512E67D04370}" = Symantec Technical Support Web Controls
"{97F7C9CE-5C2A-4095-9BC5-3AA6A49F191B}" = RPS Performance Tool
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AA0D2D5F-612B-45D3-8759-DA87206E5CC9}" = QuickTax 2008
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AE68FB75-1887-48E8-95D9-6A2571CBC2EF}" = RPS ParentalControl
"{AEF2D1F3-0696-11D5-8E6A-00C04F7FA234}" = PaperPort 8.0 SE
"{B045B608-4A47-4C77-9EAD-06C394503306}" = iTunes
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B46A290A-AA40-4428-8C80-E4A2E74AEC9D}" = MLX Professional Synchronization Tool
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B6EC7388-E277-4A5B-8C8F-71067A41BA64}" = TextPad 5
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{B8D0BC3E-67DF-48A3-ACC9-EEAA8DBFBF29}" = QuickTax 2005
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3F058C0-A21C-452D-8D99-95B1A45F417D}" = InterVideo DiscLabel
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{C9507D0D-1A9C-486E-91D6-33A71CCA55F2}" = Pure Networks Platform
"{C96AA12B-D119-4093-95B3-8AC44D38BED8}" = RPS Privacy Manager
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.10 B5
"{CFAC9887-F0FA-408D-BACE-8009A16C2E0D}" = RPS AntiSpyware
"{D1973749-F5E7-40EB-B528-F2B78685B9FF}" = essvcpt
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D5520D44-B1D7-4D38-A9FF-23B0137CC71E}" = RPS AntiFraud
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar
"{D71AC256-FA83-45EA-9F14-1B20BB5105C9}" = TIxx21/x515
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DD188FB1-263D-4602-9608-7CABFEA6E25F}" = RPS Backup
"{DE39E9CB-637B-45B4-B7D6-4842F3988871}" = RPS App Detector
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E0828692-FD9D-459F-9312-C645C3CA6650}" = HP Photo and Imaging 2.0 - Deskjet Series
"{E15329B7-99DB-4A2E-A6FC-68699A957264}" = RPS Diagnostic Utility
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{EA52A1AC-D35D-4D25-8686-9466FE2C5CE5}" = Presto! PageManager 7.15.11
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP
"{F88B38F4-1A34-4F7F-B2F7-9CA78F209BB0}" = RPS PopupBlocker
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FAFDA89B-1031-4BDB-8619-DE20CBDEDF32}" = QuickTax 2006
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FCE50DB8-C610-4C42-BE5C-193F46C6F812}" = Windows Live Messenger
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001
"1Click DVD Copy_is1" = 1Click DVD Copy 4.2.9.2
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"ACDSee" = ACDSee
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"AFPL Ghostscript 8.53" = AFPL Ghostscript 8.53
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"BB_is1" = Band-in-a-Box Font Update
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CCleaner" = CCleaner (remove only)
"CleanUp!" = CleanUp!
"CNXT_MODEM_PCI_VEN_1002&DEV_4378&SUBSYS_3085103C" = Data Fax SoftModem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Conexant PCI Audio" = Conexant AC-Link Audio
"Cute CD DVD Burner V6.0" = Cute CD DVD Burner V6.0
"ERUNT_is1" = ERUNT 1.1j
"ExpressRip" = Express Rip
"FinePrint" = FinePrint
"Free DVD Decrypter_is1" = Free DVD Decrypter version 1.3
"HijackThis" = HijackThis 1.99.1
"HP Photo Imaging Software" = HP Photo Imaging Software
"HP Photo Printing Software" = HP Photo Printing Software
"hp print screen utility" = hp print screen utility
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{78AD4938-7EE6-4DC0-A5BC-3AF82750A617}" = QuickTax Tracker
"InstallShield_{97355297-21C8-40CD-96D3-48E58037A9B8}" = PCI 1620 Cardbus Controller and Software
"InstallShield_{D71AC256-FA83-45EA-9F14-1B20BB5105C9}" = Texas Instruments PCIxx21/x515 drivers.
"LimeWire" = LimeWire 5.1.3
"Linksys Bi-Admin" = Linksys Bi-Admin
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Metacafe" = Metacafe
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"MSPUB4" = Microsoft Publisher 97
"Multiple Offers1.0" = OREA Multiple Offers
"Net2Phone_10_0" = Net2Phone/Net2Fax
"Network MagicUninstall" = Network Magic
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Office8.0" = Microsoft Office 97, Professional Edition
"OREA_Courses_Catalog" = OREA Real Estate College Courses Catalog 4.0
"PDFill PDF Writer" = PDFill PDF Writer
"Pixillion" = Pixillion Image Converter
"Print Server Driver" = Print Server Driver
"Prism" = Prism Video Converter
"QVP" = Quick View Plus
"RadialpointClientGateway_is1" = Rogers Servicepoint Agent 2.0.21
"Real Estate Encyclopedia" = Real Estate Encyclopedia
"RealPlayer 6.0" = RealPlayer
"Rogers Yahoo! Applications" = Rogers Yahoo! Applications
"Skype_is1" = Skype 2.5
"SlowBlast!" = SlowBlast!
"Snapshot Viewer" = Snapshot Viewer
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"Switch" = Switch
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Textbook Edition" = Textbook Edition
"ToolBox" = NCH Toolbox
"TOP PRODUCER 7i Data Transfer Wizard" = TOP PRODUCER 7i Data Transfer Wizard
"TOP PRODUCER Data Transfer Wizard" = TOP PRODUCER Data Transfer Wizard
"Top Producer Editor_is1" = Top Producer Editor
"Uninstall_is1" = Uninstall 1.0.0.1
"VSC32" = Virtual Sound Canvas 3.2
"WavePad" = WavePad Sound Editor
"WIC" = Windows Imaging Component
"Windows CE Services" = Microsoft ActiveSync 3.8
"Windows Live Safety scanner" = Windows Live Safety scanner
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"wm8eutil" = Windows Media 8 Encoding Utility
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoneAlarmSB Uninstall" = ZoneAlarm Spy Blocker

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.0.0.320
"Quicken Deluxe 99" = Quicken Deluxe 99

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/14/2009 12:49:28 AM | Computer Name = USER-CB34E5069C | Source = VSC32 | ID = 327806
Description = This format is not supported by VSC WAVE device. [This is illegal
frequency]

Error - 11/14/2009 12:49:28 AM | Computer Name = USER-CB34E5069C | Source = VSC32 | ID = 327806
Description = This format is not supported by VSC WAVE device. [This is illegal
frequency]

Error - 11/14/2009 3:23:50 AM | Computer Name = USER-CB34E5069C | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 11/14/2009 3:24:34 AM | Computer Name = USER-CB34E5069C | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 11/14/2009 3:25:24 AM | Computer Name = USER-CB34E5069C | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 11/14/2009 3:26:09 AM | Computer Name = USER-CB34E5069C | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 11/14/2009 4:24:10 AM | Computer Name = USER-CB34E5069C | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 11/14/2009 4:24:54 AM | Computer Name = USER-CB34E5069C | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 11/14/2009 6:01:38 AM | Computer Name = USER-CB34E5069C | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 11/14/2009 6:02:20 AM | Computer Name = USER-CB34E5069C | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

[ System Events ]
Error - 11/12/2009 7:16:44 AM | Computer Name = USER-CB34E5069C | Source = DCOM | ID = 10010
Description = The server {222F1C6D-F430-4B76-B3F1-1FE92E214AD3} did not register
with DCOM within the required timeout.

Error - 11/13/2009 7:32:41 AM | Computer Name = USER-CB34E5069C | Source = Print | ID = 23
Description = Printer PageManager PDF Writer,0 failed to initialize because a suitable
PageManager PDF Writer driver could not be found.

Error - 11/13/2009 7:33:34 AM | Computer Name = USER-CB34E5069C | Source = Service Control Manager | ID = 7023
Description = The Human Interface Device Access service terminated with the following
error: %%126

Error - 11/13/2009 7:36:32 AM | Computer Name = USER-CB34E5069C | Source = DCOM | ID = 10010
Description = The server {222F1C6D-F430-4B76-B3F1-1FE92E214AD3} did not register
with DCOM within the required timeout.

Error - 11/14/2009 4:52:51 AM | Computer Name = USER-CB34E5069C | Source = Print | ID = 23
Description = Printer PageManager PDF Writer,0 failed to initialize because a suitable
PageManager PDF Writer driver could not be found.

Error - 11/14/2009 4:53:46 AM | Computer Name = USER-CB34E5069C | Source = Service Control Manager | ID = 7023
Description = The Human Interface Device Access service terminated with the following
error: %%126

Error - 11/14/2009 4:57:13 AM | Computer Name = USER-CB34E5069C | Source = DCOM | ID = 10010
Description = The server {222F1C6D-F430-4B76-B3F1-1FE92E214AD3} did not register
with DCOM within the required timeout.

Error - 11/14/2009 5:47:39 AM | Computer Name = USER-CB34E5069C | Source = Print | ID = 23
Description = Printer PageManager PDF Writer,0 failed to initialize because a suitable
PageManager PDF Writer driver could not be found.

Error - 11/14/2009 5:48:43 AM | Computer Name = USER-CB34E5069C | Source = Service Control Manager | ID = 7023
Description = The Human Interface Device Access service terminated with the following
error: %%126

Error - 11/14/2009 5:52:20 AM | Computer Name = USER-CB34E5069C | Source = DCOM | ID = 10010
Description = The server {222F1C6D-F430-4B76-B3F1-1FE92E214AD3} did not register
with DCOM within the required timeout.


< End of report >
  • 0

Advertisements

#2
hammerman
Posted 27 November 2009 - 07:39 AM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hello Home Bass and welcome to GeeksToGo :)
I'm hammerman and I'm going to help you fix your problem.

Sorry for the delay in replying.

Before we begin, here are some guidelines which will help us both in fixing your problem.
  • I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread. You can copy and paste these instructions into Notepad and then save the text file to your Desktop. If you need any help with this or further clarification, please let me know.
  • Please do no attach logs or post them in Quote/Code boxes unless requested.
  • When posting logs, please ensure Word Wrap is turned off in Notepad. Open Notepad, select Format on the menu bar and make sure that Word Wrap is unchecked.
  • Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know.
  • Malware removal is not instantaneous and will take a number of steps to complete. Please continue to carry out the steps requested until I let you know that your computer appears clean.
  • If in doubt about anything, please ask.

Let's have a fresh look at your system. Please follow these steps.

-- Step 1 --

To ensure that I get all the information, this log will need to be attached (instructions at the end).

Download OTS to your Desktop
  • Close ALL OTHER PROGRAMS.
  • Double-click on OTS.exe to start the program.
  • Check the box that says Scan All Users
  • Under Additional Scans check the following:
    • Reg - Disabled MS Config Items
    • Reg - Drivers32
    • Reg - File Associations
    • Reg - NetSvcs
    • Reg - SafeBoot Minimal
    • Reg - SafeBoot Network
    • Reg - Shell Spawning
    • Reg - Uninstall List
    • File - Lop Check
    • File - Purity Scan
    • Evnt - EvtViewer (last 10)
  • Under the Custom Scans box at the bottom left paste the following in

    %SYSTEMDRIVE%\*.exe
    %SYSTEMDRIVE%\eventlog.dll /s /md5
    %SYSTEMDRIVE%\scecli.dll /s /md5
    %SYSTEMDRIVE%\netlogon.dll /s /md5
    %SYSTEMDRIVE%\cngaudit.dll /s /md5
    %SYSTEMDRIVE%\sceclt.dll /s /md5
    %SYSTEMDRIVE%\ntelogon.dll /s /md5
    %SYSTEMDRIVE%\logevent.dll /s /md5
    %SYSTEMDRIVE%\iaStor.sys /s /md5
    %SYSTEMDRIVE%\nvstor.sys /s /md5
    %SYSTEMDRIVE%\atapi.sys /s /md5
    %SYSTEMDRIVE%\IdeChnDr.sys /s /md5
    %SYSTEMDRIVE%\viasraid.sys /s /md5
    %SYSTEMDRIVE%\AGP440.sys /s /md5
    %SYSTEMDRIVE%\vaxscsi.sys /s /md5
    %SYSTEMDRIVE%\nvatabus.sys /s /md5
    %SYSTEMDRIVE%\viamraid.sys /s /md5
    %SYSTEMDRIVE%\nvata.sys /s /md5
    %SYSTEMDRIVE%\nvgts.sys /s /md5
    %SYSTEMDRIVE%\iastorv.sys /s /md5
    %SYSTEMDRIVE%\ViPrt.sys /s /md5
    %SYSTEMDRIVE%\eNetHook.dll /s /md5

  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Please attach the log in your next post.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

-- Step 2 --

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.
  • 0

#3
Home Bass
Posted 28 November 2009 - 04:24 PM

Home Bass

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
Greetings Hammerman,

Thank you for getting back to me. Here are the logs produced by OTS and the GMER Rootkit Scanner.

Attached File  OTS.Txt   269.2KB   73 downloadsAttached File  gmer.txt   5.03KB   105 downloads

I look forward to your next post.

Thanks again!

Home Bass
  • 0

#4
hammerman
Posted 29 November 2009 - 08:03 AM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi,

Please follow these steps.

-- Step 1 --

While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent malware removal tools from fixing certain things.
Please disable TeaTimer for now until you are clean.
  • Open Spybot Search & Destroy.
  • In the Mode menu click "Advanced mode" if not already selected.
  • Choose "Yes" at the Warning prompt.
  • Expand the "Tools" menu.
  • Click "Resident".
  • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  • In the File menu click "Exit" to exit Spybot Search & Destroy.
-- Step 2 --

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Kill All Processes]
[Unregister Dlls]
[Registry - Safe List]
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2
YN -> \{187564bc-cc2f-11db-bece-00904bea1133} ->
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{187564bc-cc2f-11db-bece-00904bea1133}\Shell ->
YN -> \{187564bc-cc2f-11db-bece-00904bea1133}\Shell\\"" -> [AutoRun]
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{187564bc-cc2f-11db-bece-00904bea1133}\Shell\AutoRun ->
YN -> \{187564bc-cc2f-11db-bece-00904bea1133}\Shell\AutoRun\\"" -> [Auto&Play]
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{187564bc-cc2f-11db-bece-00904bea1133}\Shell\AutoRun\command ->
YN -> \{187564bc-cc2f-11db-bece-00904bea1133}\Shell\AutoRun\command\\"" -> E:\LaunchU3.exe [E:\LaunchU3.exe]
[Empty Temp Folders]
[Start Explorer]
[Reboot]


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

I will review the information when it comes back in.

-- Step 3 --

You have traces of Norton on your system. Please use the Norton removal tool here, selecting the correct version, to completely remove Norton from your computer.

-- Step 4 --

Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.
-- Step 5 --

Download avz4.zip from here
  • Unzip it to your desktop to a folder named avz4
  • Double click on AVZ.exe to run it.
  • Run an update by clicking the Auto Update button on the Right of the Log window: Posted Image
  • Click Start to begin the update
Note: If you recieve an error message, chose a different source, then click Start again

  • Start AVZ.
  • Choose from the menu "File" => "Standard scripts " and mark the "Healing/Quarantine and Advanced System Analysis" check box.
    Posted Image
  • Click on the “Execute selected scripts”.
  • Automatic scanning, healing and system check will be executed.
  • A logfile (avz_sysinfo.htm) will be created and saved in the LOG folder in the AVZ directory as virusinfo_syscure.zip.
  • It is necessary to reboot your machine, because AVZ might disturb some program operations (like antiviruses and firewall) during the system scan.
  • All applications will work properly after the system restart.

When restarted

  • Start AVZ.
  • Choose from the menu "File" => "Standard scripts " and mark the “Advanced System Analysis" check box.
    Posted Image
  • Click on the "Execute selected scripts".
  • A system check will be automatically performed, and the created logfile (avz_sysinfo.htm) will be saved in the LOG folder in the AVZ directory as virusinfo_syscheck.zip.

Attach both virusinfo_syscure.zip and virusinfo_syscheck.zip to your next post

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

  • 0

#5
Home Bass
Posted 29 November 2009 - 10:38 PM

Home Bass

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
Hi Hammerman,

I performed all of the Steps in your post. The only part that differed slightly from your instructions was the second part of Step 5. There was no standard script called "Healing/Quarantine and Advanced System Analysis" in AVZ. I selected "Advanced System Analysis with malware removal mode enabled" instead. Everything else was completed and was exactly as per your instructions.

Here are the logs:

Attached File  11292009_163620.txt   4.85KB   59 downloadsAttached File  virusinfo_syscure.zip   151.73KB   69 downloadsAttached File  virusinfo_syscheck.zip   150.36KB   79 downloads

Thanks! I look forward to your next reply.

Home Bass
  • 0

#6
hammerman
Posted 30 November 2009 - 02:44 PM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi,

Please follow these steps.

-- Step 1 --

  • Double click on AVZ.exe
  • Click File > Custom scripts
  • Copy & paste the contents of the following codebox in the box in the program (start with begin and end with end )

    begin
    SearchRootkit(true, true);
    SetAVZGuardStatus(True);
    DelBHO('{1E796980-9CC5-11D1-A83F-00C04FC99D61}');
    RebootWindows(true);
    end.

  • Note: When you run the script, your PC will be restarted
  • Click Run
  • Restart your PC if it doesn't do it automatically.
-- Step 2 --

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :reg
HKEY_CLASSES_ROOT\CLSID\{D80A03B4-92A6-4634-80F9-E183B5203D2B} /s
HKEY_CLASSES_ROOT\CLSID\{2DBF66C2-CF90-4FB1-B693-73A81E76D579} /s
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
  • 0

#7
Home Bass
Posted 30 November 2009 - 09:58 PM

Home Bass

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
Hi Hammerman,

I performed Steps 1 and 2, as per your instructions. My computer hung after Step 1 was completed as AVZ was rebooting it. I had to press and hold the power button until it shut down. I ran Step 1 again and the same thing happened so I went on to Step 2. The log created by SystemLook is here:
Attached File  SystemLook.txt   772bytes   56 downloads

Thanks for all your help so far!

Home Bass
  • 0

#8
hammerman
Posted 30 November 2009 - 11:57 PM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi,

Please follow these steps.

-- Step 1 --

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

-- Step 2 --

Run Malwarebytes' Anti-Malware.
  • Select the Update tab and then click Check for Updates. If an update is found, it will download and install the latest version.
  • Select the Scanner tab, select "Perform full scan", then click Scan
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

-- Step 3 --

Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on View Report and then Save Report
  • Save the file to your desktop as a text file.
  • Copy and paste that information in your next post.

  • 0

#9
Home Bass
Posted 01 December 2009 - 02:00 PM

Home Bass

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
Hi Hammerman,

I followed your instructions and ran TFC, MBAM and the Kaspersky online scan. According to MBAM and Kaspersky (those were some long scans!) it would appear that there are no more problems with malware in my system.

Should I turn SpyBot's TeaTimer back on? Do you have any suggestions for me in terms of optimizing the various security software I'm running (Rogers Online Protection for AntiVirus/Firewall/Spyware (I'm told it has a Kaspersky engine), Windows Defender, LavaSoft AdAware and Spybot for spyware/malware)?

Thanks again for all of your help. I really do appreciate it.

Home Bass

Here are the logs:

Malwarebytes' Anti-Malware 1.41
Database version: 3267
Windows 5.1.2600 Service Pack 3

12/1/2009 8:53:08 AM
mbam-log-2009-12-01 (08-53-08).txt

Scan type: Full Scan (C:\|)
Objects scanned: 201527
Time elapsed: 1 hour(s), 9 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, December 1, 2009
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, December 01, 2009 13:10:51
Records in database: 3318534
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Objects scanned: 87212
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 04:10:07

No threats found. Scanned area is clean.

Selected area has been scanned.
  • 0

#10
hammerman
Posted 02 December 2009 - 01:43 AM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi,

How's your computer running now?
  • 0

#11
Home Bass
Posted 02 December 2009 - 10:37 AM

Home Bass

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
Hi Hammerman,

Thanks for asking! Other than hanging last night when I shut down, the computer seems to be running very well indeed. Thanks for all of your help.

I don't know if you saw the first part of my last post or not. I wanted to know a) whether I could (should) turn Sbybot TeaTimer back on and b) whether I should change anything with respect to the security software I've got running. As you probably know I currently use Rogers Online Protection (I'm told it's based on Kaspersky) for AV/Firewall/Spyware and have Spybot, Windows Defender and AdAware installed for Spyware.Any suggestions.

Once again, thank you very much for all of your help! Instructions were great, easy to follow. Replies were fast. You were absolutely amazing!

Home Bass
  • 0

#12
hammerman
Posted 02 December 2009 - 12:40 PM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi,

The good news is, your computer appears clean :) Go ahead and re-enable Tea Timer.

Let's remove the tools we've been using.

Please follow these steps.

-- Step 1 --
  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

-- Step 2 --

Your backup files in the System Restore points may be infected and need to be cleared. The only way to do this is to turn off System Restore and then turn it back on again. This will delete all your backup files in the System Restore points, including any that are infected. You can then create a new restore point containing your clean files. Please follow these instructions.
  • Right-click on My Computer and select Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore.
  • Click Apply then click Yes to confirm. This will remove all your System Restore points and infected files.
  • Now uncheck the Turn off System Restore, click Apply then OK.
A new Restore Point has now been created containing backup files for your computer that are clean. You can create additional Restore Points at any time. Click here for instructions.

Here are some measures you can take to ensure that your computer remains clean.

1. Updates

Windows Updates

It is essential that you regularly check and install the latest Windows Updates. Vulnerabilities within Windows can leave your computer open to infection. Regular updates are released to fix these security vulnerabilities. It is recommended that you set Windows to check, download and install your updates automatically.

  • Click Start
  • Select Control Panel
  • Click on Automatic (recommended)
  • Set the day and time for the update check. Set this to a time when your computer will normally be on and connected to the internet.
  • Click Apply then OK.
Java Updates

As with Windows, Java also needs to be regularly updated to fix security vulnerabilites. You can download the latest version of the Java Runtime Environment (JRE) from here. Download, install and reboot your computer. You also need to uininstall older versions of Java.

  • Click Start
  • Select Control Panel
  • Select Add or Remove Programs
  • Remove all Java updates except the latest one you have just installed.
Adobe Updates

You should ensure you use the latest Adobe Acrobat Reader and install any security updates that are released. You can download the latest reader and updates from here.

Other Updates

Regularly check for updates for all your security programs including firewall, antivirus, antispyware etc

2. Security Programs

Here is a list of security programs that I would recommend.

Firewall

A firewall is essential to stop hackers infiltrating your computer. The following firewalls are free for personal use. Do not install more than one firewall.

Zone Alarm is an excellent free basic firewall which is very easy to use.
Online-Armor Free is a more advanced firewall which includes a Host Intrusion Protection System (HIPS). This ensures that unrecognised programs will not run unless you give permission.

Antivirus

An antivirus program is essential. The following antivirus programs are free for personal use. Do not use more than one antivirus and always update virus definitions regularly.

AVG
Avira Free
Avast

Anti-Malware

Malwarebytes Anti-Malware MBAM is an excellent anti-malware tool that should be updated and a Quick Scan performed regularly. A Full Scan does not have to be carried out on such a regular basis as the developers aim to detect the vast majority of malware with the Quick Scan. The scanner is free for on-demand scans only.

Ad-Aware, Spybot, SuperAntispyware and A-Squared Free are also very good anti-malware programs that are free for on-demand scans. Spybot has a real-time protection feature called TeaTimer.

Prevention

SpywareBlaster is an excellent free tool for preventing the installation of spyware.
SpywareGuard offers real-time protection so that spyware is detected and blocked before it can do any harm.

Cleaner

ATF Cleaner removes temporary Internet Explorer, Firefox and Windows files.

Browser

Firefox is an alternative browser to Internet Explorer and is more secure.
NoScript is an add-on for Firefox and prevents execution of malicious scripts.
MVPS is a HOSTS file to replace your existing file. This prevents you connecting to a list of well-known ad sites.
  • 0

#13
hammerman
Posted 05 December 2009 - 04:08 AM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP