Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

unidentified infection


  • This topic is locked This topic is locked
11 replies to this topic

#1 peacefulwarrior

peacefulwarrior

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 24 October 2009 - 03:31 PM

I had the windows police pro on my computer and began a cleaning process. I used malwarebytes both on normal boot and in safe mode as well as symantec antivirus for both boot modes. The computer was cleaned several times in this fashion and each new scan pics up more bad files. Have spent many hours trying to find the culprit/s but no luck as this is all above my pay scale.


DDS (Ver_09-10-24.02) - NTFSx86
Run by DAD at 12:38:59.73 on Sat 10/24/2009
Internet Explorer: 7.0.5730.11

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.mytelus.com/new_homepage/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Connection Wizard,ShellNext = hxxp://www.telus.net/success
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\dad\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [AdobeBridge]
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [IAAnotif] c:\program files\intel\intel application accelerator\iaanotif.exe
mRun: [LgWDskTp] c:\program files\wireless desktop\LgWDskTp.exe
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exe
mRun: [Motive SmartBridge] c:\progra~1\teluse~1\smartb~1\MotiveSB.exe
mRun: [TELUS] d:\install\TELUS.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [BearShare] "c:\program files\bearshare\BearShare.exe" /pause
mRun: [Acecad.Wtxpload] c:\windows\acecad\Wtxpload.exe Acecad
mRun: [ZPOINT32] c:\windows\system32\ZPOINT32.exe
mRun: [Easy-PrintToolBox] c:\program files\canon\easy-printtoolbox\BJPSMAIN.EXE /logon
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [Camera Detector] c:\progra~1\acdsys~1\devdet~1\DEVDET~1.EXE -autorun
mRun: [VAIO Update 3] "c:\program files\sony\vaio update 3\VAIOUpdt.exe" /Stationary
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://esupport.sony.com/VaioInfo.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
Notify: AtiExtEvent - Ati2evxx.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Notify: WRNotifier - WRLogonNTF.dll

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-10-24 03:55:43 0 ----a-w- c:\documents and settings\dad\activity.txt'
2009-10-23 15:37:59 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-22 12:52:41 0 ----a-w- c:\windows\system32\cok458en.dat
2009-10-22 12:52:40 0 ----a-w- c:\windows\system32\mmd109en.dat
2009-10-22 12:51:28 8 ----a-w- c:\windows\system32\prt.dat
2009-10-22 12:50:49 1 ----a-w- c:\windows\system32\perfc7683.dat
2009-10-20 00:39:41 0 d-----w- c:\docume~1\dad\applic~1\Malwarebytes
2009-10-20 00:16:56 0 d-----w- c:\program files\Trend Micro
2009-10-19 05:21:18 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-19 05:21:17 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-19 05:21:17 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-19 05:21:17 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-10-18 08:58:30 86 ----a-w- c:\windows\system32\wwp.htm
2009-10-17 19:22:52 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-17 03:41:36 26112 ----a-w- c:\windows\system32\stu2.exe
2009-09-30 03:22:26 244 ---ha-w- C:\sqmnoopt10.sqm
2009-09-30 03:22:26 232 ---ha-w- C:\sqmdata10.sqm

==================== Find3M ====================

2009-09-26 18:39:43 20 ---h--w- c:\docume~1\alluse~1\applic~1\PKP_DLdw.DAT
2009-09-26 15:22:53 20 ---h--w- c:\docume~1\alluse~1\applic~1\PKP_DLdu.DAT
2009-09-19 14:31:37 20 ---h--w- c:\docume~1\alluse~1\applic~1\PKP_DLbz.DAT
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36:27 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:36:24 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36:24 17408 ----a-w- c:\windows\system32\corpol.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-07 02:23:46 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-07 02:23:46 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-05 09:01:48 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 02:52:22 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-04 15:13:08 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20:09 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2008-06-11 10:10:55 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008061120080612\index.dat

============= FINISH: 12:39:29.33 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:46 AM

Posted 01 November 2009 - 11:07 AM

Hello peacefulwarrior

Welcome to BleepingComputer :(
==========================
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
===========
Download This file. Note its name and save it to your root folder, such as C:\.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 peacefulwarrior

peacefulwarrior
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 11 November 2009 - 04:55 PM

HI,
Sorry this took so long I have been away. Here is the file you requested.

OTL logfile created on: 11/11/2009 1:28:30 PM - Run 1
OTL by OldTimer - Version 3.1.5.0 Folder = J:\User Data\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.35 Mb Total Physical Memory | 554.33 Mb Available Physical Memory | 54.17% Memory free
3.90 Gb Paging File | 3.54 Gb Available in Paging File | 90.60% Paging File free
Paging file location(s): C:\pagefile.sys 3072 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 458.76 Gb Total Space | 292.88 Gb Free Space | 63.84% Space Free | Partition Type: NTFS
Drive D: | 3.52 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 291.09 Gb Total Space | 125.85 Gb Free Space | 43.23% Space Free | Partition Type: NTFS

Computer Name: PHOTOMAIN
Current User Name: DAD
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - J:\User Data\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe (Sony Corporation)
PRC - C:\Program Files\TELUS eCare\SmartBridge\MotiveSB.exe (TELUS)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\WINDOWS\ehome\ehrecvr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
PRC - C:\WINDOWS\ehome\ehSched.exe (Microsoft Corporation)
PRC - C:\WINDOWS\ehome\ehmsas.exe (Microsoft Corporation)
PRC - C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)
PRC - C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files\Wireless Desktop\LgWDskTp.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
PRC - C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe (Sony Corporation)
PRC - C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe (Sony Corporation)
PRC - C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
PRC - C:\Program Files\ACD Systems\DevDetect\DevDetect.exe (ACD Systems, Ltd.)
PRC - C:\WINDOWS\system32\zpoint32.exe (ACE CAD Enterprise Co., Ltd.)


========== Modules (SafeList) ==========

MOD - J:\User Data\My Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\mslbui.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wbem\framedyn.dll (Microsoft Corporation)
MOD - C:\Program Files\Wireless Desktop\LgWndHk.dll (Logitech Inc.)
MOD - C:\Program Files\TELUS eCare\SmartBridge\SBHook.dll (Motive, Inc.)
MOD - C:\Program Files\Wireless Desktop\MSVCR71.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Apm_ennrw) -- File not found
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE (Symantec Corporation)
SRV - (FontCache3.0.0.0) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (idsvc) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (helpsvc) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)
SRV - (Symantec RemoteAssist) -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe (Symantec, Inc.)
SRV - (NMIndexingService) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG)
SRV - (NVSvc) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (usnjsvc) -- C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (ehRecvr) -- C:\WINDOWS\ehome\ehrecvr.exe (Microsoft Corporation)
SRV - (ehSched) -- C:\WINDOWS\ehome\ehSched.exe (Microsoft Corporation)
SRV - (McrdSvc) -- C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)
SRV - (UMWdf) -- C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
SRV - (Macromedia Licensing Service) -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe ()
SRV - (SavRoam) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec)
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
SRV - (DefWatch) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
SRV - (ccPwdSvc) -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
SRV - (SNDSrvc) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (SPBBCSvc) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (VzCdbSvc) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VzFw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (Ati HotKey Poller) -- C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
SRV - (WmcCds) -- c:\Program Files\Windows Media Connect\mswmccds.exe (Microsoft Corporation)
SRV - (WmcCdsLs) -- C:\Program Files\Windows Media Connect\mswmcls.exe (Microsoft Corporation)
SRV - (IAANTMon) -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe (Intel Corporation)
SRV - (VAIOMediaPlatform-VideoServer-UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-VideoServer-HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-Mobile-Gateway) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe (Sony Corporation)
SRV - (SonicStageMonitoring) -- C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-VideoServer-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe (Sony Corporation)
SRV - (Sony TVTA Manager) -- C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe (Sony Corporation)
SRV - (Sony TV Tuner Controller) -- C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe (Sony Corporation)
SRV - (Sony TV Tuner Manager) -- C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe (Sony Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MDM) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
SRV - (Wintab32) -- C:\WINDOWS\system32\wintab32.exe ()


========== Driver Services (SafeList) ==========

DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20091106.003\NAVEX15.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20091106.003\NAVENG.SYS (Symantec Corporation)
DRV - (adfs) -- C:\WINDOWS\system32\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (GEARAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (IrBus) -- C:\WINDOWS\system32\drivers\irbus.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (CO_Mon) -- C:\WINDOWS\system32\drivers\CO_Mon.sys ()
DRV - (SYMTDI) -- C:\WINDOWS\system32\drivers\symtdi.sys (Symantec Corporation)
DRV - (SYMREDRV) -- C:\WINDOWS\system32\drivers\symredrv.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (SAVRTPEL) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys (Symantec Corporation)
DRV - (SAVRT) -- C:\Program Files\Symantec AntiVirus\savrt.sys (Symantec Corporation)
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (L8042PR2) -- C:\WINDOWS\system32\drivers\L8042pr2.sys (Logitech, Inc.)
DRV - (LCcfltr) -- C:\WINDOWS\system32\drivers\LCcfltr.sys (Logitech, Inc.)
DRV - (LMouFlt2) -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys (Logitech, Inc.)
DRV - (LHidFlt2) -- C:\WINDOWS\system32\drivers\LHidFlt2.Sys (Logitech, Inc.)
DRV - (LHidUsb) -- C:\WINDOWS\system32\drivers\LHidUsb.sys (Logitech, Inc.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (smrt) -- C:\WINDOWS\system32\drivers\smrt.sys (Sony Corporation)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (iaStor) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation)
DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\HdAudio.sys (Windows ® Server 2003 DDK provider)
DRV - (mdmxsdk) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys (Conexant)
DRV - (E1000) -- C:\WINDOWS\system32\drivers\e1000325.sys (Intel Corporation)
DRV - (W2acehid) -- C:\WINDOWS\system32\drivers\w2acehid.sys (LCS/Telegraphics)
DRV - (Wtcls2k) -- C:\WINDOWS\system32\drivers\wtcls2k.sys (LCS/Telegraphics)
DRV - (DMICall) -- C:\WINDOWS\system32\drivers\DMICall.sys (Sony Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.com/results.aspx?q={sea...ferrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mytelus.com/new_homepage/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn.com/{SUB_RFC1766}/src...autosearch.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"

FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/04 02:00:29 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008/12/05 08:39:34 | 00,000,000 | ---D | M]

[2008/09/09 20:18:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DAD\Application Data\Mozilla\Firefox\Profiles\hudxrrto.default\extensions
[2007/09/10 17:55:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DAD\Application Data\Mozilla\Firefox\Profiles\hudxrrto.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/09/09 20:18:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DAD\Application Data\Mozilla\Firefox\Profiles\hudxrrto.default\extensions\staged-xpis

O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Acecad.Wtxpload] C:\WINDOWS\Acecad\Wtxpload.exe (LCS/Telegraphics)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [BearShare] C:\Program Files\BearShare\BearShare.exe File not found
O4 - HKLM..\Run: [Camera Detector] C:\Program Files\ACD Systems\DevDetect\DevDetect.exe (ACD Systems, Ltd.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HDAudPropShortcut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LgWDskTp] C:\Program Files\Wireless Desktop\LgWDskTp.exe (Logitech Inc.)
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\Logi_MwX.Exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Motive SmartBridge] C:\Program Files\TELUS eCare\SmartBridge\MotiveSB.exe (TELUS)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TELUS] D:\Install\TELUS.exe File not found
O4 - HKLM..\Run: [VAIO Recovery] C:\WINDOWS\SONYSYS\VAIO Recovery\PartSeal.exe (Sony Electronics Inc)
O4 - HKLM..\Run: [VAIO Update 3] C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe (Sony Corporation)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [ZPOINT32] C:\WINDOWS\system32\zpoint32.exe (ACE CAD Enterprise Co., Ltd.)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\DAD\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - Startup: C:\Documents and Settings\DAD\Start Menu\Programs\Startup\Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_15.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} http://esupport.sony.com/VaioInfo.CAB (VaioInfo.CMClass)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.safety.live.com/resource/d...lscbase8460.cab (Windows Live Safety Center Base Module)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.154.133.100 75.154.133.68
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNTF.dll - File not found
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/11/24 10:50:45 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (SsiEfr.e) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/06 21:39:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DAD\Library
[2009/11/06 21:39:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DAD\Application Data\com.adobe.ExMan
[2009/10/24 11:45:13 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\DAD\Desktop\RootRepeal.exe
[2009/10/19 16:39:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DAD\Application Data\Malwarebytes
[2009/10/19 16:16:56 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/10/18 21:21:18 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/18 21:21:17 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/18 21:21:17 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/18 21:21:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/10/17 11:22:52 | 00,195,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2009/10/16 19:41:36 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stu2.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/11 12:53:00 | 00,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2009/11/11 12:37:00 | 00,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3775707215-2699522036-546543875-1005UA.job
[2009/11/11 12:34:00 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2009/11/11 12:34:00 | 00,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
[2009/11/11 12:33:43 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2009/11/11 12:33:43 | 00,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
[2009/11/11 12:33:41 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2009/11/11 12:33:41 | 00,000,232 | -H-- | M] () -- C:\sqmdata14.sqm
[2009/11/11 12:33:02 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2009/11/11 12:33:02 | 00,000,232 | -H-- | M] () -- C:\sqmdata13.sqm
[2009/11/11 12:32:48 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2009/11/11 12:32:48 | 00,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
[2009/11/11 12:32:11 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2009/11/11 12:32:11 | 00,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
[2009/11/10 19:37:00 | 00,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3775707215-2699522036-546543875-1005Core.job
[2009/11/08 20:15:21 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/08 20:14:45 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/08 20:14:41 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/08 20:14:34 | 10,731,31520 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/07 11:29:29 | 09,437,184 | -H-- | M] () -- C:\Documents and Settings\DAD\NTUSER.DAT
[2009/11/07 11:29:17 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\DAD\ntuser.ini
[2009/11/07 08:17:41 | 00,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Player.lnk
[2009/11/07 08:17:34 | 00,000,831 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Converter.lnk
[2009/11/07 08:16:44 | 00,001,599 | ---- | M] () -- C:\Documents and Settings\DAD\Desktop\DivX Movies.lnk
[2009/11/06 22:30:26 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/11/06 14:36:41 | 00,002,461 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ACDSee for PENTAX.lnk
[2009/11/05 13:51:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/11/05 03:21:54 | 00,525,770 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/05 03:21:54 | 00,444,028 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/05 03:21:54 | 00,071,904 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/04 16:06:57 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/11/02 15:18:10 | 00,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2009/10/28 04:53:23 | 01,581,932 | -H-- | M] () -- C:\Documents and Settings\DAD\Local Settings\Application Data\IconCache.db
[2009/10/26 19:00:42 | 00,000,765 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/10/26 19:00:42 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/10/26 19:00:42 | 00,000,210 | -HS- | M] () -- C:\boot.ini
[2009/10/24 11:46:46 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\DAD\Desktop\settings.dat
[2009/10/24 11:44:41 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\DAD\Desktop\RootRepeal.exe
[2009/10/24 11:38:04 | 00,086,528 | ---- | M] () -- C:\Documents and Settings\DAD\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/24 11:37:01 | 00,523,264 | ---- | M] () -- C:\Documents and Settings\DAD\Desktop\dds.scr
[2009/10/23 09:40:30 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/10/22 04:52:41 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\cok458en.dat
[2009/10/22 04:52:40 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\mmd109en.dat
[2009/10/22 04:51:29 | 00,000,008 | ---- | M] () -- C:\WINDOWS\System32\prt.dat
[2009/10/22 04:50:49 | 00,000,001 | ---- | M] () -- C:\WINDOWS\System32\perfc7683.dat
[2009/10/20 20:08:54 | 03,598,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2009/10/20 20:08:54 | 03,598,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2009/10/19 21:24:41 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\DAD\Desktop\HijackThis.lnk
[2009/10/18 21:21:21 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/18 00:58:30 | 00,000,086 | ---- | M] () -- C:\WINDOWS\System32\wwp.htm
[2009/10/16 02:06:31 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/10/13 15:32:18 | 00,002,268 | ---- | M] () -- C:\Documents and Settings\DAD\Desktop\Google Chrome.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/11 12:34:00 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt16.sqm
[2009/11/11 12:34:00 | 00,000,232 | -H-- | C] () -- C:\sqmdata16.sqm
[2009/11/11 12:33:43 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt15.sqm
[2009/11/11 12:33:43 | 00,000,232 | -H-- | C] () -- C:\sqmdata15.sqm
[2009/11/11 12:33:41 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt14.sqm
[2009/11/11 12:33:41 | 00,000,232 | -H-- | C] () -- C:\sqmdata14.sqm
[2009/11/11 12:33:02 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt13.sqm
[2009/11/11 12:33:02 | 00,000,232 | -H-- | C] () -- C:\sqmdata13.sqm
[2009/11/11 12:32:48 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt12.sqm
[2009/11/11 12:32:48 | 00,000,232 | -H-- | C] () -- C:\sqmdata12.sqm
[2009/11/11 12:32:11 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt11.sqm
[2009/11/11 12:32:11 | 00,000,232 | -H-- | C] () -- C:\sqmdata11.sqm
[2009/10/26 18:59:51 | 10,731,31520 | -HS- | C] () -- C:\hiberfil.sys
[2009/10/24 11:46:46 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\DAD\Desktop\settings.dat
[2009/10/24 11:38:36 | 00,523,264 | ---- | C] () -- C:\Documents and Settings\DAD\Desktop\dds.scr
[2009/10/23 07:37:59 | 00,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/10/22 04:52:41 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\cok458en.dat
[2009/10/22 04:52:40 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\mmd109en.dat
[2009/10/22 04:51:28 | 00,000,008 | ---- | C] () -- C:\WINDOWS\System32\prt.dat
[2009/10/22 04:50:49 | 00,000,001 | ---- | C] () -- C:\WINDOWS\System32\perfc7683.dat
[2009/10/19 21:24:41 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\DAD\Desktop\HijackThis.lnk
[2009/10/18 21:21:21 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/18 00:58:30 | 00,000,086 | ---- | C] () -- C:\WINDOWS\System32\wwp.htm
[2009/05/02 07:36:12 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/09/11 19:41:25 | 00,000,265 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/01/22 10:35:18 | 00,000,600 | ---- | C] () -- C:\WINDOWS\Rtcw.INI
[2008/01/04 14:14:59 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI
[2007/12/24 16:57:38 | 00,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Plants
[2007/12/24 16:41:08 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Folder Actions Handlers
[2007/12/24 16:04:46 | 00,000,268 | RH-- | C] () -- C:\Documents and Settings\DAD\Application Data\Pianos and Keyboards
[2007/12/24 15:55:22 | 00,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLbz.DAT
[2007/12/23 21:33:53 | 00,000,110 | ---- | C] () -- C:\WINDOWS\ViewNX.INI
[2007/12/23 21:21:59 | 00,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Graphics
[2007/12/23 21:21:59 | 00,000,268 | RH-- | C] () -- C:\Documents and Settings\DAD\Application Data\Gems
[2007/12/23 21:21:59 | 00,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2007/12/23 21:18:01 | 00,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Grand Piano
[2007/12/23 21:18:01 | 00,000,268 | RH-- | C] () -- C:\Documents and Settings\DAD\Application Data\Galactic Static
[2007/12/23 21:18:01 | 00,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2007/03/17 10:09:26 | 00,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/12/28 09:38:55 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\drivers\CO_Mon.sys
[2006/06/29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/05/12 11:25:13 | 00,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2006/05/12 11:25:13 | 00,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2006/04/18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2005/12/22 23:43:16 | 00,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2005/10/28 19:01:12 | 00,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2005/10/28 19:01:12 | 00,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2005/10/22 20:55:58 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2005/10/22 20:39:55 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS6d.DLL
[2005/09/17 12:45:35 | 00,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2005/09/06 16:46:56 | 00,700,416 | ---- | C] () -- C:\WINDOWS\System32\Pano12.dll
[2005/09/03 13:52:26 | 00,000,264 | ---- | C] () -- C:\WINDOWS\System32\winsusrm.dll
[2005/08/31 10:43:32 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\resourceGeneric.dll
[2005/08/05 14:01:54 | 00,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/07/19 19:03:32 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\wintab32.dll
[2005/07/19 19:03:32 | 00,001,770 | ---- | C] () -- C:\WINDOWS\WINTAB.INI
[2005/07/16 18:28:08 | 00,000,000 | ---- | C] () -- C:\WINDOWS\pcf.INI
[2005/07/11 12:20:04 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PCFriend.INI
[2005/07/08 11:00:47 | 00,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2005/07/07 15:38:11 | 00,086,528 | ---- | C] () -- C:\Documents and Settings\DAD\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/07/07 15:34:32 | 00,000,126 | ---- | C] () -- C:\Documents and Settings\DAD\Local Settings\Application Data\fusioncache.dat
[2005/07/05 11:49:57 | 00,070,840 | ---- | C] () -- C:\Documents and Settings\DAD\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2005/07/05 09:09:29 | 00,000,067 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/07/05 00:40:27 | 00,020,992 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2005/07/04 19:31:59 | 01,581,932 | -H-- | C] () -- C:\Documents and Settings\DAD\Local Settings\Application Data\IconCache.db
[2005/07/04 19:31:59 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\DAD\Application Data\desktop.ini
[2005/05/16 10:47:00 | 00,540,672 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/05/16 10:47:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/03/01 20:41:38 | 00,002,154 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini
[2005/03/01 20:36:23 | 00,000,180 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2005/03/01 20:35:20 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/03/01 20:35:20 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/03/01 20:35:20 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/03/01 20:35:20 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/03/01 20:35:20 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/03/01 20:35:20 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/03/01 20:34:03 | 00,000,478 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/03/01 20:29:23 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2004/11/24 10:56:23 | 00,000,910 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/11/24 09:38:32 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2004/11/24 09:38:32 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2004/11/24 09:38:31 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2004/11/24 09:38:30 | 01,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2004/11/24 09:38:18 | 00,131,072 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2004/11/24 09:38:00 | 00,000,790 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/11/24 09:37:17 | 00,000,765 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/11/24 09:37:15 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/11/24 02:44:14 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2004/11/23 19:53:19 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/11/23 19:15:01 | 00,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2004/10/22 16:10:08 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/01/07 14:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/06/12 13:21:12 | 00,049,152 | R--- | C] () -- C:\WINDOWS\System32\winchip.dll
[2002/03/21 14:39:02 | 00,073,728 | R--- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2002/03/21 12:51:52 | 00,503,808 | R--- | C] () -- C:\WINDOWS\System32\lt_xtrans.dll
[2002/03/21 12:51:52 | 00,286,720 | R--- | C] () -- C:\WINDOWS\System32\MrSIDD.dll
[2002/03/21 12:51:52 | 00,163,840 | R--- | C] () -- C:\WINDOWS\System32\lt_common.dll
[2002/03/21 12:51:52 | 00,126,976 | R--- | C] () -- C:\WINDOWS\System32\lt_trans.dll
[2002/03/21 12:51:52 | 00,069,632 | R--- | C] () -- C:\WINDOWS\System32\lt_meta.dll
[2002/03/21 12:51:52 | 00,053,248 | R--- | C] () -- C:\WINDOWS\System32\lt_encrypt.dll
[2002/03/21 12:51:52 | 00,020,480 | R--- | C] () -- C:\WINDOWS\System32\lt_messagetext.dll
[2001/10/24 16:00:40 | 00,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[1999/07/23 13:46:48 | 00,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 10:53:20 | 00,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll
[1998/10/11 00:07:38 | 00,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll

========== LOP Check ==========

[2005/07/05 09:19:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2005/09/17 11:27:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2007/12/24 16:57:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dance
[2007/12/24 15:55:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2007/12/23 21:18:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Images
[2007/12/23 21:21:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Keychains
[2007/12/23 21:20:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2008/01/24 22:30:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
[2007/12/24 15:55:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2006/11/20 16:56:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
[2005/07/07 19:29:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zero Knowledge
[2008/09/10 22:36:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/09/26 10:42:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DAD\Application Data\ACD Systems
[2007/12/27 15:26:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DAD\Application Data\Canon
[2009/11/06 21:39:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DAD\Application Data\com.adobe.ExMan
[2005/07/04 19:32:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DAD\Application Data\InterMute
[2005/07/04 19:54:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DAD\Application Data\InterVideo
[2005/07/08 20:25:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DAD\Application Data\Leadertech
[2008/06/08 16:00:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DAD\Application Data\Nikon
[2008/01/24 22:29:54 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\DAD\Application Data\SecuROM
[2009/11/11 12:53:00 | 00,000,256 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
[2004/08/10 04:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/11/08 20:14:45 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========


< End of report >



OTL Extras logfile created on: 11/11/2009 1:28:30 PM - Run 1
OTL by OldTimer - Version 3.1.5.0 Folder = J:\User Data\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.35 Mb Total Physical Memory | 554.33 Mb Available Physical Memory | 54.17% Memory free
3.90 Gb Paging File | 3.54 Gb Available in Paging File | 90.60% Paging File free
Paging file location(s): C:\pagefile.sys 3072 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 458.76 Gb Total Space | 292.88 Gb Free Space | 63.84% Space Free | Partition Type: NTFS
Drive D: | 3.52 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 291.09 Gb Total Space | 125.85 Gb Free Space | 43.23% Space Free | Partition Type: NTFS

Computer Name: PHOTOMAIN
Current User Name: DAD
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Documents and Settings\DAD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [ACDBrowse] -- "C:\Program Files\ACD Systems\ACDSee\5.0\ACDSee5.exe" "%1" (ACD Systems, Ltd.)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"12919:TCP" = 12919:TCP:*:Enabled:port
"27160:TCP" = 27160:TCP:*:Enabled:port

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:TrueVector Service -- File not found
"C:\Program Files\Valve\Steam\Steam.exe" = C:\Program Files\Valve\Steam\Steam.exe:*:Disabled:Steam -- File not found
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" = C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Games\Halo\halo.exe" = C:\Program Files\Microsoft Games\Halo\halo.exe:*:Disabled:Halo -- (Microsoft Corporation)
"C:\Program Files\UBISOFT\Tom Clancy's Splinter Cell Double Agent\SCDA-Offline\System\SplinterCell4.exe" = C:\Program Files\UBISOFT\Tom Clancy's Splinter Cell Double Agent\SCDA-Offline\System\SplinterCell4.exe:*:Disabled:SplinterCell4 -- ()
"C:\Program Files\BearShare\BearShare.exe" = C:\Program Files\BearShare\BearShare.exe:*:Disabled:BearShare -- File not found
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire -- File not found
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Disabled:LimeWire swarmed installer -- (LimeWire)
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)
"C:\Program Files\GameSpy Arcade\Aphex.exe" = C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade -- File not found
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\WINDOWS\system32\rundll32.exe" = C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Sony\vaio media 3.1\Vc.exe" = C:\Program Files\Sony\vaio media 3.1\Vc.exe:*:Disabled:[VAIO Media] VAIO Media -- (Sony Corporation)
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\Sony\Click to DVD 2\CtoDvd.exe" = C:\Program Files\Sony\Click to DVD 2\CtoDvd.exe:*:Enabled:Click to DVD -- (Sony Corporation)
"%windir%\explorer.exe" = %windir%\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{013E1BA8-C815-4E27-BCB9-D6B1B2E24094}" = SonicStage Mastering Studio Audio Filter Custom Preset
"{01AE599F-7B72-4135-8C56-9191F4ACBA88}" = VAIO Edit Components
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1BEF9285-5530-426B-A5F1-5836B95C7EB1}" = VAIO Original Screen Saver
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1EB317D8-8945-4FD6-B37F-DF470317C6AB}" = VAIO Media 3.1
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{25CF0627-2EF6-4FCE-A0DE-7D6350C774B2}" = VAIO Original Screen Saver VAIO Scene HD Normal Contents
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 15
"{27337663-2619-11D4-99DC-0000F49094C7}" = Memory Stick Formatter
"{2DBE41DD-2129-4C65-A3D3-5647236A60F3}" = Quicken 2005
"{2F353D44-73BB-4971-B31D-F7642E9E9531}" = Macromedia Flash MX 2004
"{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40D1BC4F-56CB-458E-BE8C-35A025CC52FB}" = Sony TV Tuner Library 1.0
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4BE15737-07C5-4705-9DFC-D9D533939942}" = NVIDIA Media Center extensions for display
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{5A633ED0-E5D7-4D65-AB8D-53ED43510284}" = Symantec AntiVirus
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{66B6D13A-9CC1-417D-B6F2-58AA539D1033}" = Nero 7 Essentials
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{685BCC47-B8EC-45EC-BBCE-77DF2451502C}" = DVgate Plus
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6F1974D6-4249-43B6-88B0-9A9B8A33956C}" = OpenMG Secure Module 4.0.00
"{7128C69B-8F7E-4336-8698-3FD3CDD955EC}" = VAIO Media Redistribution 3.1
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}" = SonicStage 2.1.02
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7998F67D-655B-42E3-B651-18D96DD17268}" = Adobe Premiere Standard
"{7A79D11B-FD82-4A5E-834F-20173515DD14}" = VAIO Media Integrated Server 3.1
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{80EE18E6-F16C-11D4-8BE8-006097C9A3ED}" = ISScript
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{88DA0A52-3372-4803-971A-ADFB961707E8}" = PictureGear Studio 2.0
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Application Accelerator
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD 5 for VAIO
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9B953606-000E-491C-B74D-78ECFDD520A0}" = OpenMG Metadata Extractor for Windows Media Player
"{9E158BB9-37B9-464B-837E-CC1D5766291B}" = VAIO Update 3
"{9E407618-D9CD-4F39-9490-9ED45294073D}" = Click to DVD 2.0.02 Menu Data
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4870F16-380A-47D5-B30F-45A99FED3403}" = Click to DVD 2.4.12
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB467B85-4F52-48C2-AEED-0673D00417B0}" = SonicStage Mastering Studio Audio Filter
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BC5E5F8F-0BA2-480A-94C4-0E65D4FA8238}" = Click to DVD 2.4.12
"{BE56FEF0-1A0F-4719-B3AD-34B5087AFA6D}" = Sony Video Shared Library
"{BF3B304B-8A18-452D-A19F-6012CA8418D7}" = SonicStage Mastering Studio 1.4
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C7C895CA-331B-4D7D-A0FB-D3BC637949F9}" = Apple Mobile Device Support
"{CAD1691A-FA24-4B95-9009-3257B8440ECC}" = Tom Clancy's Splinter Cell Double Agent
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0448678-1203-4158-A58F-B3D0B616BF9E}" = Sony Certificate PCH
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D36B1F7D-3B51-4DBC-A4AE-F25B06DF2AD1}" = VAIO Control Center
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar
"{D917FD82-6CE5-489A-AAF8-C701AAC85C4D}" = VAIO Entertainment Platform
"{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}" = Canon PhotoRecord
"{DA7ECDA9-C6DD-4E4A-8EB8-9899E08C6740}" = SonicStage MP3 Add-on program
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E68B38DE-D7DD-4FB3-A453-3F03A947EA8E}" = VAIO Help and Support
"{E715FA41-46EB-4D3F-B4D9-A45973E76026}" = VAIO Structure Wallpaper
"{E809063C-51A3-4269-8984-D1EB742F2151}" = Click to DVD 2.4.12
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EA418519-2160-43A0-AABD-6608DDD8D87F}" = iTunes
"{EA7FC832-8133-46B4-B2CF-5A955326D309}" = Wireless Desktop
"{EE7EB179-5AA2-4B28-AC92-5CBAAF82BA7F}" = SonicStage Mastering Studio Plugins
"{EED5156C-4BA8-4105-A506-DB9D00F8B68D}" = ACDSee for PENTAX
"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}" = Windows Media Connect
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FA11D5B5-7D0A-43E8-88C4-960F97B194DE}" = VAIO Survey Standalone
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"123di 4.0_is1" = the 123 of digital imaging Interactive Learning Suite
"AC3Filter" = AC3Filter (remove only)
"Acecad" = USB Tablet Driver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"AFPL Ghostscript 7.33" = AFPL Ghostscript 7.33
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"BroadJump Client Foundation" = BroadJump Client Foundation
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"CANONBJ_Deinstall_CNMCP6d.DLL" = Canon PIXMA iP5000
"Capture NX" = Capture NX
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_20030030" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"CSCLIB" = Canon Camera Support Core Library
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DPP" = Canon Utilities Digital Photo Professional 3.1
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox
"Easy-WebPrint" = Easy-WebPrint
"EOS Utility" = Canon Utilities EOS Utility
"Halo" = Microsoft Halo
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{2DBE41DD-2129-4C65-A3D3-5647236A60F3}" = Quicken 2005
"InstallShield_{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
"InstallShield_{6F1974D6-4249-43B6-88B0-9A9B8A33956C}" = OpenMG Secure Module 4.0.00
"InstallShield_{E68B38DE-D7DD-4FB3-A453-3F03A947EA8E}" = VAIO Help and Support
"InstallShield_{FA11D5B5-7D0A-43E8-88C4-960F97B194DE}" = VAIO Survey Standalone
"InterActual Player" = InterActual Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MoodLogic" = MoodLogic
"Movielink eHome_is1" = Movielink eHome version 1.1
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"ODSK" = Canon Utilities Original Data Security Tools
"OpenMG HotFix4.0-04-06-21-01" = OpenMG Limited Patch 4.0-04-08-02-01
"PCFriendly" = PCFriendly
"PENTAX Digital Camera Utility" = PENTAX Digital Camera Utility
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"PROSet" = Intel® PRO Network Adapters and Drivers
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"TELUS eCare Plugin" = TELUS eCare Plugin
"TELUS.MCCInstall" = TELUS eCare
"Welcome to VAIO life" = Welcome to VAIO life
"WFTK" = Canon Utilities WFT-E1/E2/E3 Utility
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Connect" = Windows Media Connect
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/24/2009 3:19:09 PM | Computer Name = PHOTOMAIN | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Threat: Trojan.Bredolab in File: C:\DOCUME~1\DAD\LOCALS~1\TEMP\29.TMP
by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Delete succeeded
: Access denied. Action Description: The file was deleted successfully.

Error - 10/24/2009 3:19:23 PM | Computer Name = PHOTOMAIN | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Threat: Trojan.Bredolab in File: C:\DOCUME~1\DAD\LOCALS~1\TEMP\EBD.TMP
by: Auto-Protect scan. Action: Clean failed : Quarantine failed. Action Description:
The file was deleted successfully.

Error - 10/24/2009 3:19:23 PM | Computer Name = PHOTOMAIN | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Trojan.Bredolab in File: C:\Documents and Settings\DAD\Local
Settings\Temp\EBD.tmp by: Auto-Protect scan. Action: Clean failed : Quarantine
failed : Delete succeeded : Access denied. Action Description: The file was deleted
successfully.

Error - 10/24/2009 3:19:24 PM | Computer Name = PHOTOMAIN | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Threat: Trojan.Bredolab in File: C:\DOCUME~1\DAD\LOCALS~1\TEMP\EBD.TMP
by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Delete succeeded
: Access denied. Action Description: The file was deleted successfully.

Error - 10/25/2009 11:30:34 AM | Computer Name = PHOTOMAIN | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Threat: Trojan Horse in File: C:\DOCUME~1\DAD\LOCALS~1\Temp\ie7.tmp
by: Auto-Protect scan. Action: Quarantine succeeded. Action Description: The
file was quarantined successfully.

Error - 10/25/2009 11:30:35 AM | Computer Name = PHOTOMAIN | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Trojan Horse in File: C:\Documents and Settings\DAD\Local
Settings\Temp\ie7.tmp by: Auto-Protect scan. Action: Quarantine succeeded : Access
denied. Action Description: The file was quarantined successfully.

Error - 10/25/2009 11:30:40 AM | Computer Name = PHOTOMAIN | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Threat: Trojan Horse in File: C:\DOCUME~1\DAD\LOCALS~1\Temp\ie7.tmp
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 11/5/2009 7:21:51 AM | Computer Name = PHOTOMAIN | Source = LoadPerf | ID = 3006
Description = Unable to read the performance counter strings of the 657 language
ID. The Win32 status returned by the call is the first DWORD in Data section.

Error - 11/5/2009 7:21:51 AM | Computer Name = PHOTOMAIN | Source = LoadPerf | ID = 3006
Description = Unable to read the performance counter strings of the 768 language
ID. The Win32 status returned by the call is the first DWORD in Data section.

Error - 11/5/2009 7:21:51 AM | Computer Name = PHOTOMAIN | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

[ System Events ]
Error - 10/26/2009 10:58:06 PM | Computer Name = PHOTOMAIN | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 10/26/2009 10:58:18 PM | Computer Name = PHOTOMAIN | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 10/26/2009 10:58:21 PM | Computer Name = PHOTOMAIN | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 10/26/2009 10:58:59 PM | Computer Name = PHOTOMAIN | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 10/26/2009 11:00:24 PM | Computer Name = PHOTOMAIN | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 10/26/2009 11:02:50 PM | Computer Name = PHOTOMAIN | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 10/28/2009 8:55:14 AM | Computer Name = PHOTOMAIN | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 11/5/2009 7:17:53 AM | Computer Name = PHOTOMAIN | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 11/9/2009 12:15:11 AM | Computer Name = PHOTOMAIN | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 11/9/2009 12:34:25 AM | Computer Name = PHOTOMAIN | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.


< End of report >

#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:46 AM

Posted 12 November 2009 - 07:09 AM

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 peacefulwarrior

peacefulwarrior
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 21 November 2009 - 01:48 PM

I ran combofix but could not get the recovery console as having trouble staying connected to the internet. May be hardware issue. Compute has been running fast this week with no virus evidence or popups etc. Thought I would continue with the instructions you gave me. will try to download recovery console again. THANKS!

Attached Files



#6 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:46 AM

Posted 21 November 2009 - 06:22 PM

Hi no don't worry about the Recovery Console.
Your system looks pretty clean so let's run a few more scanners to double check.

Update Run Malwarebytes

Please update\run Malwarebytes' Anti-Malware.

Double Click the Malwarebytes Anti-Malware icon to run the application.
  • Click on the update tab then click on Check for updates.
  • If an update is found, it will download and install the latest version.
  • Once the update has loaded, go to the Scanner tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
=====
* Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Check next options: Remove found threats and Scan unwanted applications.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#7 peacefulwarrior

peacefulwarrior
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 21 November 2009 - 09:31 PM

Hi, picked up Java/TrojanDownloader.OpenStream.NACTojan. Still fighting to maintain internet connection. Ran the scans you suggested and here are the results. Thanks again for your help.

Attached Files



#8 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:46 AM

Posted 22 November 2009 - 06:57 AM

Looks good are you experiencing any problems.
When you say that you are fighting to stay on how does the network connection behave.
It just periodic drops?
Does it get a connection then drop out and not come back on?
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#9 peacefulwarrior

peacefulwarrior
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 22 November 2009 - 10:45 AM

Hi Kahdah
I get a pop up that tells me the local area connection is limited or unavailable. I checked the cables several times and the pop up has a repair button that some times works. The repair button re-establishes the IP address. Some times it stays connected for several hours and sometimes only a few minutes. I have a routine where I unplug the modem, check the cables, hit the repair button and try to monitor the connection for more information. I have not yet contacted the service provider to see if they can analyse the connection from their end. I will do that this week when I have some time. This is a new problem which started about the same time as I ran the HJT. I had also followed up on some leads and deleted some script to get rid of the infection so I thought I might have caused this but you would think that it would just be gone not intermitent. I also had to copy and paste the email link you send me into the browser to get back here. I reset the IE to be the default browser and that worked to let me just click the link. I had tabs in the browser window until I ran the last scanner. Other than that the computer seems to be happy and running quite quickly.

To answer your question- yes it drops off and is gone and then sometimes comes back and sometimes I have to chase it back by going through my routine several times. I am very pleased that windows defender police pro is no longer helping :(

Thanks very much !!!!

#10 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:46 AM

Posted 22 November 2009 - 12:59 PM

Very strange but your logs are clean.
If you have checked the cables it may be an intermittent ISO problem.
I have had that happen before with Verizon her in Florida.

Could check with them and see if they see it as a problem, alternatively you can post in the networking forum that can found here:
http://www.bleepingcomputer.com/forums/f/21/networking/

They may also be able to get to the bottom of it.

But glad things are working well.

=======Cleanup=======
  • Click START then RUN
  • Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
======Next======
  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
===============Update Java===============

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java SE Runtime Environment (JRE) and save it to your desktop.
  • Scroll down to where it says "Java SE Runtime Environment (JRE) 6 Update 17...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u10-windows-i586-p.exe to install the newest version.
======================Clear out infected System Restore points======================


Then we need to reset your System Restore points.
The link below shows how to do this.
How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/kb/310405/en-us

If you are using Vista then see this link: http://www.bleepingcomputer.com/tutorials/...143.html#manual

Delete\uninstall anything else that we have used that is leftover.

=====================================
After that your all set. :(


The following are some articles and a Windows Update link that I like to suggest to people to prevent malware and general PC maintenance.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

If your computer is slow Is a tutorial on what you can do if your computer is slow.

File sharing program dangers Reasons to stay away from File sharing programs for ex: BitTorrent,Limewire,Kazaa,emule,Utorrent,Limewire etc...
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#11 peacefulwarrior

peacefulwarrior
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 26 November 2009 - 12:00 AM

Thank you kindly for your help and guidence. For some reason I have not lost the internet connection since removing the tools we used. Don't know if related or not. THANK YOU THANK YOU THANK YOU.

#12 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:46 AM

Posted 26 November 2009 - 08:10 AM

Shouldn't have affected it as it only removes what we used.
But glad it is working good now.

You are welcome :(


Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :(

If your the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users