Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected computer - not sure virus / trojan / worm???


  • Please log in to reply
23 replies to this topic

#1 testscorezero

testscorezero

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:11 AM

Posted 11 November 2009 - 10:03 PM

As advised in the Malware preparation guide:

1-loaded and ran DDS
2- loaded rootrepeal but it would not run - had errors and stopped[/color][/color]

DDS.txt as follows
DDS (Ver_09-10-26.01) - NTFSx86
Run by Andrew at 22:37:14.54 on Tue 11/10/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.174 [GMT -5:00]

AV: Bell Internet Security Services Anti-Virus *On-access scanning enabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
FW: Bell Internet Security Services Firewall *enabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Bell\Bell Internet Security Services\Fws.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
C:\Program Files\Personal Vault\VaultClientSRV.exe
C:\Program Files\Personal Vault\VaultClientUpgrade.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Bell\Bell Internet Security Services\SafeConnect\Bin\SanaAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bell\Bell Internet Security Services\rps.exe
C:\Program Files\Bell\Bell Internet Security Services\RpsSecurityAwareR.exe
C:\Program Files\Bell\Internet Service Advisor\SSAComHandler.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\BellCanada\McciTrayApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Bell\Internet Service Advisor\SSA.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Bell\Bell Internet Security Services\SafeConnect\Bin\SanaMonitor.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Search Guard Plus\SearchGuardPlus.exe
C:\WINDOWS\system32\dwwin.exe
C:\Documents and Settings\Andrew\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.sympatico.ca/
uInternet Settings,ProxyServer = 127.0.0.1:81
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://as.starware.com/dp/search?x=wKX1ILEOi+UdWpSlz2q9Dzn13Emww/YwvAthwXDvvODhZQeA9ukXru5eGvJ/aKQNLl6e1JV6qXyr8HJvolnGhjwCUm2zEFX1iBWjuH4TkHWkemOFyqTw/5UOWle5h/gwZvOAAs6uDOk=
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: dsWebAllowBHO Class: {2f85d76c-0569-466f-a488-493e6bd0e955} - c:\program files\windows desktop search\dsWebAllow.dll
BHO: PopKill Class: {3c060ea2-e6a9-4e49-a530-d4657b8c449a} - c:\program files\bell\bell internet security services\pkR.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Search Assistant: {f0626a63-410b-45e2-99a1-3f2475b2d695} - c:\program files\sgpsa\BHO.dll
BHO: Fast Browser Search Toolbar Helper: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\fast browser search\ie\FBStoolbar.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Fast Browser Search Toolbar: {1bb22d38-a411-4b13-a746-c2a4f4ec7344} - c:\program files\fast browser search\ie\FBStoolbar.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRunOnce: [IndexCleaner] "c:\program files\bell\bell internet security services\IdxClnR.exe"
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [VAIO Update 2] "c:\program files\sony\vaio update 2\VAIOUpdt.exe" /Stationary
mRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exe
mRun: [BellCanada_McciTrayApp] c:\program files\bellcanada\McciTrayApp.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SSA.exe] "c:\program files\bell\internet service advisor\SSA.exe" /AUTORUN
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [SGPUpdater] c:\program files\search guard plusu\sgpUpdaters.exe
mRun: [FBSearch] c:\program files\search guard plus\SearchGuardPlus.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRunOnce: [IndexCleaner] "c:\program files\bell\bell internet security services\IdxClnR.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: {5F4A4622-8370-440e-88CC-CA2256D1A08A} - c:\windows\system32\cachepal.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/download/ipixx.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {AC120B1D-9411-4111-AF52-118052D85D45} - hxxp://cached.gamedesire.com/g_bin/eng/darts_2_0_0_42.cab
DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} - hxxp://zone.msn.com/bingame/burg/default/GoBitGamesPlayer_v6.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

============= SERVICES / DRIVERS ===============

R2 BCMNTIO;BCMNTIO;c:\progra~1\checkit\diagno~1\BCMNTIO.sys [2007-5-16 3744]
R2 MAPMEM;MAPMEM;c:\progra~1\checkit\diagno~1\MAPMEM.sys [2007-5-16 3904]
R2 PD91Agent;PD91Agent;c:\program files\raxco\perfectdisk2008\PD91Agent.exe [2008-9-22 693512]
R2 RadialpointSafeConnectAgent;Bell Internet Security Services SafeConnectAgent;c:\program files\bell\bell internet security services\safeconnect\bin\SanaAgent.exe [2008-11-14 4937752]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R2 VAIO Entertainment File Import Service;VAIO Entertainment File Import Service;c:\program files\common files\sony shared\vaio entertainment\vzcdb\VzFw.exe [2005-1-25 118877]
R2 VaultClientSRV;Personal Vault Backup Service;c:\program files\personal vault\VaultClientSRV.exe [2008-3-7 1047632]
R2 VaultClientUpgrade;Personal Vault Upgrade Service;c:\program files\personal vault\VaultClientUpgrade.exe [2008-3-7 56400]
R3 PD91Engine;PD91Engine;c:\program files\raxco\perfectdisk2008\PD91Engine.exe [2008-9-22 910600]
R3 Radialpoint Security Services;Bell Internet Security Services;c:\program files\bell\bell internet security services\RpsSecurityAwareR.exe [2009-7-7 170736]
R3 RadialpointSafeConnectDriver;RadialpointSafeConnectDriver;c:\program files\bell\bell internet security services\safeconnect\driver\platform_xp\SafeConnectDriver.sys [2008-11-14 161304]
R3 RadialpointSafeConnectFilter;RadialpointSafeConnectFilter;c:\program files\bell\bell internet security services\safeconnect\driver\platform_xp\SafeConnectFilter.sys [2008-11-14 29720]
R3 RadialpointSafeConnectShim;RadialpointSafeConnectShim;c:\program files\bell\bell internet security services\safeconnect\driver\platform_xp\SafeConnectShim.sys [2008-11-14 27376]
S2 gupdate1c999d679626574;Google Update Service (gupdate1c999d679626574);c:\program files\google\update\GoogleUpdate.exe [2009-2-28 133104]
S3 FANTOM;LEGO MINDSTORMS NXT Driver;c:\windows\system32\drivers\fantom.sys [2006-3-10 39424]
S3 JL2005C;Dual Mode Camera;c:\windows\system32\drivers\jl2005c.sys [2009-3-22 68954]
S3 mdxgthkn;mdxgthkn;\??\c:\docume~1\adam\locals~1\temp\mdxgthkn.sys --> c:\docume~1\adam\locals~1\temp\mdxgthkn.sys [?]
S3 SaiNtSub;SaiNtSub;c:\windows\system32\drivers\SaiNtSub.sys [2005-2-7 19200]
S3 VAIO Entertainment UPnP Client Adapter;VAIO Entertainment UPnP Client Adapter;c:\program files\common files\sony shared\vaio entertainment\vcsw\vcsw.exe -runbyscm --> c:\program files\common files\sony shared\vaio entertainment\vcsw\VCSW.exe -RunBySCM [?]

=============== Created Last 30 ================

2009-11-10 01:25:35 0 d-----w- c:\program files\Sega
2009-11-10 01:06:16 0 d-----w- C:\CFSCAN18491C
2009-11-10 00:42:36 161792 ----a-w- c:\windows\SWREG.exe
2009-11-10 00:42:22 0 d-s---w- C:\CFscan422C
2009-11-10 00:41:13 389120 ----a-w- c:\windows\system32\CF23187.exe
2009-11-08 05:34:34 0 d-s---w- C:\CFscan13199C
2009-10-29 18:26:07 0 d-----w- c:\program files\Virtual Earth 3D
2009-10-27 01:53:05 0 d-----w- c:\program files\Search Guard PlusU
2009-10-27 01:53:05 0 d-----w- c:\program files\Search Guard Plus
2009-10-27 01:53:04 0 d-----w- c:\program files\SGPSA
2009-10-27 01:52:34 0 d-----w- c:\program files\Fast Browser Search
2009-10-27 01:52:23 0 d-----w- C:\users
2009-10-24 15:03:43 223744 ----a-w- c:\windows\system32\CNMLM97.DLL
2009-10-16 00:45:33 0 d-----w- c:\windows\SQLTools9_KB970892_ENU
2009-10-16 00:43:38 0 d-----w- c:\windows\SQL9_KB970892_ENU
2009-10-14 23:07:55 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-14 22:38:59 0 d-----w- c:\docume~1\andrew\applic~1\wsInspector
2009-10-14 22:35:20 0 d-----w- c:\program files\Startup Inspector for Windows
2009-10-14 22:30:26 0 d-----w- c:\docume~1\andrew\applic~1\Malwarebytes
2009-10-14 01:01:20 0 d-sh--w- C:\found.000
2009-10-13 23:17:12 0 d-sha-r- C:\cmdcons
2009-10-13 23:15:21 0 d-----w- C:\CFscan

==================== Find3M ====================

2009-11-10 05:40:01 335904 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-11-10 05:40:01 29828 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-11-10 05:40:00 192188 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-11-10 05:40:00 15101216 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-10-26 03:34:41 5702 ----a-w- c:\docume~1\andrew\applic~1\wklnhst.dat
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08:21 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2008-05-11 21:24:21 0 ----a-w- c:\program files\uninstall.dat
2008-05-11 21:24:20 62910 ----a-w- c:\program files\Uninstall.exe
2002-06-04 09:06:04 65536 ------w- c:\windows\inf\copyinf.exe

============= FINISH: 22:38:34.78 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 testscorezero

testscorezero
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:11 AM

Posted 16 November 2009 - 09:28 PM

not sure if this was missed or is just pending an answer?

#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:11 PM

Posted 20 November 2009 - 05:47 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  • Please download OTL from following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#4 testscorezero

testscorezero
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:11 AM

Posted 21 November 2009 - 01:05 PM

Hi Myrti

Thank you for the reply.
Please note I ran the file but had some trouble.
I keep getting windows "virus" warning message windows opening and also windows with add to buy some windows anti virus software.
I also get warnings that I have a win32diag virus and trojan infection etc...

The above is all after the fact of my first issues where computer was acting funny but with no pop ups.
Computer is still slow as anything - it was not too long ago I finally cleaned it of all viruses and created a backup file.
Not sure if I could just revert back and that it would clean up all this mess.
Not sure why I keep getting viruses either.

Anyway after rebooting a couple times I was able to run the scan, below are the results;

OTL file:

OTL logfile created on: 11/21/2009 10:14:25 AM - Run 1
OTL by OldTimer - Version 3.1.6.1 Folder = C:\Documents and Settings\Andrew\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.36 Mb Total Physical Memory | 187.29 Mb Available Physical Memory | 36.63% Memory free
1.22 Gb Paging File | 0.94 Gb Available in Paging File | 76.88% Paging File free
Paging file location(s): C:\pagefile.sys 768 3500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 180.30 Gb Total Space | 111.08 Gb Free Space | 61.61% Space Free | Partition Type: NTFS
Drive D: | 654.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TANGERINE
Current User Name: Andrew
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/11/21 10:00:23 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrew\Desktop\OTL.exe
PRC - [2009/11/19 00:26:07 | 01,187,840 | ---- | M] () -- C:\Documents and Settings\Andrew\Local Settings\temp\wow64main.exe
PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/07/07 12:24:44 | 00,388,336 | ---- | M] (Bell) -- C:\Program Files\Bell\Bell Internet Security Services\RPS.exe
PRC - [2009/07/07 12:24:44 | 00,170,736 | ---- | M] (Bell) -- C:\Program Files\Bell\Bell Internet Security Services\RpsSecurityAwareR.exe
PRC - [2009/07/07 12:23:28 | 00,371,440 | ---- | M] (Bell) -- C:\Program Files\Bell\Bell Internet Security Services\Fws.exe
PRC - [2009/07/02 14:32:34 | 00,056,400 | ---- | M] (Bell Canada) -- C:\Program Files\Personal Vault\VaultClientUpgrade.exe
PRC - [2009/07/02 14:32:30 | 01,047,632 | ---- | M] (Bell Canada) -- C:\Program Files\Personal Vault\VaultClientSRV.exe
PRC - [2009/06/29 11:41:18 | 03,245,296 | ---- | M] (Bell) -- C:\Program Files\Bell\Internet Service Advisor\SSA.exe
PRC - [2009/06/29 11:41:18 | 00,398,576 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Bell\Internet Service Advisor\SSAComHandler.exe
PRC - [2009/05/27 02:27:04 | 29,262,680 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2009/05/19 10:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/05/15 08:57:18 | 00,067,456 | ---- | M] () -- C:\Program Files\Search Guard PlusU\sgpUpdaters.exe
PRC - [2009/05/14 19:45:14 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/04/14 22:00:23 | 00,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/02/06 05:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2008/12/07 11:24:05 | 01,471,488 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\BellCanada\McciTrayApp.exe
PRC - [2008/11/24 21:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/11/24 21:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008/11/14 17:28:10 | 04,937,752 | R--- | M] (Sana Security) -- C:\Program Files\Bell\Bell Internet Security Services\SafeConnect\bin\SanaAgent.exe
PRC - [2008/09/22 15:58:48 | 00,910,600 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
PRC - [2008/09/22 15:58:44 | 00,693,512 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
PRC - [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/13 20:50:00 | 01,603,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2006/10/22 11:22:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2005/06/02 15:54:34 | 00,086,606 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2004/07/09 17:28:14 | 01,826,816 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
PRC - [2004/07/08 21:26:54 | 00,118,877 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
PRC - [2004/01/17 05:36:44 | 00,135,168 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
PRC - [2003/05/23 13:43:00 | 00,088,363 | ---- | M] (Agere Systems) -- C:\WINDOWS\AGRSMMSG.exe


========== Modules (SafeList) ==========

MOD - [2009/11/21 10:00:23 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrew\Desktop\OTL.exe
MOD - [2008/04/13 19:12:51 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/04/13 19:11:53 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll


========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (CLTNetCnService)
SRV - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/07/07 12:24:44 | 00,170,736 | ---- | M] (Bell) -- C:\Program Files\Bell\Bell Internet Security Services\RpsSecurityAwareR.exe -- (Radialpoint Security Services)
SRV - [2009/07/07 12:23:28 | 00,371,440 | ---- | M] (Bell) -- C:\Program Files\Bell\Bell Internet Security Services\Fws.exe -- (RP_FWS)
SRV - [2009/07/02 14:32:34 | 00,056,400 | ---- | M] (Bell Canada) -- C:\Program Files\Personal Vault\VaultClientUpgrade.exe -- (VaultClientUpgrade)
SRV - [2009/07/02 14:32:30 | 01,047,632 | ---- | M] (Bell Canada) -- C:\Program Files\Personal Vault\VaultClientSRV.exe -- (VaultClientSRV)
SRV - [2009/05/27 02:27:04 | 29,262,680 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS)
SRV - [2009/05/19 10:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/05/14 19:45:07 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/02/28 13:57:52 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c999d679626574)
SRV - [2008/11/24 21:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/11/24 21:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008/11/24 21:31:08 | 00,045,408 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008/11/14 17:28:10 | 04,937,752 | R--- | M] (Sana Security) -- C:\Program Files\Bell\Bell Internet Security Services\SafeConnect\Bin\SanaAgent.exe -- (RadialpointSafeConnectAgent)
SRV - [2008/09/22 15:58:48 | 00,910,600 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe -- (PD91Engine)
SRV - [2008/09/22 15:58:44 | 00,693,512 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe -- (PD91Agent)
SRV - [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/07/29 20:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/07/29 18:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/07/29 18:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/07/25 10:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/25 10:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2008/02/25 18:46:43 | 00,658,432 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2006/10/22 11:22:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - [2005/06/02 15:54:34 | 00,086,606 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/07/09 17:28:14 | 01,826,816 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2004/07/08 21:27:20 | 00,118,784 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe -- (VAIO Entertainment Aggregation and Control Service)
SRV - [2004/07/08 21:26:54 | 00,118,877 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe -- (VAIO Entertainment File Import Service)
SRV - [2004/07/08 21:19:04 | 00,069,632 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2004/07/08 21:17:54 | 00,278,528 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe -- (VAIO Entertainment UPnP Client Adapter)
SRV - [2004/06/22 11:58:14 | 00,733,184 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-VideoServer-UPnP)
SRV - [2004/06/22 11:58:14 | 00,733,184 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP)
SRV - [2004/06/16 03:42:34 | 00,057,344 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-VideoServer-HTTP)
SRV - [2004/06/16 03:42:34 | 00,057,344 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP)
SRV - [2004/06/16 03:41:06 | 00,188,416 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2003/10/30 12:48:10 | 01,286,144 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe -- (VAIOMediaPlatform-VideoServer-AppServer)


========== Driver Services (SafeList) ==========

DRV - [2009/04/03 13:51:32 | 00,179,984 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2008/12/07 11:24:23 | 00,018,304 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/12/07 11:23:48 | 00,019,712 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2008/11/26 14:19:56 | 00,053,192 | ---- | M] (Radialpoint Inc.) -- C:\WINDOWS\system32\drivers\rp_skt32.sys -- (RPSKT)
DRV - [2008/11/14 17:28:36 | 00,161,304 | R--- | M] (Sana Security, Inc. ) -- C:\Program Files\Bell\Bell Internet Security Services\SafeConnect\Driver\platform_XP\SafeConnectDriver.sys -- (RadialpointSafeConnectDriver)
DRV - [2008/11/14 17:28:36 | 00,029,720 | R--- | M] (Sana Security, Inc. ) -- C:\Program Files\Bell\Bell Internet Security Services\SafeConnect\Driver\platform_XP\SafeConnectFilter.sys -- (RadialpointSafeConnectFilter)
DRV - [2008/11/14 17:28:36 | 00,027,376 | ---- | M] (Sana Security, Inc. ) -- C:\Program Files\Bell\Bell Internet Security Services\SafeConnect\Driver\platform_XP\SafeConnectShim.sys -- (RadialpointSafeConnectShim)
DRV - [2008/08/28 12:16:40 | 00,071,184 | ---- | M] (Raxco Software, Inc.) -- C:\WINDOWS\system32\drivers\DefragFS.sys -- (DefragFS)
DRV - [2008/08/06 20:20:08 | 00,048,384 | ---- | M] (Radialpoint, Inc.) -- C:\WINDOWS\system32\drivers\rp_pkt32.sys -- (RPPKT)
DRV - [2008/05/19 13:30:46 | 00,036,624 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2007/11/17 14:46:38 | 00,068,954 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\drivers\jl2005c.sys -- (JL2005C)
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2006/10/22 11:22:00 | 03,994,624 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006/03/10 15:55:18 | 00,039,424 | ---- | M] (National Instruments Corporation) -- C:\WINDOWS\system32\drivers\fantom.sys -- (FANTOM)
DRV - [2004/11/22 18:36:39 | 00,018,003 | ---- | M] (Motive, Inc.) -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2004/10/07 20:16:04 | 00,035,840 | ---- | M] (Oak Technology Inc.) -- C:\WINDOWS\system32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/04 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/06/02 18:47:58 | 00,768,512 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\smrt.sys -- (smrt)
DRV - [2004/04/14 10:08:00 | 00,044,064 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2004/04/14 10:08:00 | 00,021,280 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2004/04/14 10:08:00 | 00,010,144 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2004/04/14 10:08:00 | 00,005,600 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2004/03/05 16:09:02 | 00,003,904 | ---- | M] () -- C:\Program Files\CheckIt\Diagnostics\MAPMEM.SYS -- (MAPMEM)
DRV - [2004/03/05 16:09:00 | 00,003,744 | ---- | M] () -- C:\Program Files\CheckIt\Diagnostics\BCMNTIO.SYS -- (BCMNTIO)
DRV - [2004/01/26 10:36:35 | 00,095,552 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004/01/26 10:01:28 | 00,052,224 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2003/12/01 10:20:52 | 00,004,832 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfhlp01.sys -- (sfhlp01)
DRV - [2003/10/01 17:48:24 | 00,594,048 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm)
DRV - [2003/09/17 14:44:42 | 00,145,408 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B)
DRV - [2003/09/06 07:22:08 | 00,006,944 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\prosync1.sys -- (prosync1)
DRV - [2003/07/31 13:45:52 | 00,112,000 | R--- | M] (Prolific Technology Inc.) -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2003/05/23 13:44:00 | 01,171,648 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2003/04/10 11:42:56 | 00,048,384 | ---- | M] (Saitek) -- C:\WINDOWS\system32\drivers\SaiNtHid.sys -- (SaiNtHid)
DRV - [2003/04/10 11:42:32 | 00,019,200 | ---- | M] (Saitek) -- C:\WINDOWS\system32\drivers\SaiNtSub.sys -- (SaiNtSub)
DRV - [2003/04/10 11:41:52 | 00,026,368 | ---- | M] (Saitek) -- C:\WINDOWS\system32\drivers\SaiNtBus.sys -- (SaiClass)
DRV - [2003/01/31 11:08:54 | 00,028,005 | ---- | M] (Efficient Networks, Inc.) -- C:\WINDOWS\system32\drivers\enethusb.sys -- (ENETHUSB)
DRV - [2002/04/01 17:15:00 | 00,004,816 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio)
DRV - [2000/12/05 18:18:02 | 00,003,952 | R--- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/

IE - HKU\S-1-5-21-108043559-830873663-195626935-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-108043559-830873663-195626935-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-108043559-830873663-195626935-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-108043559-830873663-195626935-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-108043559-830873663-195626935-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-108043559-830873663-195626935-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sympatico.ca/
IE - HKU\S-1-5-21-108043559-830873663-195626935-1006\S-1-5-21-108043559-830873663-195626935-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-108043559-830873663-195626935-1006\S-1-5-21-108043559-830873663-195626935-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
IE - HKU\S-1-5-21-108043559-830873663-195626935-1006\S-1-5-21-108043559-830873663-195626935-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:81

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/07 13:38:37 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/10/14 18:06:21 | 00,000,000 | ---D | M]

[2009/10/09 23:50:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\ozhh385e.default\extensions
[2008/02/04 20:09:57 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/06/08 10:18:06 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2007/08/11 13:29:04 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2007/10/14 20:37:16 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2007/03/27 02:48:51 | 00,717,312 | ---- | M] (DivX,Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
[2009/02/03 16:35:38 | 00,120,296 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npganymedenet.dll
[2007/05/10 21:52:34 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2008/01/17 21:17:27 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2008/01/17 21:17:27 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2008/01/17 21:17:27 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2008/01/17 21:17:27 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2008/01/17 21:17:27 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2008/01/17 21:17:28 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2008/01/17 21:17:28 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (dsWebAllowBHO Class) - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll (Microsoft Corporation)
O2 - BHO: (PopKill Class) - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Bell\Bell Internet Security Services\pkR.dll (Bell)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (Search Assistant) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll (MTWB)
O2 - BHO: (Fast Browser Search Toolbar Helper) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll ()
O3 - HKLM\..\Toolbar: (Fast Browser Search Toolbar) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-108043559-830873663-195626935-1006\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-108043559-830873663-195626935-1006\..\Toolbar\ShellBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-108043559-830873663-195626935-1006\..\Toolbar\WebBrowser: (Fast Browser Search Toolbar) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll ()
O3 - HKU\S-1-5-21-108043559-830873663-195626935-1006\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-108043559-830873663-195626935-1006\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [BellCanada_McciTrayApp] C:\Program Files\BellCanada\McciTrayApp.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [FBSearch] C:\Program Files\Search Guard Plus\SearchGuardPlus.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SGPUpdater] C:\Program Files\Search Guard PlusU\sgpUpdaters.exe ()
O4 - HKLM..\Run: [SSA.exe] C:\Program Files\Bell\Internet Service Advisor\SSA.exe (Bell)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VAIO Recovery] C:\WINDOWS\SONYSYS\VAIO Recovery\PartSeal.exe (Sony Electronics Inc)
O4 - HKLM..\Run: [VAIO Update 2] C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe (Sony Corporation)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-108043559-830873663-195626935-1006..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-108043559-830873663-195626935-1006..\Run: [wow64main.exe] C:\Documents and Settings\Andrew\Local Settings\temp\wow64main.exe ()
O4 - Startup: C:\Documents and Settings\Adam\Start Menu\Programs\Startup\wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe (Microsoft® Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 55924053
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-108043559-830873663-195626935-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-108043559-830873663-195626935-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O7 - HKU\S-1-5-21-108043559-830873663-195626935-1006_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra Button: CachePal - {5F4A4622-8370-440e-88CC-CA2256D1A08A} - C:\WINDOWS\system32\cachepal.exe ()
O9 - Extra 'Tools' menuitem : CachePal - {5F4A4622-8370-440e-88CC-CA2256D1A08A} - C:\WINDOWS\system32\cachepal.exe ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Reg Error: Key error.)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/download/ipixx.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Reg Error: Key error.)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab (Reg Error: Key error.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {AC120B1D-9411-4111-AF52-118052D85D45} http://cached.gamedesire.com/g_bin/eng/darts_2_0_0_42.cab (Reg Error: Key error.)
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} http://zone.msn.com/bingame/burg/default/G...esPlayer_v6.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/16 12:46:38 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/08/29 15:14:41 | 00,042,812 | R--- | M] () - D:\AUTOINST.TGA -- [ CDFS ]
O32 - AutoRun File - [2006/08/29 15:14:41 | 00,000,864 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2006/08/29 15:14:41 | 00,008,732 | R--- | M] () - D:\autoexit.tga -- [ CDFS ]
O32 - AutoRun File - [2006/08/29 15:14:41 | 00,135,812 | R--- | M] () - D:\automenu.tga -- [ CDFS ]
O32 - AutoRun File - [2006/08/29 15:14:41 | 00,025,772 | R--- | M] () - D:\autoplay.tga -- [ CDFS ]
O32 - AutoRun File - [2006/08/29 15:14:41 | 00,417,792 | R--- | M] () - D:\autorun.exe -- [ CDFS ]
O34 - HKLM BootExecute: (PDBoot.exe) - C:\WINDOWS\System32\PDBoot.exe (Raxco Software, Inc.)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/21 10:00:19 | 00,528,896 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Andrew\Desktop\OTL.exe
[2009/11/19 01:04:47 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Andrew\Recent
[2009/11/19 00:57:44 | 00,000,000 | ---D | C] -- C:\Program Files\AntiMalware
[2009/11/14 16:15:37 | 00,000,000 | ---D | C] -- C:\Program Files\PopCap Games
[2009/11/13 20:16:27 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/11/13 20:16:27 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/11/13 20:16:27 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/11/10 22:44:10 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Andrew\Desktop\RootRepeal.exe
[2009/11/09 20:25:35 | 00,000,000 | ---D | C] -- C:\Program Files\Sega
[2009/11/09 20:06:16 | 00,000,000 | ---D | C] -- C:\CFSCAN18491C
[2009/11/09 20:04:49 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2009/11/09 19:42:36 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/11/09 19:42:36 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/11/09 19:42:22 | 00,000,000 | --SD | C] -- C:\CFscan422C
[2009/11/09 19:41:13 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF23187.exe
[2009/11/08 00:34:34 | 00,000,000 | --SD | C] -- C:\CFscan13199C
[2009/10/29 13:29:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Local Settings\Application Data\assembly
[2009/10/29 13:27:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Local Settings\Application Data\IsolatedStorage
[2009/10/29 13:26:07 | 00,000,000 | ---D | C] -- C:\Program Files\Virtual Earth 3D
[2009/10/26 20:53:05 | 00,000,000 | ---D | C] -- C:\Program Files\Search Guard PlusU
[2009/10/26 20:53:05 | 00,000,000 | ---D | C] -- C:\Program Files\Search Guard Plus
[2009/10/26 20:53:04 | 00,000,000 | ---D | C] -- C:\Program Files\SGPSA
[2009/10/26 20:52:34 | 00,000,000 | ---D | C] -- C:\Program Files\Fast Browser Search
[2009/10/26 20:52:23 | 00,000,000 | ---D | C] -- C:\users
[2009/10/25 20:06:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Local Settings\Application Data\Canon Easy-PhotoPrint EX
[2009/10/24 10:04:09 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/10/24 10:03:43 | 00,223,744 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNMLM97.DLL
[2009/10/24 10:03:32 | 00,000,000 | -H-D | C] -- C:\WINDOWS\System32\CanonIJ Uninstaller Information
[2009/10/24 10:02:55 | 00,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2008/05/11 16:24:20 | 00,062,910 | ---- | C] ($PROGRAMNAME) -- C:\Program Files\Uninstall.exe
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/21 10:14:19 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/21 10:14:02 | 00,086,782 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/11/21 10:14:00 | 00,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B52D1DD8-DACC-42F8-81E4-ACC530C2BE58}.job
[2009/11/21 10:13:35 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/11/21 10:12:35 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/21 10:12:21 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/21 10:12:16 | 53,626,8800 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/21 10:09:09 | 19,355,424 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/11/21 10:00:23 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrew\Desktop\OTL.exe
[2009/11/21 10:00:23 | 00,358,432 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009/11/21 09:41:14 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/11/20 16:46:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/11/20 00:03:19 | 00,034,364 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2009/11/20 00:03:18 | 00,253,196 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/11/19 01:08:24 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Andrew\ntuser.ini
[2009/11/19 01:08:23 | 06,029,312 | -H-- | M] () -- C:\Documents and Settings\Andrew\NTUSER.DAT
[2009/11/14 17:16:28 | 00,000,026 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2009/11/14 16:15:56 | 00,000,194 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play More Great Games!.url
[2009/11/14 16:15:55 | 00,001,030 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Bonnie's Bookstore Deluxe.lnk
[2009/11/14 16:15:37 | 00,000,000 | ---- | M] () -- C:\WINDOWS\popcreg.dat
[2009/11/12 17:16:03 | 01,086,088 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/10 22:44:16 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Andrew\Desktop\RootRepeal.exe
[2009/11/10 22:36:29 | 00,523,776 | ---- | M] () -- C:\Documents and Settings\Andrew\Desktop\dds.scr
[2009/11/10 17:52:28 | 00,575,847 | ---- | M] () -- C:\Documents and Settings\Andrew\My Documents\Ministry Training Travel Claim Form.pdf
[2009/11/10 17:17:10 | 00,063,168 | ---- | M] () -- C:\Documents and Settings\Andrew\My Documents\Donna Brett.pdf
[2009/11/09 19:41:03 | 00,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF23187.exe
[2009/11/05 12:36:21 | 26,768,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/11/01 07:50:51 | 00,590,486 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/01 07:50:51 | 00,488,908 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/01 07:50:51 | 00,089,778 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/10/31 20:41:18 | 00,122,368 | ---- | M] () -- C:\Documents and Settings\Andrew\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/29 13:26:42 | 00,001,809 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Bing Maps 3D.lnk
[2009/10/25 22:34:41 | 00,005,702 | ---- | M] () -- C:\Documents and Settings\Andrew\Application Data\wklnhst.dat
[2009/10/24 10:07:10 | 00,001,644 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\My Printer.lnk
[2009/10/24 10:06:53 | 00,001,680 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Canon Solution Menu.lnk
[2009/10/24 10:06:39 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Easy-PhotoPrint EX.lnk
[2009/10/24 10:04:35 | 00,001,921 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iP2600 series On-screen Manual.lnk
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/14 16:15:56 | 00,000,194 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play More Great Games!.url
[2009/11/14 16:15:55 | 00,001,030 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Bonnie's Bookstore Deluxe.lnk
[2009/11/14 16:15:37 | 00,000,026 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2009/11/14 16:15:37 | 00,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2009/11/10 22:36:22 | 00,523,776 | ---- | C] () -- C:\Documents and Settings\Andrew\Desktop\dds.scr
[2009/11/10 17:52:24 | 00,575,847 | ---- | C] () -- C:\Documents and Settings\Andrew\My Documents\Ministry Training Travel Claim Form.pdf
[2009/11/10 17:17:06 | 00,063,168 | ---- | C] () -- C:\Documents and Settings\Andrew\My Documents\Donna Brett.pdf
[2009/11/09 19:42:36 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/11/09 19:42:36 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/10/29 13:26:42 | 00,001,809 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Bing Maps 3D.lnk
[2009/10/24 10:07:10 | 00,001,644 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\My Printer.lnk
[2009/10/24 10:06:53 | 00,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon Solution Menu.lnk
[2009/10/24 10:06:39 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Easy-PhotoPrint EX.lnk
[2009/10/24 10:04:35 | 00,001,921 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iP2600 series On-screen Manual.lnk
[2009/09/12 21:28:37 | 04,322,046 | -H-- | C] () -- C:\Documents and Settings\Andrew\Local Settings\Application Data\IconCache.db
[2009/03/22 20:22:57 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PTWebCam.INI
[2008/10/14 15:09:12 | 00,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen_x86.sys
[2008/05/11 16:24:21 | 00,000,000 | ---- | C] () -- C:\Program Files\uninstall.dat
[2008/03/26 21:38:09 | 00,000,111 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/07/22 17:39:26 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007/07/22 17:39:26 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007/07/22 17:39:26 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007/07/22 17:39:26 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007/07/22 17:39:26 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007/07/22 17:39:26 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007/07/22 17:39:26 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007/07/22 17:39:26 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007/07/22 17:39:26 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007/06/25 20:34:26 | 00,070,400 | ---- | C] () -- C:\WINDOWS\System32\PhysXLoader.dll
[2007/03/21 16:22:37 | 00,000,256 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2006/11/13 20:39:02 | 00,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2006/11/11 18:36:19 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI
[2006/10/22 11:22:00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/22 11:22:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/22 11:22:00 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/22 11:22:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/22 11:22:00 | 00,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/08/02 21:33:24 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/08/02 11:15:08 | 00,000,124 | ---- | C] () -- C:\WINDOWS\POOHRTR.INI
[2006/08/02 11:15:08 | 00,000,124 | ---- | C] () -- C:\WINDOWS\POOHRFM.INI
[2006/06/29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/06/23 22:31:20 | 00,000,022 | ---- | C] () -- C:\WINDOWS\iexplore.ini
[2006/05/14 18:41:02 | 00,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2006/04/30 19:56:16 | 00,000,037 | ---- | C] () -- C:\WINDOWS\Viewer.ini
[2006/04/18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/03/19 16:30:51 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2005/12/30 20:42:16 | 00,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7K.DLL
[2005/10/24 15:47:51 | 00,000,539 | ---- | C] () -- C:\WINDOWS\Sin_Setup.INI
[2005/09/18 18:16:49 | 00,000,078 | ---- | C] () -- C:\WINDOWS\TONKA.INI
[2005/09/14 18:31:15 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2005/08/12 19:16:20 | 00,122,368 | ---- | C] () -- C:\Documents and Settings\Andrew\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/08/04 18:03:00 | 00,000,674 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2005/08/04 17:45:29 | 00,046,592 | ---- | C] () -- C:\WINDOWS\System32\shellses.dll
[2005/06/19 21:05:14 | 00,000,443 | ---- | C] () -- C:\WINDOWS\Db12.INI
[2005/05/28 20:45:43 | 00,647,168 | ---- | C] () -- C:\WINDOWS\System32\pqdvdb.dll
[2005/05/17 17:34:51 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2005/05/17 17:34:50 | 00,000,058 | ---- | C] () -- C:\WINDOWS\timeline.ini
[2005/05/17 17:34:49 | 00,000,652 | ---- | C] () -- C:\WINDOWS\wencyc02.ini
[2005/04/23 11:57:13 | 00,000,306 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2005/03/10 19:13:04 | 00,005,702 | ---- | C] () -- C:\Documents and Settings\Andrew\Application Data\wklnhst.dat
[2005/03/04 06:28:31 | 00,000,181 | ---- | C] () -- C:\WINDOWS\civ.ini
[2005/02/17 17:02:05 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2005/02/15 18:34:20 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2005/02/15 18:34:20 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2005/02/13 17:05:57 | 00,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2005/02/07 21:47:35 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\SaiCfg.dll
[2005/01/31 19:35:12 | 00,000,041 | ---- | C] () -- C:\WINDOWS\MSREGUSR.INI
[2005/01/25 19:37:24 | 00,000,076 | ---- | C] () -- C:\WINDOWS\ariel_ss.ini
[2005/01/25 19:36:24 | 00,000,541 | ---- | C] () -- C:\WINDOWS\disney.ini
[2005/01/25 16:29:55 | 00,000,129 | ---- | C] () -- C:\Documents and Settings\Andrew\Local Settings\Application Data\fusioncache.dat
[2005/01/25 15:43:21 | 00,389,728 | ---- | C] () -- C:\Documents and Settings\Andrew\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2005/01/25 15:37:55 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/01/25 15:26:20 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2005/01/25 15:23:08 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/01/25 15:23:08 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/01/25 15:23:08 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/01/25 15:23:08 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/01/25 15:23:08 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/01/25 15:23:08 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/01/25 15:21:06 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Andrew\Application Data\desktop.ini
[2004/08/16 13:55:58 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/16 13:05:52 | 00,000,808 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/16 12:33:12 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2004/08/16 12:33:10 | 01,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2004/08/16 12:33:01 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2004/08/16 12:32:59 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\cbldrm.dll
[2004/08/16 12:32:58 | 00,000,724 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/08/16 12:32:46 | 00,000,706 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/16 12:32:44 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/08/16 05:39:32 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2004/06/24 13:28:12 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2002/10/06 13:42:57 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002/10/04 18:04:25 | 00,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2002/10/04 18:04:24 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/10/04 18:04:17 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2002/06/12 13:21:12 | 00,049,152 | R--- | C] () -- C:\WINDOWS\System32\winchip.dll
[2001/10/24 18:00:40 | 00,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[1997/06/13 21:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== Files - Unicode (All) ==========
[2009/08/14 10:19:58 | 00,000,040 | ---- | M] ()(C:\WINDOWS\System32\?????????????????4????????????????????????g) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥䉜汥屬敂汬䤠瑮牥敮⁴敓畣楲祴匠牥楶散屳慓敦潃湮捥屴潃普杩塜楖睥挮湯楦g
[2009/08/14 10:19:58 | 00,000,040 | ---- | C] ()(C:\WINDOWS\System32\?????????????????4????????????????????????g) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥䉜汥屬敂汬䤠瑮牥敮⁴敓畣楲祴匠牥楶散屳慓敦潃湮捥屴潃普杩塜楖睥挮湯楦g
[2009/04/06 19:06:13 | 00,000,089 | ---- | M] ()(C:\WINDOWS\System32\¨??) -- C:\WINDOWS\System32\¨‹’
[2009/04/06 19:06:13 | 00,000,089 | ---- | C] ()(C:\WINDOWS\System32\¨??) -- C:\WINDOWS\System32\¨‹’
[2009/06/11 21:24:25 | 00,000,000 | ---- | M] ()(C:\WINDOWS\System32\(m?) -- C:\WINDOWS\System32\(mˆ
[2009/06/11 21:24:25 | 00,000,000 | ---- | C] ()(C:\WINDOWS\System32\(m?) -- C:\WINDOWS\System32\(mˆ

========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A9364E30
< End of report >



Extras file

OTL Extras logfile created on: 11/21/2009 10:14:25 AM - Run 1
OTL by OldTimer - Version 3.1.6.1 Folder = C:\Documents and Settings\Andrew\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.36 Mb Total Physical Memory | 187.29 Mb Available Physical Memory | 36.63% Memory free
1.22 Gb Paging File | 0.94 Gb Available in Paging File | 76.88% Paging File free
Paging file location(s): C:\pagefile.sys 768 3500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 180.30 Gb Total Space | 111.08 Gb Free Space | 61.61% Space Free | Partition Type: NTFS
Drive D: | 654.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TANGERINE
Current User Name: Andrew
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SYSTEMROOT%\hh.exe" %1
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-108043559-830873663-195626935-1006\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = comfile] -- Reg Error: Key error. File not found
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = htmlfile] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Sony\vaio media 3.1\Vc.exe" = C:\Program Files\Sony\vaio media 3.1\Vc.exe:*:Disabled:[VAIO Media] VAIO Media -- (Sony Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe" = C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:*:Enabled:Age of Empires III - The WarChiefs -- (Ensemble Studios)
"C:\Program Files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe" = C:\Program Files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe:*:Enabled:Star Wars™: Empire at War™ -- (Lucasfilm Entertainment Company, Ltd.)
"C:\Program Files\LucasArts\Star Wars Empire at War Forces of Corruption\swfoc.exe" = C:\Program Files\LucasArts\Star Wars Empire at War Forces of Corruption\swfoc.exe:*:Enabled:Star Wars™: Empire at War™: Forces of Corruption™ -- (Lucasfilm Entertainment Company, Ltd.)
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- File not found
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{01AF4645-78E6-46C4-B528-54863679CC40}" = VAIO SLIT-C Screen Saver
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{03C2C501-E11D-494D-8271-AD5DF7E5FAF2}" = RPS ParentalControl
"{04B05AB1-CFA9-4D1A-94FA-34C3AB26AF7C}" = RPS Firewall
"{0556F885-2415-4666-B53E-33727E46AEA1}" = The Movies™
"{0A146245-DB79-4197-BF5D-FE1A699A2CC7}" = Camera Window DS
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2600_series" = Canon iP2600 series
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{1EB317D8-8945-4FD6-B37F-DF470317C6AB}" = VAIO Media 3.1
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2631C4A0-167B-4332-A46A-8EEEE1D0AD07}" = Bell Internet Security Services
"{266AEE68-5718-4A31-BDD3-D356B1250C70}" = VAIO SLIT Pattern Wallpaper
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 17
"{27337663-2619-11D4-99DC-0000F49094C7}" = Memory Stick Formatter
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2B6EC03E-6FA0-4D7C-9CCE-1B03819AB613}" = PerfectDisk 2008
"{2CC982C0-7EAE-11D4-ACC3-0050568AD318}" = Avery DesignPro
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3297AEE5-D69F-43F5-B133-F0E7DF952AD8}" = RPS RpsCore
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1A8C8-6646-4101-B0AA-42D1EB2AB3AE}" = Windows Live Outlook Toolbar (Windows Live Toolbar)
"{3727B920-F5A3-46A4-AC02-94F421A039C7}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{43DCF766-6838-4F9A-8C91-D92DA586DFA8}" = Microsoft Windows Journal Viewer
"{47CCE7BB-2001-461C-A6E0-2237E6A5369D}" = RPS Diagnostic Utility
"{47FBF7F9-FBD3-43EF-823B-7684D56C1962}" = Tabbed Browsing (Windows Live Toolbar)
"{48820099-ED7D-424B-890C-9A82EF00656C}" = VAIO Update 2
"{4A425F14-0561-11D4-9027-0060089CDAE1}" = FileMaker Pro 5.5
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4DBBF091-FACD-422C-B43C-786335BD5398}" = MovieEdit Task
"{50E25180-3BDC-4B6D-80A2-3F1F0C9CF39D}" = Camera Window DVC
"{51C48D1F-9BBF-450A-BBCE-1D775AB94B15}" = FileMaker Pro 9
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{548B3DC6-2300-47E1-BA7B-74AD25F8DEBF}" = Form Fill (Windows Live Toolbar)
"{54BD000B-A0BE-46C4-993C-ACEF21216E8A}" = Microsoft Visual Basic 2005 Step by Step
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{577AD794-8B34-40B4-9E7A-BE4CFFE396E6}" = Microsoft Visual Basic 2005 Express Edition - ENU
"{5F457DDF-B768-434C-8802-9BB3B383B1E8}" = MasterCook 7
"{6592FDEC-2C1A-413A-9985-25FEC2F0848D}" = Star Wars Empire at War Forces of Corruption
"{66A7A386-6F35-41A7-A731-101F0C0153C8}" = Popup Blocker (Windows Live Toolbar)
"{68108E66-D13A-4EE8-A6F4-40E4B90C2A26}" = Windows Live Toolbar Feed Detector (Windows Live Toolbar)
"{685BCC47-B8EC-45EC-BBCE-77DF2451502C}" = DVgate Plus
"{6990A2BF-D1D2-11D3-81BC-00609789C908}" = Sony Video Shared Library
"{6C21224F-75E4-47EF-A97F-FCB5E305B526}" = E320/E322 Setup Utility
"{6C3A75A6-9A90-44A3-A703-82AC1EA6A85D}" = Camera Window MC
"{6D7D3A9A-4972-4DDE-B4EF-08B2D44D939D}" = OneCare Advisor (Windows Live Toolbar)
"{6F1974D6-4249-43B6-88B0-9A9B8A33956C}" = OpenMG Secure Module 4.0.00
"{7128C69B-8F7E-4336-8698-3FD3CDD955EC}" = VAIO Media Redistribution 3.1
"{7148F0A8-6813-11D6-A77B-00B0D0142050}" = Java 2 Runtime Environment, SE v1.4.2_05
"{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}" = SonicStage 2.1.00
"{7614EAF1-4954-4D60-A921-E6429781EDA9}" = RPS SafeConnect
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{7A79D11B-FD82-4A5E-834F-20173515DD14}" = VAIO Media Integrated Server 3.1
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{7C2F71B2-6C73-11D6-B659-00C04F790F76}" = Click to DVD 2.1.10
"{7CDC26F7-D6BF-442A-B599-0075A48310F7}" = SA32xx Device Manager
"{7F34A21F-2DEB-4598-BB19-611D6BD24271}" = Managed DirectX (0901)
"{7FF0415A-C82A-4715-B31F-6DBB8D28C1CA}" = Windows Live Toolbar
"{8451C4FD-B0AB-4F50-A756-3DED380116B7}" = RPS Burn
"{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}" = PhotoStitch
"{88DA0A52-3372-4803-971A-ADFB961707E8}" = PictureGear Studio 2.0
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8D64E2C1-6A75-4F25-9B31-665AE7A46E40}" = The Apprentice
"{8DD01BB5-720A-4161-9A59-8450597FA9AC}" = MSN Money Toolbar Add-in
"{901F8ED7-13E8-43EF-B738-2FE89B0588EB}" = Camera Access Library
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD 5 for VAIO
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{968F8A8B-7875-4E9F-A250-4DC8504BEDC3}" = Word Search Factory Lite 3
"{9757283E-3FCA-4F3D-9257-928859318E55}" = Microsoft Windows Theme Ontario
"{98A3A654-3AEF-42D9-BA91-DE5815EA5897}" = Click to DVD 2.0 Menu Data
"{992D7983-AD02-480D-AC10-C9D0691F11FD}" = Aura Fate of the Ages
"{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War
"{A1D0D14A-B776-4907-BC00-5149F2298086}" = Camera Support Core Library
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}" = Camera Window DVC
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{A7DEBAA4-B211-4D1A-A6B3-E52BFAAA1D0C}" = Garmin Communicator Plugin
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}" = RAW Image Task 2.2
"{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}" = Canon PhotoRecord
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C06A7DAC-1708-417C-B694-28C84DFE2DF9}" = The Movies™ Stunts & Effects
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon ZoomBrowser EX (E)
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC016F21-3970-11DE-B878-005056806466}" = Google Earth
"{CD7D5804-C157-48A6-AEE0-4A40A4B5C054}" = VAIO System Information
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0448678-1203-4158-A58F-B3D0B616BF9E}" = Sony Certificate PCH
"{D22D11A0-DF6A-4DE9-B6E2-62A8C5ECCDDE}" = RPS CRT
"{D917FD82-6CE5-489A-AAF8-C701AAC85C4D}" = VAIO Entertainment Platform
"{D98010D3-20E4-40E0-A25E-98AB7722C20F}" = RPS Ksdk
"{D9DA2DF6-8CB6-4E3C-A29E-FAECFBA3E9A7}" = Garmin POI Loader
"{E34351A4-4B10-4DFF-96BC-84C642D9C625}" = The Print Shop 22
"{E68B38DE-D7DD-4FB3-A453-3F03A947EA8E}" = VAIO Help and Support
"{E91A546E-31C7-45D5-B48D-4F0E4AFEB0F1}" = RPS PopupBlocker
"{EBB11C78-68A6-42D7-84FC-517F9DBF9D55}" = GameShadow
"{EFC1B35C-FFF2-41D8-A70A-CE6037F8040B}" = AGEIA PhysX v7.07.24
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{FA11D5B5-7D0A-43E8-88C4-960F97B194DE}" = VAIO Survey Standalone
"{FDAEA4AD-9775-4229-BE5B-5C1E5EFA2506}" = RPS PerfectDiskStub
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"ActiveXControlPad" = Microsoft ActiveX Control Pad
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"Beach Tranquility Screen Saver" = Beach Tranquility Screen Saver
"Bonnie's Bookstore Deluxe 1.01" = Bonnie's Bookstore Deluxe 1.01
"CachePal" = CachePal Uninstall
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner (remove only)
"CEL SoundTrack" = CEL-SoundTrack - dB12
"CharlottesWeb" = CharlottesWeb (remove only)
"CheckIt Diagnostics" = CheckIt Diagnostics
"CONNECT" = Connect renamed
"Crossword Weaver 8.0" = Crossword Weaver 8.0
"DeleteProdRunControl_US" = IBM ViaVoice Command and Control Runtime 5.3
"Dual Mode Camera_is1" = Uninstall Dual Mode Camera
"DVD Shrink_is1" = DVD Shrink 3.2
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint" = Easy-WebPrint
"EfntSSDSL" = Efficient Networks SpeedStream DSL
"High-Speed Internet Options" = High-Speed Internet Options
"ie8" = Windows Internet Explorer 8
"InstallShield_{0556F885-2415-4666-B53E-33727E46AEA1}" = The Movies™ Stunts & Effects
"InstallShield_{0A146245-DB79-4197-BF5D-FE1A699A2CC7}" = Canon Camera Window DSLR 5 for ZoomBrowser EX
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
"InstallShield_{4DBBF091-FACD-422C-B43C-786335BD5398}" = Canon MovieEdit Task for ZoomBrowser EX
"InstallShield_{50E25180-3BDC-4B6D-80A2-3F1F0C9CF39D}" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"InstallShield_{5F457DDF-B768-434C-8802-9BB3B383B1E8}" = MasterCook 7
"InstallShield_{6C3A75A6-9A90-44A3-A703-82AC1EA6A85D}" = Canon Camera Window MC 6 for ZoomBrowser EX
"InstallShield_{6F1974D6-4249-43B6-88B0-9A9B8A33956C}" = OpenMG Secure Module 4.0.00
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"InstallShield_{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{901F8ED7-13E8-43EF-B738-2FE89B0588EB}" = Canon Camera Access Library
"InstallShield_{A1D0D14A-B776-4907-BC00-5149F2298086}" = Canon Camera Support Core Library
"InstallShield_{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"InstallShield_{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{E68B38DE-D7DD-4FB3-A453-3F03A947EA8E}" = VAIO Help and Support
"InstallShield_{FA11D5B5-7D0A-43E8-88C4-960F97B194DE}" = VAIO Survey Standalone
"Internet Check-Up" = Internet Check-Up
"M4P MP3 Converter_is1" = M4P MP3 Converter 1.0
"manutd_fanzone_oldtrafford" = manutd_fanzone_oldtrafford Screen Saver
"manutd_fanzone_players" = manutd_fanzone_players Screen Saver
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Basic 2005 Express Edition - ENU" = Microsoft Visual Basic 2005 Express Edition - ENU
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"OggDS" = Direct Show Ogg Vorbis Filter (remove only)
"OpenMG HotFix4.0-04-06-21-01" = OpenMG Limited Patch 4.0-04-07-14-01
"PhoTagsExpress" = PhoTags Express
"PrintMaster Gold 4.00" = PrintMaster Gold 4.00
"Product_Name" = eTeacher3
"PROSet" = Intel® PRO Network Adapters and Drivers
"PSPVideoExpress" = PSP Video Express(remove only)
"QuickTime32" = QuickTime for Windows (32-bit)
"RadialpointClientGateway_is1" = Bell Internet Service Advisor 2.1.7
"RealPlayer 6.0" = RealPlayer
"Risk" = Risk (remove only)
"Search Guard Plus" = Search Guard Plus (Get Rated)
"Search Guard Plus Updater" = Search Guard Plus Updater (Get Rated)
"TBSB07183.TBSB07183Toolbar" = Fast Browser Search (Get Rated)
"Vault" = Personal Vault Manager
"ViewpointMediaPlayer" = Viewpoint Media Player (Remove Only)
"vixy converter BETA_is1" = vixy converter uninstall
"WebPost" = Microsoft Web Publishing Wizard 1.52
"Webster's World Encyclopedia 2002" = Webster's World Encyclopedia 2002
"Welcome to VAIO life" = Welcome to VAIO life
"WGA" = Windows Genuine Advantage Validation Tool
"WIC" = Windows Imaging Component
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"Zoo Tycoon 1.0" = Microsoft Zoo Tycoon

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/21/2009 4:41:14 AM | Computer Name = TANGERINE | Source = Google Update | ID = 20
Description =

Error - 11/21/2009 5:41:14 AM | Computer Name = TANGERINE | Source = Google Update | ID = 20
Description =

Error - 11/21/2009 6:41:14 AM | Computer Name = TANGERINE | Source = Google Update | ID = 20
Description =

Error - 11/21/2009 7:41:14 AM | Computer Name = TANGERINE | Source = Google Update | ID = 20
Description =

Error - 11/21/2009 8:41:14 AM | Computer Name = TANGERINE | Source = Google Update | ID = 20
Description =

Error - 11/21/2009 9:41:14 AM | Computer Name = TANGERINE | Source = Google Update | ID = 20
Description =

Error - 11/21/2009 10:41:14 AM | Computer Name = TANGERINE | Source = Google Update | ID = 20
Description =

Error - 11/21/2009 10:55:16 AM | Computer Name = TANGERINE | Source = Application Error | ID = 1000
Description = Faulting application searchguardplus.exe, version 1.0.0.1, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x000369da.

Error - 11/21/2009 11:07:25 AM | Computer Name = TANGERINE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/21/2009 11:13:14 AM | Computer Name = TANGERINE | Source = Integrated Server | ID = 9001
Description =

[ System Events ]
Error - 11/20/2009 1:05:55 PM | Computer Name = TANGERINE | Source = Service Control Manager | ID = 7001
Description = The VAIO Media Integrated Server (UPnP) service depends on the VAIO
Media Integrated Server (HTTP) service which failed to start because of the following
error: %%10049

Error - 11/20/2009 1:06:14 PM | Computer Name = TANGERINE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
StarOpen

Error - 11/20/2009 11:59:44 PM | Computer Name = TANGERINE | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Windows CardSpace service
to connect.

Error - 11/20/2009 11:59:44 PM | Computer Name = TANGERINE | Source = Service Control Manager | ID = 7000
Description = The Windows CardSpace service failed to start due to the following
error: %%1053

Error - 11/21/2009 11:12:57 AM | Computer Name = TANGERINE | Source = Print | ID = 23
Description = Printer Lexmark E321 (Copy 1),2 failed to initialize because a suitable
Lexmark E321 driver could not be found.

Error - 11/21/2009 11:12:57 AM | Computer Name = TANGERINE | Source = Print | ID = 23
Description = Printer Lexmark E321,0 failed to initialize because a suitable Lexmark
E321 driver could not be found.

Error - 11/21/2009 11:13:50 AM | Computer Name = TANGERINE | Source = Service Control Manager | ID = 7023
Description = The Help and Support service terminated with the following error:
%%126

Error - 11/21/2009 11:13:50 AM | Computer Name = TANGERINE | Source = Service Control Manager | ID = 7023
Description = The VAIO Media Integrated Server (HTTP) service terminated with the
following error: %%10049

Error - 11/21/2009 11:13:50 AM | Computer Name = TANGERINE | Source = Service Control Manager | ID = 7001
Description = The VAIO Media Integrated Server (UPnP) service depends on the VAIO
Media Integrated Server (HTTP) service which failed to start because of the following
error: %%10049

Error - 11/21/2009 11:13:53 AM | Computer Name = TANGERINE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
StarOpen


< End of report >

#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:11 PM

Posted 22 November 2009 - 02:34 PM

Hi,

ok, we need to do some further testing to see what is on your PC:

Download and run Win32kDiag:Please also run Malwarebytes Anti-Malware:
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.


And finally please run gmer:
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.


Please post back the logs from Malwarebytes, gmer and win32diag in your next reply.
The chances are that a system restore will not rid you of the malware. Please do not try it now, since it might things more difficult to clean.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#6 testscorezero

testscorezero
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:11 AM

Posted 24 November 2009 - 06:53 PM

Hi Myrti

I ran all three programs, the only one that gave any data was the malwarbytes.
The win32 ran ok but stoopped for the error you see in the log below.
The GMER rasn but kept freezing after approx 45-60 minutes. I tried running the GMER about 5 times - the last time was with everything else closed. Safe mode made no difference.

win32diag:

Running from: C:\Documents and Settings\Donna\Desktop\Win32kDiag.exe

Log file at : C:\Documents and Settings\Donna\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...

mbam log:

Malwarebytes' Anti-Malware 1.41
Database version: 3220
Windows 5.1.2600 Service Pack 3

11/23/2009 7:18:49 PM
mbam-log-2009-11-23 (19-18-49).txt

Scan type: Quick Scan
Objects scanned: 157806
Time elapsed: 19 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 16
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 3
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e498d54b-8307-483a-8ca0-55e4573dd63a} (Adware.WebPerform) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{b9fd8e0a-17e0-48de-ab1d-70ddaa35d577} (Adware.WebPerform) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{b9fd8e0a-17e0-48de-ab1d-70ddaa35d577} (Adware.WebPerform) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ab692f9b-27fe-4511-8885-ed62bb45197b} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b6b571fb-b71d-449c-ad70-82e966328795} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Active Security (Rogue.ActiveSecurity) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\webperform.DLL (Adware.WebPerform) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.235,85.255.112.106 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8ffc9dcc-8440-4016-b702-f8c56cf85560}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.235,85.255.112.106 -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\Adam\Application Data\AdwareBot (Rogue.AdwareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Adam\Application Data\AdwareBot\Log (Rogue.AdwareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Adam\Application Data\AdwareBot\Settings (Rogue.AdwareBot) -> Quarantined and deleted successfully.

Files Infected:
C:\My Downloads\setupxv.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Adam\Application Data\AdwareBot\rs.dat (Rogue.AdwareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Adam\Application Data\AdwareBot\Log\2009 Oct 01 - 12_20_36 AM_477.log (Rogue.AdwareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Adam\Application Data\AdwareBot\Log\2009 Oct 01 - 12_20_46 AM_477.log (Rogue.AdwareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Adam\Application Data\AdwareBot\Settings\ScanResults.pie (Rogue.AdwareBot) -> Quarantined and deleted successfully.

#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:11 PM

Posted 24 November 2009 - 07:10 PM

Hi,

malwarebytes took out a rogue that may very well have been responsible for the errors and warning you have been getting. I would however really like to see a rootkit scan from your PC. Could you please try to run Rootrepeal again (please download a fresh copy). Before running it, please make the following amendments:
Please start RootRepeal, and, before doing anything else, try changing the "Disk Access Level" in the Settings->Options dialog. Try moving it to the "Special" or "High" level. Also, click on the Files tab, and uncheck "Use lowest level for MBR check". Please let me know if this fixes the problem.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#8 testscorezero

testscorezero
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:11 AM

Posted 25 November 2009 - 09:48 PM

Hi Myrti

I tried to run rootrepeal and my system locks up.
The program uses a lot of CPU% and all of the PF in task manager.

The error I kept getting with GMER was out of virtual memory - is the same happening here?

Regards

#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:11 PM

Posted 26 November 2009 - 01:49 PM

Hi,

please try the following settings for rootrepeal:
Please start RootRepeal, and, before doing anything else, try changing the "Disk Access Level" in the Settings->Options dialog. Try moving it to the "Special" or "High" level. Also, click on the Files tab, and uncheck "Use lowest level for MBR check". Please let me know if this fixes the problem.

Have you tried running gmer from safemode?


regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 testscorezero

testscorezero
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:11 AM

Posted 27 November 2009 - 09:41 PM

Hi Myrti

This may not be wgat you want to hear but,,,

1- my computer does not start in safemode - it starts then stops...screen does blank and holds at blinking icon
2- I cannot run GMER because it runs then locks up the entire machine
3- I cannot run rootrepeal as the small 1" x 4" window opens advising the program is initializing but it then holds, checking in task manager advises that the program is busy and only way to clear is to right click into the process and then terminate it. (this is even after waiting approx 30mins)

I am unsure what to do - I think the virus (other) is preventing applications to run.

Plesae advise - I am at an impass

Regards

Andrew

#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:11 PM

Posted 28 November 2009 - 12:05 PM

Hi,

please try running sophos instead then:
lease download Sophos Anti-rootkit & save it to your desktop.
alternate download link
Note: If using the vendor's download site you will be asked to register with MySophos so an email containing an activation link can be sent to your email address.

Be sure to print out and read the Sophos Anti-Rookit User Manual and Release Notes.
  • Double-click sar_15_sfx.exe to begin the installation, read the license agreement and click Accept.
  • Allow the default location of C:\Program Files\Sophos\Sophos Anti-Rootkit and click Install.
  • A message will appear "Sophos Anti-Rootkit was successfully installed. Click 'yes' to start it now". Click Yes.
  • Make sure the following are checked:
    • Running processes
    • Windows Registry
    • Local Hard Drives
  • Click Start scan.
  • Sophos Anti-Rootkit will scan the selected areas and display any suspicious files in the upper panel.
  • When the scan is complete, a pop-up screen will appear with "Rootkit Scan Results". Click OK to continue.
  • Click on the suspicious file to display more information about it in the lower panel which also includes whether the item is recommended for removal.
    • Files tagged as Removable: No are not marked for removal and cannot be removed.
    • Files tagged as Removable: Yes (clean up recommended) are marked for removal by default.
    • Files tagged as Removable: Yes (but clean up not recommended) are not marked for removal because Sophos did not recognize them. These files will require further investigation.
  • Select only items recommended for removal, then click "Clean up checked items". You will be asked to confirm, click Yes.
  • A pop up window will appear advising the cleanup will finish when you restart your computer. Click Restart Now.
  • After reboot, a dialog box displays the files you selected for removal and the action taken.
  • Click Empty list and then click Continue to re-scan your computer a second time to ensure everything was cleaned.
  • When done, go to Start > Run and type or copy/paste: %temp%\sarscan.log
  • This should open the log from the rootkit scan. Please post this log in your next reply. If you have a problem, you can find sarscan.log in C:\Documents and Settings\\Local Settings\Temp\.
Before performing an ARK scan it is recommended to do the following to ensure more accurate results and avoid common issues that may cause false detections.
  • Disconnect from the Internet or physically unplug you Internet cable connection.
  • Clean out your temporary files.
  • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
  • Temporarily disable your anti-virus and real-time anti-spyware protection.
  • After starting the scan, do not use the computer until the scan has completed.
  • When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.
regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#12 testscorezero

testscorezero
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:11 AM

Posted 30 November 2009 - 07:26 PM

Hi Myrti

Please note after running the Sophos, I still get an odd windows pop up advising there was a problem with "Fast Browser Search Selection....advise Microsoft etc..." and the internet still loads slowly.
I am also getting a Winows XP index error sometimes now on start up that runs a check disk before opening windows.

That said, I did all in your last email and below is the log...


Sophos Anti-Rootkit Version 1.5.0 © 2009 Sophos Plc
Started logging on 11/29/2009 at 17:26:38 PM
User "Andrew" on computer "TANGERINE"
Windows version 5.1 SP 3.0 Service Pack 3 build 2600 SM=0x300 PT=0x1 Win32
Info: Starting process scan.
Info: Starting registry scan.
Info: Starting disk scan of C: (NTFS).
Hidden: file C:\WINDOWS\system32\drivers\dmboot.sys
Hidden: file C:\System Volume Information\_restore{38D7A734-29B2-45EC-900F-164D8C1D9EF8}\RP1052\A1112191.exe
Hidden: file C:\Documents and Settings\Andrew\Desktop\OTL.exe
Hidden: file C:\Program Files\Sony\Click to DVD 2\TransitionPlugins\gmCelebrateRes.dll
Hidden: file C:\WINDOWS\system32\Adobe\Shockwave 11\gt.exe
Hidden: file C:\Documents and Settings\Donna\Local Settings\Temporary Internet Files\Content.IE5\GML9DXQS\3;gName=game1413;gTemplate=template_1;gSex=f;gDemo1=1;gDemo2=2;gDemo3=C;gChannel=channel1;gLanguage=en;gPageType=gamepage;dcopt=ist;sz=728x90;ord=7178909809695817[1]
Hidden: file C:\Program Files\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\pl.lproj\QuickTimeAudioSupportLocalized.qtr
Hidden: file C:\Documents and Settings\Donna\Desktop\FileMaker Pro 9.0 Trial Installer\Files\Setup\Registration.exe
Hidden: file C:\WINDOWS\system32\QuickTimeVR.qtx
Hidden: file C:\Documents and Settings\Donna\Local Settings\Temporary Internet Files\Content.IE5\MGBHMJPN\gCat=cat13;gName=game1413;gTemplate=template_1;gSex=f;gDemo1=1;gDemo2=2;gDemo3=C;gChannel=channel1;gLanguage=en;gPageType=gamepage;sz=300x250;ord=7178909809695817[1]
Hidden: file C:\WINDOWS\SQL9_KB970892_ENU\sqlsetupvista.dll
Hidden: file C:\System Volume Information\_restore{38D7A734-29B2-45EC-900F-164D8C1D9EF8}\RP1052\A1112117.exe
Hidden: file C:\WINDOWS\$hf_mig$\KB885250\SP2QFE\mrxsmb.sys
Hidden: file C:\System Volume Information\_restore{38D7A734-29B2-45EC-900F-164D8C1D9EF8}\RP1034\A1108595.exe
Hidden: file C:\System Volume Information\_restore{38D7A734-29B2-45EC-900F-164D8C1D9EF8}\RP1034\A1108590.dll
Hidden: file C:\System Volume Information\_restore{38D7A734-29B2-45EC-900F-164D8C1D9EF8}\RP1034\A1108586.dll
Hidden: file C:\users\public\MyWebTattoo.exe
Hidden: file C:\Program Files\Canon\IJ Manual\IP2600 SERIES\uninstall.exe
Hidden: file C:\Program Files\Canon\Easy-PhotoPrint EX\LTIMG14N.DLL
Hidden: file C:\System Volume Information\_restore{38D7A734-29B2-45EC-900F-164D8C1D9EF8}\RP1054\A1114164.exe
Hidden: file C:\WINDOWS\SoftwareDistribution\Download\d33df004653757f12af7292eed3037ea781e8402
Hidden: file C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
Stopped logging on 11/29/2009 at 18:39:36 PM

#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:11 PM

Posted 01 December 2009 - 09:41 AM

Hi,

the log from sophos looks fine. :( The chkdsk is usually started by Windows when either the PC did not shut down correctly or when it suspects the hard drive to be broken. Have you had any PC freezes before getting the chkdsk window? Did you loose power or something?
Does chkdsk find any defective sectors?

Please provide a new OTL log:
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • a report will open, copy and paste it in a reply here:
    • OTL.txt
regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#14 testscorezero

testscorezero
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:11 AM

Posted 02 December 2009 - 06:20 PM

Hi Myrti

Well it ran, I got an OTL and extras notepad file that are below

OTL gave

OTL logfile created on: 12/2/2009 6:08:10 PM - Run 1
OTL by OldTimer - Version 3.1.11.4 Folder = C:\Documents and Settings\Andrew\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.36 Mb Total Physical Memory | 208.37 Mb Available Physical Memory | 40.75% Memory free
1.22 Gb Paging File | 0.71 Gb Available in Paging File | 57.97% Paging File free
Paging file location(s): C:\pagefile.sys 768 3500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 180.30 Gb Total Space | 110.34 Gb Free Space | 61.19% Space Free | Partition Type: NTFS
Drive D: | 654.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 480.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TANGERINE
Current User Name: Andrew
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/12/02 17:46:11 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrew\Desktop\OTL.exe
PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/07/07 12:24:44 | 00,388,336 | ---- | M] (Bell) -- C:\Program Files\Bell\Bell Internet Security Services\RPS.exe
PRC - [2009/07/07 12:24:44 | 00,170,736 | ---- | M] (Bell) -- C:\Program Files\Bell\Bell Internet Security Services\RpsSecurityAwareR.exe
PRC - [2009/07/07 12:23:28 | 00,371,440 | ---- | M] (Bell) -- C:\Program Files\Bell\Bell Internet Security Services\Fws.exe
PRC - [2009/07/02 14:32:34 | 00,056,400 | ---- | M] (Bell Canada) -- C:\Program Files\Personal Vault\VaultClientUpgrade.exe
PRC - [2009/07/02 14:32:30 | 01,047,632 | ---- | M] (Bell Canada) -- C:\Program Files\Personal Vault\VaultClientSRV.exe
PRC - [2009/06/29 11:41:18 | 03,245,296 | ---- | M] (Bell) -- C:\Program Files\Bell\Internet Service Advisor\SSA.exe
PRC - [2009/06/29 11:41:18 | 00,398,576 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Bell\Internet Service Advisor\SSAComHandler.exe
PRC - [2009/05/27 02:27:04 | 29,262,680 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2009/05/19 10:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/05/14 19:45:14 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/04/14 22:00:23 | 00,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/04/03 13:51:32 | 00,143,360 | ---- | M] (Kaspersky Lab.) -- C:\Program Files\Bell\Bell Internet Security Services\Kav\Bin\ScanningProcess.exe
PRC - [2009/03/08 13:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/02/28 13:57:52 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe
PRC - [2008/12/07 11:24:05 | 01,471,488 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\BellCanada\McciTrayApp.exe
PRC - [2008/11/24 21:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/11/24 21:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008/11/14 17:28:12 | 00,592,408 | ---- | M] (Sana Security) -- C:\Program Files\Bell\Bell Internet Security Services\SafeConnect\bin\SanaMonitor.exe
PRC - [2008/11/14 17:28:10 | 04,937,752 | R--- | M] (Sana Security) -- C:\Program Files\Bell\Bell Internet Security Services\SafeConnect\bin\SanaAgent.exe
PRC - [2008/09/22 15:58:48 | 00,910,600 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
PRC - [2008/09/22 15:58:44 | 00,693,512 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
PRC - [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/13 20:50:00 | 01,603,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2006/10/22 11:22:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2005/06/02 15:54:34 | 00,086,606 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2004/07/09 17:28:14 | 01,826,816 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
PRC - [2004/07/08 21:26:54 | 00,118,877 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
PRC - [2004/01/17 05:36:44 | 00,135,168 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
PRC - [2003/05/23 13:43:00 | 00,088,363 | ---- | M] (Agere Systems) -- C:\WINDOWS\AGRSMMSG.exe


========== Modules (SafeList) ==========

MOD - [2009/12/02 17:46:11 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrew\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (CLTNetCnService)
SRV - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/07/07 12:24:44 | 00,170,736 | ---- | M] (Bell) -- C:\Program Files\Bell\Bell Internet Security Services\RpsSecurityAwareR.exe -- (Radialpoint Security Services)
SRV - [2009/07/07 12:23:28 | 00,371,440 | ---- | M] (Bell) -- C:\Program Files\Bell\Bell Internet Security Services\Fws.exe -- (RP_FWS)
SRV - [2009/07/02 14:32:34 | 00,056,400 | ---- | M] (Bell Canada) -- C:\Program Files\Personal Vault\VaultClientUpgrade.exe -- (VaultClientUpgrade)
SRV - [2009/07/02 14:32:30 | 01,047,632 | ---- | M] (Bell Canada) -- C:\Program Files\Personal Vault\VaultClientSRV.exe -- (VaultClientSRV)
SRV - [2009/05/27 02:27:04 | 29,262,680 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2009/05/19 10:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/05/14 19:45:07 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/02/28 13:57:52 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c999d679626574) Google Update Service (gupdate1c999d679626574)
SRV - [2008/11/24 21:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/11/24 21:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008/11/24 21:31:08 | 00,045,408 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008/11/14 17:28:10 | 04,937,752 | R--- | M] (Sana Security) -- C:\Program Files\Bell\Bell Internet Security Services\SafeConnect\Bin\SanaAgent.exe -- (RadialpointSafeConnectAgent)
SRV - [2008/09/22 15:58:48 | 00,910,600 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe -- (PD91Engine)
SRV - [2008/09/22 15:58:44 | 00,693,512 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe -- (PD91Agent)
SRV - [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/02/25 18:46:43 | 00,658,432 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2006/10/22 11:22:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2005/06/02 15:54:34 | 00,086,606 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/07/09 17:28:14 | 01,826,816 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2004/07/08 21:27:20 | 00,118,784 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe -- (VAIO Entertainment Aggregation and Control Service)
SRV - [2004/07/08 21:26:54 | 00,118,877 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe -- (VAIO Entertainment File Import Service)
SRV - [2004/07/08 21:19:04 | 00,069,632 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2004/07/08 21:17:54 | 00,278,528 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe -- (VAIO Entertainment UPnP Client Adapter)
SRV - [2004/06/22 11:58:14 | 00,733,184 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-VideoServer-UPnP) VAIO Media Video Server (UPnP)
SRV - [2004/06/22 11:58:14 | 00,733,184 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2004/06/16 03:42:34 | 00,057,344 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-VideoServer-HTTP) VAIO Media Video Server (HTTP)
SRV - [2004/06/16 03:42:34 | 00,057,344 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2004/06/16 03:41:06 | 00,188,416 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2003/10/30 12:48:10 | 01,286,144 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe -- (VAIOMediaPlatform-VideoServer-AppServer)


========== Driver Services (SafeList) ==========

DRV - [2009/06/18 12:55:41 | 00,018,816 | ---- | M] (Sophos Plc) -- C:\WINDOWS\system32\SAVRKBootTasks.sys -- (SAVRKBootTasks)
DRV - [2009/04/03 13:51:32 | 00,179,984 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2008/12/07 11:24:23 | 00,018,304 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/12/07 11:23:48 | 00,019,712 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2008/11/26 14:19:56 | 00,053,192 | ---- | M] (Radialpoint Inc.) -- C:\WINDOWS\system32\drivers\rp_skt32.sys -- (RPSKT) Security Services Driver (x86)
DRV - [2008/11/14 17:28:36 | 00,161,304 | R--- | M] (Sana Security, Inc. ) -- C:\Program Files\Bell\Bell Internet Security Services\SafeConnect\Driver\platform_XP\SafeConnectDriver.sys -- (RadialpointSafeConnectDriver)
DRV - [2008/11/14 17:28:36 | 00,029,720 | R--- | M] (Sana Security, Inc. ) -- C:\Program Files\Bell\Bell Internet Security Services\SafeConnect\Driver\platform_XP\SafeConnectFilter.sys -- (RadialpointSafeConnectFilter)
DRV - [2008/11/14 17:28:36 | 00,027,376 | ---- | M] (Sana Security, Inc. ) -- C:\Program Files\Bell\Bell Internet Security Services\SafeConnect\Driver\platform_XP\SafeConnectShim.sys -- (RadialpointSafeConnectShim)
DRV - [2008/08/28 12:16:40 | 00,071,184 | ---- | M] (Raxco Software, Inc.) -- C:\WINDOWS\system32\drivers\DefragFS.sys -- (DefragFS)
DRV - [2008/08/06 20:20:08 | 00,048,384 | ---- | M] (Radialpoint, Inc.) -- C:\WINDOWS\system32\drivers\rp_pkt32.sys -- (RPPKT) Radialpoint Filter (x86)
DRV - [2008/05/19 13:30:46 | 00,036,624 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2007/11/17 14:46:38 | 00,068,954 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\drivers\jl2005c.sys -- (JL2005C)
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2006/10/22 11:22:00 | 03,994,624 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006/03/10 15:55:18 | 00,039,424 | ---- | M] (National Instruments Corporation) -- C:\WINDOWS\system32\drivers\fantom.sys -- (FANTOM)
DRV - [2004/11/22 18:36:39 | 00,018,003 | ---- | M] (Motive, Inc.) -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2004/10/07 20:16:04 | 00,035,840 | ---- | M] (Oak Technology Inc.) -- C:\WINDOWS\system32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/04 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/06/02 18:47:58 | 00,768,512 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\smrt.sys -- (smrt)
DRV - [2004/04/14 10:08:00 | 00,044,064 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2004/04/14 10:08:00 | 00,021,280 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2004/04/14 10:08:00 | 00,010,144 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2004/04/14 10:08:00 | 00,005,600 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2004/03/05 16:09:02 | 00,003,904 | ---- | M] () -- C:\Program Files\CheckIt\Diagnostics\MAPMEM.SYS -- (MAPMEM)
DRV - [2004/03/05 16:09:00 | 00,003,744 | ---- | M] () -- C:\Program Files\CheckIt\Diagnostics\BCMNTIO.SYS -- (BCMNTIO)
DRV - [2004/01/26 10:36:35 | 00,095,552 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004/01/26 10:01:28 | 00,052,224 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2003/12/01 10:20:52 | 00,004,832 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfhlp01.sys -- (sfhlp01)
DRV - [2003/10/01 17:48:24 | 00,594,048 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm)
DRV - [2003/09/17 14:44:42 | 00,145,408 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel®
DRV - [2003/09/06 07:22:08 | 00,006,944 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\prosync1.sys -- (prosync1)
DRV - [2003/07/31 13:45:52 | 00,112,000 | R--- | M] (Prolific Technology Inc.) -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2003/05/23 13:44:00 | 01,171,648 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2003/04/10 11:42:56 | 00,048,384 | ---- | M] (Saitek) -- C:\WINDOWS\system32\drivers\SaiNtHid.sys -- (SaiNtHid)
DRV - [2003/04/10 11:42:32 | 00,019,200 | ---- | M] (Saitek) -- C:\WINDOWS\system32\drivers\SaiNtSub.sys -- (SaiNtSub)
DRV - [2003/04/10 11:41:52 | 00,026,368 | ---- | M] (Saitek) -- C:\WINDOWS\system32\drivers\SaiNtBus.sys -- (SaiClass)
DRV - [2003/01/31 11:08:54 | 00,028,005 | ---- | M] (Efficient Networks, Inc.) -- C:\WINDOWS\system32\drivers\enethusb.sys -- (ENETHUSB)
DRV - [2002/04/01 17:15:00 | 00,004,816 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio)
DRV - [2000/12/05 18:18:02 | 00,003,952 | R--- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/

IE - HKU\S-1-5-21-108043559-830873663-195626935-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-108043559-830873663-195626935-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-108043559-830873663-195626935-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sympatico.ca/
IE - HKU\S-1-5-21-108043559-830873663-195626935-1006\S-1-5-21-108043559-830873663-195626935-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-108043559-830873663-195626935-1006\S-1-5-21-108043559-830873663-195626935-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
IE - HKU\S-1-5-21-108043559-830873663-195626935-1006\S-1-5-21-108043559-830873663-195626935-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:81

========== FireFox ==========



[2009/10/09 23:50:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\ozhh385e.default\extensions
[2008/02/04 20:09:57 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/02/03 16:35:38 | 00,120,296 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npganymedenet.dll

O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (dsWebAllowBHO Class) - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll (Microsoft Corporation)
O2 - BHO: (PopKill Class) - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Bell\Bell Internet Security Services\pkR.dll (Bell)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (Search Assistant) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll (MTWB)
O2 - BHO: (Fast Browser Search Toolbar Helper) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll ()
O3 - HKLM\..\Toolbar: (Fast Browser Search Toolbar) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-108043559-830873663-195626935-1006\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-108043559-830873663-195626935-1006\..\Toolbar\ShellBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-108043559-830873663-195626935-1006\..\Toolbar\WebBrowser: (Fast Browser Search Toolbar) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll ()
O3 - HKU\S-1-5-21-108043559-830873663-195626935-1006\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-108043559-830873663-195626935-1006\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [BellCanada_McciTrayApp] C:\Program Files\BellCanada\McciTrayApp.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [FBSearch] C:\Program Files\Search Guard Plus\SearchGuardPlus.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SGPUpdater] C:\Program Files\Search Guard PlusU\sgpUpdaters.exe ()
O4 - HKLM..\Run: [SSA.exe] C:\Program Files\Bell\Internet Service Advisor\SSA.exe (Bell)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VAIO Recovery] C:\WINDOWS\SONYSYS\VAIO Recovery\PartSeal.exe (Sony Electronics Inc)
O4 - HKLM..\Run: [VAIO Update 2] C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe (Sony Corporation)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-108043559-830873663-195626935-1006..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\Adam\Start Menu\Programs\Startup\wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe (Microsoft® Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 55924053
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-108043559-830873663-195626935-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-108043559-830873663-195626935-1006_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra Button: CachePal - {5F4A4622-8370-440e-88CC-CA2256D1A08A} - C:\WINDOWS\system32\cachepal.exe ()
O9 - Extra 'Tools' menuitem : CachePal - {5F4A4622-8370-440e-88CC-CA2256D1A08A} - C:\WINDOWS\system32\cachepal.exe ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Reg Error: Key error.)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/download/ipixx.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Reg Error: Key error.)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab (Reg Error: Key error.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {AC120B1D-9411-4111-AF52-118052D85D45} http://cached.gamedesire.com/g_bin/eng/darts_2_0_0_42.cab (Reg Error: Key error.)
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} http://zone.msn.com/bingame/burg/default/G...esPlayer_v6.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/16 12:46:38 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/08/29 15:14:41 | 00,042,812 | R--- | M] () - D:\AUTOINST.TGA -- [ CDFS ]
O32 - AutoRun File - [2006/08/29 15:14:41 | 00,000,864 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2006/08/29 15:14:41 | 00,008,732 | R--- | M] () - D:\autoexit.tga -- [ CDFS ]
O32 - AutoRun File - [2006/08/29 15:14:41 | 00,135,812 | R--- | M] () - D:\automenu.tga -- [ CDFS ]
O32 - AutoRun File - [2006/08/29 15:14:41 | 00,025,772 | R--- | M] () - D:\autoplay.tga -- [ CDFS ]
O32 - AutoRun File - [2006/08/29 15:14:41 | 00,417,792 | R--- | M] () - D:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [1998/05/18 11:43:00 | 00,000,059 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (PDBoot.exe) - C:\WINDOWS\System32\PDBoot.exe (Raxco Software, Inc.)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2009/12/02 17:46:09 | 00,535,552 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Andrew\Desktop\OTL.exe
[2009/11/29 22:26:57 | 00,018,816 | ---- | C] (Sophos Plc) -- C:\WINDOWS\System32\SAVRKBootTasks.sys
[2009/11/29 20:08:37 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Andrew\Recent
[2009/11/29 17:26:06 | 00,000,000 | ---D | C] -- C:\Program Files\Sophos
[2009/11/23 18:52:42 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/11/23 18:52:39 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/23 18:52:37 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/22 18:41:34 | 00,000,000 | ---D | C] -- C:\Program Files\IKEA HomePlanner
[2009/11/19 00:57:44 | 00,000,000 | ---D | C] -- C:\Program Files\AntiMalware
[2009/11/14 16:15:37 | 00,000,000 | ---D | C] -- C:\Program Files\PopCap Games
[2009/11/13 20:16:27 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/11/13 20:16:27 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/11/13 20:16:27 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/11/10 22:44:10 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Andrew\Desktop\RootRepeal.exe
[2009/11/09 20:25:35 | 00,000,000 | ---D | C] -- C:\Program Files\Sega
[2009/11/09 20:06:16 | 00,000,000 | ---D | C] -- C:\CFSCAN18491C
[2009/11/09 20:04:49 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2009/11/09 19:42:22 | 00,000,000 | --SD | C] -- C:\CFscan422C
[2009/11/09 19:41:13 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF23187.exe
[2009/11/08 00:34:34 | 00,000,000 | --SD | C] -- C:\CFscan13199C
[2008/05/11 16:24:20 | 00,062,910 | ---- | C] ($PROGRAMNAME) -- C:\Program Files\Uninstall.exe
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/12/02 18:09:00 | 00,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B52D1DD8-DACC-42F8-81E4-ACC530C2BE58}.job
[2009/12/02 18:00:20 | 23,066,656 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/12/02 17:46:11 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrew\Desktop\OTL.exe
[2009/12/02 17:41:00 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/12/02 17:31:26 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/02 17:29:44 | 00,086,782 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/12/02 17:29:13 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/12/02 17:28:43 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/02 17:28:28 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/02 17:28:24 | 53,626,8800 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/01 23:23:15 | 00,403,232 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009/12/01 23:23:15 | 00,037,460 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2009/12/01 23:23:13 | 00,309,740 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/11/30 22:11:51 | 06,029,312 | -H-- | M] () -- C:\Documents and Settings\Andrew\NTUSER.DAT
[2009/11/30 22:11:51 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Andrew\ntuser.ini
[2009/11/30 22:09:28 | 00,005,826 | ---- | M] () -- C:\Documents and Settings\Andrew\Application Data\wklnhst.dat
[2009/11/30 22:09:23 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\Andrew\Desktop\WW2 Summary.wps
[2009/11/30 20:29:11 | 00,079,987 | ---- | M] () -- C:\Documents and Settings\Andrew\My Documents\MYI Invitation 2010 Final.pdf
[2009/11/29 20:08:06 | 00,146,244 | ---- | M] () -- C:\Documents and Settings\Andrew\My Documents\cc_20091129_200727.reg
[2009/11/29 17:24:47 | 01,339,288 | ---- | M] () -- C:\Documents and Settings\Andrew\Desktop\sar_15_sfx.exe
[2009/11/29 03:02:35 | 00,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2009/11/23 18:52:46 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/22 18:42:25 | 00,001,882 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\IKEA Home Planner.lnk
[2009/11/20 16:46:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/11/14 17:16:28 | 00,000,026 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2009/11/14 16:15:56 | 00,000,194 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play More Great Games!.url
[2009/11/14 16:15:55 | 00,001,030 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Bonnie's Bookstore Deluxe.lnk
[2009/11/14 16:15:37 | 00,000,000 | ---- | M] () -- C:\WINDOWS\popcreg.dat
[2009/11/12 17:16:03 | 01,086,088 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/10 22:44:16 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Andrew\Desktop\RootRepeal.exe
[2009/11/10 17:52:28 | 00,575,847 | ---- | M] () -- C:\Documents and Settings\Andrew\My Documents\Ministry Training Travel Claim Form.pdf
[2009/11/10 17:17:10 | 00,063,168 | ---- | M] () -- C:\Documents and Settings\Andrew\My Documents\Donna Brett.pdf
[2009/11/09 19:41:03 | 00,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF23187.exe
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/30 22:09:22 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\Andrew\Desktop\WW2 Summary.wps
[2009/11/30 20:29:09 | 00,079,987 | ---- | C] () -- C:\Documents and Settings\Andrew\My Documents\MYI Invitation 2010 Final.pdf
[2009/11/29 20:07:30 | 00,146,244 | ---- | C] () -- C:\Documents and Settings\Andrew\My Documents\cc_20091129_200727.reg
[2009/11/29 17:24:44 | 01,339,288 | ---- | C] () -- C:\Documents and Settings\Andrew\Desktop\sar_15_sfx.exe
[2009/11/29 03:02:35 | 00,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2009/11/23 18:52:46 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/22 18:42:25 | 00,001,882 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\IKEA Home Planner.lnk
[2009/11/14 16:15:56 | 00,000,194 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play More Great Games!.url
[2009/11/14 16:15:55 | 00,001,030 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Bonnie's Bookstore Deluxe.lnk
[2009/11/14 16:15:37 | 00,000,026 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2009/11/14 16:15:37 | 00,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2009/11/10 17:52:24 | 00,575,847 | ---- | C] () -- C:\Documents and Settings\Andrew\My Documents\Ministry Training Travel Claim Form.pdf
[2009/11/10 17:17:06 | 00,063,168 | ---- | C] () -- C:\Documents and Settings\Andrew\My Documents\Donna Brett.pdf
[2009/03/22 20:22:57 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PTWebCam.INI
[2008/10/14 15:09:12 | 00,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen_x86.sys
[2008/05/11 16:24:21 | 00,000,000 | ---- | C] () -- C:\Program Files\uninstall.dat
[2008/03/26 21:38:09 | 00,000,111 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/07/22 17:39:26 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007/07/22 17:39:26 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007/07/22 17:39:26 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007/07/22 17:39:26 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007/07/22 17:39:26 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007/07/22 17:39:26 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007/07/22 17:39:26 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007/07/22 17:39:26 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007/07/22 17:39:26 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007/06/25 20:34:26 | 00,070,400 | ---- | C] () -- C:\WINDOWS\System32\PhysXLoader.dll
[2007/03/21 16:22:37 | 00,000,256 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2006/11/13 20:39:02 | 00,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2006/11/11 18:36:19 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI
[2006/10/22 11:22:00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/22 11:22:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/22 11:22:00 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/22 11:22:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/22 11:22:00 | 00,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/08/02 21:33:24 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/08/02 11:15:08 | 00,000,124 | ---- | C] () -- C:\WINDOWS\POOHRTR.INI
[2006/08/02 11:15:08 | 00,000,124 | ---- | C] () -- C:\WINDOWS\POOHRFM.INI
[2006/06/23 22:31:20 | 00,000,022 | ---- | C] () -- C:\WINDOWS\iexplore.ini
[2006/05/14 18:41:02 | 00,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2006/04/30 19:56:16 | 00,000,037 | ---- | C] () -- C:\WINDOWS\Viewer.ini
[2006/03/19 16:30:51 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2005/12/30 20:42:16 | 00,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7K.DLL
[2005/10/24 15:47:51 | 00,000,539 | ---- | C] () -- C:\WINDOWS\Sin_Setup.INI
[2005/09/18 18:16:49 | 00,000,078 | ---- | C] () -- C:\WINDOWS\TONKA.INI
[2005/09/14 18:31:15 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2005/08/12 19:16:20 | 00,122,368 | ---- | C] () -- C:\Documents and Settings\Andrew\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/08/04 18:03:00 | 00,000,674 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2005/08/04 17:45:29 | 00,046,592 | ---- | C] () -- C:\WINDOWS\System32\shellses.dll
[2005/06/19 21:05:14 | 00,000,443 | ---- | C] () -- C:\WINDOWS\Db12.INI
[2005/05/28 20:45:43 | 00,647,168 | ---- | C] () -- C:\WINDOWS\System32\pqdvdb.dll
[2005/05/17 17:34:51 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2005/05/17 17:34:50 | 00,000,058 | ---- | C] () -- C:\WINDOWS\timeline.ini
[2005/05/17 17:34:49 | 00,000,652 | ---- | C] () -- C:\WINDOWS\wencyc02.ini
[2005/04/23 11:57:13 | 00,000,306 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2005/03/10 19:13:04 | 00,005,826 | ---- | C] () -- C:\Documents and Settings\Andrew\Application Data\wklnhst.dat
[2005/03/04 06:28:31 | 00,000,181 | ---- | C] () -- C:\WINDOWS\civ.ini
[2005/02/17 17:02:05 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2005/02/15 18:34:20 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2005/02/15 18:34:20 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2005/02/13 17:05:57 | 00,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2005/02/07 21:47:35 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\SaiCfg.dll
[2005/01/31 19:35:12 | 00,000,041 | ---- | C] () -- C:\WINDOWS\MSREGUSR.INI
[2005/01/25 19:37:24 | 00,000,076 | ---- | C] () -- C:\WINDOWS\ariel_ss.ini
[2005/01/25 19:36:24 | 00,000,541 | ---- | C] () -- C:\WINDOWS\disney.ini
[2005/01/25 16:29:55 | 00,000,129 | ---- | C] () -- C:\Documents and Settings\Andrew\Local Settings\Application Data\fusioncache.dat
[2005/01/25 15:37:55 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/01/25 15:26:20 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2005/01/25 15:23:08 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/01/25 15:23:08 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/01/25 15:23:08 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/01/25 15:23:08 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/01/25 15:23:08 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/01/25 15:23:08 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2004/08/16 13:55:58 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/16 13:05:52 | 00,000,808 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/16 12:33:12 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2004/08/16 12:33:10 | 01,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2004/08/16 12:33:01 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2004/08/16 12:32:59 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\cbldrm.dll
[2004/08/16 12:32:58 | 00,000,724 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/06/24 13:28:12 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2002/10/06 13:42:57 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002/10/04 18:04:25 | 00,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2002/10/04 18:04:24 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/10/04 18:04:17 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2002/06/12 13:21:12 | 00,049,152 | R--- | C] () -- C:\WINDOWS\System32\winchip.dll
[2001/10/24 18:00:40 | 00,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[1997/06/13 21:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== Files - Unicode (All) ==========
[2009/08/14 10:19:58 | 00,000,040 | ---- | M] ()(C:\WINDOWS\System32\?????????????????4????????????????????????g) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥䉜汥屬敂汬䤠瑮牥敮⁴敓畣楲祴匠牥楶散屳慓敦潃湮捥屴潃普杩塜楖睥挮湯楦g
[2009/08/14 10:19:58 | 00,000,040 | ---- | C] ()(C:\WINDOWS\System32\?????????????????4????????????????????????g) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥䉜汥屬敂汬䤠瑮牥敮⁴敓畣楲祴匠牥楶散屳慓敦潃湮捥屴潃普杩塜楖睥挮湯楦g
[2009/06/11 21:24:25 | 00,000,000 | ---- | M] ()(C:\WINDOWS\System32\(m?) -- C:\WINDOWS\System32\(mˆ
[2009/06/11 21:24:25 | 00,000,000 | ---- | C] ()(C:\WINDOWS\System32\(m?) -- C:\WINDOWS\System32\(mˆ
[2009/04/06 19:06:13 | 00,000,089 | ---- | M] ()(C:\WINDOWS\System32\¨??) -- C:\WINDOWS\System32\¨‹’
[2009/04/06 19:06:13 | 00,000,089 | ---- | C] ()(C:\WINDOWS\System32\¨??) -- C:\WINDOWS\System32\¨‹’

========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A9364E30
< End of report >


and I got this one as well called extras

OTL Extras logfile created on: 12/2/2009 6:08:10 PM - Run 1
OTL by OldTimer - Version 3.1.11.4 Folder = C:\Documents and Settings\Andrew\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.36 Mb Total Physical Memory | 208.37 Mb Available Physical Memory | 40.75% Memory free
1.22 Gb Paging File | 0.71 Gb Available in Paging File | 57.97% Paging File free
Paging file location(s): C:\pagefile.sys 768 3500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 180.30 Gb Total Space | 110.34 Gb Free Space | 61.19% Space Free | Partition Type: NTFS
Drive D: | 654.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 480.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TANGERINE
Current User Name: Andrew
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SYSTEMROOT%\hh.exe" %1
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-108043559-830873663-195626935-1006\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = comfile] -- Reg Error: Key error. File not found
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = htmlfile] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe"

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Sony\vaio media 3.1\Vc.exe" = C:\Program Files\Sony\vaio media 3.1\Vc.exe:*:Disabled:[VAIO Media] VAIO Media -- (Sony Corporation)
"C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe" = C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:*:Enabled:Age of Empires III - The WarChiefs -- (Ensemble Studios)
"C:\Program Files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe" = C:\Program Files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe:*:Enabled:Star Wars™: Empire at War™ -- (Lucasfilm Entertainment Company, Ltd.)
"C:\Program Files\LucasArts\Star Wars Empire at War Forces of Corruption\swfoc.exe" = C:\Program Files\LucasArts\Star Wars Empire at War Forces of Corruption\swfoc.exe:*:Enabled:Star Wars™: Empire at War™: Forces of Corruption™ -- (Lucasfilm Entertainment Company, Ltd.)
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- File not found
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{01AF4645-78E6-46C4-B528-54863679CC40}" = VAIO SLIT-C Screen Saver
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{03C2C501-E11D-494D-8271-AD5DF7E5FAF2}" = RPS ParentalControl
"{04B05AB1-CFA9-4D1A-94FA-34C3AB26AF7C}" = RPS Firewall
"{0556F885-2415-4666-B53E-33727E46AEA1}" = The Movies™
"{0A146245-DB79-4197-BF5D-FE1A699A2CC7}" = Camera Window DS
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2600_series" = Canon iP2600 series
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{1EB317D8-8945-4FD6-B37F-DF470317C6AB}" = VAIO Media 3.1
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2631C4A0-167B-4332-A46A-8EEEE1D0AD07}" = Bell Internet Security Services
"{266AEE68-5718-4A31-BDD3-D356B1250C70}" = VAIO SLIT Pattern Wallpaper
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 17
"{27337663-2619-11D4-99DC-0000F49094C7}" = Memory Stick Formatter
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2B6EC03E-6FA0-4D7C-9CCE-1B03819AB613}" = PerfectDisk 2008
"{2CC982C0-7EAE-11D4-ACC3-0050568AD318}" = Avery DesignPro
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3297AEE5-D69F-43F5-B133-F0E7DF952AD8}" = RPS RpsCore
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1A8C8-6646-4101-B0AA-42D1EB2AB3AE}" = Windows Live Outlook Toolbar (Windows Live Toolbar)
"{3727B920-F5A3-46A4-AC02-94F421A039C7}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{43DCF766-6838-4F9A-8C91-D92DA586DFA8}" = Microsoft Windows Journal Viewer
"{47CCE7BB-2001-461C-A6E0-2237E6A5369D}" = RPS Diagnostic Utility
"{47FBF7F9-FBD3-43EF-823B-7684D56C1962}" = Tabbed Browsing (Windows Live Toolbar)
"{48820099-ED7D-424B-890C-9A82EF00656C}" = VAIO Update 2
"{4A425F14-0561-11D4-9027-0060089CDAE1}" = FileMaker Pro 5.5
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4DBBF091-FACD-422C-B43C-786335BD5398}" = MovieEdit Task
"{50E25180-3BDC-4B6D-80A2-3F1F0C9CF39D}" = Camera Window DVC
"{51C48D1F-9BBF-450A-BBCE-1D775AB94B15}" = FileMaker Pro 9
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{548B3DC6-2300-47E1-BA7B-74AD25F8DEBF}" = Form Fill (Windows Live Toolbar)
"{54BD000B-A0BE-46C4-993C-ACEF21216E8A}" = Microsoft Visual Basic 2005 Step by Step
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{577AD794-8B34-40B4-9E7A-BE4CFFE396E6}" = Microsoft Visual Basic 2005 Express Edition - ENU
"{5F457DDF-B768-434C-8802-9BB3B383B1E8}" = MasterCook 7
"{6592FDEC-2C1A-413A-9985-25FEC2F0848D}" = Star Wars Empire at War Forces of Corruption
"{66A7A386-6F35-41A7-A731-101F0C0153C8}" = Popup Blocker (Windows Live Toolbar)
"{68108E66-D13A-4EE8-A6F4-40E4B90C2A26}" = Windows Live Toolbar Feed Detector (Windows Live Toolbar)
"{685BCC47-B8EC-45EC-BBCE-77DF2451502C}" = DVgate Plus
"{6990A2BF-D1D2-11D3-81BC-00609789C908}" = Sony Video Shared Library
"{6C21224F-75E4-47EF-A97F-FCB5E305B526}" = E320/E322 Setup Utility
"{6C3A75A6-9A90-44A3-A703-82AC1EA6A85D}" = Camera Window MC
"{6D7D3A9A-4972-4DDE-B4EF-08B2D44D939D}" = OneCare Advisor (Windows Live Toolbar)
"{6F1974D6-4249-43B6-88B0-9A9B8A33956C}" = OpenMG Secure Module 4.0.00
"{7128C69B-8F7E-4336-8698-3FD3CDD955EC}" = VAIO Media Redistribution 3.1
"{7148F0A8-6813-11D6-A77B-00B0D0142050}" = Java 2 Runtime Environment, SE v1.4.2_05
"{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}" = SonicStage 2.1.00
"{7614EAF1-4954-4D60-A921-E6429781EDA9}" = RPS SafeConnect
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{7A79D11B-FD82-4A5E-834F-20173515DD14}" = VAIO Media Integrated Server 3.1
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{7C2F71B2-6C73-11D6-B659-00C04F790F76}" = Click to DVD 2.1.10
"{7CDC26F7-D6BF-442A-B599-0075A48310F7}" = SA32xx Device Manager
"{7F34A21F-2DEB-4598-BB19-611D6BD24271}" = Managed DirectX (0901)
"{7FF0415A-C82A-4715-B31F-6DBB8D28C1CA}" = Windows Live Toolbar
"{8451C4FD-B0AB-4F50-A756-3DED380116B7}" = RPS Burn
"{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}" = PhotoStitch
"{88DA0A52-3372-4803-971A-ADFB961707E8}" = PictureGear Studio 2.0
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8D64E2C1-6A75-4F25-9B31-665AE7A46E40}" = The Apprentice
"{8DD01BB5-720A-4161-9A59-8450597FA9AC}" = MSN Money Toolbar Add-in
"{901F8ED7-13E8-43EF-B738-2FE89B0588EB}" = Camera Access Library
"{9074AFC0-CFDA-11DE-B484-005056806466}" = Google Earth
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD 5 for VAIO
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{968F8A8B-7875-4E9F-A250-4DC8504BEDC3}" = Word Search Factory Lite 3
"{9757283E-3FCA-4F3D-9257-928859318E55}" = Microsoft Windows Theme Ontario
"{98A3A654-3AEF-42D9-BA91-DE5815EA5897}" = Click to DVD 2.0 Menu Data
"{992D7983-AD02-480D-AC10-C9D0691F11FD}" = Aura Fate of the Ages
"{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War
"{A1D0D14A-B776-4907-BC00-5149F2298086}" = Camera Support Core Library
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}" = Camera Window DVC
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{A7DEBAA4-B211-4D1A-A6B3-E52BFAAA1D0C}" = Garmin Communicator Plugin
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B3276CB1-20B6-4AF9-AAEC-E72C83816495}" = IKEA Home Planner
"{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}" = RAW Image Task 2.2
"{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}" = Canon PhotoRecord
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C06A7DAC-1708-417C-B694-28C84DFE2DF9}" = The Movies™ Stunts & Effects
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon ZoomBrowser EX (E)
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD7D5804-C157-48A6-AEE0-4A40A4B5C054}" = VAIO System Information
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0448678-1203-4158-A58F-B3D0B616BF9E}" = Sony Certificate PCH
"{D22D11A0-DF6A-4DE9-B6E2-62A8C5ECCDDE}" = RPS CRT
"{D917FD82-6CE5-489A-AAF8-C701AAC85C4D}" = VAIO Entertainment Platform
"{D98010D3-20E4-40E0-A25E-98AB7722C20F}" = RPS Ksdk
"{D9DA2DF6-8CB6-4E3C-A29E-FAECFBA3E9A7}" = Garmin POI Loader
"{E34351A4-4B10-4DFF-96BC-84C642D9C625}" = The Print Shop 22
"{E68B38DE-D7DD-4FB3-A453-3F03A947EA8E}" = VAIO Help and Support
"{E91A546E-31C7-45D5-B48D-4F0E4AFEB0F1}" = RPS PopupBlocker
"{EBB11C78-68A6-42D7-84FC-517F9DBF9D55}" = GameShadow
"{EFC1B35C-FFF2-41D8-A70A-CE6037F8040B}" = AGEIA PhysX v7.07.24
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{FA11D5B5-7D0A-43E8-88C4-960F97B194DE}" = VAIO Survey Standalone
"{FDAEA4AD-9775-4229-BE5B-5C1E5EFA2506}" = RPS PerfectDiskStub
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"ActiveXControlPad" = Microsoft ActiveX Control Pad
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"Beach Tranquility Screen Saver" = Beach Tranquility Screen Saver
"Bonnie's Bookstore Deluxe 1.01" = Bonnie's Bookstore Deluxe 1.01
"CachePal" = CachePal Uninstall
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner (remove only)
"CEL SoundTrack" = CEL-SoundTrack - dB12
"CharlottesWeb" = CharlottesWeb (remove only)
"CheckIt Diagnostics" = CheckIt Diagnostics
"CONNECT" = Connect renamed
"Crossword Weaver 8.0" = Crossword Weaver 8.0
"DeleteProdRunControl_US" = IBM ViaVoice Command and Control Runtime 5.3
"Dual Mode Camera_is1" = Uninstall Dual Mode Camera
"DVD Shrink_is1" = DVD Shrink 3.2
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint" = Easy-WebPrint
"EfntSSDSL" = Efficient Networks SpeedStream DSL
"High-Speed Internet Options" = High-Speed Internet Options
"ie8" = Windows Internet Explorer 8
"InstallShield_{0556F885-2415-4666-B53E-33727E46AEA1}" = The Movies™ Stunts & Effects
"InstallShield_{0A146245-DB79-4197-BF5D-FE1A699A2CC7}" = Canon Camera Window DSLR 5 for ZoomBrowser EX
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
"InstallShield_{4DBBF091-FACD-422C-B43C-786335BD5398}" = Canon MovieEdit Task for ZoomBrowser EX
"InstallShield_{50E25180-3BDC-4B6D-80A2-3F1F0C9CF39D}" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"InstallShield_{5F457DDF-B768-434C-8802-9BB3B383B1E8}" = MasterCook 7
"InstallShield_{6C3A75A6-9A90-44A3-A703-82AC1EA6A85D}" = Canon Camera Window MC 6 for ZoomBrowser EX
"InstallShield_{6F1974D6-4249-43B6-88B0-9A9B8A33956C}" = OpenMG Secure Module 4.0.00
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"InstallShield_{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{901F8ED7-13E8-43EF-B738-2FE89B0588EB}" = Canon Camera Access Library
"InstallShield_{A1D0D14A-B776-4907-BC00-5149F2298086}" = Canon Camera Support Core Library
"InstallShield_{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"InstallShield_{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{E68B38DE-D7DD-4FB3-A453-3F03A947EA8E}" = VAIO Help and Support
"InstallShield_{FA11D5B5-7D0A-43E8-88C4-960F97B194DE}" = VAIO Survey Standalone
"Internet Check-Up" = Internet Check-Up
"M4P MP3 Converter_is1" = M4P MP3 Converter 1.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"manutd_fanzone_oldtrafford" = manutd_fanzone_oldtrafford Screen Saver
"manutd_fanzone_players" = manutd_fanzone_players Screen Saver
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Basic 2005 Express Edition - ENU" = Microsoft Visual Basic 2005 Express Edition - ENU
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"OggDS" = Direct Show Ogg Vorbis Filter (remove only)
"OpenMG HotFix4.0-04-06-21-01" = OpenMG Limited Patch 4.0-04-07-14-01
"PhoTagsExpress" = PhoTags Express
"PrintMaster Gold 4.00" = PrintMaster Gold 4.00
"Product_Name" = eTeacher3
"PROSet" = Intel® PRO Network Adapters and Drivers
"PSPVideoExpress" = PSP Video Express(remove only)
"QuickTime32" = QuickTime for Windows (32-bit)
"RadialpointClientGateway_is1" = Bell Internet Service Advisor 2.1.7
"RealPlayer 6.0" = RealPlayer
"Risk" = Risk (remove only)
"Search Guard Plus" = Search Guard Plus (Get Rated)
"Search Guard Plus Updater" = Search Guard Plus Updater (Get Rated)
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0
"TBSB07183.TBSB07183Toolbar" = Fast Browser Search (Get Rated)
"Vault" = Personal Vault Manager
"ViewpointMediaPlayer" = Viewpoint Media Player (Remove Only)
"vixy converter BETA_is1" = vixy converter uninstall
"WebPost" = Microsoft Web Publishing Wizard 1.52
"Webster's World Encyclopedia 2002" = Webster's World Encyclopedia 2002
"Welcome to VAIO life" = Welcome to VAIO life
"WGA" = Windows Genuine Advantage Validation Tool
"WIC" = Windows Imaging Component
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"Zoo Tycoon 1.0" = Microsoft Zoo Tycoon

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/1/2009 7:57:50 PM | Computer Name = TANGERINE | Source = Google Update | ID = 20
Description =

Error - 12/1/2009 8:57:47 PM | Computer Name = TANGERINE | Source = Google Update | ID = 20
Description =

Error - 12/1/2009 9:01:39 PM | Computer Name = TANGERINE | Source = MsiInstaller | ID = 11706
Description = Product: The Print Shop 22 -- Error 1706. Installation has been canceled.
You may run this installation at a later time.

Error - 12/1/2009 9:57:48 PM | Computer Name = TANGERINE | Source = Google Update | ID = 20
Description =

Error - 12/1/2009 10:57:48 PM | Computer Name = TANGERINE | Source = Google Update | ID = 20
Description =

Error - 12/1/2009 11:57:49 PM | Computer Name = TANGERINE | Source = Google Update | ID = 20
Description =

Error - 12/2/2009 6:29:11 PM | Computer Name = TANGERINE | Source = Google Update | ID = 20
Description =

Error - 12/2/2009 6:29:34 PM | Computer Name = TANGERINE | Source = Integrated Server | ID = 9001
Description =

Error - 12/2/2009 6:37:39 PM | Computer Name = TANGERINE | Source = Google Update | ID = 20
Description =

Error - 12/2/2009 6:48:21 PM | Computer Name = TANGERINE | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.1.11.4, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 12/1/2009 6:46:34 PM | Computer Name = TANGERINE | Source = Service Control Manager | ID = 7023
Description = The VAIO Media Integrated Server (HTTP) service terminated with the
following error: %%10049

Error - 12/1/2009 6:46:34 PM | Computer Name = TANGERINE | Source = Service Control Manager | ID = 7001
Description = The VAIO Media Integrated Server (UPnP) service depends on the VAIO
Media Integrated Server (HTTP) service which failed to start because of the following
error: %%10049

Error - 12/1/2009 6:46:34 PM | Computer Name = TANGERINE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
StarOpen

Error - 12/1/2009 6:46:34 PM | Computer Name = TANGERINE | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 12/2/2009 6:29:06 PM | Computer Name = TANGERINE | Source = Print | ID = 23
Description = Printer Lexmark E321 (Copy 1),2 failed to initialize because a suitable
Lexmark E321 driver could not be found.

Error - 12/2/2009 6:29:06 PM | Computer Name = TANGERINE | Source = Print | ID = 23
Description = Printer Lexmark E321,0 failed to initialize because a suitable Lexmark
E321 driver could not be found.

Error - 12/2/2009 6:30:07 PM | Computer Name = TANGERINE | Source = Service Control Manager | ID = 7023
Description = The Help and Support service terminated with the following error:
%%126

Error - 12/2/2009 6:30:07 PM | Computer Name = TANGERINE | Source = Service Control Manager | ID = 7023
Description = The VAIO Media Integrated Server (HTTP) service terminated with the
following error: %%10049

Error - 12/2/2009 6:30:07 PM | Computer Name = TANGERINE | Source = Service Control Manager | ID = 7001
Description = The VAIO Media Integrated Server (UPnP) service depends on the VAIO
Media Integrated Server (HTTP) service which failed to start because of the following
error: %%10049

Error - 12/2/2009 6:30:15 PM | Computer Name = TANGERINE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
StarOpen


< End of report >

#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:11 PM

Posted 02 December 2009 - 07:21 PM

Hi,

please run the following script to remove Fast Search:
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :otl
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Search Assistant) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll (MTWB)
    O2 - BHO: (Fast Browser Search Toolbar Helper) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll ()
    O3 - HKLM\..\Toolbar: (Fast Browser Search Toolbar) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll ()
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
    O3 - HKU\S-1-5-21-108043559-830873663-195626935-1006\..\Toolbar\WebBrowser: (Fast Browser Search Toolbar) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll ()
    O4 - HKLM..\Run: [FBSearch] C:\Program Files\Search Guard Plus\SearchGuardPlus.exe ()
    O4 - HKLM..\Run: [SGPUpdater] C:\Program Files\Search Guard PlusU\sgpUpdaters.exe ()
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Reg Error: Key error.)
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/download/ipixx.cab (Reg Error: Key error.)
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Reg Error: Key error.)
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab (Reg Error: Key error.)
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {AC120B1D-9411-4111-AF52-118052D85D45} http://cached.gamedesire.com/g_bin/eng/darts_2_0_0_42.cab (Reg Error: Key error.)
    O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} http://zone.msn.com/bingame/burg/default/G...esPlayer_v6.cab (Reg Error: Key error.)
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    [2009/11/19 00:57:44 | 00,000,000 | ---D | C] -- C:\Program Files\AntiMalware
    :files
    C:\Program Files\SGPSA
    C:\Program Files\Fast Browser Search
    C:\Program Files\Search Guard Plus
    C:\Program Files\Search Guard PlusU
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply.

    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
    If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
================================Follow up scan=================================
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTListIt.Txt a This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.
regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users