Need help - Trojan FakeSp-Gen virus

Here is the second log file, Extras.txt


OTL Extras logfile created on: 23/11/2009 1:26:51 PM - Run 1
OTL by OldTimer - Version 3.1.7.0 Folder = C:\Documents and Settings\Ryan\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

253.98 Mb Total Physical Memory | 72.93 Mb Available Physical Memory | 28.71% Memory free
624.93 Mb Paging File | 329.65 Mb Available in Paging File | 52.75% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.95 Gb Total Space | 22.82 Gb Free Space | 32.17% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 232.83 Gb Total Space | 75.03 Gb Free Space | 32.23% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded

Computer Name: HO-1
Current User Name: Ryan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SYSTEMROOT%\hh.exe" %1
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Generate MD5 Signatures] -- "C:\Program Files\Michael K. Weise\mkw Audio Compression Toolkit\mkwACT.exe" (Michael K. Weise)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe" = C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0 -- (SmartSoft Ltd.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{034759DA-E21A-4795-BFB3-C66D17FAD183}" = Sophos Anti-Virus
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel(R) PROSet for Wired Connections
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{22EC35BD-F8F2-45EB-8DCB-1C7FB65D0A71}" = QuickTax 2007
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32A3A4F4-B792-11D6-A78A-00B0D0160050}" = Java(TM) SE Development Kit 6 Update 5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{43FCA273-9534-40DB-B7C5-D7758875616A}" = Dell Support
"{45EBDA59-D33B-433A-956E-B2F236468B56}" = MUSICMATCH® Jukebox
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{53337CA9-E9A4-4C59-9D1C-D980EF9BF0C2}" = QuickTax 2004
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{56F6A91D-46D4-4919-ABE6-55BD17DEB039}" = Quick Movie Magic 1.0E
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}" = iTunes
"{625BD732-ACDF-4552-BF22-98EBB413B6F3}" = McAfee Shredder
"{6774F0CF-C7DD-4CB4-BCB2-11C3E08BBA03}" = McAfee Shredder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.1
"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{855CD919-9CA9-4CB6-8DF6-40D9F3B7F623}" = PrintingPress Baby
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{8AC049F7-1383-45C3-9E7D-F93CA667F9E1}" = UMVPLStandalone
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AA0D2D5F-612B-45D3-8759-DA87206E5CC9}" = QuickTax 2008
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0.5
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5A88439-79C5-4605-8B96-111141171033}" = Nero 7 Essentials
"{B8D0BC3E-67DF-48A3-ACC9-EEAA8DBFBF29}" = QuickTax 2005
"{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component
"{C169D3BB-9A27-43F5-9979-09A0D65FE95C}" = SmartFTP Client 2.0
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{D1014B9B-5704-4B27-B581-1C19B72528D1}" = Panasonic DVC USB Driver
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint Plus
"{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23
"{E07C71A6-1576-4F7F-8856-B1C439E669AC}" = MotionDV STUDIO 5.6E LE for DV
"{E3436EE2-D5CB-4249-840B-3A0140CC34C3}" = Classic PhoneTools
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{EC42ED6A-751D-45C0-A4F9-8CD00E4690FC}" = Logitech QuickCam
"{FAFDA89B-1031-4BDB-8619-DE20CBDEDF32}" = QuickTax 2006
"{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B}" = Banctec Service Agreement
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Any Video Converter_is1" = Any Video Converter 2.7.3
"AutoCAD 2000 Uninstall" = AutoCAD 2000
"Autodesk DWF Viewer" = Autodesk DWF Viewer
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Photo AIO Printer 922" = Dell Photo AIO Printer 922
"EasyGPS_is1" = EasyGPS
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"FileZilla Client" = FileZilla Client 3.0.4.1
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"InstallShield_{D1014B9B-5704-4B27-B581-1C19B72528D1}" = Panasonic DVC USB Driver
"InstallShield_{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23
"Juice" = Juice 2.2
"Kaspersky Online Scanner" = Kaspersky Online Scanner
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"mkwACT" = mkw Audio Compression Toolkit
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyPublisher" = MyPublisher
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"QcDrv" = Logitech® Camera Driver
"RealPlayer 6.0" = RealPlayer
"SmartFTP Client 2.0 Setup Files" = SmartFTP Client 2.0 Setup Files (remove only)
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"StreetPlugin" = Learn2 Player (Uninstall Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 0.9.2
"Wills and Estates For Dummies" = Wills and Estates For Dummies
"Wills Kit05-1" = Wills Kit
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 02/08/2009 8:17:52 PM | Computer Name = HO-1 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 02/08/2009 8:17:52 PM | Computer Name = HO-1 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 02/08/2009 8:17:52 PM | Computer Name = HO-1 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 02/08/2009 8:17:52 PM | Computer Name = HO-1 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 05/11/2009 11:25:39 PM | Computer Name = HO-1 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16791, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 05/11/2009 11:50:00 PM | Computer Name = HO-1 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16791, faulting
module unknown, version 0.0.0.0, fault address 0x61416ee0.

Error - 07/11/2009 8:03:40 AM | Computer Name = HO-1 | Source = Application Error | ID = 1000
Description = Faulting application acrord32.exe, version 7.0.5.172, faulting module
acrord32.dll, version 7.0.5.172, fault address 0x0006584e.

Error - 07/11/2009 8:04:01 AM | Computer Name = HO-1 | Source = Application Error | ID = 1000
Description = Faulting application acrord32.exe, version 7.0.5.172, faulting module
acrord32.dll, version 7.0.5.172, fault address 0x0006584e.

Error - 07/11/2009 8:06:07 AM | Computer Name = HO-1 | Source = Application Error | ID = 1000
Description = Faulting application acrord32.exe, version 7.0.5.172, faulting module
acrord32.dll, version 7.0.5.172, fault address 0x0006584e.

Error - 09/11/2009 10:05:41 PM | Computer Name = HO-1 | Source = Sophos Anti-Virus | ID = 196614
Description = Error getting IComponentManager interface from CInfrastructureModule::PostMessageLoop.

[ Application Events ]
Error - 02/08/2009 8:17:52 PM | Computer Name = HO-1 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 02/08/2009 8:17:52 PM | Computer Name = HO-1 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 02/08/2009 8:17:52 PM | Computer Name = HO-1 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 02/08/2009 8:17:52 PM | Computer Name = HO-1 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 05/11/2009 11:25:39 PM | Computer Name = HO-1 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16791, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 05/11/2009 11:50:00 PM | Computer Name = HO-1 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16791, faulting
module unknown, version 0.0.0.0, fault address 0x61416ee0.

Error - 07/11/2009 8:03:40 AM | Computer Name = HO-1 | Source = Application Error | ID = 1000
Description = Faulting application acrord32.exe, version 7.0.5.172, faulting module
acrord32.dll, version 7.0.5.172, fault address 0x0006584e.

Error - 07/11/2009 8:04:01 AM | Computer Name = HO-1 | Source = Application Error | ID = 1000
Description = Faulting application acrord32.exe, version 7.0.5.172, faulting module
acrord32.dll, version 7.0.5.172, fault address 0x0006584e.

Error - 07/11/2009 8:06:07 AM | Computer Name = HO-1 | Source = Application Error | ID = 1000
Description = Faulting application acrord32.exe, version 7.0.5.172, faulting module
acrord32.dll, version 7.0.5.172, fault address 0x0006584e.

Error - 09/11/2009 10:05:41 PM | Computer Name = HO-1 | Source = Sophos Anti-Virus | ID = 196614
Description = Error getting IComponentManager interface from CInfrastructureModule::PostMessageLoop.

[ System Events ]
Error - 19/11/2009 6:18:53 PM | Computer Name = HO-1 | Source = Service Control Manager | ID = 7034
Description = The Logitech Process Monitor service terminated unexpectedly. It
has done this 1 time(s).

Error - 19/11/2009 6:18:53 PM | Computer Name = HO-1 | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 19/11/2009 6:18:53 PM | Computer Name = HO-1 | Source = Service Control Manager | ID = 7034
Description = The Machine Debug Manager service terminated unexpectedly. It has
done this 1 time(s).

Error - 19/11/2009 6:18:53 PM | Computer Name = HO-1 | Source = Service Control Manager | ID = 7034
Description = The Sophos Anti-Virus status reporter service terminated unexpectedly.
It has done this 1 time(s).

Error - 19/11/2009 6:18:53 PM | Computer Name = HO-1 | Source = Service Control Manager | ID = 7034
Description = The Sophos AutoUpdate Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 19/11/2009 6:18:53 PM | Computer Name = HO-1 | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 19/11/2009 6:18:53 PM | Computer Name = HO-1 | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 19/11/2009 6:18:55 PM | Computer Name = HO-1 | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).

Error - 22/11/2009 8:30:33 PM | Computer Name = HO-1 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway
Service service to connect.

Error - 22/11/2009 8:30:33 PM | Computer Name = HO-1 | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due
to the following error: %%1053


< End of report >
 
Hi Ryan

1 - Download and run OTM

Download OTM by Old Timer and save it to your Desktop.
  • Double-click OTM.exe to run it.
  • Paste the following code under the
    pasteline.png
    area. Do not include the word Code.
    Code: 
    :Commands
[emptytemp]
  • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
  • Push the large
    btnmoveit.png
    button.
  • OTM may ask to reboot the machine. Please do so if asked.
  • Copy everything in the Results window (under the green bar), and paste it in your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

2 - Run Malwarebytes' Anti-Malware

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

When completed the above, please post back the following:

OTM Log.
Malwarebytes Anti-Malware Log.

Thanks peku006
 
Hi peku006

OTM and Malware scans ran successfully, and logs shown below. Malwarebytes found nothing, but while it was running my Sophos (I forgot to disable) popped up with a message saying file "A0000137.exe" belonged to FakeAV-BR. SHould I turn off Sophos and re-run the Malwarebytes scanner?

Thanks!

Ryan

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Anne
->Temp folder emptied: 878409 bytes
->Temporary Internet Files folder emptied: 17558878 bytes
->Java cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Owner

User: Ryan
->Temp folder emptied: 4438 bytes
->Temporary Internet Files folder emptied: 2383649 bytes
->Java cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 3236164 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 22.98 mb


OTM by OldTimer - Version 3.1.2.0 log created on 11232009_214716

Files moved on Reboot...

Registry entries deleted on Reboot...



Malwarebytes' Anti-Malware 1.41
Database version: 3221
Windows 5.1.2600 Service Pack 3

24/11/2009 6:02:29 AM
mbam-log-2009-11-24 (06-02-29).txt

Scan type: Full Scan (A:\|C:\|D:\|E:\|G:\|H:\|)
Objects scanned: 239014
Time elapsed: 1 hour(s), 47 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
Hi Ryan

SHould I turn off Sophos and re-run the Malwarebytes scanner?
Click to expand...
it is not necessary

Download OTS.exe here & save it to your Desktop.
Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS
  • Double click on OTS.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator)
  • In the Drivers section click on Non-Microsoft
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
  • Do not change any other settings
  • Now click the Run Scan button on the toolbar
  • Let it run unhindered until it finishes
  • When the scan is complete Notepad will open with the report file loaded in it
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it
Copy & paste the information in your next reply making sure that the first line is code with brackets around it [] and that the last line is /code with brackets around it [].
If, after posting, the last line is not <End of Report> then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.

Thanks peku006
 
Hi peku006

The version of OTS your message links to does not have the settings you mentioned in your response, and I did not want to guess at the settings...

Can you check the version / commands and advise?

Thanks!

Ryan
 
Hi Ryan

  • Download OTS by Oldtimer to your Desktop and double-click on it to extract the files.
    • NOTE: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Double-click on OTS.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • Click the Scan All Users checkbox on the toolbar.
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  • Close Notepad (saving the change if necessry).

peku006
 
Here is the log file from OTS, part 1 of 2

Ryan


Code: 
OTS logfile created on: 26/11/2009 8:01:06 PM - Run 1
OTS by OldTimer - Version 3.1.7.0     Folder = C:\Documents and Settings\Ryan\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
 
253.98 Mb Total Physical Memory | 58.97 Mb Available Physical Memory | 23.22% Memory free
624.93 Mb Paging File | 377.07 Mb Available in Paging File | 60.34% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.95 Gb Total Space | 22.57 Gb Free Space | 31.82% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 232.83 Gb Total Space | 75.03 Gb Free Space | 32.23% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded
 
Computer Name: HO-1
Current User Name: Ryan
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
 
[Processes - Safe List]
ots.exe -> C:\Documents and Settings\Ryan\Desktop\OTS.exe -> [2009/11/25 18:55:33 | 00,526,848 | ---- | M] (OldTimer Tools)
savadminservice.exe -> C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe -> [2009/10/05 06:22:15 | 00,080,936 | ---- | M] (Sophos Plc)
jqs.exe -> C:\Program Files\Java\jre6\bin\jqs.exe -> [2009/08/30 19:24:33 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.)
alsvc.exe -> C:\Program Files\Sophos\AutoUpdate\ALsvc.exe -> [2009/06/11 03:38:15 | 00,172,032 | ---- | M] (Sophos Plc)
almon.exe -> C:\Program Files\Sophos\AutoUpdate\ALMon.exe -> [2009/06/11 03:37:04 | 00,245,760 | ---- | M] (Sophos Plc)
ituneshelper.exe -> C:\Program Files\iTunes\iTunesHelper.exe -> [2009/04/02 15:11:02 | 00,342,312 | ---- | M] (Apple Inc.)
ipodservice.exe -> C:\Program Files\iPod\bin\iPodService.exe -> [2009/04/02 15:10:56 | 00,656,168 | ---- | M] (Apple Inc.)
applemobiledeviceservice.exe -> C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2009/03/26 14:31:20 | 00,132,424 | ---- | M] (Apple Inc.)
qttask.exe -> C:\Program Files\QuickTime\QTTask.exe -> [2009/01/05 15:18:48 | 00,413,696 | ---- | M] (Apple Inc.)
mdnsresponder.exe -> C:\Program Files\Bonjour\mDNSResponder.exe -> [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.)
savservice.exe -> C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe -> [2008/08/21 07:04:28 | 00,098,304 | ---- | M] (Sophos Plc)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)
lvprcsrv.exe -> c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe -> [2006/06/26 10:33:42 | 00,099,888 | ---- | M] (Logitech Inc.)
lvcomsx.exe -> C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe -> [2006/06/26 10:33:32 | 00,243,248 | ---- | M] (Logitech Inc.)
communications_helper.exe -> C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe -> [2006/06/26 09:46:04 | 00,497,200 | ---- | M] (Logitech Inc.)
igfxpers.exe -> C:\WINDOWS\SYSTEM32\igfxpers.exe -> [2005/09/20 09:36:20 | 00,114,688 | ---- | M] (Intel Corporation)
hkcmd.exe -> C:\WINDOWS\SYSTEM32\hkcmd.exe -> [2005/09/20 09:32:24 | 00,077,824 | ---- | M] (Intel Corporation)
dlbtbmon.exe -> C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe -> [2004/06/18 10:46:00 | 00,102,400 | ---- | M] ()
dlbtbmgr.exe -> C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe -> [2004/06/18 10:30:26 | 00,290,816 | ---- | M] ()
tfswctrl.exe -> C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe -> [2004/03/15 01:04:00 | 00,122,933 | ---- | M] (Sonic Solutions)
dlg.exe -> C:\Program Files\Digital Line Detect\DLG.exe -> [2003/10/29 02:06:00 | 00,024,576 | R--- | M] (BVRP Software)
mdm.exe -> C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -> [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation)
 
[Modules - Safe List]
ots.exe -> C:\Documents and Settings\Ryan\Desktop\OTS.exe -> [2009/11/25 18:55:33 | 00,526,848 | ---- | M] (OldTimer Tools)
comctl32.dll -> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll -> [2008/04/13 19:12:51 | 01,054,208 | ---- | M] (Microsoft Corporation)
mslbui.dll -> C:\WINDOWS\SYSTEM32\mslbui.dll -> [2008/04/13 19:12:00 | 00,025,088 | ---- | M] (Microsoft Corporation)
framedyn.dll -> C:\WINDOWS\SYSTEM32\WBEM\framedyn.dll -> [2008/04/13 19:11:53 | 00,185,344 | ---- | M] (Microsoft Corporation)
lvprcinj.dll -> C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll -> [2006/06/26 10:33:42 | 00,091,696 | ---- | M] (Logitech Inc.)
serwvdrv.dll -> C:\WINDOWS\SYSTEM32\SERWVDRV.DLL -> [2002/08/29 05:00:00 | 00,014,848 | ---- | M] (Microsoft Corporation)
umdmxfrm.dll -> C:\WINDOWS\SYSTEM32\UMDMXFRM.DLL -> [2002/08/29 05:00:00 | 00,013,312 | ---- | M] (Microsoft Corporation)
 
[Win32 Services - Safe List]
(SAVAdminService) Sophos Anti-Virus status reporter [Unknown | Running] -> C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe -> [2009/10/05 06:22:15 | 00,080,936 | ---- | M] (Sophos Plc)
(JavaQuickStarterService) Java Quick Starter [Auto | Running] -> C:\Program Files\Java\jre6\bin\jqs.exe -> [2009/08/30 19:24:33 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.)
(Sophos AutoUpdate Service) Sophos AutoUpdate Service [Auto | Running] -> C:\Program Files\Sophos\AutoUpdate\ALsvc.exe -> [2009/06/11 03:38:15 | 00,172,032 | ---- | M] (Sophos Plc)
(iPod Service) iPod Service [On_Demand | Running] -> C:\Program Files\iPod\bin\iPodService.exe -> [2009/04/02 15:10:56 | 00,656,168 | ---- | M] (Apple Inc.)
(Apple Mobile Device) Apple Mobile Device [Auto | Running] -> C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2009/03/26 14:31:20 | 00,132,424 | ---- | M] (Apple Inc.)
(Bonjour Service) Bonjour Service [Auto | Running] -> C:\Program Files\Bonjour\mDNSResponder.exe -> [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.)
(SAVService) Sophos Anti-Virus [Unknown | Running] -> C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe -> [2008/08/21 07:04:28 | 00,098,304 | ---- | M] (Sophos Plc)
(helpsvc) Help and Support [Auto | Running] -> C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -> [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation)
(WLSetupSvc) Windows Live Setup Service [On_Demand | Stopped] -> C:\Program Files\Windows Live\installer\WLSetupSvc.exe -> [2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation)
(usnjsvc) Messenger Sharing Folders USN Journal Reader service [On_Demand | Stopped] -> C:\Program Files\Windows Live\Messenger\usnsvc.exe -> [2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation)
(NMIndexingService) NMIndexingService [On_Demand | Stopped] -> C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -> [2007/04/17 12:52:26 | 00,267,824 | ---- | M] (Nero AG)
(NBService) NBService [On_Demand | Stopped] -> C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -> [2007/04/17 12:49:38 | 00,779,824 | ---- | M] (Nero AG)
(WMPNetworkSvc) Windows Media Player Network Sharing Service [On_Demand | Stopped] -> C:\Program Files\Windows Media Player\WMPNetwk.exe -> [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation)
(LVSrvLauncher) LVSrvLauncher [Auto | Stopped] -> C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe -> [2006/06/26 10:33:56 | 00,091,696 | ---- | M] (Logitech Inc.)
(LVPrcSrv) Logitech Process Monitor [Auto | Running] -> c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe -> [2006/06/26 10:33:42 | 00,099,888 | ---- | M] (Logitech Inc.)
(IDriverT) InstallDriver Table Manager [On_Demand | Stopped] -> C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -> [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation)
(aspnet_state) ASP.NET State Service [On_Demand | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -> [2004/07/15 01:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation)
(dlbt_device) dlbt_device [On_Demand | Stopped] -> C:\WINDOWS\System32\dlbtcoms.exe -> [2004/03/16 15:33:24 | 00,421,888 | ---- | M] (Dell)
(NetSvc) Intel NCS NetService [On_Demand | Stopped] -> C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -> [2003/12/17 13:59:48 | 00,143,360 | ---- | M] (Intel(R) Corporation)
(ose) Office Source Engine [On_Demand | Stopped] -> C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -> [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation)
(MDM) Machine Debug Manager [Auto | Running] -> C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -> [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation)
 
[Driver Services - Safe List]
(USBAAPL) Apple Mobile USB Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\SYSTEM32\DRIVERS\usbaapl.sys -> [2009/03/26 14:23:46 | 00,036,864 | ---- | M] (Apple, Inc.)
(GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys -> [2009/03/19 15:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.)
(SAVOnAccessControl) SAVOnAccessControl [File_System | System | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\savonaccesscontrol.sys -> [2009/01/05 05:41:48 | 00,110,848 | ---- | M] (Sophos Plc)
(SAVOnAccessFilter) SAVOnAccessFilter [File_System | System | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\savonaccessfilter.sys -> [2009/01/05 05:41:30 | 00,038,528 | ---- | M] (Sophos Plc)
(SophosBootDriver) SophosBootDriver [Kernel | Disabled | Stopped] -> C:\WINDOWS\SYSTEM32\DRIVERS\SophosBootDriver.sys -> [2008/05/23 02:38:25 | 00,014,976 | ---- | M] (Sophos Plc)
(61883) 61883 Unit Device [Kernel | On_Demand | Stopped] -> C:\WINDOWS\SYSTEM32\DRIVERS\61883.sys -> [2008/04/13 13:46:20 | 00,048,128 | ---- | M] (Microsoft Corporation)
(Avc) AVC Device [Kernel | On_Demand | Stopped] -> C:\WINDOWS\SYSTEM32\DRIVERS\avc.sys -> [2008/04/13 13:46:20 | 00,038,912 | ---- | M] (Microsoft Corporation)
(MSDV) Microsoft DV Camera and VCR [Kernel | On_Demand | Stopped] -> C:\WINDOWS\SYSTEM32\DRIVERS\msdv.sys -> [2008/04/13 13:46:09 | 00,051,200 | ---- | M] (Microsoft Corporation)
(usbaudio) USB Audio Driver (WDM) [Kernel | On_Demand | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\usbaudio.sys -> [2008/04/13 13:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation)
(amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> C:\WINDOWS\System32\DRIVERS\amdagp.sys -> [2008/04/13 13:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.)
(sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> C:\WINDOWS\System32\DRIVERS\sisagp.sys -> [2008/04/13 13:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation)
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys -> [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(LVPr2Mon) Logitech LVPr2Mon Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\LVPr2Mon.sys -> [2006/06/26 10:33:40 | 00,023,472 | ---- | M] ()
(LVMVDrv) Logitech Machine Vision Engine Loader [Kernel | On_Demand | Stopped] -> C:\WINDOWS\SYSTEM32\DRIVERS\LVMVdrv.sys -> [2006/06/26 10:33:36 | 01,952,816 | ---- | M] (Logitech Inc.)
(LVcKap) Logitech AEC Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\Lvckap.sys -> [2006/06/26 10:33:28 | 01,587,632 | ---- | M] (Logitech Inc.)
(LVUSBSta) Logitech USB Monitor Filter [Kernel | On_Demand | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\LVUSBSta.sys -> [2006/06/22 17:29:46 | 00,038,960 | R--- | M] (Logitech Inc.)
(PID_08A0) Logitech QuickCam IM(PID_08A0) [Kernel | On_Demand | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\LV302AV.SYS -> [2006/06/22 17:29:28 | 00,720,176 | R--- | M] (Logitech Inc.)
(pepifilter) Volume Adapter [Kernel | On_Demand | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\lv302af.sys -> [2006/06/22 17:29:27 | 00,012,080 | R--- | M] (Logitech Inc.)
(ialm) ialm [Kernel | On_Demand | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\ialmnt5.sys -> [2005/09/20 10:00:54 | 01,302,332 | ---- | M] (Intel Corporation)
(MxlW2k) MxlW2k [Kernel | On_Demand | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\MxlW2k.sys -> [2004/09/16 11:15:36 | 00,028,352 | ---- | M] (MusicMatch, Inc.)
(nv) nv [Kernel | On_Demand | Stopped] -> C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -> [2004/08/04 00:29:54 | 01,897,408 | ---- | M] (NVIDIA Corporation)
(iAimFP4) iAimFP4 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -> [2004/08/04 00:29:49 | 00,019,455 | ---- | M] (Intel(R) Corporation)
(iAimFP3) iAimFP3 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -> [2004/08/04 00:29:47 | 00,012,063 | ---- | M] (Intel(R) Corporation)
(iAimTV4) iAimTV4 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -> [2004/08/04 00:29:45 | 00,023,615 | ---- | M] (Intel(R) Corporation)
(iAimTV3) iAimTV3 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -> [2004/08/04 00:29:43 | 00,033,599 | ---- | M] (Intel(R) Corporation)
(iAimTV1) iAimTV1 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -> [2004/08/04 00:29:42 | 00,019,551 | ---- | M] (Intel(R) Corporation)
(iAimTV0) iAimTV0 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -> [2004/08/04 00:29:41 | 00,029,311 | ---- | M] (Intel(R) Corporation)
(iAimFP0) iAimFP0 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -> [2004/08/04 00:29:37 | 00,012,415 | ---- | M] (Intel(R) Corporation)
(iAimFP1) iAimFP1 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -> [2004/08/04 00:29:37 | 00,012,127 | ---- | M] (Intel(R) Corporation)
(iAimFP2) iAimFP2 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -> [2004/08/04 00:29:37 | 00,011,775 | ---- | M] (Intel(R) Corporation)
(i81x) i81x [Kernel | On_Demand | Stopped] -> C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -> [2004/08/04 00:29:36 | 00,161,020 | ---- | M] (Intel(R) Corporation)
(smwdm) smwdm [Kernel | On_Demand | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\smwdm.sys -> [2004/04/09 12:41:30 | 00,612,352 | ---- | M] (Analog Devices, Inc.)
(tfsnudfa) tfsnudfa [File_System | Auto | Running] -> C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -> [2004/03/15 01:04:00 | 00,100,597 | ---- | M] (Sonic Solutions)
(tfsnudf) tfsnudf [File_System | Auto | Running] -> C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -> [2004/03/15 01:04:00 | 00,098,580 | ---- | M] (Sonic Solutions)
(tfsnifs) tfsnifs [File_System | Auto | Running] -> C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -> [2004/03/15 01:04:00 | 00,085,972 | ---- | M] (Sonic Solutions)
(tfsncofs) tfsncofs [File_System | Auto | Running] -> C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -> [2004/03/15 01:04:00 | 00,034,837 | ---- | M] (Sonic Solutions)
(tfsnboio) tfsnboio [File_System | Auto | Running] -> C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -> [2004/03/15 01:04:00 | 00,025,685 | ---- | M] (Sonic Solutions)
(tfsnopio) tfsnopio [File_System | Auto | Running] -> C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -> [2004/03/15 01:04:00 | 00,014,229 | ---- | M] (Sonic Solutions)
(tfsnpool) tfsnpool [File_System | Auto | Running] -> C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -> [2004/03/15 01:04:00 | 00,006,357 | ---- | M] (Sonic Solutions)
(tfsndrct) tfsndrct [File_System | Auto | Running] -> C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -> [2004/03/15 01:04:00 | 00,004,117 | ---- | M] (Sonic Solutions)
(tfsndres) tfsndres [File_System | Auto | Running] -> C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -> [2004/03/15 01:04:00 | 00,002,233 | ---- | M] (Sonic Solutions)
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> C:\WINDOWS\System32\Drivers\PxHelp20.sys -> [2004/03/03 02:02:00 | 00,020,176 | ---- | M] (Sonic Solutions)
(drvnddm) drvnddm [File_System | Auto | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -> [2004/02/27 02:56:00 | 00,040,480 | ---- | M] (Sonic Solutions)
(drvmcdb) drvmcdb [Kernel | Boot | Running] -> C:\WINDOWS\system32\drivers\drvmcdb.sys -> [2004/02/13 03:21:00 | 00,086,160 | ---- | M] (Sonic Solutions)
(E100B) Intel(R) PRO Adapter Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\e100b325.sys -> [2004/02/10 15:49:14 | 00,154,112 | ---- | M] (Intel Corporation)
(sscdbhk5) sscdbhk5 [File_System | System | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -> [2004/01/14 19:18:16 | 00,005,621 | ---- | M] (Sonic Solutions)
(ssrtln) ssrtln [File_System | System | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -> [2004/01/14 19:18:04 | 00,023,219 | ---- | M] (Sonic Solutions)
(HSFHWBS2) HSFHWBS2 [Kernel | On_Demand | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWBS2.sys -> [2003/11/17 15:59:20 | 00,212,224 | ---- | M] (Conexant Systems, Inc.)
(winachsf) winachsf [Kernel | On_Demand | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys -> [2003/11/17 15:58:02 | 00,680,704 | ---- | M] (Conexant Systems, Inc.)
(HSF_DP) HSF_DP [Kernel | On_Demand | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys -> [2003/11/17 15:56:26 | 01,042,432 | ---- | M] (Conexant Systems, Inc.)
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\mdmxsdk.sys -> [2003/04/09 13:48:08 | 00,011,043 | ---- | M] (Conexant)
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS -> [2002/08/29 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
(aeaudio) aeaudio [Kernel | On_Demand | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\aeaudio.sys -> [2002/04/01 13:15:00 | 00,004,816 | ---- | M] (Andrea Electronics Corporation)
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> C:\WINDOWS\System32\DRIVERS\sparrow.sys -> [2001/08/17 14:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.)
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> C:\WINDOWS\System32\DRIVERS\sym_u3.sys -> [2001/08/17 14:07:42 | 00,030,688 | ---- | M] (LSI Logic)
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> C:\WINDOWS\System32\DRIVERS\sym_hi.sys -> [2001/08/17 14:07:40 | 00,028,384 | ---- | M] (LSI Logic)
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> C:\WINDOWS\System32\DRIVERS\symc8xx.sys -> [2001/08/17 14:07:36 | 00,032,640 | ---- | M] (LSI Logic)
(symc810) symc810 [Kernel | Disabled | Stopped] -> C:\WINDOWS\System32\DRIVERS\symc810.sys -> [2001/08/17 14:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.)
(MODEMCSA) Unimodem Streaming Filter Device [Kernel | On_Demand | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -> [2001/08/17 13:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation)
(ultra) ultra [Kernel | Disabled | Stopped] -> C:\WINDOWS\System32\DRIVERS\ultra.sys -> [2001/08/17 13:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.)
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> C:\WINDOWS\System32\DRIVERS\ql12160.sys -> [2001/08/17 13:52:20 | 00,045,312 | ---- | M] (QLogic Corporation)
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> C:\WINDOWS\System32\DRIVERS\ql1080.sys -> [2001/08/17 13:52:20 | 00,040,320 | ---- | M] (QLogic Corporation)
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> C:\WINDOWS\System32\DRIVERS\ql1280.sys -> [2001/08/17 13:52:18 | 00,049,024 | ---- | M] (QLogic Corporation)
(dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -> [2001/08/17 13:52:16 | 00,179,584 | ---- | M] (Mylex Corporation)
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> C:\WINDOWS\System32\DRIVERS\mraid35x.sys -> [2001/08/17 13:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.)
(asc) asc [Kernel | Disabled | Stopped] -> C:\WINDOWS\System32\DRIVERS\asc.sys -> [2001/08/17 13:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.)
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> C:\WINDOWS\System32\DRIVERS\asc3550.sys -> [2001/08/17 13:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.)
(AliIde) AliIde [Kernel | Disabled | Stopped] -> C:\WINDOWS\System32\DRIVERS\aliide.sys -> [2001/08/17 13:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.)
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> C:\WINDOWS\System32\DRIVERS\cmdide.sys -> [2001/08/17 13:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.)
(EL90XBC) 3Com EtherLink XL 90XB/C Adapter Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -> [2001/08/17 12:11:06 | 00,066,591 | ---- | M] (3Com Corporation)
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" ->  [binary data] -> 
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.google.com -> 
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
HKEY_USERS\.DEFAULT\: Main\\"Default_Page_URL" -> http://www.dell.com -> 
HKEY_USERS\.DEFAULT\: Main\\"First Home Page" -> http://www.dell.com -> 
HKEY_USERS\.DEFAULT\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_USERS\.DEFAULT\: Main\\"Start Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> 
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
HKEY_USERS\S-1-5-18\: Main\\"Default_Page_URL" -> http://www.dell.com -> 
HKEY_USERS\S-1-5-18\: Main\\"First Home Page" -> http://www.dell.com -> 
HKEY_USERS\S-1-5-18\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_USERS\S-1-5-18\: Main\\"Start Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> 
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
HKEY_USERS\S-1-5-19\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
HKEY_USERS\S-1-5-20\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-63375334-2776264096-1130329328-1008\] > -> -> 
HKEY_USERS\S-1-5-21-63375334-2776264096-1130329328-1008\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> 
HKEY_USERS\S-1-5-21-63375334-2776264096-1130329328-1008\: Main\\"Page_Transitions" -> 1 -> 
HKEY_USERS\S-1-5-21-63375334-2776264096-1130329328-1008\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_USERS\S-1-5-21-63375334-2776264096-1130329328-1008\: Main\\"SearchMigratedDefaultName" -> MSN Search -> 
HKEY_USERS\S-1-5-21-63375334-2776264096-1130329328-1008\: Main\\"SearchMigratedDefaultURL" -> http://search.sympatico.msn.ca/previewx.aspx?q={searchTerms}&FORM=CBPW&first=1&noredir=1 -> 
HKEY_USERS\S-1-5-21-63375334-2776264096-1130329328-1008\: Main\\"Start Page" -> http://ottawastart.com/ -> 
HKEY_USERS\S-1-5-21-63375334-2776264096-1130329328-1008\: "ProxyEnable" -> 0 -> 
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\extensions ->  -> 
HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com -> C:\Program Files\Java\jre6\lib\deploy\jqs\ff [C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF] -> [2009/08/30 19:24:35 | 00,000,000 | ---D | M]
< FireFox Extensions [User Folders] > -> 
< HOSTS File > (27 bytes and 1 lines) -> C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts -> 
Reset Hosts
127.0.0.1       localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{39EA7695-B3F2-4C44-A4BC-297ADA8FD235} [HKLM] -> C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll [Sophos Web Content Scanner] -> [2009/06/25 05:35:12 | 00,240,680 | ---- | M] (Sophos Plc)
{9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Windows Live Sign-in Helper] -> [2009/02/17 16:11:04 | 00,408,440 | ---- | M] (Microsoft Corporation)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2009/08/30 19:24:35 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Dell Photo AIO Printer 922" -> C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe ["C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"] -> [2004/06/18 10:30:26 | 00,290,816 | ---- | M] ()
"dla" -> C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe [C:\WINDOWS\system32\dla\tfswctrl.exe] -> [2004/03/15 01:04:00 | 00,122,933 | ---- | M] (Sonic Solutions)
"DwlClient" -> c:\Program Files\Common Files\Dell\EUSW\Support.exe [c:\Program Files\Common Files\Dell\EUSW\Support.exe] -> [2005/10/13 22:26:04 | 00,069,632 | ---- | M] (Dell)
"igfxhkcmd" -> C:\WINDOWS\SYSTEM32\hkcmd.exe [C:\WINDOWS\system32\hkcmd.exe] -> [2005/09/20 09:32:24 | 00,077,824 | ---- | M] (Intel Corporation)
"igfxpers" -> C:\WINDOWS\SYSTEM32\igfxpers.exe [C:\WINDOWS\system32\igfxpers.exe] -> [2005/09/20 09:36:20 | 00,114,688 | ---- | M] (Intel Corporation)
"igfxtray" -> C:\WINDOWS\SYSTEM32\igfxtray.exe [C:\WINDOWS\system32\igfxtray.exe] -> [2005/09/20 09:35:40 | 00,094,208 | ---- | M] (Intel Corporation)
"iTunesHelper" -> C:\Program Files\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> [2009/04/02 15:11:02 | 00,342,312 | ---- | M] (Apple Inc.)
"LogitechCommunicationsManager" -> C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe ["C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"] -> [2006/06/26 09:46:04 | 00,497,200 | ---- | M] (Logitech Inc.)
"LVCOMSX" -> C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe ["C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"] -> [2006/06/26 10:33:32 | 00,243,248 | ---- | M] (Logitech Inc.)
"Malwarebytes Anti-Malware (reboot)" -> C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe ["C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript] -> [2009/09/10 14:53:56 | 01,312,080 | ---- | M] (Malwarebytes Corporation)
"QuickTime Task" -> C:\Program Files\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] -> [2009/01/05 15:18:48 | 00,413,696 | ---- | M] (Apple Inc.)
"UpdateManager" -> C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe ["C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r] -> [2003/08/19 01:01:00 | 00,110,592 | ---- | M] (Sonic Solutions)
< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> 
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> [2005/09/24 01:05:26 | 00,029,696 | ---- | M] (Adobe Systems Incorporated)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoUpdate Monitor.lnk -> C:\Program Files\Sophos\AutoUpdate\ALMon.exe -> [2009/06/11 03:37:04 | 00,245,760 | ---- | M] (Sophos Plc)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe -> [2003/10/29 02:06:00 | 00,024,576 | R--- | M] (BVRP Software)
< Anne Startup Folder > -> C:\Documents and Settings\Anne\Start Menu\Programs\Startup -> 
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> 
< Ryan Startup Folder > -> C:\Documents and Settings\Ryan\Start Menu\Programs\Startup -> 
< Software Policy Settings [HKEY_USERS\S-1-5-21-63375334-2776264096-1130329328-1008] > -> HKEY_USERS\S-1-5-21-63375334-2776264096-1130329328-1008\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" ->  [1] -> File not found
\\"NoCDBurning" ->  [0] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" ->  [0] -> File not found
\\"legalnoticecaption" ->  [] -> File not found
\\"legalnoticetext" ->  [] -> File not found
\\"shutdownwithoutlogon" ->  [1] -> File not found
\\"undockwithoutlogon" ->  [1] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveAutoRun" ->  [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveAutoRun" ->  [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-63375334-2776264096-1130329328-1008] > -> HKEY_USERS\S-1-5-21-63375334-2776264096-1130329328-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-21-63375334-2776264096-1130329328-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-63375334-2776264096-1130329328-1008] > -> HKEY_USERS\S-1-5-21-63375334-2776264096-1130329328-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< Internet Explorer Menu Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\ -> 
E&xport to Microsoft Excel -> C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000] -> [2008/10/13 11:29:28 | 10,351,944 | ---- | M] (Microsoft Corporation)
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\ -> 
E&xport to Microsoft Excel -> C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000] -> [2008/10/13 11:29:28 | 10,351,944 | ---- | M] (Microsoft Corporation)
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-63375334-2776264096-1130329328-1008\] > -> HKEY_USERS\S-1-5-21-63375334-2776264096-1130329328-1008\Software\Microsoft\Internet Explorer\MenuExt\ -> 
E&xport to Microsoft Excel -> C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000] -> [2008/10/13 11:29:28 | 10,351,944 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL [Button: Research] -> [2007/04/19 13:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
{d81ca86b-ef63-42af-bee3-4502d9a03c2d}:http://wwws.musicmatch.com/mmz/openWebRadio.html [HKLM] ->  [Button: MUSICMATCH MX Web Player] -> File not found
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2009/01/26 14:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Button: Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 13:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}" [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2009/01/26 14:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
CmdMapping\\"{e2e2dd38-d088-4134-82b7-f2ba38496583}" [HKLM] -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 13:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}" [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2009/01/26 14:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
CmdMapping\\"{e2e2dd38-d088-4134-82b7-f2ba38496583}" [HKLM] -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-63375334-2776264096-1130329328-1008\] > -> HKEY_USERS\S-1-5-21-63375334-2776264096-1130329328-1008\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 13:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}" [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2009/01/26 14:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
CmdMapping\\"{e2e2dd38-d088-4134-82b7-f2ba38496583}" [HKLM] -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4250 domain(s) found. -> 
32 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4259 domain(s) found. -> 
32 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4259 domain(s) found. -> 
32 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1214 domain(s) found. -> 
66 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 29 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1214 domain(s) found. -> 
66 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 29 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-63375334-2776264096-1130329328-1008\] > -> HKEY_USERS\S-1-5-21-63375334-2776264096-1130329328-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-21-63375334-2776264096-1130329328-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4259 domain(s) found. -> 
32 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-63375334-2776264096-1130329328-1008\] > -> HKEY_USERS\S-1-5-21-63375334-2776264096-1130329328-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-21-63375334-2776264096-1130329328-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} [HKLM] -> http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab [Reg Error: Key error.] -> 
{7530BFB8-7293-4D34-9923-61A11451AFC5} [HKLM] -> http://download.eset.com/special/eos/OnlineScanner.cab [OnlineScanner Control] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab [Java Plug-in 1.6.0_15] -> 
{BCC0FF27-31D9-4614-A68E-C18E1ADA4389} [HKLM] -> http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab [Reg Error: Key error.] -> 
{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab [Java Plug-in 1.6.0_06] -> 
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Java Plug-in 1.6.0_07] -> 
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab [Java Plug-in 1.6.0_15] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab [Java Plug-in 1.6.0_15] -> 
Microsoft XML Parser for Java [HKLM] -> file://C:\WINDOWS\Java\classes\xmldso.cab [Reg Error: Key error.] -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
igfxcui -> C:\WINDOWS\System32\igfxdev.dll -> [2005/09/20 09:31:28 | 00,135,168 | ---- | M] (Intel Corporation)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\SYSTEM32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\livecall.exe" -> C:\Program Files\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> [2007/10/02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> [2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\SYSTEM32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" -> C:\Program Files\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> [2009/04/02 15:10:58 | 13,646,632 | ---- | M] (Apple Inc.)
"C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe" -> C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe [C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0] -> [2006/10/11 07:20:18 | 06,180,512 | ---- | M] (SmartSoft Ltd.)
"C:\Program Files\Windows Live\Messenger\livecall.exe" -> C:\Program Files\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> [2007/10/02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> [2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
"AlternateShell" -> cmd.exe -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" ->  [System32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > ->  -> 
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2002/09/03 08:59:58 | 00,000,000 | ---- | M] ()
H:\autorun [] -> H:\autorun [ FAT32 ] -> [2006/08/08 09:59:46 | 00,000,000 | ---D | M]
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* ->
 
Here is part 2 of 2.

Thanks!

[Files/Folders - Created Within 30 Days]
OTS.exe -> C:\Documents and Settings\Ryan\Desktop\OTS.exe -> [2009/11/25 18:55:28 | 00,526,848 | ---- | C] (OldTimer Tools)
_OTM -> C:\_OTM -> [2009/11/23 21:47:16 | 00,000,000 | ---D | C]
OTM.exe -> C:\Documents and Settings\Ryan\Desktop\OTM.exe -> [2009/11/23 21:45:46 | 00,422,912 | ---- | C] (OldTimer Tools)
OTL.exe -> C:\Documents and Settings\Ryan\Desktop\OTL.exe -> [2009/11/23 13:25:27 | 00,529,408 | ---- | C] (OldTimer Tools)
ESET -> C:\Program Files\ESET -> [2009/11/19 17:38:45 | 00,000,000 | ---D | C]
TFC.exe -> C:\Documents and Settings\Ryan\Desktop\TFC.exe -> [2009/11/19 17:18:13 | 00,341,504 | ---- | C] (OldTimer Tools)
proquota.exe -> C:\WINDOWS\System32\proquota.exe -> [2009/11/17 20:47:01 | 00,050,176 | ---- | C] (Microsoft Corporation)
proquota.exe -> C:\WINDOWS\System32\dllcache\proquota.exe -> [2009/11/17 20:47:01 | 00,050,176 | ---- | C] (Microsoft Corporation)
cmdcons -> C:\cmdcons -> [2009/11/17 20:23:09 | 00,000,000 | RHSD | C]
SWXCACLS.exe -> C:\WINDOWS\SWXCACLS.exe -> [2009/11/17 20:20:52 | 00,212,480 | ---- | C] (SteelWerX)
SWREG.exe -> C:\WINDOWS\SWREG.exe -> [2009/11/17 20:20:52 | 00,161,792 | ---- | C] (SteelWerX)
SWSC.exe -> C:\WINDOWS\SWSC.exe -> [2009/11/17 20:20:52 | 00,136,704 | ---- | C] (SteelWerX)
NIRCMD.exe -> C:\WINDOWS\NIRCMD.exe -> [2009/11/17 20:20:52 | 00,031,232 | ---- | C] (NirSoft)
PIF -> C:\WINDOWS\PIF -> [2009/11/17 19:54:32 | 00,000,000 | -H-D | C]
rpcss.dll -> C:\WINDOWS\System32\dllcache\rpcss.dll -> [2009/11/16 21:01:11 | 00,401,408 | ---- | C] (Microsoft Corporation)
pdh.dll -> C:\WINDOWS\System32\dllcache\pdh.dll -> [2009/11/16 21:01:11 | 00,284,160 | ---- | C] (Microsoft Corporation)
sc.exe -> C:\WINDOWS\System32\dllcache\sc.exe -> [2009/11/16 21:01:11 | 00,035,328 | ---- | C] (Microsoft Corporation)
fastprox.dll -> C:\WINDOWS\System32\dllcache\fastprox.dll -> [2009/11/16 21:01:10 | 00,473,600 | ---- | C] (Microsoft Corporation)
services.exe -> C:\WINDOWS\System32\dllcache\services.exe -> [2009/11/16 21:01:10 | 00,110,592 | ---- | C] (Microsoft Corporation)
wmiprvse.exe -> C:\WINDOWS\System32\dllcache\wmiprvse.exe -> [2009/11/16 21:01:09 | 00,227,840 | ---- | C] (Microsoft Corporation)
lsasrv.dll -> C:\WINDOWS\System32\dllcache\lsasrv.dll -> [2009/11/16 21:01:08 | 00,729,088 | ---- | C] (Microsoft Corporation)
wmiprvsd.dll -> C:\WINDOWS\System32\dllcache\wmiprvsd.dll -> [2009/11/16 21:01:08 | 00,453,120 | ---- | C] (Microsoft Corporation)
ntdll.dll -> C:\WINDOWS\System32\dllcache\ntdll.dll -> [2009/11/16 21:01:07 | 00,714,752 | ---- | C] (Microsoft Corporation)
advapi32.dll -> C:\WINDOWS\System32\dllcache\advapi32.dll -> [2009/11/16 21:01:07 | 00,617,472 | ---- | C] (Microsoft Corporation)
xpsp4res.dll -> C:\WINDOWS\System32\xpsp4res.dll -> [2009/11/16 21:00:22 | 00,002,560 | ---- | C] (Microsoft Corporation)
wordpad.exe -> C:\WINDOWS\System32\dllcache\wordpad.exe -> [2009/11/16 21:00:18 | 00,215,552 | ---- | C] (Microsoft Corporation)
Ryan.exe -> C:\Documents and Settings\Ryan\Desktop\Ryan.exe -> [2009/11/13 22:00:03 | 00,401,720 | ---- | C] (Trend Micro Inc.)
rsit -> C:\rsit -> [2009/11/13 21:59:59 | 00,000,000 | ---D | C]
Malwarebytes -> C:\Documents and Settings\Ryan\Application Data\Malwarebytes -> [2009/11/13 19:50:22 | 00,000,000 | ---D | C]
mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2009/11/13 19:49:54 | 00,038,224 | ---- | C] (Malwarebytes Corporation)
mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2009/11/13 19:49:52 | 00,019,160 | ---- | C] (Malwarebytes Corporation)
Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2009/11/13 19:49:52 | 00,000,000 | ---D | C]
Malwarebytes -> C:\Documents and Settings\All Users\Application Data\Malwarebytes -> [2009/11/13 19:49:52 | 00,000,000 | ---D | C]
mbam-setup.exe -> C:\Documents and Settings\Ryan\Desktop\mbam-setup.exe -> [2009/11/13 19:47:52 | 04,045,544 | ---- | C] (Malwarebytes Corporation )
HijackThis.exe -> C:\Documents and Settings\Ryan\Desktop\HijackThis.exe -> [2009/11/10 20:58:34 | 00,401,720 | ---- | C] (Trend Micro Inc.)
erunt-setup.exe -> C:\Documents and Settings\Ryan\Desktop\erunt-setup.exe -> [2009/11/10 20:58:00 | 00,791,393 | ---- | C] (Lars Hederer )
ERDNT -> C:\WINDOWS\ERDNT -> [2009/11/10 20:43:32 | 00,000,000 | ---D | C]
ERUNT -> C:\Program Files\ERUNT -> [2009/11/10 20:42:55 | 00,000,000 | ---D | C]
Sophos -> C:\Documents and Settings\Ryan\Local Settings\Application Data\Sophos -> [2009/11/08 20:26:48 | 00,000,000 | ---D | C]

[Files/Folders - Modified Within 30 Days]
WPA.DBL -> C:\WINDOWS\System32\WPA.DBL -> [2009/11/26 19:54:55 | 00,001,170 | ---- | M] ()
SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2009/11/26 19:53:21 | 00,000,006 | -H-- | M] ()
BOOTSTAT.DAT -> C:\WINDOWS\BOOTSTAT.DAT -> [2009/11/26 19:52:44 | 00,002,048 | --S- | M] ()
hiberfil.sys -> C:\hiberfil.sys -> [2009/11/26 19:52:42 | 26,639,1552 | -HS- | M] ()
NTUSER.DAT -> C:\Documents and Settings\Ryan\NTUSER.DAT -> [2009/11/25 18:59:51 | 07,077,888 | -H-- | M] ()
NTUSER.INI -> C:\Documents and Settings\Ryan\NTUSER.INI -> [2009/11/25 18:59:51 | 00,000,278 | -HS- | M] ()
OTS.exe -> C:\Documents and Settings\Ryan\Desktop\OTS.exe -> [2009/11/25 18:55:33 | 00,526,848 | ---- | M] (OldTimer Tools)
OTM.exe -> C:\Documents and Settings\Ryan\Desktop\OTM.exe -> [2009/11/23 21:45:48 | 00,422,912 | ---- | M] (OldTimer Tools)
OTL.exe -> C:\Documents and Settings\Ryan\Desktop\OTL.exe -> [2009/11/23 13:25:32 | 00,529,408 | ---- | M] (OldTimer Tools)
PERFH009.DAT -> C:\WINDOWS\System32\PERFH009.DAT -> [2009/11/20 21:32:35 | 00,384,596 | ---- | M] ()
PERFC009.DAT -> C:\WINDOWS\System32\PERFC009.DAT -> [2009/11/20 21:32:35 | 00,054,280 | ---- | M] ()
PerfStringBackup.INI -> C:\WINDOWS\System32\PerfStringBackup.INI -> [2009/11/20 21:32:33 | 00,445,630 | ---- | M] ()
imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2009/11/20 20:57:19 | 00,001,393 | ---- | M] ()
SecurityCheck.exe -> C:\Documents and Settings\Ryan\Desktop\SecurityCheck.exe -> [2009/11/20 19:49:51 | 00,843,167 | ---- | M] ()
TFC.exe -> C:\Documents and Settings\Ryan\Desktop\TFC.exe -> [2009/11/19 17:18:16 | 00,341,504 | ---- | M] (OldTimer Tools)
SystemLook.exe -> C:\Documents and Settings\Ryan\Desktop\SystemLook.exe -> [2009/11/18 20:59:23 | 00,102,660 | ---- | M] ()
system.ini -> C:\WINDOWS\system.ini -> [2009/11/17 20:57:21 | 00,000,227 | ---- | M] ()
hosts -> C:\WINDOWS\System32\drivers\ETC\hosts -> [2009/11/17 20:56:25 | 00,000,027 | ---- | M] ()
BOOT.INI -> C:\BOOT.INI -> [2009/11/17 20:23:27 | 00,000,281 | RHS- | M] ()
ComboFix.exe -> C:\Documents and Settings\Ryan\Desktop\ComboFix.exe -> [2009/11/17 20:18:21 | 03,565,123 | R--- | M] ()
dellstat.ini -> C:\WINDOWS\dellstat.ini -> [2009/11/17 20:09:34 | 00,001,008 | ---- | M] ()
PEV.exe -> C:\WINDOWS\PEV.exe -> [2009/11/14 01:47:57 | 00,260,608 | ---- | M] ()
RSIT.exe -> C:\Documents and Settings\Ryan\Desktop\RSIT.exe -> [2009/11/13 21:59:31 | 00,781,909 | ---- | M] ()
Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009/11/13 19:50:03 | 00,000,696 | ---- | M] ()
mbam-setup.exe -> C:\Documents and Settings\Ryan\Desktop\mbam-setup.exe -> [2009/11/13 19:48:01 | 04,045,544 | ---- | M] (Malwarebytes Corporation )
ERUNT.lnk -> C:\Documents and Settings\Ryan\Desktop\ERUNT.lnk -> [2009/11/10 21:05:54 | 00,000,592 | ---- | M] ()
Ryan.exe -> C:\Documents and Settings\Ryan\Desktop\Ryan.exe -> [2009/11/10 20:58:34 | 00,401,720 | ---- | M] (Trend Micro Inc.)
HijackThis.exe -> C:\Documents and Settings\Ryan\Desktop\HijackThis.exe -> [2009/11/10 20:58:34 | 00,401,720 | ---- | M] (Trend Micro Inc.)
erunt-setup.exe -> C:\Documents and Settings\Ryan\Desktop\erunt-setup.exe -> [2009/11/10 20:58:00 | 00,791,393 | ---- | M] (Lars Hederer )
149785430 -> C:\149785430 -> [2009/11/08 00:10:11 | 00,000,000 | -HS- | M] ()

[Files - No Company Name]
SecurityCheck.exe -> C:\Documents and Settings\Ryan\Desktop\SecurityCheck.exe -> [2009/11/20 19:49:51 | 00,843,167 | ---- | C] ()
SystemLook.exe -> C:\Documents and Settings\Ryan\Desktop\SystemLook.exe -> [2009/11/18 20:59:21 | 00,102,660 | ---- | C] ()
Boot.bak -> C:\Boot.bak -> [2009/11/17 20:23:27 | 00,000,211 | ---- | C] ()
cmldr -> C:\cmldr -> [2009/11/17 20:23:18 | 00,260,272 | ---- | C] ()
PEV.exe -> C:\WINDOWS\PEV.exe -> [2009/11/17 20:20:52 | 00,260,608 | ---- | C] ()
sed.exe -> C:\WINDOWS\sed.exe -> [2009/11/17 20:20:52 | 00,098,816 | ---- | C] ()
grep.exe -> C:\WINDOWS\grep.exe -> [2009/11/17 20:20:52 | 00,080,412 | ---- | C] ()
MBR.exe -> C:\WINDOWS\MBR.exe -> [2009/11/17 20:20:52 | 00,077,312 | ---- | C] ()
zip.exe -> C:\WINDOWS\zip.exe -> [2009/11/17 20:20:52 | 00,068,096 | ---- | C] ()
ComboFix.exe -> C:\Documents and Settings\Ryan\Desktop\ComboFix.exe -> [2009/11/17 20:18:16 | 03,565,123 | R--- | C] ()
sysmain.sdb -> C:\WINDOWS\System32\dllcache\sysmain.sdb -> [2009/11/16 21:00:19 | 01,203,922 | ---- | C] ()
RSIT.exe -> C:\Documents and Settings\Ryan\Desktop\RSIT.exe -> [2009/11/13 21:59:31 | 00,781,909 | ---- | C] ()
Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009/11/13 19:50:03 | 00,000,696 | ---- | C] ()
ERUNT.lnk -> C:\Documents and Settings\Ryan\Desktop\ERUNT.lnk -> [2009/11/10 21:05:54 | 00,000,592 | ---- | C] ()
hiberfil.sys -> C:\hiberfil.sys -> [2009/11/10 20:48:22 | 26,639,1552 | -HS- | C] ()
149785430 -> C:\149785430 -> [2009/11/08 00:10:11 | 00,000,000 | -HS- | C] ()
MRT.INI -> C:\WINDOWS\System32\MRT.INI -> [2008/11/12 21:44:28 | 00,000,118 | ---- | C] ()
NeroDigital.ini -> C:\WINDOWS\NeroDigital.ini -> [2008/03/13 19:59:43 | 00,000,069 | ---- | C] ()
Title.INI -> C:\WINDOWS\Title.INI -> [2008/03/08 22:09:38 | 00,000,071 | ---- | C] ()
MotionDVSTUDIO.INI -> C:\WINDOWS\MotionDVSTUDIO.INI -> [2008/03/08 21:46:19 | 00,000,028 | ---- | C] ()
lvcoinst.ini -> C:\WINDOWS\System32\lvcoinst.ini -> [2008/01/13 20:07:28 | 00,022,334 | R--- | C] ()
BladeEnc.dll -> C:\WINDOWS\System32\BladeEnc.dll -> [2007/01/12 13:30:54 | 00,528,384 | ---- | C] ()
ShnDll32.dll -> C:\WINDOWS\System32\ShnDll32.dll -> [2007/01/12 13:30:54 | 00,120,832 | ---- | C] ()
LVPr2Mon.sys -> C:\WINDOWS\System32\drivers\LVPr2Mon.sys -> [2006/06/26 10:33:40 | 00,023,472 | ---- | C] ()
AutoCAD 2000 EReg.ini -> C:\WINDOWS\AutoCAD 2000 EReg.ini -> [2006/06/04 19:34:37 | 00,000,055 | ---- | C] ()
mtstack.INI -> C:\WINDOWS\mtstack.INI -> [2006/06/04 19:31:39 | 00,000,000 | ---- | C] ()
liveup.ini -> C:\WINDOWS\liveup.ini -> [2006/04/21 20:21:17 | 00,000,044 | ---- | C] ()
lame_enc.dll -> C:\WINDOWS\System32\lame_enc.dll -> [2005/04/07 09:21:54 | 00,126,464 | ---- | C] ()
msoffice.ini -> C:\WINDOWS\msoffice.ini -> [2004/10/11 18:20:10 | 00,000,002 | ---- | C] ()
dellstat.ini -> C:\WINDOWS\dellstat.ini -> [2004/10/11 18:13:20 | 00,001,008 | ---- | C] ()
dlbtcoin.dll -> C:\WINDOWS\System32\dlbtcoin.dll -> [2004/10/11 18:11:57 | 00,143,360 | R--- | C] ()
dlbtsnls.dll -> C:\WINDOWS\System32\dlbtsnls.dll -> [2004/10/11 18:11:57 | 00,126,976 | R--- | C] ()
BJAXSecurityManager.dll -> C:\WINDOWS\System32\BJAXSecurityManager.dll -> [2004/10/06 18:48:50 | 00,040,448 | ---- | C] ()
BJInstaller.dll -> C:\WINDOWS\System32\BJInstaller.dll -> [2004/10/06 18:48:49 | 00,086,016 | ---- | C] ()
cdPlayer.ini -> C:\WINDOWS\cdPlayer.ini -> [2004/09/24 14:31:18 | 00,001,843 | ---- | C] ()
smscfg.ini -> C:\WINDOWS\smscfg.ini -> [2004/09/16 11:18:31 | 00,000,061 | ---- | C] ()
ODBC.INI -> C:\WINDOWS\ODBC.INI -> [2004/09/16 11:13:38 | 00,000,376 | ---- | C] ()
suaswun.dll -> C:\WINDOWS\System32\suaswun.dll -> [2004/09/16 11:08:41 | 00,034,818 | ---- | C] ()
prsrg32.dll -> C:\WINDOWS\System32\prsrg32.dll -> [2004/09/16 11:08:41 | 00,032,771 | ---- | C] ()
vewuw2k.dll -> C:\WINDOWS\System32\vewuw2k.dll -> [2004/09/16 11:08:41 | 00,032,770 | ---- | C] ()
xscpcp3.dll -> C:\WINDOWS\System32\xscpcp3.dll -> [2004/09/16 11:08:41 | 00,028,675 | ---- | C] ()
sxnku32.dll -> C:\WINDOWS\System32\sxnku32.dll -> [2004/09/16 11:08:41 | 00,023,555 | ---- | C] ()
wininit.ini -> C:\WINDOWS\wininit.ini -> [2004/09/16 11:08:41 | 00,000,207 | ---- | C] ()
orun32.ini -> C:\WINDOWS\orun32.ini -> [2004/09/16 11:03:28 | 00,000,780 | ---- | C] ()
msjetoledb40.dll -> C:\WINDOWS\System32\msjetoledb40.dll -> [2004/09/16 11:02:09 | 00,355,112 | ---- | C] ()
psisdecd.dll -> C:\WINDOWS\System32\psisdecd.dll -> [2004/09/16 10:48:45 | 00,363,520 | ---- | C] ()
PerfStringBackup.INI -> C:\WINDOWS\System32\PerfStringBackup.INI -> [2004/09/16 10:48:40 | 00,445,630 | ---- | C] ()
fxsperf.ini -> C:\WINDOWS\System32\fxsperf.ini -> [2004/09/16 10:48:29 | 00,001,793 | ---- | C] ()
OEMINFO.INI -> C:\WINDOWS\System32\OEMINFO.INI -> [2004/09/16 10:34:20 | 00,000,550 | ---- | C] ()
dlbtcur.dll -> C:\WINDOWS\System32\dlbtcur.dll -> [2004/06/14 10:21:46 | 00,114,688 | ---- | C] ()
dlbtjswr.dll -> C:\WINDOWS\System32\dlbtjswr.dll -> [2004/06/14 10:21:02 | 00,557,056 | ---- | C] ()
dlbtcu.dll -> C:\WINDOWS\System32\dlbtcu.dll -> [2004/06/14 10:15:48 | 00,069,632 | ---- | C] ()
dlbtutil.dll -> C:\WINDOWS\System32\dlbtutil.dll -> [2004/06/14 10:09:22 | 00,401,408 | ---- | C] ()
px.ini -> C:\WINDOWS\System32\px.ini -> [2004/03/26 16:59:22 | 00,000,000 | ---- | C] ()
dlbtvs.dll -> C:\WINDOWS\System32\dlbtvs.dll -> [2003/10/08 09:09:46 | 00,040,960 | ---- | C] ()
quartz.dll -> C:\WINDOWS\System32\quartz.dll -> [2003/05/30 09:00:02 | 01,288,192 | ---- | C] ()
qdvd.dll -> C:\WINDOWS\System32\qdvd.dll -> [2003/05/30 09:00:02 | 00,386,048 | ---- | C] ()
devenum.dll -> C:\WINDOWS\System32\devenum.dll -> [2003/05/30 09:00:02 | 00,059,904 | ---- | C] ()
OUTLPERF.INI -> C:\WINDOWS\System32\OUTLPERF.INI -> [2003/01/07 15:05:08 | 00,002,695 | ---- | C] ()
qedwipes.dll -> C:\WINDOWS\System32\qedwipes.dll -> [2002/12/12 00:14:32 | 00,733,696 | ---- | C] ()
qedit.dll -> C:\WINDOWS\System32\qedit.dll -> [2002/12/12 00:14:32 | 00,562,176 | ---- | C] ()
qdv.dll -> C:\WINDOWS\System32\qdv.dll -> [2002/12/12 00:14:32 | 00,279,040 | ---- | C] ()
qcap.dll -> C:\WINDOWS\System32\qcap.dll -> [2002/12/12 00:14:32 | 00,192,512 | ---- | C] ()
amstream.dll -> C:\WINDOWS\System32\amstream.dll -> [2002/12/12 00:14:32 | 00,070,656 | ---- | C] ()
mciqtz32.dll -> C:\WINDOWS\System32\mciqtz32.dll -> [2002/12/12 00:14:32 | 00,035,328 | ---- | C] ()
msdmo.dll -> C:\WINDOWS\System32\msdmo.dll -> [2002/12/12 00:14:32 | 00,014,336 | ---- | C] ()
WIN.INI -> C:\WINDOWS\WIN.INI -> [2002/09/03 08:59:58 | 00,002,260 | ---- | C] ()
CONTROL.INI -> C:\WINDOWS\CONTROL.INI -> [2002/09/03 08:59:58 | 00,000,000 | ---- | C] ()
ODBCINST.INI -> C:\WINDOWS\ODBCINST.INI -> [2002/09/03 08:59:14 | 00,004,161 | ---- | C] ()
VBADDIN.INI -> C:\WINDOWS\VBADDIN.INI -> [2002/09/03 08:56:20 | 00,000,037 | ---- | C] ()
VB.INI -> C:\WINDOWS\VB.INI -> [2002/09/03 08:56:20 | 00,000,036 | ---- | C] ()
system.ini -> C:\WINDOWS\system.ini -> [2002/09/03 08:50:58 | 00,000,227 | ---- | C] ()
ESENTPRF.INI -> C:\WINDOWS\System32\ESENTPRF.INI -> [2002/08/29 05:00:00 | 01,015,477 | ---- | C] ()
dxmasf.dll -> C:\WINDOWS\System32\dxmasf.dll -> [2002/08/29 05:00:00 | 00,498,742 | ---- | C] ()
sbe.dll -> C:\WINDOWS\System32\sbe.dll -> [2002/08/29 05:00:00 | 00,270,848 | ---- | C] ()
compatui.dll -> C:\WINDOWS\System32\compatui.dll -> [2002/08/29 05:00:00 | 00,252,928 | ---- | C] ()
IR32_32.DLL -> C:\WINDOWS\System32\IR32_32.DLL -> [2002/08/29 05:00:00 | 00,199,168 | ---- | C] ()
encdec.dll -> C:\WINDOWS\System32\encdec.dll -> [2002/08/29 05:00:00 | 00,186,880 | ---- | C] ()
PAQSP.DLL -> C:\WINDOWS\System32\PAQSP.DLL -> [2002/08/29 05:00:00 | 00,157,696 | ---- | C] ()
MSENCODE.DLL -> C:\WINDOWS\System32\MSENCODE.DLL -> [2002/08/29 05:00:00 | 00,094,282 | ---- | C] ()
tcpmon.ini -> C:\WINDOWS\System32\tcpmon.ini -> [2002/08/29 05:00:00 | 00,053,478 | ---- | C] ()
KEY01.SYS -> C:\WINDOWS\System32\KEY01.SYS -> [2002/08/29 05:00:00 | 00,042,809 | ---- | C] ()
KEYBOARD.SYS -> C:\WINDOWS\System32\KEYBOARD.SYS -> [2002/08/29 05:00:00 | 00,042,537 | ---- | C] ()
ntio411.sys -> C:\WINDOWS\System32\ntio411.sys -> [2002/08/29 05:00:00 | 00,035,648 | ---- | C] ()
ntio412.sys -> C:\WINDOWS\System32\ntio412.sys -> [2002/08/29 05:00:00 | 00,035,424 | ---- | C] ()
ntio804.sys -> C:\WINDOWS\System32\ntio804.sys -> [2002/08/29 05:00:00 | 00,034,560 | ---- | C] ()
ntio404.sys -> C:\WINDOWS\System32\ntio404.sys -> [2002/08/29 05:00:00 | 00,034,560 | ---- | C] ()
ntio.sys -> C:\WINDOWS\System32\ntio.sys -> [2002/08/29 05:00:00 | 00,033,840 | ---- | C] ()
NTDOS411.SYS -> C:\WINDOWS\System32\NTDOS411.SYS -> [2002/08/29 05:00:00 | 00,029,370 | ---- | C] ()
NTDOS412.SYS -> C:\WINDOWS\System32\NTDOS412.SYS -> [2002/08/29 05:00:00 | 00,029,274 | ---- | C] ()
NTDOS804.SYS -> C:\WINDOWS\System32\NTDOS804.SYS -> [2002/08/29 05:00:00 | 00,029,146 | ---- | C] ()
NTDOS404.SYS -> C:\WINDOWS\System32\NTDOS404.SYS -> [2002/08/29 05:00:00 | 00,029,146 | ---- | C] ()
NTDOS.SYS -> C:\WINDOWS\System32\NTDOS.SYS -> [2002/08/29 05:00:00 | 00,027,866 | ---- | C] ()
COUNTRY.SYS -> C:\WINDOWS\System32\COUNTRY.SYS -> [2002/08/29 05:00:00 | 00,027,097 | ---- | C] ()
TSD32.DLL -> C:\WINDOWS\System32\TSD32.DLL -> [2002/08/29 05:00:00 | 00,015,360 | ---- | C] ()
WIN87EM.DLL -> C:\WINDOWS\System32\WIN87EM.DLL -> [2002/08/29 05:00:00 | 00,013,312 | ---- | C] ()
TSLABELS.INI -> C:\WINDOWS\System32\TSLABELS.INI -> [2002/08/29 05:00:00 | 00,013,223 | ---- | C] ()
RSVP.INI -> C:\WINDOWS\System32\RSVP.INI -> [2002/08/29 05:00:00 | 00,012,082 | ---- | C] ()
ANSI.SYS -> C:\WINDOWS\System32\ANSI.SYS -> [2002/08/29 05:00:00 | 00,009,029 | ---- | C] ()
PSCHDPRF.INI -> C:\WINDOWS\System32\PSCHDPRF.INI -> [2002/08/29 05:00:00 | 00,006,877 | ---- | C] ()
HIMEM.SYS -> C:\WINDOWS\System32\HIMEM.SYS -> [2002/08/29 05:00:00 | 00,004,768 | ---- | C] ()
msdxmlc.dll -> C:\WINDOWS\System32\msdxmlc.dll -> [2002/08/29 05:00:00 | 00,004,126 | ---- | C] ()
RASCTRS.INI -> C:\WINDOWS\System32\RASCTRS.INI -> [2002/08/29 05:00:00 | 00,003,458 | ---- | C] ()
PERFCI.INI -> C:\WINDOWS\System32\PERFCI.INI -> [2002/08/29 05:00:00 | 00,002,891 | ---- | C] ()
PERFWCI.INI -> C:\WINDOWS\System32\PERFWCI.INI -> [2002/08/29 05:00:00 | 00,002,732 | ---- | C] ()
MSDTCPRF.INI -> C:\WINDOWS\System32\MSDTCPRF.INI -> [2002/08/29 05:00:00 | 00,001,931 | ---- | C] ()
MSDFMAP.INI -> C:\WINDOWS\MSDFMAP.INI -> [2002/08/29 05:00:00 | 00,001,405 | ---- | C] ()
PERFFILT.INI -> C:\WINDOWS\System32\PERFFILT.INI -> [2002/08/29 05:00:00 | 00,001,152 | ---- | C] ()
PRODSPEC.INI -> C:\WINDOWS\System32\PRODSPEC.INI -> [2002/08/29 05:00:00 | 00,000,343 | ---- | C] ()
e100bmsg.dll -> C:\WINDOWS\System32\e100bmsg.dll -> [1980/01/01 00:00:00 | 00,012,288 | ---- | C] ()
< End of report >
[/code]
 
Hi

do not see anything unusual :scratch: , let´s run mbam again

Malwarebytes' Anti-Malware

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

2 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

3 - Status Check
Please reply with


1. the Malwarebytes' Anti-Malware Log
2. a fresh HijackThis log
description of any problems you are having with your PC

Thanks peku006
 
Hi peku006

OK - this time I tried running MBAM while logged in to the user profile where we were still having problems. MBAM found 8 problems and says it successfully removed the 8 issues (see log file below). When the computer restarted I was finally able to change the wallpaper settings again, and most things seem OK. However, in the system tray we still have a red circled "X" that says (when I mouse over the icon) that we have exceeded the profile storage settings. I tried running the "Fix policies" command you had me download, but that did not solve the problem.
Other than the profile storage message I cannot find any other noticeable problems with the computer at this time

The MBAM and HJT logs are included below.

Thanks!

Ryan



Malwarebytes' Anti-Malware 1.41
Database version: 3245
Windows 5.1.2600 Service Pack 3

27/11/2009 9:11:28 PM
mbam-log-2009-11-27 (21-11-28).txt

Scan type: Full Scan (C:\|H:\|)
Objects scanned: 239977
Time elapsed: 1 hour(s), 54 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 3
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\WINID (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qowtcson (Trojan.FakeAlert.N) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:38:37 PM, on 27/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\proquota.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Anne\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
O2 - BHO: Sophos Web Content Scanner - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.mypublisher.com
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll
O18 - Protocol: intu-qt2008 - {05E53CE9-66C8-4A9E-A99F-FDB7A8E7B596} - C:\Program Files\QuickTax 2008\ic2008pp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\System32\dlbtcoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe

--
End of file - 7742 bytes
 
peku006

Thanks! Glad to hear everything looks clean. However, I could follow th instructions at the link. I could not find the file "system.adm", and when I tried to find the "Active Directory Users and Computer" I received a message that it was not installed on my machine. The error message indicated that either I was running a 64 bit version of XP, or the file had been removed or corrupted.

Anything else I can / should try to fix this? Or would it be simpler to just delete that user profile and create a new profile?

Thanks again.
 
Hi Ryan

At this stage your machine looks to be clean of malware, so the problems you are experiencing are not likely to be malware related. I think the best and fastest solution for you is to post on a PC troubleshooting forum like the Browsers, Internet & email forum at WhatTheTech. They specialize in handling problems like this so you are certain to get expert assistance and a speedy resolution is very likely.

I'm sorry that I could not be of more help to you, and I wish you the best of luck with solving your computer problems. If you have any questions or require any other assistance please let me know.

peku006
 
Hi Ryan

Your log now appears to be clean. Congratulations! :yahoo:

To remove all of the tools we used and the files and folders they created do the following:

Delete Security Check and FixPolicies from your desktop.

MBAM can be uninstalled via control panel add/remove but it may be a useful tool to keep ......Malwarebytes' Anti-Malware Scanning Guide.

Download OTC by Old Timer and save it to your Desktop.

  • Double-click OTC.exe
  • Click the CleanUp! button
  • Select Yes when the Begin cleanup Process? Prompt appears
  • If you are prompted to Reboot during the cleanup, select Yes
  • The tool will delete itself once it finishes, if not delete it by yourself

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Disable and Enable System Restore-WINDOWS XP
This is a good time to clear your existing system restore points and establish a new clean restore point:

Turn off System Restore
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore.
  • Click Apply, and then click OK.
  • Reboot.
Turn ON System Restore
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • UN-Check *Turn off System Restore*.
  • Click Apply, and then click OK.
This will remove all restore points except the new one you just created.

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Visit Microsoft often to get the latest updates for your computer.
http://www.update.microsoft.com

Here are some things that I think are worth having a look at if you don't already know a bout them:.

Spybot Search and Destroy
Download it from here. Just choose a mirror and off you go.
Find here the tutorial on how to use Spybot properly here

SpyWare Blaster
Download it from here
Find here the tutorial on how to use Spyware Blaster here

WinPatrol
Download it from here
Here you can find information about how WinPatrol works here

FireTrust SiteHound
You can find information and download it from here

MVPS Hosts File from here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
Find Tutorial here : http://www.mvps.org/winhelp2002/hosts.htm

Please check out Tony Klein's article "How did I get infected in the first place?"

Read some information here how to prevent Malware.


Happy safe surfing! :bigthumb:
 
You must log in or register to reply here.
Back
Top