Free Malware Removal Forum

by **tdml694** » September 16th, 2009, 10:50 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:13:09 PM, on 9/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\ehome\ehSched.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashChest.exe
D:\Program Files\Mozilla Firefox 3.5 Beta 4\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customi ... ch/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: ymetray.lnk = D:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {88C95CE5-4B08-47F5-899E-7FA0C5A4529B} - http://ipinviewer.lunarpages.com/LiteSu ... tSetup.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/sbc/TrueInstallSBC.exe
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - D:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1c9979e50768e86) (gupdate1c9979e50768e86) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

--
End of file - 11312 bytes

by **MWR 3 day Mod** » September 20th, 2009, 4:53 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.

by **Dakeyras** » September 21st, 2009, 5:50 pm

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hi tdml694 and welcome to Malware Removal

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:

I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for this issue on this machine!.
The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
If you don't know, stop and ask! Don't keep going on.
Please reply to this thread. Do not start a new topic.
Refrain from running self fixes as this will hinder the malware removal process.
It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

Next:

Please re-open HiJackThis and select Do a system scan only. Check the boxes next to all the entries listed below (if present):

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customi ... ch/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone

Now click on Fix Checked. Close HiJackThis.

Next:

Now click on Start >> Run and type cleanmgr in the box and press OK.

Ensure the boxes for Temporary Files, Temporary Internet Files and Recycle Bin are checked.
You can choose to check other boxes if you wish but they are not required.
Click on OK then Yes.
Now Reboot(restart) your computer.

Scan with GMER:

Please download GMER Rootkit Scanner from here.

Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO

Click the image to enlarge it
In the right panel, you will see several boxes that have been checked. Uncheck the following ...
- Sections
- IAT/EAT
- Drives/Partition other than Systemdrive (typically C:\)
- Show All (don't miss this one)
Then click the Scan button & wait for it to finish
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
Save it where you can easily find it, such as your desktop, and post it in reply

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Note: Do not run any programs while Gmer is running.

Scan with RSIT:

Please download Random's System Information Tool by random/random from here and save it to your desktop.

Make sure that RSIT.exe is on the your Desktop before running the application!

Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open:
- log.txt will be opened maximized.
- info.txt will be opened minimized.
Please post the contents of both log.txt and info.txt.

Note: Both logs can also be located within this folder rsit at the root of your installed Hard-Drive. EG: C:\rsit

When completed the above, please post back the following in the order asked for:

How is you computer performing now, any further symptoms and or problems encountered?
Gmer Log.
Both RSIT logs. <-- Post them individually please, IE: one Log per post/reply.

by **tdml694** » September 22nd, 2009, 10:04 pm

Having issues in a couple different areas.
1. Items have disappeared on the left side of the menu above "All Programs" when I click the "Start" button.
2. C drive capacity is 15 gb, D drive capacity is 143 gb. I had 1.2 gb of space available on the C drive and attempted to load a 224 mb HP printer software package for an all-in-one unit and halfway through the install computer said I don't have enough memory available to complete the install. I checked the C drive properties and found only 122 mb of space left available. (HP software did not install, I canceled out of install)
3. Cannot access the Recycle Bin
4. Attempted to install RSIT software package. Started to load then I got the following error message:

RSIT
AutoIt Error
Line-1:
Error; Subscript used with non-Array variable

Here is the GMER log:

GMER 1.0.15.15087 - http://www.gmer.net
Rootkit scan 2009-09-22 21:14:30
Windows 5.1.2600 Service Pack 3
Running: imm2wdsi.exe; Driver: C:\WINDOWS\TEMP\pxtdrpow.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB42F86B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB42F8574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB42F8A52]
SSDT IPVNMon.sys (IPVNMon/Visual Networks) ZwDeviceIoControlFile [0xF795E25D]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB42F814C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB42F864E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB42F808C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB42F80F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB42F876E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB42F872E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB42F88AE]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip aswRdr.SYS (avast! TDI RDR Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp aswRdr.SYS (avast! TDI RDR Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp aswRdr.SYS (avast! TDI RDR Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \FileSystem\Cdfs \Cdfs AA70A400
Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- EOF - GMER 1.0.15 ----

by **Dakeyras** » September 23rd, 2009, 9:02 am

Hi.

Having issues in a couple different areas.

OK no problem, we will address all in due course. :thumbup:

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

Please go here[/color] and download ERUNT.
ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
Double click on erunt-setup.exe to Install ERUNT by following the prompts.
Use the default install settings but say no to the portion that asks you to add ERUNT to the Start-Up folder. You can enable this option later if you wish.
Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
Make sure that at least the first two check boxes are selected.
Click on OK
Then click on YES to create the folder.

Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe

FixPolicies:

Please download to your Desktop FixPolicies.exe, a self-extracting ZIP archive from here.

Double-click FixPolicies.exe.
Click the "Install" button on the bottom toolbar of the box that will open.
The program will create a new Folder called FixPolicies.
Double-click to Open the new Folder, and then double-click the file within: Fix_Policies.cmd.
A black box should briefly appear and then close.
Leave FixPolicies on your desktop please until I otherwise advise, thank you.

Next:

Please download OTL and save it to your Desktop.

Double-click on OTL.exe to start the application.
Under Output, ensure that Minimal Output is selected.
Under Extra Registry section, select Use SafeList.
Click the Scan All Users checkbox.
Click on Run Scan at the top left hand corner.
When done, two Notepad files will open.
- OTListIt.txt <-- Will be opened
- Extra.txt <-- Will be minimized
Please post the contents of these 2 Notepad files in your next reply.

When completed the above, please post back the following in the order asked for:

How is you computer performing now, any further symptoms and or problems encountered?
Both OTL logs. <-- Post them individually please, IE: one Log per post/reply.

by **tdml694** » September 24th, 2009, 9:53 pm

OTL logfile created on: 9/24/2009 9:46:45 PM - Run 1
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Documents and Settings\Tony.ADR\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: | Country: | Language: | Date Format:

2.00 Gb Total Physical Memory | 1.45 Gb Available Physical Memory | 72.70% Memory free
2.83 Gb Paging File | 2.38 Gb Available in Paging File | 84.02% Paging File free
Paging file location(s): D:\pagefile.sys 1000 1000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 13.97 Gb Total Space | 2.40 Gb Free Space | 17.17% Space Free | Partition Type: NTFS
Drive D: | 133.41 Gb Total Space | 75.46 Gb Free Space | 56.56% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 465.65 Gb Total Space | 350.49 Gb Free Space | 75.27% Space Free | Partition Type: FAT32

Computer Name: ADR
Current User Name: Tony
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\WINDOWS\ehome\ehSched.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\WINDOWS\System32\HPZipm12.exe (HP)
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
PRC - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe (Sony Corporation)
PRC - C:\WINDOWS\System32\wdfmgr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - D:\Program Files\Mozilla Firefox 3.5 Beta 4\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\Tony.ADR\My Documents\Downloads\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ehSched [Auto | Running]) -- C:\WINDOWS\ehome\ehSched.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (gupdate1c9979e50768e86 [Auto | Stopped]) -- File not found
SRV - (gusvc [On_Demand | Stopped]) -- File not found
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Stopped]) -- File not found
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\System32\HPZipm12.exe (HP)
SRV - (QBCFMonitorService [Auto | Running]) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (QBFCService [On_Demand | Stopped]) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (SNDSrvc [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
SRV - (SonicStageMonitoring [Auto | Running]) -- C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe (Sony Corporation)
SRV - (SPTISRV [On_Demand | Stopped]) -- File not found
SRV - (UMWdf [Auto | Running]) -- C:\WINDOWS\System32\wdfmgr.exe (Microsoft Corporation)
SRV - (VAIOMediaPlatform-MusicServer-AppServer [Auto | Running]) -- C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-MusicServer-HTTP [Auto | Running]) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-MusicServer-UPnP [Auto | Running]) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-PhotoServer-AppServer [Auto | Running]) -- C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-PhotoServer-HTTP [Auto | Running]) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-PhotoServer-UPnP [Auto | Running]) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-VideoServer-AppServer [Auto | Running]) -- C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-VideoServer-HTTP [Auto | Running]) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-VideoServer-UPnP [Auto | Running]) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)

========== Driver Services (SafeList) ==========

DRV - (Aavmker4 [System | Running]) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (AgereSoftModem [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\AGRSM.sys (Agere Systems)
DRV - (aswFsBlk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV - (aswMon2 [Auto | Running]) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswRdr [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswSP [System | Running]) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswTdi [System | Running]) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (ati2mtag [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (AVC1200 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\CA506AV.SYS (Sunplus Technology Co. LTD.)
DRV - (ca506aaf [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\ca506aaf.sys (Sunplus Technology Co., Ltd.)
DRV - (Cdr4_xp [System | Running]) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (Cdralw2k [System | Running]) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (ctac32k [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (ctaud2k [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (ctprxy2k [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ctsfm2k [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (DLABOIOM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLACDBHM [System | Running]) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLADResN [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLAIFS_M [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLAOPIOM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLARTL_N [System | Running]) -- C:\WINDOWS\System32\Drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (DLAUDFAM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DMICall [System | Running]) -- C:\WINDOWS\System32\DRIVERS\DMICall.sys (Sony Corporation)
DRV - (DRVMCDB [Boot | Running]) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DRVNDDM [Auto | Running]) -- C:\WINDOWS\System32\Drivers\DRVNDDM.SYS (Sonic Solutions)
DRV - (E1000 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\e1000325.sys (Intel Corporation)
DRV - (emupia [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (gameenum [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys (Microsoft Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (ha10kx2k [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys (HP)
DRV - (IrBus [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\IrBus.sys (Microsoft Corporation)
DRV - (NuidFltr [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\NuidFltr.sys (Microsoft Corporation)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (ossrv [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (Point32 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\point32.sys (Microsoft Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys (Sonic Solutions)
DRV - (rtl8139 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation)
DRV - (SbcpHid [System | Running]) -- C:\WINDOWS\System32\Drivers\SbcpHid.sys ()
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (smrt [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\smrt.sys (Sony Corporation)
DRV - (SonyLSM [Boot | Running]) -- C:\WINDOWS\System32\Drivers\SonyLSM.sys (Sony Corporation)
DRV - (SYMDNS [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS (Symantec Corporation)
DRV - (SymEvent [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SYMFW [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS (Symantec Corporation)
DRV - (SYMIDS [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS (Symantec Corporation)
DRV - (SYMNDIS [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS (Symantec Corporation)
DRV - (SYMREDRV [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMTDI [System | Running]) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (wanatw [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys (America Online, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customi ... ch/ie.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/14 03:02:30 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: D:\Program Files\Mozilla Firefox 3.5 Beta 4\components [2009/09/09 19:42:27 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: D:\Program Files\Mozilla Firefox 3.5 Beta 4\plugins [2009/09/02 22:58:44 | 00,000,000 | ---D | M]

[2009/05/03 00:43:12 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2007/09/17 08:20:47 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2008/01/29 23:38:43 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/06/07 01:03:57 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008/09/04 21:32:04 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/01/11 23:01:40 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/01/11 23:01:22 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2007/12/19 08:57:38 | 00,310,272 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
[2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2006/01/18 12:50:00 | 00,319,488 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsnapfish.dll

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (SidebarAutoLaunch Class) - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp File not found
O4 - HKLM..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe (Easy Systems Japan Ltd.)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] D:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [SetDefaultMidi] C:\WINDOWS\MIDIDEF.EXE (Creative Technology Ltd)
O4 - HKU\S-1-5-19..\RunOnce: [tscuninstall] C:\WINDOWS\System32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [SetDefaultMidi] C:\WINDOWS\MIDIDEF.EXE (Creative Technology Ltd)
O4 - HKU\S-1-5-20..\RunOnce: [tscuninstall] C:\WINDOWS\System32\tscupgrd.exe (Microsoft Corporation)
O4 - Startup: File not found
O4 - Startup: C:\Documents and Settings\Administrator\Cookies [2007/06/28 19:45:24 | 00,000,000 | --SD | M]
O4 - Startup: C:\Documents and Settings\Administrator\Desktop [2003/09/16 17:16:50 | 00,000,000 | ---D | M]
O4 - Startup: File not found
O4 - Startup: File not found
O4 - Startup: C:\Documents and Settings\Administrator\NetHood [2003/09/16 06:34:24 | 00,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Administrator\ntuser.dat ()
O4 - Startup: C:\Documents and Settings\Administrator\NTUSER.DAT.LOG ()
O4 - Startup: C:\Documents and Settings\Administrator\ntuser.ini ()
O4 - Startup: C:\Documents and Settings\Administrator\PrintHood [2003/09/16 06:34:24 | 00,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Administrator\Recent [2009/09/09 22:27:14 | 00,000,000 | RH-D | M]
O4 - Startup: C:\Documents and Settings\Administrator\SendTo [2003/09/16 13:44:27 | 00,000,000 | RH-D | M]
O4 - Startup: File not found
O4 - Startup: C:\Documents and Settings\Administrator\Templates [2003/09/16 13:37:20 | 00,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Administrator\UserData [2009/08/27 14:34:13 | 00,000,000 | --SD | M]
O4 - Startup: File not found
O4 - Startup: C:\Documents and Settings\All Users\Desktop [2009/09/16 23:57:01 | 00,000,000 | ---D | M]
O4 - Startup: C:\Documents and Settings\All Users\Documents [2009/01/12 00:35:55 | 00,000,000 | R--D | M]
O4 - Startup: C:\Documents and Settings\All Users\DRM [2009/09/09 22:25:28 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Documents and Settings\All Users\Favorites [2006/11/19 14:32:46 | 00,000,000 | ---D | M]
O4 - Startup: File not found
O4 - Startup: C:\Documents and Settings\All Users\Templates [2008/06/07 01:04:37 | 00,000,000 | -H-D | M]
O4 - Startup: File not found
O4 - Startup: C:\Documents and Settings\Default User\Cookies [2003/09/16 13:39:32 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Documents and Settings\Default User\Desktop [2003/09/16 17:16:50 | 00,000,000 | ---D | M]
O4 - Startup: C:\Documents and Settings\Default User\Favorites [2005/09/17 23:45:27 | 00,000,000 | R--D | M]
O4 - Startup: File not found
O4 - Startup: File not found
O4 - Startup: C:\Documents and Settings\Default User\NetHood [2003/09/16 06:34:24 | 00,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Default User\NTUSER.DAT ()
O4 - Startup: C:\Documents and Settings\Default User\ntuser.ini ()
O4 - Startup: C:\Documents and Settings\Default User\PrintHood [2003/09/16 06:34:24 | 00,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Default User\Recent [2009/09/09 22:27:14 | 00,000,000 | RH-D | M]
O4 - Startup: C:\Documents and Settings\Default User\SendTo [2003/09/16 13:44:27 | 00,000,000 | RH-D | M]
O4 - Startup: File not found
O4 - Startup: C:\Documents and Settings\Default User\Templates [2003/09/16 13:37:20 | 00,000,000 | -H-D | M]
O4 - Startup: File not found
O4 - Startup: C:\Documents and Settings\LocalService\Cookies [2008/07/31 22:04:48 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Documents and Settings\LocalService\IETldCache [2009/07/07 22:30:58 | 00,000,000 | -HSD | M]
O4 - Startup: File not found
O4 - Startup: C:\Documents and Settings\LocalService\NTUSER.DAT ()
O4 - Startup: C:\Documents and Settings\LocalService\NTUSER.dat.LOG ()
O4 - Startup: C:\Documents and Settings\LocalService\ntuser.ini ()
O4 - Startup: File not found
O4 - Startup: File not found
O4 - Startup: C:\Documents and Settings\Michelle\Cookies [2009/09/20 20:54:43 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Documents and Settings\Michelle\Desktop [2003/11/30 13:58:17 | 00,000,000 | ---D | M]
O4 - Startup: C:\Documents and Settings\Michelle\Favorites [2009/08/10 09:47:44 | 00,000,000 | R--D | M]
O4 - Startup: C:\Documents and Settings\Michelle\IETldCache [2009/08/10 09:47:19 | 00,000,000 | -HSD | M]
O4 - Startup: File not found
O4 - Startup: File not found
O4 - Startup: C:\Documents and Settings\Michelle\NetHood [2003/09/16 06:34:24 | 00,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Michelle\ntuser.dat ()
O4 - Startup: C:\Documents and Settings\Michelle\ntuser.dat.LOG ()
O4 - Startup: C:\Documents and Settings\Michelle\ntuser.ini ()
O4 - Startup: C:\Documents and Settings\Michelle\PrintHood [2003/09/16 06:34:24 | 00,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Michelle\Recent [2009/09/20 21:05:26 | 00,000,000 | RH-D | M]
O4 - Startup: C:\Documents and Settings\Michelle\SendTo [2003/09/16 13:44:27 | 00,000,000 | RH-D | M]
O4 - Startup: File not found
O4 - Startup: C:\Documents and Settings\Michelle\Templates [2003/09/16 13:37:20 | 00,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Michelle\WINDOWS [2003/11/29 11:37:47 | 00,000,000 | ---D | M]
O4 - Startup: File not found
O4 - Startup: C:\Documents and Settings\NetworkService\Cookies [2008/02/17 18:18:00 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Documents and Settings\NetworkService\IETldCache [2009/07/06 08:22:12 | 00,000,000 | -HSD | M]
O4 - Startup: File not found
O4 - Startup: C:\Documents and Settings\NetworkService\NTUSER.DAT ()
O4 - Startup: C:\Documents and Settings\NetworkService\NTUSER.dat.LOG ()
O4 - Startup: C:\Documents and Settings\NetworkService\ntuser.ini ()
O4 - Startup: File not found
O4 - Startup: C:\Documents and Settings\TEMP\Cookies [2009/09/09 17:15:46 | 00,000,000 | ---D | M]
O4 - Startup: C:\Documents and Settings\TEMP\Desktop [2009/09/09 17:16:00 | 00,000,000 | ---D | M]
O4 - Startup: C:\Documents and Settings\TEMP\Favorites [2009/09/09 17:22:32 | 00,000,000 | R--D | M]
O4 - Startup: File not found
O4 - Startup: File not found
O4 - Startup: C:\Documents and Settings\TEMP\Recent [2009/09/09 17:22:25 | 00,000,000 | RH-D | M]
O4 - Startup: C:\Documents and Settings\TEMP\SendTo [2009/09/09 17:22:27 | 00,000,000 | -H-D | M]
O4 - Startup: File not found
O4 - Startup: C:\Documents and Settings\TEMP\ÜQé ()
O4 - Startup: File not found
O4 - Startup: C:\Documents and Settings\Tony\Contacts [2008/01/16 19:29:22 | 00,000,000 | ---D | M]
O4 - Startup: C:\Documents and Settings\Tony\Cookies [2009/09/06 00:51:19 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Documents and Settings\Tony\default.pls ()
O4 - Startup: C:\Documents and Settings\Tony\Desktop [2009/09/09 22:27:14 | 00,000,000 | ---D | M]
O4 - Startup: C:\Documents and Settings\Tony\Favorites [2009/06/21 10:10:00 | 00,000,000 | R--D | M]
O4 - Startup: C:\Documents and Settings\Tony\IECompatCache [2009/07/07 23:03:52 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Documents and Settings\Tony\IETldCache [2009/07/06 00:57:56 | 00,000,000 | -HSD | M]
O4 - Startup: File not found
O4 - Startup: File not found
O4 - Startup: C:\Documents and Settings\Tony\NetHood [2003/09/16 06:34:24 | 00,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Tony\ntuser.dat ()
O4 - Startup: C:\Documents and Settings\Tony\NTUSER.DAT.LOG ()
O4 - Startup: C:\Documents and Settings\Tony\ntuser.ini ()
O4 - Startup: C:\Documents and Settings\Tony\PrintHood [2003/09/16 06:34:24 | 00,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Tony\PrivacIE [2009/07/07 22:28:38 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Documents and Settings\Tony\Recent [2009/09/08 23:23:14 | 00,000,000 | RH-D | M]
O4 - Startup: C:\Documents and Settings\Tony\reference form0001.txt ()
O4 - Startup: C:\Documents and Settings\Tony\reglog.txt ()
O4 - Startup: C:\Documents and Settings\Tony\SendTo [2008/02/21 00:36:52 | 00,000,000 | RH-D | M]
O4 - Startup: File not found
O4 - Startup: C:\Documents and Settings\Tony\Templates [2003/09/16 13:37:20 | 00,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Tony\UserData [2003/11/30 17:11:58 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Documents and Settings\Tony\WINDOWS [2003/12/02 20:56:04 | 00,000,000 | ---D | M]
O4 - Startup: File not found
O4 - Startup: C:\Documents and Settings\Tony.ADR\Cookies [2009/09/09 18:59:13 | 00,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Tony.ADR\Desktop [2009/09/24 21:43:06 | 00,000,000 | ---D | M]
O4 - Startup: C:\Documents and Settings\Tony.ADR\Favorites [2009/09/09 21:53:03 | 00,000,000 | R--D | M]
O4 - Startup: File not found
O4 - Startup: C:\Documents and Settings\Tony.ADR\LuResult.txt ()
O4 - Startup: File not found
O4 - Startup: C:\Documents and Settings\Tony.ADR\ntuser.dat ()
O4 - Startup: C:\Documents and Settings\Tony.ADR\ntuser.dat.LOG ()
O4 - Startup: C:\Documents and Settings\Tony.ADR\ntuser.ini ()
O4 - Startup: C:\Documents and Settings\Tony.ADR\Recent [2009/09/09 19:36:47 | 00,000,000 | RH-D | M]
O4 - Startup: File not found
O4 - Startup: C:\Documents and Settings\Tony.ADR\Templates [2009/09/09 18:59:13 | 00,000,000 | -H-D | M]
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www.costcophotocenter.com/CostcoActivia.cab (Snapfish Activia)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://www.nick.com/common/groove/gx/GrooveAX27.cab (Reg Error: Key error.)
O16 - DPF: {88C95CE5-4B08-47F5-899E-7FA0C5A4529B} http://ipinviewer.lunarpages.com/LiteSu ... tSetup.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} http://download.yahoo.com/dl/installs/ymail/ymmapi.dll (YahooYMailTo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/fl ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} http://www.trueswitch.com/sbc/TrueInstallSBC.exe (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.0.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - Reg Error: Key error. File not found
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - Reg Error: Value error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - D:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - Reg Error: Key error. File not found
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - Reg Error: Key error. File not found
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - Reg Error: Key error. File not found
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - Reg Error: Key error. File not found
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - Reg Error: Key error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/09/09 03:26:17 | 00,000,055 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/09/09 03:26:17 | 00,000,055 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2002/01/05 14:19:30 | 00,000,000 | ---D | M] - K:\autorun -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/09/24 21:39:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/09/24 21:35:42 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/09/22 23:03:45 | 00,005,632 | ---- | C] () -- C:\Documents and Settings\Tony.ADR\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/22 21:35:26 | 00,000,000 | ---D | C] -- C:\temp
[2009/09/22 21:18:49 | 00,000,000 | ---D | C] -- C:\rsit
[2009/09/21 23:10:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tony.ADR\Local Settings\Application Data\Adobe
[2009/09/16 22:10:24 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/09/15 07:44:10 | 00,000,702 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\Desktop\Microsoft Works.LNK
[2009/09/14 21:57:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tony.ADR\Local Settings\Application Data\IsolatedStorage
[2009/09/13 13:33:08 | 01,089,593 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2009/09/13 03:17:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/09/13 03:17:10 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/09/13 03:16:56 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/09/13 03:15:42 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2009/09/13 03:15:42 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2009/09/13 03:15:42 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2009/09/13 03:15:41 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsshhdr.dll
[2009/09/13 03:15:41 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2009/09/13 03:15:40 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2009/09/13 03:15:40 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2009/09/13 03:15:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2009/09/12 10:53:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tony.ADR\Local Settings\Application Data\HP
[2009/09/12 10:53:39 | 00,000,131 | ---- | C] () -- C:\Documents and Settings\Tony.ADR\Local Settings\Application Data\fusioncache.dat
[2009/09/12 10:53:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tony.ADR\Local Settings\Application Data\ApplicationHistory
[2009/09/12 03:08:15 | 04,322,612 | -H-- | C] () -- C:\Documents and Settings\Tony.ADR\Local Settings\Application Data\IconCache.db
[2009/09/12 03:01:42 | 00,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2009/09/11 03:22:05 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\triedit.dll
[2009/09/11 00:09:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tony.ADR\Local Settings\Application Data\Intuit
[2009/09/10 21:24:17 | 00,000,382 | ---- | C] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2009/09/10 21:24:10 | 00,000,792 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Smart Defrag.lnk
[2009/09/09 22:44:15 | 00,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/09/09 22:44:14 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/09/09 22:44:13 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/09/09 22:44:12 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/09/09 22:44:10 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/09/09 22:44:08 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/09/09 22:44:08 | 00,094,160 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/09/09 22:44:08 | 00,093,392 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/09/09 22:44:08 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/09/09 22:43:47 | 01,279,456 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/09/09 22:43:47 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/09/09 22:43:41 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/09/09 22:25:38 | 00,000,000 | ---D | C] -- C:\IObit
[2009/09/09 21:53:02 | 00,000,874 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare.lnk
[2009/09/09 21:52:58 | 00,000,000 | ---D | C] -- C:\Program Files\IObit
[2009/09/09 19:42:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tony.ADR\Local Settings\Application Data\Mozilla
[2009/09/09 19:39:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tony.ADR\Local Settings\Application Data\Apple Computer
[2009/09/09 19:39:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tony.ADR\Local Settings\Application Data\Google
[2009/09/09 19:36:43 | 00,078,352 | ---- | C] () -- C:\Documents and Settings\Tony.ADR\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/09/09 17:22:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tony.ADR\Local Settings\Application Data\Microsoft
[2009/09/02 22:04:06 | 00,000,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Acrobat.com.lnk
[2009/09/02 22:04:04 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe
[2009/09/02 22:02:58 | 00,001,593 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/08/12 03:23:12 | 00,000,197 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/12/07 12:24:20 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/12/07 12:24:20 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/12/07 12:24:19 | 00,348,160 | ---- | C] () -- C:\WINDOWS\System32\cdga.dll
[2008/07/11 00:20:50 | 00,000,000 | ---- | C] () -- C:\WINDOWS\U12A_20e.INI
[2007/01/14 16:33:29 | 00,131,072 | R--- | C] () -- C:\WINDOWS\System32\SCCD3X01.DLL
[2007/01/14 16:33:29 | 00,090,112 | R--- | C] ( ) -- C:\WINDOWS\System32\SCCD3X02.DLL
[2006/12/15 19:27:50 | 00,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/10/19 22:26:23 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/18 15:37:50 | 00,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx12_ic.ini
[2006/09/18 15:37:48 | 00,667,280 | ---- | C] () -- C:\WINDOWS\System32\tx12.dll
[2006/04/15 00:43:32 | 00,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/04/13 00:00:01 | 00,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2005/10/20 23:30:44 | 00,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2005/10/05 00:26:51 | 00,004,487 | ---- | C] () -- C:\WINDOWS\System32\lmk8hoju.ini
[2005/04/24 22:41:47 | 00,000,000 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/04/03 15:00:11 | 00,014,379 | R--- | C] () -- C:\WINDOWS\TW5A.INI
[2005/03/14 19:03:19 | 00,000,041 | ---- | C] () -- C:\WINDOWS\IVSLite.ini
[2005/02/02 23:39:40 | 00,000,135 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/01/17 00:02:52 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/12/26 21:44:27 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2004/12/13 00:07:57 | 00,000,050 | ---- | C] () -- C:\WINDOWS\upst.ini
[2004/11/20 23:20:42 | 00,000,081 | ---- | C] () -- C:\WINDOWS\PARSONS.INI
[2004/05/24 19:51:42 | 00,000,049 | ---- | C] () -- C:\WINDOWS\upth.ini
[2004/05/24 19:51:42 | 00,000,024 | ---- | C] () -- C:\WINDOWS\atid.ini
[2004/02/25 22:46:38 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/02/23 21:17:57 | 00,000,307 | ---- | C] () -- C:\WINDOWS\FastBid1.ini
[2003/11/30 15:42:40 | 00,000,037 | ---- | C] () -- C:\WINDOWS\Viewer.ini
[2003/11/29 11:41:57 | 00,086,304 | ---- | C] () -- C:\WINDOWS\RHVIDEO.DLL
[2003/11/29 11:37:47 | 00,000,071 | ---- | C] () -- C:\WINDOWS\ART.INI
[2003/11/28 23:42:39 | 00,000,078 | ---- | C] () -- C:\WINDOWS\qwimp.ini
[2003/11/28 23:42:38 | 00,000,537 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2003/11/28 22:05:41 | 00,000,034 | ---- | C] () -- C:\WINDOWS\AUTHMGR.INI
[2003/11/26 08:10:18 | 00,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2003/11/25 23:31:05 | 00,000,196 | ---- | C] () -- C:\WINDOWS\EPSONCX6400.ini
[2003/11/20 20:24:27 | 00,000,396 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2003/11/20 19:50:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2003/11/12 04:54:00 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/09/16 17:10:05 | 00,001,184 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/09/16 17:05:05 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2003/09/16 17:03:25 | 00,262,416 | ---- | C] () -- C:\WINDOWS\System32\ASFV2.DLL
[2003/09/16 17:02:51 | 00,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[2003/09/16 15:15:13 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/09/16 13:30:49 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2003/09/16 13:30:43 | 00,126,976 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2003/09/16 13:30:26 | 00,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2003/09/16 13:30:26 | 00,052,992 | ---- | C] () -- C:\WINDOWS\System32\UPDDRV9X.DLL
[2003/09/16 13:30:22 | 00,005,503 | ---- | C] () -- C:\WINDOWS\System32\ctucom.ini
[2003/09/16 13:30:22 | 00,000,028 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2003/09/16 13:30:19 | 00,000,192 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2003/09/16 13:30:19 | 00,000,092 | ---- | C] () -- C:\WINDOWS\System32\editinf.ini
[2003/09/16 13:30:04 | 00,000,732 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/09/16 13:29:55 | 00,000,872 | ---- | C] () -- C:\WINDOWS\win.ini
[2003/09/16 13:29:53 | 00,000,227 | ---- | C] () -- C:\WINDOWS\SYSTEM.INI
[2003/08/11 04:07:40 | 00,565,248 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2003/07/14 15:30:28 | 00,197,120 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2003/03/27 17:28:44 | 00,004,955 | ---- | C] () -- C:\WINDOWS\System32\DProg.ini
[2002/07/22 13:25:00 | 00,794,624 | ---- | C] () -- C:\WINDOWS\System32\LTRTN13n.DLL
[2002/06/12 15:21:12 | 00,049,152 | R--- | C] () -- C:\WINDOWS\System32\winchip.dll
[2001/08/23 15:00:00 | 00,022,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys
[1999/01/22 19:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Files - Modified Within 30 Days ==========

[2009/09/24 21:22:00 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/09/24 06:22:00 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/09/22 23:04:06 | 00,000,135 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/09/22 23:04:00 | 00,005,632 | ---- | M] () -- C:\Documents and Settings\Tony.ADR\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/22 21:45:46 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/22 21:45:30 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/09/22 21:45:22 | 21,468,81536 | -HS- | M] () -- C:\hiberfil.sys
[2009/09/22 21:44:04 | 00,028,740 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-0000000A-00001102-00000004-00541102}.rfx
[2009/09/22 21:44:04 | 00,028,740 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-0000000A-00001102-00000004-00541102}.rfx
[2009/09/22 21:44:04 | 00,026,640 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000003-00000000-0000000A-00001102-00000004-00541102}.rfx
[2009/09/22 21:44:04 | 00,026,640 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000003-00000000-0000000A-00001102-00000004-00541102}.rfx
[2009/09/22 21:44:04 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2009/09/22 21:44:04 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2009/09/22 21:44:04 | 00,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000003-00000000-0000000A-00001102-00000004-00541102}.dat
[2009/09/22 21:44:04 | 00,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-0000000A-00001102-00000004-00541102}.dat
[2009/09/22 21:08:41 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/09/20 20:17:52 | 00,000,702 | ---- | M] () -- C:\WINDOWS\system32\config\systemprofile\Desktop\Microsoft Works.LNK
[2009/09/16 23:16:59 | 04,322,612 | -H-- | M] () -- C:\Documents and Settings\Tony.ADR\Local Settings\Application Data\IconCache.db
[2009/09/15 08:00:51 | 00,000,382 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2009/09/14 03:05:05 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/09/13 07:29:19 | 00,078,352 | ---- | M] () -- C:\Documents and Settings\Tony.ADR\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/09/13 03:37:45 | 00,274,168 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/09/13 03:24:42 | 00,501,054 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/09/13 03:24:42 | 00,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/09/13 03:24:42 | 00,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/09/12 10:53:39 | 00,000,131 | ---- | M] () -- C:\Documents and Settings\Tony.ADR\Local Settings\Application Data\fusioncache.dat
[2009/09/10 21:24:10 | 00,000,792 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Smart Defrag.lnk
[2009/09/10 07:25:42 | 00,002,341 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/09/09 22:44:15 | 00,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/09/09 22:44:08 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/09/09 21:53:02 | 00,000,874 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare.lnk
[2009/09/09 03:26:17 | 00,000,055 | RHS- | M] () -- C:\autorun.inf
[2009/09/02 22:04:06 | 00,000,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Acrobat.com.lnk
[2009/09/02 22:02:58 | 00,001,593 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/09/01 22:33:07 | 00,000,342 | ---- | M] () -- C:\WINDOWS\tasks\HP DArC Task #Hewlett-Packard#hp psc 2400 series#1233458999.job
[2009/08/28 17:38:20 | 24,689,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
< End of report >

by **tdml694** » September 24th, 2009, 10:02 pm

OTL Extras logfile created on: 9/24/2009 9:46:45 PM - Run 1
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Documents and Settings\Tony.ADR\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: | Country: | Language: | Date Format:

2.00 Gb Total Physical Memory | 1.45 Gb Available Physical Memory | 72.70% Memory free
2.83 Gb Paging File | 2.38 Gb Available in Paging File | 84.02% Paging File free
Paging file location(s): D:\pagefile.sys 1000 1000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 13.97 Gb Total Space | 2.40 Gb Free Space | 17.17% Space Free | Partition Type: NTFS
Drive D: | 133.41 Gb Total Space | 75.46 Gb Free Space | 56.56% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 465.65 Gb Total Space | 350.49 Gb Free Space | 75.27% Space Free | Partition Type: FAT32

Computer Name: ADR
Current User Name: Tony
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = YBrowser.HTML] -- C:\Program Files\Yahoo!\browser\ybrowser File not found

[HKEY_USERS\S-1-5-21-38917306-2780468815-807143145-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox 3.5 Beta 4\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- Reg Error: Key error.
http [open] -- C:\PROGRA~1\Yahoo!\browser\ybrowser.exe %1 File not found
https [open] -- C:\PROGRA~1\Yahoo!\browser\ybrowser.exe %1 File not found
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" File not found
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\PROGRA~1\Yahoo!\MESSEN~1\yserver.exe" = C:\PROGRA~1\Yahoo!\MESSEN~1\yserver.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\support.com\client\bin\tgcmd.exe" = C:\Program Files\support.com\client\bin\tgcmd.exe:*:Enabled:tgcmd Module -- (Support.com, Inc.)
"D:\Program Files\BearShare\BearShare.exe" = D:\Program Files\BearShare\BearShare.exe:*:Disabled:BearShare -- (Free Peers, Inc.)
"D:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe" = D:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe:*:Enabled:QuickBooks 2008 Data Manager -- (iAnywhere Solutions, Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"D:\Program Files\QuickTime\QuickTimePlayer.exe" = D:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player -- (Apple Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{002C9999-0000-0000-C000-000000000112}" = Microsoft Office Web Components
"{02F6993D-B763-4F40-8F93-2A9CD97586E3}" = Microsoft IntelliType Pro 6.3
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{092eeeee-9fdd-4895-a568-0818c96beb6c}" = AiO_Scan
"{097346E0-6A51-11D1-AD16-00A0C95E0503}(SBC)" = Visual IP InSight(SBC)
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{10B3936F-0E93-4431-8E7B-3FEA5DAC88C3}" = Garmin Communicator Plugin
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic UDF Reader
"{1CAD83B0-87A3-4206-BF70-644546808731}" = Overland
"{1EB317D8-8945-4FD6-B37F-DF470317C6AB}" = VAIO Media 2.6
"{27337663-2619-11D4-99DC-0000F49094C7}" = Memory Stick Formatter
"{2F1FD032-67D1-4569-923F-47EAF132BF0F}" = DocProc
"{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{366FFC89-C800-4366-B903-B9C4314109A5}" = Garmin WebUpdater
"{3B24B725-D81F-442D-8CE5-2AF05A4A4CC9}" = Music Visualizer Library 1.4.00
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{481E9852-DA0C-403B-ADA4-05D86C8BF9A9}" = Google Photos Screensaver
"{49672EC2-171B-47B4-8CE7-50D7806360D7}" = Windows Live Sign-in Assistant
"{4CB4F101-E61D-4BAB-BF11-5E65E467EAD6}" = IPIN Viewing System Lite Support Files
"{4D1D6640-CD43-4AD9-A52F-E48265DB28E0}" = VAIO BrightColor Wallpaper
"{4FB6F304-A91D-4919-98E5-D96E074EA9E5}" = SkinsHP1
"{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade
"{54DD126C-E5F5-404C-B4B7-66DF7FD4F2FF}" = MSSoap
"{54e854d5-d5d4-452d-9c75-b39f5625b5fb}" = Readme
"{59324A56-6450-47D1-87DE-E8CEB8EE74D0}" = Firmware upgrade utility 2.0C For Sony DW-U12A DVD-RW Drive
"{595D0DE8-C38A-4432-B851-47DECC1A99BD}" = HP Unload DLL Patch
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5ADF6293-D60F-4425-AFA7-CEB820DB872B}" = QuickProjects
"{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}" = iTunes
"{62F33B80-6244-4A70-A233-0DA13B640364}" = OpenMG Secure Module 3.2
"{642a22b1-7ab8-44b5-84b9-e58eecf8ece2}" = 2400_2500Help
"{66A9D30D-1464-4C7F-B2F3-507DADAF2595}" = Microsoft IntelliPoint 6.3
"{685BCC47-B8EC-45EC-BBCE-77DF2451502C}" = DVgate Plus
"{7128C69B-8F7E-4336-8698-3FD3CDD955EC}" = VAIO Media Redistribution 2.6
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}" = SonicStage 1.6.00
"{745A92AF-53B4-41A7-91C3-9B026B1D5897}" = InstantShare
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}" = overland
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7A79D11B-FD82-4A5E-834F-20173515DD14}" = VAIO Media Integrated Server 2.6
"{7DAEC492-75C6-4E09-9FD9-EF4D222C8F82}" = Socrates Media Product Browser
"{7F34A21F-2DEB-4598-BB19-611D6BD24271}" = Managed DirectX (0901)
"{829698DE-9EAC-475E-9A05-B7BA807CA1EF}" = Director
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{88DA0A52-3372-4803-971A-ADFB961707E8}" = PictureGear Studio 2.0
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster burn engine by Roxio
"{8ECB8220-F426-4BEB-9596-97033C533702}" = QuickBooks Premier: Contractor Edition 2008
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{909FDB94-8511-47D3-AF00-EEA27FA11E73}" = The Print Shop Home and Office Labels
"{939227BD-19D8-4684-8A04-31AC9F6A564C}" = Scan
"{93B80FB1-7A23-11D3-B250-00105A1F4184}" =
"{9441cb44-9729-4962-9ce1-c7752350fe52}" = 23_24_2500Tour
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98e3d87f-6946-468d-b34e-9f89ac8da70a}" = 2400
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD 4
"{9B953606-000E-491C-B74D-78ECFDD520A0}" = OpenMG Metadata Extractor for Windows Media Player
"{9F4EEA0C-7174-4BD3-89AF-7AB2F9F6AEDD}" = hpmdtab
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A363B66C-1547-47bf-90F0-3834E70A841A}" = CreativeProjects
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92A4DB0-CD37-42D1-BE1D-603D53C24328}" = Intel(R) Processor ID Utility
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B2AE44CB-2AAB-4C08-A54B-D264BD604DA8}" = Citrix Presentation Server Client
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{bb6cac2a-1fa0-471a-bc3c-ade699c39f3c}" = Fax
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{c330461f-c4a9-4fc7-af5d-c158e0b56aa7}" = AiOSoftware
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C38BC5B7-62D3-4880-82DD-A4803FD81921}" = PhotoGallery
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CA0A1E54-CE0F-4366-B09C-A87B61DC5633}" = Symantec Network Drivers Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD7D5804-C157-48A6-AEE0-4A40A4B5C054}" = VAIO System Information
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE4F8FFB-4063-4247-9F14-ECE61AFEFA25}" = TrayApp
"{CFD1B282-555D-494d-8231-4175C2AF08C2}" = PrintScreen
"{D0448678-1203-4158-A58F-B3D0B616BF9E}" = Sony Certificate PCH
"{D1D8C9C4-89BE-4f37-9EC4-B80E3C239C41}" = Copy
"{D545BB81-DEB0-49f7-BE26-197BC31AAF57}" = SkinsHP2
"{DDBB28C8-B2AA-45A1-8DCE-059A798509FB}" = MobileMe Control Panel
"{E4ABB302-9D82-4D18-83D5-AD1DFE786AA8}" = Unload
"{E68B38DE-D7DD-4FB3-A453-3F03A947EA8E}" = VAIO Help and Support
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{ec7d7a6a-31cb-4810-826f-74171bef44f1}" = AIOMinimal
"{f409f2fe-2567-446f-a220-e60cd7e016f4}" = 2400_2500trb
"{F91E1833-2D7C-4725-B98A-C779FEC41946}" = EarthLink MDAC
"{FA11D5B5-7D0A-43E8-88C4-960F97B194DE}" = VAIO Survey Standalone
"{FBBF532A-47AC-457d-AC06-0D3163D8911E}" = WebReg
"Adobe AIR" = Adobe AIR
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"ATI Display Driver" = ATI Display Driver
"avast!" = avast! Antivirus
"cayahooantispy" = CA Yahoo! Anti-Spy (remove only)
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative Driver" = Creative Driver
"Cucusoft DVD to iPod Converter_is1" = Cucusoft DVD to iPod Converter 7.18
"Desktop Budget Lite_is1" = Desktop Budget 2.0
"ERUNT_is1" = ERUNT 1.1j
"filehippo.com" = filehippo.com Update Checker
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"iGadget_is1" = iGadget 1.4.0.0
"InstallShield_{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
"InstallShield_{E68B38DE-D7DD-4FB3-A453-3F03A947EA8E}" = VAIO Help and Support
"InstallShield_{FA11D5B5-7D0A-43E8-88C4-960F97B194DE}" = VAIO Survey Standalone
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MoodLogic" = MoodLogic
"Movielink eHome_is1" = Movielink eHome version 1.1
"Mozilla Firefox (3.5.2)" = Mozilla Firefox (3.5.2)
"MySiriusStudio" = My Sirius Studio
"Nero PhotoShow Express" = Nero PhotoShow Express
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"oggcodecs" = oggcodecs 0.71.0946
"OpenMG HotFix3.2-03-01-16-01" = OpenMG Limited Patch 3.2-03-02-21-08
"OpenMG HotFix3.2-03-01-16-02" = OpenMG Limited Patch 3.2-03-03-18-01
"OpenMG HotFix3.2-03-04-14-02" = OpenMG Limited Patch 3.2-03-04-14-02
"Picasa 3" = Picasa 3
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"SBC Yahoo! DSL Activation" = SBC Yahoo! DSL Activation
"Shockwave" = Shockwave
"Smart Defrag_is1" = Smart Defrag 1.20
"StreetPlugin" = Learn2 Player (Uninstall Only)
"VAIO Support" = VAIO Support
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Welcome to VAIO life" = Welcome to VAIO life
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"Yahoo! Applications" = AT&T Yahoo! Applications
"Yahoo! Toolbar" = Yahoo! Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/20/2009 8:20:23 PM | Computer Name = ADR | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Premium -- Error 1706. No valid source
could be found for product Microsoft Office 2000 Premium. The Windows installer
cannot continue.

Error - 9/20/2009 8:23:34 PM | Computer Name = ADR | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Premium -- Error 1706. No valid source
could be found for product Microsoft Office 2000 Premium. The Windows installer
cannot continue.

Error - 9/21/2009 3:20:00 AM | Computer Name = ADR | Source = Windows Media Center Download | ID = 81
Description = No TV listings provider has been selected. Please choose a lineup
in Media Center Settings/Guide Setup.

Error - 9/22/2009 3:19:53 AM | Computer Name = ADR | Source = Windows Media Center Download | ID = 81
Description = No TV listings provider has been selected. Please choose a lineup
in Media Center Settings/Guide Setup.

Error - 9/22/2009 9:26:07 PM | Computer Name = ADR | Source = QuickBooks | ID = 4
Description =

Error - 9/22/2009 9:26:07 PM | Computer Name = ADR | Source = QuickBooks | ID = 4
Description =

Error - 9/22/2009 9:26:07 PM | Computer Name = ADR | Source = QuickBooks | ID = 4
Description =

Error - 9/22/2009 9:26:35 PM | Computer Name = ADR | Source = QuickBooks | ID = 4
Description =

Error - 9/23/2009 3:20:02 AM | Computer Name = ADR | Source = Windows Media Center Download | ID = 81
Description = No TV listings provider has been selected. Please choose a lineup
in Media Center Settings/Guide Setup.

Error - 9/24/2009 3:19:58 AM | Computer Name = ADR | Source = Windows Media Center Download | ID = 81
Description = No TV listings provider has been selected. Please choose a lineup
in Media Center Settings/Guide Setup.

[ Media Center Events ]
Error - 1/8/2005 10:34:08 PM | Computer Name = ADR | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 1/8/2005 9:34:08 PM. You may need to reschedule your recordings.

[ System Events ]
Error - 9/24/2009 6:24:39 PM | Computer Name = ADR | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 9/24/2009 6:42:50 PM | Computer Name = ADR | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 9/24/2009 7:00:41 PM | Computer Name = ADR | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 9/24/2009 7:18:42 PM | Computer Name = ADR | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 9/24/2009 7:36:33 PM | Computer Name = ADR | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 9/24/2009 7:54:34 PM | Computer Name = ADR | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 9/24/2009 8:12:35 PM | Computer Name = ADR | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 9/24/2009 8:30:36 PM | Computer Name = ADR | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 9/24/2009 8:49:17 PM | Computer Name = ADR | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 9/24/2009 9:11:18 PM | Computer Name = ADR | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

< End of report >

by **Dakeyras** » September 25th, 2009, 8:50 am

Hi.

Before we start:

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Next:

RE: What you mentioned previously:

2. C drive capacity is 15 gb, D drive capacity is 143 gb. I had 1.2 gb of space available on the C drive and attempted to load a 224 mb HP printer software package for an all-in-one unit and halfway through the install computer said I don't have enough memory available to complete the install. I checked the C drive properties and found only 122 mb of space left available.

OTL is reporting the following:

Drive C: | 13.97 Gb Total Space | 2.40 Gb Free Space | 17.17% Space Free | Partition Type: NTFS

This is borderline free space, either free up some more space. Or if your actual Hard-Drive is partitioned and Drive D: is present on it, may be a idea to merge all and start over and or if that is the actual Drive C: at some point you will have to consider installing a larger capacity Hard-Drive.

Next:

Please move OTL.exe to the desktop, the current location it is residing in may return/create both inaccurate fixes and logs:

C:\Documents and Settings\Tony.ADR\My Documents\Downloads\OTL.exe

When moved OTL.exe to the desktop, please carry out the following:

Now please go to Start >> Control Panel >> Add/Remove Programs and remove the following (if present):

CA Yahoo! Anti-Spy (remove only)

To do so, click once on each of the above in turn to highlight and then click on the Remove button.

Note: Take extra care in answering questions posed by any Uninstaller. Some questions may be worded to deceive you into keeping the program.

Remove Noton Remnants:

Please click here and follow the instructions to download and run the norton removal tool for your the version you had installed previously.

Next:

Please download this tool from Microsoft.
Double click on MGADiag.exe to run it.
Click Continue.
The program will run. It takes a while to finish the diagnosis, please be patient.
Once done, click on Copy.
Open Notepad and paste the contents in. Save this file and post it in your next reply.

StartUpLite:

Please download this small application from here.

it is very simple to use and quite effective and will advise about any unnecessary system startups that can be safely removed.

Reset SP3 Firewall:

Click on Start >> Run... and cut/paste in the following and click on OK

Code: Select all

firewall.cpl

Click on the Advanced tab >> Restore Defaults >> At the prompt click on Yes.

Now click on the General tab >> select On(recommended) >> OK.

Custom OTL Script:

Double-click OTL to start the program.
Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + B (or, after highlighting, right-click and choose Copy):
Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: Select all

:OTL
SRV - (gupdate1c9979e50768e86 [Auto | Stopped]) -- File not found
SRV - (gusvc [On_Demand | Stopped]) -- File not found
SRV - (iPod Service [On_Demand | Stopped]) -- File not found
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://www.nick.com/common/groove/gx/GrooveAX27.cab (Reg Error: Key error.)
O16 - DPF: {88C95CE5-4B08-47F5-899E-7FA0C5A4529B} http://ipinviewer.lunarpages.com/LiteSu ... tSetup.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} http://www.trueswitch.com/sbc/TrueInstallSBC.exe (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - Reg Error: Key error. File not found
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - Reg Error: Value error. File not found
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - Reg Error: Key error. File not found
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - Reg Error: Key error. File not found
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - Reg Error: Key error. File not found
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - Reg Error: Key error. File not found
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - Reg Error: Key error. File not found

:Files
C:\WINDOWS\SxsCaPendDel
D:\Program Files\BearShare

:Commands
[purity] 
[resethosts]
[emptytemp]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, At the prompt click OK.
Reboot the PC when it is done if it did not do so.
Post the OTL log in your next reply.

Note: The log can also be located within the this folder: C:\_OTL

Next:

Please download Malwarebytes' Anti-Malware to your desktop.

Double-click mbam-setup.exe and select then follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please post that log in your next reply.

The log can also be found here:

Launch Malwarebytes' Anti-Malware
Click on the Logs radio tab.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

How is you computer performing now, any further symptoms and or problems encountered?
MGADiag Log.
OTL Log.
Malwarebytes' Anti-Malware Log.

by **Gary R** » September 28th, 2009, 11:18 am

Due to lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.

Free Malware Removal Forum

Help with Win32:Kavos (Kamso) trojan on Sony pc

Help with Win32:Kavos (Kamso) trojan on Sony pc

Re: Help with Win32:Kavos (Kamso) trojan on Sony pc

Re: Help with Win32:Kavos (Kamso) trojan on Sony pc

Re: Help with Win32:Kavos (Kamso) trojan on Sony pc

Re: Help with Win32:Kavos (Kamso) trojan on Sony pc

Re: Help with Win32:Kavos (Kamso) trojan on Sony pc

Re: Help with Win32:Kavos (Kamso) trojan on Sony pc

Re: Help with Win32:Kavos (Kamso) trojan on Sony pc

Re: Help with Win32:Kavos (Kamso) trojan on Sony pc

Who is online