Malware

Need help with Vundo.h infection

Thu, 19 Nov 2009 02:49:43 +0100

My wife's XP SP2 laptop has a very persistent vundo.h infection. I managed to clean up the suite of other crap that came along with it with AVG, SpyBot, and Malwarebytes, but the root infection won't go away. I can't delete the .dlls and the registry entries just come back immediately. I've tried the above programs as well as fixvundo, vundofix, etc. Help please!

I've tried to follow the instruction in the "before you post". Running thecomedian.exe was skipped since the program crashed.

Logs attached...

Thanks,
-Dan

Possibly cured, but was it a Vundo/ lsas.blaster.keylogger

Tue, 10 Nov 2009 15:32:57 +0100

Atribune has helped me learn a lot in the past, and taught me a lot about battling viruses, so I seeked out this forum again to see if I did it right. Thanks!
Anyway,
Last week I somehow got this "lsas.blaster.keylogger", a fake virus that comes with a program that pretends to be an antivirus-antimalware but is actually a fake.

I used a variety of things: malwarebites, spywaredoctor, windowsdefender, SUPERantispyware and got rid of it.

BUT, yesterday, malwarebites was mysteriously corrupted, spyware doctor found 140 infections and SUPERantispyware found some Vundo files all at once!

So, I deleted all of those bad files, used a recovery point and got it working again.

BUT, did I get rid of everything? I ran Clean up! then created the following Hijack-this log this morning:

--------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:30:13 AM, on 11/10/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WTablet\Wacom_TabletUser.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\RtHDVCpl.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Lexmark 5400 Series\lxctmon.exe
C:\Program Files\Lexmark 5400 Series\ezprint.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Users\Lou (admin)\Program Files\DNA\btdna.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Users\Lou (admin)\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\mozilla firefox\firefox.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\taskeng.exe
C:\Users\Lou (admin)\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gmail.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"
O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Lou (admin)\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Google Update] "C:\Users\Lou (admin)\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: 1230320092 (.1230320092) - Unknown owner - C:\ProgramData\Lou (admin)1230320092.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: lxct_device - - C:\Windows\system32\lxctcoms.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\Windows\system32\Wacom_Tablet.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9368 bytes

Vundo Infected - Would Like Help With Final Cleaning Up

Tue, 17 Nov 2009 03:10:40 +0100

I was infected by a Vundo variant while working on a machine that had not been connected to the Internet in years. Before I could get it up to date with patches and anti-virus, I got hit by a drive-by download, probably when I was downloading an image to use as desktop wallpaper (in retrospect, going there before getting fully patched was very dumb, I know). I was infected just by visiting one of these websites, I believe, without even clicking on a bogus link.

Before I discovered this site, I found another site showing the exact phony control panel that came up on my system, so I followed the advice there, which involved running FreeFixer. I subsequently ran Spybot S&D. These were both helpful, but neither could completely remove the infection. Then I came here. Malwarebytes' Anti-Malware has mostly taken out the infection, but from a scan of the OTL log I can see that there are still a few files in the WINDOWS\System32 folder that clearly look related to the infection, so I'd like to get advice on what to do to completely remove every last trace of this ***damn thing.

By the way, this infection prevented the Malwarebytes' mbam.exe file from getting installed, so I had to install on a clean system, rename that executable and copy it over to the infected system. You might want to update your "before you post" instructions to reflect that possibility.

Here are all the logs, in order as per "before you post". I'll send them over multiple posts.

I'm also including the latest FreeFixer log, in case there's any helpful clues in there.

Thanks in advance for any help you can give. Cheers.

-Linc

mcafee blocking buffer overflow error

Thu, 19 Nov 2009 04:42:41 +0100

Mcafee is blocking buffer overflow in

C:\windows\system32\dllhost.exe

i got this after downloading a file converting program

here are the logs lockseardh opened but that was all that happened.
I let it rum for about a half an hour with no result.

OTL & EXTRAS

OTL logfile created on: 11/17/2009 12:11:52 AM - Run 1
OTL by OldTimer - Version 3.1.6.0 Folder = C:\Users\family\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.61 Gb Available Physical Memory | 30.70% Memory free
4.00 Gb Paging File | 2.91 Gb Available in Paging File | 72.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 325.89 Gb Total Space | 142.43 Gb Free Space | 43.70% Space Free | Partition Type: NTFS
Drive D: | 9.46 Gb Total Space | 1.28 Gb Free Space | 13.54% Space Free | Partition Type: NTFS
Drive E: | 1003.03 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FAMILY-PC
Current User Name: family
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/11/17 00:08:13 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Users\family\Downloads\OTL.exe
PRC - [2009/11/08 10:38:07 | 00,788,368 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/11/08 10:38:05 | 01,179,232 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/09/21 15:36:12 | 00,305,440 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/09/21 15:36:02 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/09/17 13:29:04 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/09/17 13:29:04 | 00,645,328 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/09/16 09:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/09/16 08:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/09/15 09:23:54 | 00,894,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/07/08 10:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 18:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/05/26 20:06:32 | 00,079,088 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
PRC - [2009/04/11 01:28:15 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe
PRC - [2009/04/11 01:28:15 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe
PRC - [2009/04/11 01:28:08 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2009/04/11 01:28:08 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2009/04/11 01:28:03 | 01,233,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
PRC - [2009/04/11 01:28:03 | 01,233,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
PRC - [2009/04/11 01:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/17 12:25:40 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2009/02/26 19:57:18 | 00,252,952 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe
PRC - [2009/02/26 19:57:16 | 00,150,552 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe
PRC - [2009/02/26 19:57:12 | 00,173,592 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe
PRC - [2009/02/23 08:05:34 | 00,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2009/02/18 13:39:20 | 00,043,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
PRC - [2009/01/23 09:46:14 | 00,203,280 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/11/09 15:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/06/02 18:50:34 | 00,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/06/02 18:50:32 | 00,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/03/25 19:49:02 | 00,184,320 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
PRC - [2008/03/25 19:49:00 | 00,569,344 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
PRC - [2008/03/25 19:40:42 | 00,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2008/01/19 02:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2008/01/19 02:33:39 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008/01/19 02:33:09 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe
PRC - [2008/01/19 02:33:09 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe
PRC - [2007/11/02 20:12:50 | 00,262,144 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
PRC - [2007/10/18 06:37:04 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe
PRC - [2007/10/14 21:17:32 | 00,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2007/10/03 21:02:02 | 01,783,136 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
PRC - [2007/10/02 10:30:08 | 00,303,104 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Common Files\Motive\McciCMService.exe
PRC - [2007/09/19 20:30:52 | 00,065,536 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
PRC - [2007/07/24 13:15:14 | 00,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007/04/25 13:18:48 | 00,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxbvcoms.exe
PRC - [2007/04/12 19:59:48 | 00,198,184 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\FastAccessDSL\HelpCenter43\bin\sprtcmd.exe
PRC - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/11/02 20:40:12 | 00,174,656 | ---- | M] () -- C:\Windows\System32\PSIService.exe

========== Modules (SafeList) ==========

MOD - [2009/11/17 00:08:13 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Users\family\Downloads\OTL.exe
MOD - [2009/04/11 01:21:38 | 01,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2009/01/23 09:46:18 | 00,013,840 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\sahook.dll

========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (npkcmsvc)
SRV - [2009/11/08 10:38:05 | 01,179,232 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/09/24 20:27:04 | 00,793,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/09/21 15:36:02 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/09/17 13:29:04 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/09/16 10:23:32 | 00,365,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/16 09:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 08:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/09/15 09:23:54 | 00,894,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/07/08 10:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 18:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/05/14 20:40:41 | 00,085,096 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2009/04/25 10:23:23 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9c5b9d01dc851)
SRV - [2009/03/29 23:42:14 | 00,066,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/23 20:31:03 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/03/17 12:25:40 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2009/02/18 13:39:20 | 00,043,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2009/02/18 13:38:43 | 00,129,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2009/02/18 13:38:42 | 00,879,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2009/01/23 09:46:14 | 00,203,280 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/09 15:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/07/18 12:13:20 | 00,053,760 | ---- | M] (Hewlett-Packard) -- C:\Windows\System32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2008/07/18 12:13:20 | 00,044,032 | ---- | M] (Hewlett-Packard) -- C:\Windows\System32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2008/06/02 18:50:34 | 00,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/03/25 20:27:36 | 00,135,168 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2008/03/25 19:38:24 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2008/01/19 02:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/19 02:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008/01/19 02:33:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr)
SRV - [2007/10/18 06:37:04 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService)
SRV - [2007/10/02 10:30:08 | 00,303,104 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Common Files\Motive\McciCMService.exe -- (McciCMService)
SRV - [2007/09/19 20:30:52 | 00,065,536 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service)
SRV - [2007/07/24 13:15:14 | 00,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/04/25 13:18:48 | 00,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxbvcoms.exe -- (lxbv_device)
SRV - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/12/14 01:21:20 | 00,045,056 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 01:02:08 | 00,069,632 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 00:46:16 | 00,057,344 | ---- | M] () -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006/11/02 20:40:12 | 00,174,656 | ---- | M] () -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/11/02 07:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched)
SRV - [2006/11/02 07:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.5
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.4
FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:5.0.20090813W
FF - prefs.js..extensions.enabledItems: {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20090525
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.8
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:0.0.0
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5

FF - HKLM\software\mozilla\eMusic Download Manager\Extensions\\Components: C:\Program Files\eMusic Download Manager\xulrunner\components [2009/09/16 20:46:37 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\eMusic Download Manager\Extensions\\Plugins: C:\Program Files\eMusic Download Manager\xulrunner\plugins [2009/09/16 20:46:34 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/07/14 22:21:53 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/28 02:00:50 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/10/25 08:20:04 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/07 01:07:29 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/07 01:07:29 | 00,000,000 | ---D | M]

[2008/08/23 15:48:09 | 00,000,000 | ---D | M] -- C:\Users\family\AppData\Roaming\Mozilla\Extensions
[2008/08/23 15:48:09 | 00,000,000 | ---D | M] -- C:\Users\family\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/11/16 00:36:03 | 00,000,000 | ---D | M] -- C:\Users\family\AppData\Roaming\Mozilla\Firefox\Profiles\elreptq3.default\extensions
[2009/10/27 22:38:29 | 00,000,000 | ---D | M] -- C:\Users\family\AppData\Roaming\Mozilla\Firefox\Profiles\elreptq3.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/10/18 23:52:50 | 00,000,000 | ---D | M] -- C:\Users\family\AppData\Roaming\Mozilla\Firefox\Profiles\elreptq3.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2009/07/24 07:20:15 | 00,000,000 | ---D | M] -- C:\Users\family\AppData\Roaming\Mozilla\Firefox\Profiles\elreptq3.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/11/04 22:49:27 | 00,000,000 | ---D | M] -- C:\Users\family\AppData\Roaming\Mozilla\Firefox\Profiles\elreptq3.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/10/13 22:42:39 | 00,000,000 | ---D | M] -- C:\Users\family\AppData\Roaming\Mozilla\Firefox\Profiles\elreptq3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/05/09 08:26:42 | 00,000,000 | ---D | M] -- C:\Users\family\AppData\Roaming\Mozilla\Firefox\Profiles\elreptq3.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009/11/04 22:23:04 | 00,000,000 | ---D | M] -- C:\Users\family\AppData\Roaming\Mozilla\Firefox\Profiles\elreptq3.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/07/02 23:23:30 | 00,000,681 | ---- | M] () -- C:\Users\family\AppData\Roaming\Mozilla\Firefox\Profiles\elreptq3.default\searchplugins\ask.xml
[2009/05/08 17:13:42 | 00,009,895 | ---- | M] () -- C:\Users\family\AppData\Roaming\Mozilla\Firefox\Profiles\elreptq3.default\searchplugins\mywebsearch.xml
[2009/11/10 01:13:32 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/07 01:07:29 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/09/28 20:54:02 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/11/10 01:13:32 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2009/11/07 01:07:23 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/11/07 01:07:23 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2007/04/10 19:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2008/08/06 18:22:02 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
[2008/06/18 01:43:04 | 00,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2009/10/11 04:17:27 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009/11/07 01:07:25 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2009/09/06 18:08:58 | 00,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
[2009/02/27 11:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2008/07/14 22:21:47 | 00,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2009/09/16 20:46:30 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/09/16 20:46:31 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/09/16 20:46:31 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/09/16 20:46:31 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/09/16 20:46:32 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/09/16 20:46:32 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/09/16 20:46:32 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2005/04/27 15:10:49 | 00,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npracplug.dll
[2008/07/14 22:21:57 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
[2008/07/14 22:21:39 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2007/04/16 12:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2009/06/24 06:27:00 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/06/24 06:27:00 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/06/24 06:27:00 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/06/24 06:27:00 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/06/24 06:27:00 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/06/24 06:27:00 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/06/24 06:27:00 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (PopKill Class) - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\AT&T\AT&T Internet Security Suite\pkR.dll File not found
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [HelpCenter4.1] C:\Program Files\FastAccessDSL\HelpCenter43\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McENUI] C:\Program Files\McAfee\MHN\McENUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/...s/wlscctrl2.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/12/08 03:03:03 | 00,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/07/26 09:13:49 | 00,000,000 | R--D | M] - E:\AutoRun -- [ UDF ]
O32 - AutoRun File - [2008/07/26 09:20:44 | 00,703,552 | R--- | M] (Electronic Arts Inc.) - E:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2008/07/26 09:20:45 | 00,662,592 | R--- | M] (Electronic Arts Inc.) - E:\AutoRunGUI.dll -- [ UDF ]
O32 - AutoRun File - [2008/07/26 09:20:38 | 00,000,156 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{e9d26d47-a970-11dd-8ff3-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e9d26d47-a970-11dd-8ff3-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2008/07/26 09:20:44 | 00,703,552 | R--- | M] (Electronic Arts Inc.)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/06/25 12:52:18 | 00,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootMin: mcmscsvc - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SafeBootMin: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: rootrepeal.sys - Reg Error: Value error.
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootNet: mcmscsvc - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SafeBootNet: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootNet: Messenger - Service
SafeBootNet: MpfService - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {181EDF2F-43A0-77D6-9EC9-64924BE399BB} - Microsoft Windows Media Player
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45A609B8-408F-62D5-B1B6-3AAB0D47424D} - Browser Customizations
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - Reg Error: Value error.
ActiveX: {AA218328-0EA8-4D70-8972-E987A9190FF4} - Reg Error: Value error.
ActiveX: {AE3B58BB-075C-2B30-C93E-C5CFFBB64910} - Microsoft Windows Media Player 11.0
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.ac3acm - C:\Windows\System32\AC3ACM.acm (fccHandler)
Drivers32: msacm.alf2cd - C:\Windows\System32\alf2cd.acm (NCT Company)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.scg726 - C:\Windows\System32\Scg726.acm (SHARP Corporation)
Drivers32: msacm.voxacm160 - C:\Windows\System32\vct3216.acm (Voxware, Inc.)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\divx.dll (DivXNetworks, Inc.)
Drivers32: vidc.dvsd - C:\Windows\System32\mcdvd_32.dll (MainConcept)
Drivers32: vidc.mp42 - C:\Windows\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mp43 - C:\Windows\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mpg4 - C:\Windows\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.tscc - C:\Windows\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP62 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2009/11/16 23:33:40 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/11/09 19:05:28 | 00,000,000 | ---D | C] -- C:\Windows\WinBatch
[2009/11/08 21:50:12 | 00,000,000 | ---D | C] -- C:\Users\family\Documents\Hannahs pics
[2009/11/08 13:14:42 | 00,000,000 | ---D | C] -- C:\Users\family\AppData\Local\Nova Development
[2009/11/08 10:40:02 | 00,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2009/11/08 10:39:53 | 00,093,360 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2009/11/08 10:36:48 | 00,000,000 | -H-D | C] -- C:\ProgramData\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2009/11/08 10:36:48 | 00,000,000 | -H-D | C] -- C:\ProgramData\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2009/11/07 03:18:13 | 00,000,000 | ---D | C] -- C:\Users\family\AppData\Roaming\AVS4YOU
[2009/11/07 03:18:11 | 00,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2009/11/07 03:18:11 | 00,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2009/11/07 03:16:35 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia
[2009/11/07 03:16:18 | 00,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
[2009/11/07 00:48:41 | 00,000,000 | ---D | C] -- C:\Program Files\ConvertHelper
[2009/11/06 03:54:06 | 00,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2009/11/06 01:48:53 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2009/11/05 23:51:33 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\SWF Studio
[2009/11/05 23:51:23 | 00,000,000 | ---D | C] -- C:\Program Files\Riva
[2009/11/04 22:57:27 | 00,000,000 | ---D | C] -- C:\Users\family\dwhelper
[2009/11/04 01:09:15 | 00,000,000 | ---D | C] -- C:\Users\family\Documents\CyberLink
[2009/11/04 00:56:41 | 00,000,000 | ---D | C] -- C:\Program Files\AVIConverter
[2008/04/27 20:50:05 | 00,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[2007/04/04 06:40:30 | 00,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxbvpmui.dll
[2007/04/04 06:39:22 | 01,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxbvserv.dll
[2007/04/04 06:34:14 | 00,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxbvcomm.dll
[2007/04/04 06:32:50 | 00,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxbvlmpm.dll
[2007/04/04 06:31:40 | 00,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxbviesc.dll
[2007/04/04 06:29:30 | 00,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxbvpplc.dll
[2007/04/04 06:28:44 | 00,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxbvcomc.dll
[2007/04/04 06:28:12 | 00,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxbvprox.dll
[2007/04/04 06:22:26 | 00,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxbvinpa.dll
[2007/04/04 06:21:52 | 00,995,328 | ---- | C] ( ) -- C:\Windows\System32\lxbvusb1.dll
[2007/04/04 06:18:20 | 00,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxbvhbn3.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\family\Documents\*.tmp files -> C:\Users\family\Documents\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/11/17 00:11:42 | 04,980,736 | -HS- | M] () -- C:\Users\family\ntuser.dat
[2009/11/17 00:05:02 | 00,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2009/11/17 00:02:46 | 00,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2009/11/17 00:01:17 | 00,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009/11/16 23:59:45 | 00,016,573 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2009/11/16 23:59:41 | 27,107,616 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.dat
[2009/11/16 23:59:15 | 00,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2009/11/16 23:58:51 | 00,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/11/16 23:58:51 | 00,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/11/16 23:58:47 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/11/16 23:58:43 | 00,067,584 | --S- | M] () -- C:\Windows\BootStat.dat
[2009/11/16 23:57:29 | 00,365,096 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.idx
[2009/11/16 23:57:03 | 00,524,288 | -HS- | M] () -- C:\Users\family\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2009/11/16 23:57:03 | 00,065,536 | -HS- | M] () -- C:\Users\family\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2009/11/16 23:56:49 | 03,337,742 | -H-- | M] () -- C:\Users\family\AppData\Local\IconCache.db
[2009/11/16 23:40:18 | 00,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/16 23:33:46 | 00,000,915 | ---- | M] () -- C:\Users\family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/11/16 23:33:43 | 00,000,735 | ---- | M] () -- C:\Users\family\Desktop\NTREGOPT.lnk
[2009/11/16 23:33:42 | 00,000,716 | ---- | M] () -- C:\Users\family\Desktop\ERUNT.lnk
[2009/11/16 22:53:58 | 00,098,816 | ---- | M] () -- C:\Users\family\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/16 16:21:40 | 00,002,202 | -HS- | M] () -- C:\Windows\System32\KGyGaAvL.sys
[2009/11/15 08:06:07 | 00,001,929 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2009/11/15 03:31:16 | 00,000,342 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job
[2009/11/11 03:23:40 | 00,434,648 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/11/09 21:47:08 | 02,779,799 | ---- | M] () -- C:\Users\family\Documents\Thunder song.wma
[2009/11/08 13:34:14 | 00,151,040 | ---- | M] () -- C:\Users\family\Documents\hannah's stuff.pra
[2009/11/08 10:39:51 | 00,093,360 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2009/11/08 10:39:44 | 00,015,880 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2009/11/08 10:36:47 | 00,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2009/11/07 03:17:25 | 00,001,088 | ---- | M] () -- C:\Users\family\Desktop\AVS4YOU Software Navigator.lnk
[2009/11/07 03:16:57 | 00,001,039 | ---- | M] () -- C:\Users\family\Desktop\AVS Video Converter 6.lnk
[2009/11/06 01:48:20 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2009/11/06 01:47:54 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2009/11/04 00:56:41 | 00,000,635 | ---- | M] () -- C:\Users\family\Desktop\AVIConverter.lnk
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\family\Documents\*.tmp files -> C:\Users\family\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/16 23:33:46 | 00,000,915 | ---- | C] () -- C:\Users\family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/11/16 23:33:43 | 00,000,735 | ---- | C] () -- C:\Users\family\Desktop\NTREGOPT.lnk
[2009/11/16 23:33:42 | 00,000,716 | ---- | C] () -- C:\Users\family\Desktop\ERUNT.lnk
[2009/11/16 23:06:06 | 00,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009/11/09 21:47:08 | 02,779,799 | ---- | C] () -- C:\Users\family\Documents\Thunder song.wma
[2009/11/08 13:34:13 | 00,151,040 | ---- | C] () -- C:\Users\family\Documents\hannah's stuff.pra
[2009/11/08 10:36:47 | 00,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2009/11/07 03:17:25 | 00,001,088 | ---- | C] () -- C:\Users\family\Desktop\AVS4YOU Software Navigator.lnk
[2009/11/07 03:16:57 | 00,001,039 | ---- | C] () -- C:\Users\family\Desktop\AVS Video Converter 6.lnk
[2009/11/06 01:48:20 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2009/11/06 01:47:54 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2009/11/06 01:32:19 | 00,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2009/11/04 00:56:41 | 00,000,635 | ---- | C] () -- C:\Users\family\Desktop\AVIConverter.lnk
[2009/08/11 22:27:56 | 00,005,754 | ---- | C] () -- C:\Users\family\AppData\Roaming\debug-Reloader.txt
[2009/07/27 18:55:35 | 03,337,742 | -H-- | C] () -- C:\Users\family\AppData\Local\IconCache.db
[2009/07/24 05:56:11 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/22 06:59:30 | 00,000,088 | RHS- | C] () -- C:\ProgramData\5C77F4BDDF.sys
[2009/07/22 06:59:29 | 00,002,516 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009/04/01 14:56:55 | 00,000,000 | ---- | C] () -- C:\Users\family\AppData\Roaming\wklnhst.dat
[2009/03/05 06:54:58 | 00,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/02/08 16:54:59 | 00,000,222 | ---- | C] () -- C:\Windows\7THLEVEL.INI
[2009/02/08 14:37:50 | 00,000,146 | ---- | C] () -- C:\Windows\SIERRA.INI
[2008/06/29 21:43:12 | 00,129,024 | ---- | C] () -- C:\Windows\System32\AVERM.dll
[2008/06/29 21:43:12 | 00,028,672 | ---- | C] () -- C:\Windows\System32\AVEQT.dll
[2008/03/25 15:56:08 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1461.dll
[2008/02/18 02:49:03 | 00,524,288 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/02/18 02:49:02 | 00,139,264 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/02/04 23:40:14 | 00,002,202 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2008/02/04 22:23:28 | 00,000,441 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008/01/31 04:37:54 | 00,000,092 | ---- | C] () -- C:\Windows\Lexstat.ini
[2008/01/31 03:49:48 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/01/31 03:25:28 | 00,098,816 | ---- | C] () -- C:\Users\family\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/31 02:28:15 | 00,001,356 | ---- | C] () -- C:\Users\family\AppData\Local\d3d9caps.dat
[2008/01/30 23:58:09 | 00,000,021 | ---- | C] () -- C:\Windows\atid.ini
[2008/01/30 21:47:56 | 00,107,032 | -H-- | C] () -- C:\Users\family\AppData\Local\GDIPFONTCACHEV1.DAT
[2007/12/08 02:51:40 | 00,002,415 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2007/12/08 02:42:49 | 01,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/12/08 02:42:49 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1332.dll
[2007/12/08 02:42:49 | 00,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/12/08 02:30:25 | 00,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2007/12/08 02:30:25 | 00,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2007/04/24 06:47:28 | 00,413,696 | ---- | C] () -- C:\Windows\System32\lxbvutil.dll
[2007/02/22 13:32:00 | 00,344,064 | ---- | C] () -- C:\Windows\System32\lxbvcoin.dll
[2006/11/02 07:50:50 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2006/11/02 07:37:35 | 00,037,665 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2006/11/02 07:37:35 | 00,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 07:37:35 | 00,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 07:37:35 | 00,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 07:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:23:31 | 00,000,215 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 05:23:31 | 00,000,179 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 02:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/06/23 11:13:54 | 00,114,688 | ---- | C] () -- C:\Windows\System32\liclock.dll
[2005/10/25 22:12:10 | 00,040,960 | ---- | C] () -- C:\Windows\System32\lxbvvs.dll
[2005/09/15 17:40:22 | 00,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[1997/11/10 14:18:48 | 00,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll

========== LOP Check ==========

[2008/01/31 00:02:20 | 00,000,000 | ---D | M] -- C:\Users\family\AppData\Roaming\acccore
[2009/10/22 22:14:40 | 00,000,000 | ---D | M] -- C:\Users\family\AppData\Roaming\AT&T
[2008/05/21 19:07:44 | 00,000,000 | ---D | M] -- C:\Users\family\AppData\Roaming\Autodesk
[2008/11/22 10:56:00 | 00,000,000 | ---D | M] -- C:\Users\family\AppData\Roaming\CleanMyPC Software
[2009/07/22 06:59:35 | 00,000,000 | ---D | M] -- C:\Users\family\AppData\Roaming\Corel
[2009/08/01 16:37:31 | 00,000,000 | ---D | M] -- C:\Users\family\AppData\Roaming\eMusic
[2008/09/27 10:06:27 | 00,000,000 | ---D | M] -- C:\Users\family\AppData\Roaming\ITTNord
[2008/06/29 21:28:29 | 00,000,000 | ---D | M] -- C:\Users\family\AppData\Roaming\Moyea
[2008/06/13 12:28:14 | 00,000,000 | ---D | M] -- C:\Users\family\AppData\Roaming\Nexon
[2008/08/16 13:06:41 | 00,000,000 | ---D | M] -- C:\Users\family\AppData\Roaming\PlayFirst
[2008/01/31 00:02:22 | 00,000,000 | ---D | M] -- C:\Users\family\AppData\Roaming\QQ Games Plugin
[2008/09/15 22:14:23 | 00,000,000 | ---D | M] -- C:\Users\family\AppData\Roaming\Skinux
[2008/08/30 11:05:48 | 00,000,000 | ---D | M] -- C:\Users\family\AppData\Roaming\Sudden Games
[2009/04/01 14:57:03 | 00,000,000 | ---D | M] -- C:\Users\family\AppData\Roaming\Template
[2008/06/25 19:34:11 | 00,000,000 | ---D | M] -- C:\Users\family\AppData\Roaming\Wal-Mart Digital Photo Viewer
[2008/02/24 03:35:50 | 00,000,000 | ---D | M] -- C:\Users\family\AppData\Roaming\WildTangent
[2008/02/08 00:36:27 | 00,000,000 | ---D | M] -- C:\Users\family\AppData\Roaming\WinBatch
[2008/02/24 20:02:37 | 00,000,000 | ---D | M] -- C:\Users\family\AppData\Roaming\Winff
[2009/11/17 00:01:17 | 00,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2009/11/15 03:31:16 | 00,000,342 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2009/11/01 00:00:09 | 00,000,320 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2009/11/16 23:58:47 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/11/16 23:57:10 | 00,032,626 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/07/24 13:45:57 | 00,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{4B3593F7-9DDC-4031-B174-350188CC183B}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2009/07/29 14:29:33 | 00,135,168 | ---- | M] () -- C:\zip.exe

< %SYSTEMDRIVE%\eventlog.dll /s /md5 >
[2007/01/13 01:30:08 | 00,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll

< %SYSTEMDRIVE%\scecli.dll /s /md5 >
[2009/04/11 01:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2006/11/02 04:46:12 | 00,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2008/01/19 02:36:19 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 01:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
[2009/04/11 01:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2006/11/02 04:46:11 | 00,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2008/01/19 02:35:36 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
[2009/04/11 01:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll

< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >
[2006/11/02 04:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2006/11/02 04:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< %SYSTEMDRIVE%\sceclt.dll /s /md5 >

< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >

< %SYSTEMDRIVE%\logevent.dll /s /md5 >

< %SYSTEMDRIVE%\iaStor.sys /s /md5 >
[2007/07/12 11:35:02 | 00,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\hp\DRIVERS\Intel_RAID\iastor.sys
[2008/06/02 18:49:48 | 00,305,688 | ---- | M] (Intel Corporation) MD5=25C3D5F66A74A7BDDECA56085F040D2E -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys
[2008/06/02 18:50:10 | 00,382,488 | ---- | M] (Intel Corporation) MD5=3C4CD264B04D79A43A0F124C067BA08E -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys
[2008/12/04 20:34:52 | 00,328,728 | ---- | M] (Intel Corporation) MD5=BAABB0301949774A66B955C65319635A -- C:\Windows\System32\drivers\iaStor.sys
[2007/07/12 11:35:02 | 00,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_cfa1dde4\iaStor.sys
[2008/12/04 20:34:52 | 00,328,728 | ---- | M] (Intel Corporation) MD5=BAABB0301949774A66B955C65319635A -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_08c343cc\iaStor.sys
[2008/06/02 18:49:48 | 00,305,688 | ---- | M] (Intel Corporation) MD5=25C3D5F66A74A7BDDECA56085F040D2E -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_27dcf4f5\iaStor.sys
[2007/07/12 11:35:02 | 00,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_ec8a8d1b\iaStor.sys

< %SYSTEMDRIVE%\nvstor.sys /s /md5 >
[2006/11/02 04:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/19 02:42:09 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2006/11/02 04:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 02:42:09 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[2007/12/08 02:00:16 | 00,021,688 | ---- | M] (Microsoft Corporation) MD5=B3F2C79318B9BBE87B2C51033682D912 -- C:\Windows\System32\drivers\atapi.sys
[2007/12/08 02:00:16 | 00,021,688 | ---- | M] (Microsoft Corporation) MD5=B3F2C79318B9BBE87B2C51033682D912 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4db4e301\atapi.sys
[2008/02/13 03:06:21 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys
[2008/02/13 03:06:22 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2009/04/11 01:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2006/11/02 04:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/01/19 02:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/02/13 03:06:22 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2007/12/08 02:00:16 | 00,021,688 | ---- | M] (Microsoft Corporation) MD5=B3F2C79318B9BBE87B2C51033682D912 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20693_none_db7d35eb3dc727cc\atapi.sys
[2008/02/13 03:06:21 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
[2008/01/19 02:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2009/04/11 01:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys

< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >

< %SYSTEMDRIVE%\viasraid.sys /s /md5 >

< %SYSTEMDRIVE%\AGP440.sys /s /md5 >
[2006/11/02 04:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/19 02:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2006/11/02 04:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
[2008/01/19 02:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 02:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 02:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys

< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >

========== Alternate Data Streams ==========

@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:ED810E46
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:FF9C44FE
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:A97FF73C
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:66E02052
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:ECF54A0E
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:39C7B7C6
< End of report >

OTL Extras logfile created on: 11/17/2009 12:11:52 AM - Run 1
OTL by OldTimer - Version 3.1.6.0 Folder = C:\Users\family\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.61 Gb Available Physical Memory | 30.70% Memory free
4.00 Gb Paging File | 2.91 Gb Available in Paging File | 72.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 325.89 Gb Total Space | 142.43 Gb Free Space | 43.70% Space Free | Partition Type: NTFS
Drive D: | 9.46 Gb Total Space | 1.28 Gb Free Space | 13.54% Space Free | Partition Type: NTFS
Drive E: | 1003.03 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FAMILY-PC
Current User Name: family
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- File not found
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1D79E345-FFE9-40C2-9202-6A920BE41491}" = rport=139 | protocol=6 | dir=out | app=system |
"{26E08E8D-8F80-4539-829D-802DD00A0B45}" = lport=139 | protocol=6 | dir=in | app=system |
"{62048C40-74C4-4486-B6B2-16AAAF2A58B8}" = rport=137 | protocol=17 | dir=out | app=system |
"{6C914009-8AC5-4C44-975E-AFA2ADDB66DB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{90625EE6-4203-4E6B-8A82-A6FB38C195B7}" = rport=445 | protocol=6 | dir=out | app=system |
"{A7AFF096-2D22-4758-A654-43E1FF5440EF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{D8311AD7-E00C-46F8-AE06-95F60ABFC313}" = lport=138 | protocol=17 | dir=in | app=system |
"{E708FD3D-2CD2-4262-A5FA-D6733778E650}" = lport=445 | protocol=6 | dir=in | app=system |
"{ECF26460-3F08-400C-AE59-62C26DE56647}" = lport=137 | protocol=17 | dir=in | app=system |
"{F51316CB-B17F-49CE-962E-1111337C9FDC}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0564967B-27AF-49F6-8245-A7F2ADCBA92F}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{0D5632C9-3190-4572-B72E-CA401101017B}" = protocol=17 | dir=in | app=c:\windows\system32\lxbvcoms.exe |
"{13609E7B-805A-40BC-91FC-40E122E9F689}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{13C794D6-FB49-4CDE-8746-0B0AC6F7B61D}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{1AB65B10-F227-42DA-9A2D-91621148F44A}" = protocol=6 | dir=in | app=c:\program files\bellsouth\mccibrowser.exe |
"{1B6FD537-22D7-40BD-986D-7ED6F97B8A72}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2C47A73F-544F-4F73-8A83-7B349EF3BF10}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{495B0F40-8921-4B0F-B925-9B23B39E467A}" = protocol=6 | dir=in | app=c:\windows\system32\lxbvcoms.exe |
"{4D83017C-A8D2-4D7A-8D0E-A6CDD1D8CDC3}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{4FAE7E42-AFD2-4946-A0B0-F6C2C4D5BFA7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5F554643-842F-4E2F-809B-F203CF5DA3A4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{692109D4-8AEB-44D8-BDA6-A046A9D8BC4F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{719B634B-3C16-4E72-A5B7-5FDD282092AF}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{78993F7F-B07B-4426-8C03-22B43BD3F28C}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{7B3E5411-29FE-44FC-AF15-9934EDD69699}" = protocol=17 | dir=in | app=c:\program files\bellsouth\mccibrowser.exe |
"{7E82D3BA-EDF1-4EFC-9262-EF9ADE7FA90B}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{989ACB2C-6F64-43E0-9E2B-E63BB92BC9CE}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{99CAB6D2-B236-4148-AEBD-B67C8FC30FAD}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{9D2FA44F-AC46-4FED-943F-A7FCC833EE71}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{A977F543-B128-435E-91CB-F38EE2A95117}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{C230E5BA-6C56-4F4E-8FBD-8BA600309AE9}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{C330009F-7C13-4523-871B-668D6D3181D2}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{C5F14717-D1FA-485C-AACB-1F4AA34D68A6}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{CF066B1F-FEC2-4E7D-9200-38FA5FFA153B}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{D5DC7905-98E0-44F4-954E-2138B1E6080A}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{EB194BE1-05EE-4477-B1B9-3A65BCAF9328}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{F089385B-5626-4F3B-8DC2-12C2AA75FB2F}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{F7CF15F4-9D77-4654-B597-A0FD63B163BC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"TCP Query User{003607D0-4184-4FD5-9D01-5FCA58109AEC}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{1E54808C-EB1A-48B0-BAEC-173316713F92}C:\program files\bb11 reloader\bbreloader.exe" = protocol=6 | dir=in | app=c:\program files\bb11 reloader\bbreloader.exe |
"TCP Query User{3C39F3C2-2DB3-41DB-8A86-F50A15921489}C:\program files\bb11 reloader\bar.exe" = protocol=6 | dir=in | app=c:\program files\bb11 reloader\bar.exe |
"TCP Query User{4C55D5F2-F30D-4825-896D-1226C301C0B5}C:\program files\bb9 reloader\bbreloader.exe" = protocol=6 | dir=in | app=c:\program files\bb9 reloader\bbreloader.exe |
"TCP Query User{5C9DDA13-3F1E-4735-A9F7-BF15C223ED09}C:\users\family\desktop\iexplore.exe" = protocol=6 | dir=in | app=c:\users\family\desktop\iexplore.exe |
"TCP Query User{6A86DF17-08FD-480D-BA03-3EAD61A93FBF}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{6FEA3C42-4EC2-4FEB-8654-6FB070E50651}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{95C4061A-C34D-4C38-B703-581E8C9B7A3D}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{9838BF94-E3E2-4C02-95FA-6B9EB1A02F8D}C:\program files\bb10 reloader\bbreloader.exe" = protocol=6 | dir=in | app=c:\program files\bb10 reloader\bbreloader.exe |
"TCP Query User{BA127C7D-237D-4366-A9F3-CB7A201B5A5D}C:\users\family\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\family\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"UDP Query User{04936E66-0EDB-49C1-A544-380DC9CA4050}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{091E7A66-C9F0-4BE8-A546-BFA90523DAB6}C:\program files\bb9 reloader\bbreloader.exe" = protocol=17 | dir=in | app=c:\program files\bb9 reloader\bbreloader.exe |
"UDP Query User{096A4874-04D4-4D60-B226-B9746057F44F}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{0C92D36B-2434-4FB5-90E5-A4423A1C3681}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{2C8E4EAE-F4D6-439A-BFCF-6F948F2672AD}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{8A3E1085-4383-4A29-9FE9-F4C44D7826DC}C:\program files\bb11 reloader\bbreloader.exe" = protocol=17 | dir=in | app=c:\program files\bb11 reloader\bbreloader.exe |
"UDP Query User{90F6E261-38F7-4F74-9A1D-886AF92C5BB3}C:\program files\bb10 reloader\bbreloader.exe" = protocol=17 | dir=in | app=c:\program files\bb10 reloader\bbreloader.exe |
"UDP Query User{A6FEA435-74D1-4185-98B9-875F5218DE2C}C:\users\family\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\family\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"UDP Query User{B6117340-CA28-4006-8DE1-961EEAA49682}C:\users\family\desktop\iexplore.exe" = protocol=17 | dir=in | app=c:\users\family\desktop\iexplore.exe |
"UDP Query User{CF45D1CF-ACA7-40C4-87FB-BFD74D4A6BA2}C:\program files\bb11 reloader\bar.exe" = protocol=17 | dir=in | app=c:\program files\bb11 reloader\bar.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00030409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Small Business
"{022B0C16-18C9-464A-8BC6-2B2CC6342E5F}" = Image Trends' ShineOff Plug-In 1.0.2
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{05D60953-9012-44DF-A1A6-9DD97AD6580A}" = Corel Painter X
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{1A0FDBEB-BDFE-454C-AE09-4EF58B4DCD2A}" = Art Explosion Home & Student Print Center
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 17
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{35A0AEE7-A74F-47B5-A573-CDE69F5C99D0}" = Rhapsody MP3 Download Manager
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{37F9D0BD-9AED-4EE6-BCA3-BA0749636E04}" = Hoyle Board Games 2003
"{3EBA6E7C-3DF6-48AE-B87B-4CAFB2C1C3F7}" = LightScribe Template Labeler
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4817189D-1785-4627-A33C-39FD90919300}" = The Sims 2 Pets
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4D9C7DA3-D532-432D-A556-5F6CD186B0A5}" = DJ_AIO_03_F4200_ProductContext
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{5783F2D7-0201-0409-0000-0060B0CE6BBA}" = AutoCAD 2004
"{5783F2D7-0211-0409-0000-0060B0CE6BBA}" = AutoCAD Express Tools Volumes 1-9
"{5783F2D7-7001-0409-0002-0060B0CE6BBA}" = AutoCAD 2009 - English
"{5DFDEAAA-E050-482E-A5B6-138CAE53F7BF}" = Radialpoint Security Services
"{62653245-3DC5-4019-AF6B-4E62D6150D9E}" = F4200_Help
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67DFCE0D-BBA9-43AC-90B3-548390ECE522}" = F4200
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{77EBC8CD-F808-4ECD-93D0-311C27B09827}" = ATT eChat Support Tools
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = The Sims 2 Open For Business
"{7BB40A22-8D98-43F9-A08A-E7EFF5AB1324}" = Camtasia Studio 5
"{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software
"{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}" = The Sims� 2 FreeTime
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8AB8D458-939E-403F-0097-9BA1C1F013D5}" = The Sims 2
"{8FD3F4BA-A4A6-4380-00A6-CC6853AB2DC2}" = The Sims 2 University
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9455959E-D588-EFAE-329C-F66CC797F32A}" = Adobe Media Player
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{9DBCE8C7-FE94-4D8F-9FF0-38EF3D8BC99E}" = DJ_AIO_03_F4200_Software
"{9ED71778-0E56-4760-9FC6-2C29D75100C5}" = Radioshack USB-to-Serial Cable Driver Installer
"{A11409F1-CD33-4076-85CB-4EE4A8439BFE}" = Scan
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AFAD41A9-9687-48A3-848F-693C11451433}" = HP Customer Experience Enhancements
"{B29B526D-F027-4122-BC7A-D9E5BC86CC40}" = DJ_AIO_03_F4200_Software_Min
"{B6F5B704-06D3-4687-90F3-6195304AD755}" = The Sims� 2 Apartment Life
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C01F4D52-6933-494E-8056-C2063D2F451C}" = BB11 Reloader
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims� 3
"{C19AB6C4-BBD0-49EF-927D-9C7CB80BC0B0}" = MapleStory
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CC016F21-3970-11DE-B878-005056806466}" = Google Earth
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DF507C99-7DE1-4fa8-8632-AB8A205F1258}" = The Sims� 2 Store Edition
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = The Sims� 2 Seasons
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E8C2622C-9FF1-4F60-8008-A0208154F9F3}" = muvee autoProducer 6.1
"{e96b3d28-47d6-43cc-98fd-7069eeab6b11}" = HP Total Care Advisor
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = The Sims� 2 Bon Voyage
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = The Sims 2 Nightlife
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"AceHTML Freeware" = AceHTML Freeware
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AIM_6" = AIM 6
"AutoCAD 2009 - English" = AutoCAD 2009 - English
"Autodesk Express Viewer" = Autodesk Express Viewer
"AVIConverter" = AVIConverter 5.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"BellSouth Application Management" = BellSouth Application Management
"BellsouthHelpCenter4.0b_is1" = FastAccess� DSL Help Center 4.3
"CEP - Colour Enable Packages_is1" = CEP - Color Enable Package
"Clue" = Clue
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DirectXMediaRuntime" = DirectX Media Runtime 5.1
"Disney Toontown Online" = Disney Toontown Online
"EADM" = EA Download Manager
"eMusic Download Manager" = eMusic Download Manager 4.1.2
"ERUNT_is1" = ERUNT 1.1j
"Free Internet Eraser_is1" = Free Internet Eraser 2.30
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"InstallShield_{37F9D0BD-9AED-4EE6-BCA3-BA0749636E04}" = Hoyle Board Games 2003
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"MSC" = McAfee SecurityCenter
"OfotoEZUpload" = KODAK EASYSHARE Gallery Upload ActiveX Control
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"Q-Xpress Installer" = Q-Xpress Installer 1.1.9
"RCA Detective�_is1" = RCA Detective� 2.0.0.98
"RCA easyRip�_is1" = RCA easyRip� 1.4.6.0
"Serwpl" = RadioShack USB to Serial Cable
"Shop for HP Supplies" = Shop for HP Supplies
"ST6UNST #1" = Meracl ImageMap Generator v3.5.3
"ViewpointMediaPlayer" = Viewpoint Media Player
"WildTangent hp Master Uninstall" = My HP Games
"WinAce Archiver" = WinAce Archiver - Powered by AdVantage
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Wisdom-soft ScreenHunter 5.0 Free" = Wisdom-soft ScreenHunter 5.0 Free
"Xvid_is1" = Xvid 1.1.3 final uninstall
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/21/2009 10:59:02 AM | Computer Name = family-PC | Source = EventSystem | ID = 4621
Description =

Error - 7/21/2009 11:22:27 AM | Computer Name = family-PC | Source = EventSystem | ID = 4621
Description =

Error - 7/21/2009 12:29:52 PM | Computer Name = family-PC | Source = EventSystem | ID = 4621
Description =

Error - 7/21/2009 2:09:47 PM | Computer Name = family-PC | Source = EventSystem | ID = 4621
Description =

Error - 7/21/2009 2:56:18 PM | Computer Name = family-PC | Source = EventSystem | ID = 4621
Description =

Error - 7/21/2009 4:35:08 PM | Computer Name = family-PC | Source = EventSystem | ID = 4621
Description =

Error - 7/21/2009 8:15:03 PM | Computer Name = family-PC | Source = EventSystem | ID = 4621
Description =

Error - 7/21/2009 10:17:12 PM | Computer Name = family-PC | Source = EventSystem | ID = 4621
Description =

Error - 7/22/2009 5:25:31 AM | Computer Name = family-PC | Source = Application Error | ID = 1000
Description = Faulting application Painter X.exe, version 10.0.0.46, time stamp
0x45804269, faulting module ntdll.dll, version 6.0.6001.18000, time stamp 0x4791a7a6,
exception code 0xc0000005, fault offset 0x00068516, process id 0x434, application
start time 0x01ca0aac413b4b10.

Error - 7/22/2009 9:20:15 PM | Computer Name = family-PC | Source = EventSystem | ID = 4609
Description =

[ Media Center Events ]
Error - 2/15/2008 4:50:23 PM | Computer Name = family-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 4/17/2008 9:57:13 PM | Computer Name = family-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/1/2008 9:32:07 PM | Computer Name = family-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/30/2008 3:36:54 PM | Computer Name = family-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 8/28/2008 11:48:38 AM | Computer Name = family-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 8/31/2008 2:05:33 AM | Computer Name = family-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 6/11/2009 2:20:06 PM | Computer Name = family-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 11/17/2009 12:03:57 AM | Computer Name = family-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/17/2009 12:03:57 AM | Computer Name = family-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/17/2009 12:03:57 AM | Computer Name = family-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/17/2009 12:04:35 AM | Computer Name = family-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 11/17/2009 12:04:36 AM | Computer Name = family-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 11/17/2009 1:00:19 AM | Computer Name = family-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/17/2009 1:00:19 AM | Computer Name = family-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/17/2009 1:00:19 AM | Computer Name = family-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/17/2009 1:00:36 AM | Computer Name = family-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 11/17/2009 1:00:36 AM | Computer Name = family-PC | Source = Service Control Manager | ID = 7026
Description =

< End of report >

MBAM LOG:

Malwarebytes' Anti-Malware 1.41
Database version: 3185
Windows 6.0.6002 Service Pack 2

11/16/2009 11:52:49 PM
mbam-log-2009-11-16 (23-52-49).txt

Scan type: Quick Scan
Objects scanned: 120886
Time elapsed: 11 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

ROOTER:

Rooter.exe (v1.0.2) by Eric_71
.
The token does not have the SeDebugPrivilege privilege ! (error:1300)
Can not acquire SeDebugPrivilege !
Please run the tool as administrator ..
.
Windows Vista Home Edition (6.0.6002) Service Pack 2
[32_bits] - x86 Family 6 Model 15 Stepping 13, GenuineIntel
.
Error OpenService (wscsvc) : 6
Error OpenSCManager : 5
Error OpenService (MpsSvc) : 6
Windows Defender -> Disabled !
User Account Control (UAC) -> Enabled
.
Internet Explorer 8.0.6001.18828
Mozilla Firefox 3.5.5 (en-US)
.
C:\ [Fixed-NTFS] .. ( Total:325 Go - Free:139 Go )
D:\ [Fixed-NTFS] .. ( Total:9 Go - Free:1 Go )
E:\ [CD_Rom]
.
Scan : 22:36.53
Path : C:\Users\family\Downloads\Rooter.exe
User : family ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
Locked smss.exe (484)
Locked csrss.exe (568)
Locked wininit.exe (612)
Locked services.exe (656)
Locked lsass.exe (668)
Locked lsm.exe (680)
Locked svchost.exe (864)
Locked svchost.exe (924)
Locked svchost.exe (1096)
Locked svchost.exe (1128)
Locked svchost.exe (1140)
Locked audiodg.exe (1220)
Locked svchost.exe (1244)
Locked SLsvc.exe (1268)
Locked svchost.exe (1304)
Locked svchost.exe (1488)
Locked AAWService.exe (1588)
Locked spoolsv.exe (1684)
Locked svchost.exe (1744)
Locked AppleMobileDeviceService.exe (1956)
Locked mDNSResponder.exe (1972)
Locked svchost.exe (2028)
Locked IAANTmon.exe (2044)
Locked LSSrvc.exe (508)
Locked lxbvcoms.exe (1116)
Locked McSACore.exe (1348)
Locked McciCMService.exe (1524)
Locked McProxy.exe (764)
Locked Mcshield.exe (1596)
Locked MpfSrv.exe (528)
Locked svchost.exe (2068)
Locked svchost.exe (2096)
Locked svchost.exe (2108)
Locked PSIService.exe (2128)
Locked PsiService_2.exe (2156)
Locked svchost.exe (2184)
Locked ViewpointService.exe (2240)
Locked svchost.exe (2256)
Locked SearchIndexer.exe (2296)
Locked XAudio.exe (2380)
Locked YahooAUService.exe (2520)
Locked taskeng.exe (3232)
Locked unsecapp.exe (2084)
Locked WmiPrvSE.exe (336)
Locked wmpnetwk.exe (3912)
Locked mcsysmon.exe (2472)
Locked mcmscsvc.exe (836)
Locked iPodService.exe (4188)
Locked PresentationFontCache.exe (4868)
Locked HPHC_Service.exe (5060)
Locked McNASvc.exe (5132)
Locked WmiPrvSE.exe (5200)
Locked csrss.exe (4680)
Locked winlogon.exe (860)
______ c:\PROGRA~1\mcafee.com\agent\mcagent.exe (3828)
______ C:\Windows\system32\Dwm.exe (1084)
______ C:\Windows\system32\taskeng.exe (2760)
______ C:\Windows\Explorer.EXE (5408)
______ C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (4368)
______ C:\Program Files\FastAccessDSL\HelpCenter43\bin\sprtcmd.exe (6008)
______ C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (4160)
______ C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (4112)
______ C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (768)
______ C:\Program Files\iTunes\iTunesHelper.exe (5988)
______ C:\Windows\System32\hkcmd.exe (5300)
______ C:\Windows\System32\igfxpers.exe (5940)
______ C:\Program Files\Java\jre6\bin\jusched.exe (304)
______ C:\Program Files\Windows Sidebar\sidebar.exe (3172)
______ C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe (3372)
______ C:\Windows\system32\igfxsrvc.exe (5212)
______ C:\Windows\ehome\ehtray.exe (3932)
______ C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (3268)
______ C:\Program Files\Windows Media Player\wmpnscfg.exe (4144)
______ C:\Windows\system32\wbem\unsecapp.exe (2452)
______ C:\Windows\ehome\ehmsas.exe (5016)
______ C:\Program Files\Windows Sidebar\sidebar.exe (5804)
______ C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (2892)
______ C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe (5320)
______ C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe (5460)
______ C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe (728)
Locked WUDFHost.exe (6100)
______ C:\Windows\System32\mobsync.exe (5012)
______ C:\Windows\system32\DllHost.exe (4472)
______ C:\Program Files\Mozilla Firefox\firefox.exe (3756)
______ C:\Users\family\Downloads\Rooter.exe (1196)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:349919829504)
\Device\Harddisk0\Partition2 (Start_Offset:349919861760 | Length:10158220800)
.
----------------------\\ Scheduled Tasks
.
C:\Windows\Tasks\Ad-Aware Update (Weekly).job
C:\Windows\Tasks\Google Software Updater.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\McDefragTask.job
C:\Windows\Tasks\McQcTask.job
C:\Windows\Tasks\SA.DAT
C:\Windows\Tasks\SCHEDLGU.TXT
C:\Windows\Tasks\User_Feed_Synchronization-{4B3593F7-9DDC-4031-B174-350188CC183B}.job
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
C:\PROGRA~1\PrivacyEraser Computing
==> Rogues <==
.
----------------------\\ Scan completed at 22:39.38
.
C:\Rooter$\Rooter_4.txt - (17/11/2009 | 22:39.38)

CKSCANNER:

CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\hp games\insaniquarium deluxe\images\eggcrack1.gif
c:\program files\hp games\insaniquarium deluxe\images\eggcrack2.gif
c:\program files\hp games\insaniquarium deluxe\images\_eggcrack1.gif
c:\program files\hp games\insaniquarium deluxe\images\_eggcrack2.gif
c:\users\family\appdata\local\virtualstore\program files\hp games\insaniquarium deluxe\images\eggcrack1.gif
c:\users\family\appdata\local\virtualstore\program files\hp games\insaniquarium deluxe\images\eggcrack2.gif
c:\users\family\appdata\local\virtualstore\program files\hp games\insaniquarium deluxe\images\_eggcrack1.gif
c:\users\family\appdata\local\virtualstore\program files\hp games\insaniquarium deluxe\images\_eggcrack2.gif
c:\users\family\appdata\roaming\macromedia\flash player\#sharedobjects\fz4j5zdh\crackle.com\cracklesettings.sol
c:\users\family\appdata\roaming\macromedia\flash player\#sharedobjects\fz4j5zdh\www.crackle.com\cracklesettings.sol
c:\users\family\appdata\roaming\macromedia\flash player\#sharedobjects\fz4j5zdh\www.crackle.com\tracking.sol
c:\users\family\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\#crackle.com\settings.sol
c:\users\family\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\#www.crackle.com\settings.sol
scanner sequence 3.ZZ.11
----- EOF -----

ROOTREPEAL:

rootrepeal crashed six time before this report

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/18 01:58
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP2
==================================================

Drivers
-------------------
Name: dump_iaStor.sys
Image Path: C:\Windows\System32\Drivers\dump_iaStor.sys
Address: 0x93203000 Size: 892928 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xB31E1000 Size: 49152 File Visible: No Signed: -
Status: -

Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1280 Status: Locked to the Windows API!

==EOF==

thank you for your help

unknown virus/malware

Tue, 10 Nov 2009 03:51:18 +0100

Hi again----I have definitely a problem and may be the vundo virus again on a different computer for my friend. I have a lot of popups, trouble accessing the internet and running programs.

Doing the initial steps I can not run--
ATF Cleaner
MBAM
CKScanner

(also there was not an AV program anylonger and could not install AVG)

OTL, Rooter, LockSearch and RootRepeal logs to follow

Vundo, please help me remove it!

Mon, 09 Nov 2009 01:27:36 +0100

Hello.

I have a rather irritating problem.
I normally use firefox but today internet explorer keeps popping up on it's own with a blank page and a random URL at the top. Then a message pops up saying IE has stopped working.

I ran three different virus scans in regular and safe mode each and was able to remove a few harmful things each time but no matter what I do, I still have the same problem. I has Malwarebytes installed but it wasn't working so I reinstalled it and kept getting a message saying

Unable to execute file:

c:\Program Files\Malwarebytes' Anti-Malware/mbam.exe

CreateProcess failed; Code 2.
The system cannot find the file specified.

So The next thing I did was ran OTS.

But I don't know what to do after that to get my computer back to normal.
Can someone help me please?

Here is the report from OTS, I didn't know how else to upload it here. I hope it works.
http://www.atribune.org/forums/index.php?act=attach&type=post&id=1253

Guide for New Vundo.H virus

Fri, 13 Nov 2009 12:37:27 +0100

removed malware advice

Virus that shuts down anti-virus help??

Sun, 18 Oct 2009 19:58:22 +0200

i know i have a virus on my computer. whenever i run ANY type of anit-virus, it will shut it down and uninstall it immeditaly. this includes (so far) Webroot, Ad-ware, Spyware Docto, Super Anti-Spyware, and Malwarebytes' Anit-malware. i have tried re-installing all of them, but it just won't take hold. As such, i cant do the 'before you post' thing, although i have tried. Any ideas? (btw- this is all on the family's home computer, and i'm leaving for college again soon. if there's no post, that's why) Thanks!

possible vundo problem; please help

Sun, 13 Sep 2009 22:28:08 +0200

I think I might have a Vundo problem on my computer. I think this because I was getting the Virus Doctor pop ups. I ran Vundo Fix and got nothing. I would greatly appreciate any help. Thanks.

I have the logs for Malwarebytes and hijackThis

Malwarebytes:

Malwarebytes' Anti-Malware 1.41
Database version: 2792
Windows 6.0.6002 Service Pack 2

9/13/2009 3:26:55 PM
mbam-log-2009-09-13 (15-26-55).txt

Scan type: Quick Scan
Objects scanned: 77698
Time elapsed: 2 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:11:01 PM, on 9/13/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msntask.exe
C:\Windows\SysWow64\Macromed\Flash\FlashUtil10a.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - MRI_DISABLED - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\Sidebar.exe" /autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Andrea ST Filters Service (AESTFilters) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_5730ce9f\AESTSr64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files (x86)\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Audio Service (STacSV) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_5730ce9f\STacSV64.exe (file missing)
O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8350 bytes

possible vundo problem; please help

Sun, 13 Sep 2009 22:28:03 +0200