Jump to content

Welcome to Geeks to Go - Register now for FREE
Geeks To Go is a helpful hub, where thousands of friendly volunteers serve up answers and support. Get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. This message and all ads will be removed once you have signed in.
Create an Account Login to Account

I must have a virus - crashes and freezes


  • Please log in to reply

#1
JRex

JRex

    Member

  • Member
  • PipPip
  • 57 posts
Help Anyone,

This computer is crashing abd freezing. Most issues are with outlook 2007 and Internet running.

It's homemade Celeron D 3.46Ghz, with 1 G Ram. I want to upgrade ram but this problem started two weeks ago.

I run AVG and last night I came home and a relative came by and installed Avast now I have two anti-viruses running. Just yet another issue.

Any Help... :)

Things I Did:
1. TFC
2. SysRestorePoint
3. ERUNT
4. MBAM
5. Internet Security
6. Windows Updater
7. Rooter
8. OTList2

Thanks,
John



Microsoft Windows XP Home Edition (5.1.2600) Service Pack 3

A:\ [Removable] (Total:0 Mo/Free:0 Mo)
C:\ [Fixed] - NTFS - (Total:54501 Mo/Free:1452 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
E:\ [CD-Rom] (Total:210 Mo/Free:0 Mo)
F:\ [Fixed] - NTFS - (Total:21806 Mo/Free:3874 Mo)
G:\ [Removable] (Total:0 Mo/Free:0 Mo)
H:\ [Removable] (Total:0 Mo/Free:0 Mo)
I:\ [Removable] (Total:0 Mo/Free:0 Mo)
J:\ [Removable] (Total:0 Mo/Free:0 Mo)
Z:\ [Network] (Total:231476 Mo/Free:3496 Mo)

Fri 05/29/2009|11:11

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Windows Defender\MsMpEng.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
--Locked-- vsmon.exe
---------- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
---------- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
---------- C:\Program Files\Alwil Software\Avast4\ashServ.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
---------- C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
---------- C:\Program Files\Bonjour\mDNSResponder.exe
---------- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
---------- C:\Program Files\Citrix\GoToMyPC\g2svc.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\iolo\common\lib\ioloServiceManager.exe
---------- C:\Program Files\Citrix\GoToMyPC\g2comm.exe
---------- C:\Program Files\Citrix\GoToMyPC\g2pre.exe
---------- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
---------- C:\PROGRA~1\AVG\AVG8\avgrsx.exe
---------- C:\PROGRA~1\AVG\AVG8\avgnsx.exe
---------- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
---------- C:\Program Files\Citrix\GoToMyPC\g2tray.exe
---------- C:\Program Files\CyberLink\Shared Files\RichVideo.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\PROGRA~1\AVG\AVG8\avgemc.exe
---------- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
---------- C:\Program Files\AVG\AVG8\avgcsrvx.exe
---------- C:\WINDOWS\system32\SearchIndexer.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\WINDOWS\RTHDCPL.EXE
---------- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
---------- C:\Program Files\Windows Defender\MSASCui.exe
---------- C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
---------- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
---------- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
---------- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
---------- C:\WINDOWS\system32\wbem\unsecapp.exe
---------- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
---------- C:\Program Files\Nova Development\Scrapbook Factory Deluxe 4.0\ReminderApp.exe
---------- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
---------- C:\WINDOWS\system32\wbem\wmiprvse.exe
---------- C:\WINDOWS\tsnpstd3.exe
---------- C:\WINDOWS\vsnpstd3.exe
---------- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
---------- C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe
---------- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
---------- C:\PROGRA~1\AVG\AVG8\avgtray.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\Program Files\iTunes\iTunesHelper.exe
--Locked-- zlclient.exe
---------- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
---------- C:\Program Files\Java\jre1.5.0_17\bin\jusched.exe
---------- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
---------- C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
---------- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\Program Files\iPod\bin\iPodService.exe
---------- C:\Program Files\Messenger\msmsgs.exe
---------- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
---------- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
---------- C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe
---------- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
---------- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
---------- C:\WINDOWS\system32\sistray.exe
---------- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
---------- C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
---------- C:\Program Files\eFax Messenger 4.4\J2GTray.exe
---------- C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
---------- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
---------- C:\Program Files\Rainlendar\Rainlendar.exe
---------- C:\Program Files\stickies\stickies.exe
---------- C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
---------- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
---------- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
---------- C:\Program Files\Internet Explorer\iexplore.exe
---------- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
---------- C:\WINDOWS\system32\wuauclt.exe
---------- C:\WINDOWS\system32\SearchProtocolHost.exe
---------- C:\WINDOWS\system32\wbem\wmiprvse.exe
---------- C:\WINDOWS\system32\SearchFilterHost.exe
---------- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!



1 - "C:\Rooter$\Rooter_1.txt" - Fri 05/29/2009|11:12

----------------------\\ Scan completed at 11:12



OTListIt logfile created on: 5/29/2009 11:14:58 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = F:\ALL_FILES\Malware requirements
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

991.36 Mb Total Physical Memory | 175.79 Mb Available Physical Memory | 17.73% Memory free
2.33 Gb Paging File | 1.19 Gb Available in Paging File | 51.01% Paging File free
Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 53.22 Gb Total Space | 21.42 Gb Free Space | 40.24% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 210.68 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 21.30 Gb Total Space | 19.78 Gb Free Space | 92.90% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Z: | 226.05 Gb Total Space | 151.38 Gb Free Space | 66.97% Space Free | Partition Type: NTFS

Computer Name: FAMILYROOM
Current User Name: Family
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe (Computer Associates International, Inc.)
PRC - C:\Program Files\Citrix\GoToMyPC\g2svc.exe (Citrix Online, a division of Citrix Systems, Inc.)
PRC - C:\Program Files\iolo\common\lib\ioloServiceManager.exe ()
PRC - C:\Program Files\Citrix\GoToMyPC\g2comm.exe (Citrix Online, a division of Citrix Systems, Inc.)
PRC - C:\Program Files\Citrix\GoToMyPC\g2pre.exe (Citrix Online, a division of Citrix Systems, Inc.)
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
PRC - C:\Program Files\Citrix\GoToMyPC\g2tray.exe (Citrix Online, a division of Citrix Systems, Inc.)
PRC - C:\Program Files\CyberLink\Shared Files\RichVideo.exe ()
PRC - C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Pure Networks, Inc.)
PRC - C:\Program Files\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe (CA, Inc.)
PRC - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe (CA, Inc.)
PRC - C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\WINDOWS\system32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Nova Development\Scrapbook Factory Deluxe 4.0\ReminderApp.exe ()
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\WINDOWS\tsnpstd3.exe ()
PRC - C:\WINDOWS\vsnpstd3.exe ()
PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
PRC - C:\Program Files\Intuit\QuickBooks 2009\QBDBMgrN.exe (Intuit, Inc.)
PRC - C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Pure Networks, Inc.)
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Program Files\Java\jre1.5.0_17\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe (j2 Global Communications, Inc.)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
PRC - C:\WINDOWS\system32\sistray.exe (Silicon Integrated Systems Corporation)
PRC - C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\eFax Messenger 4.4\J2GTray.exe (j2 Global Communications, Inc.)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Program Files\Rainlendar\Rainlendar.exe (Rainy)
PRC - C:\Program Files\stickies\stickies.exe ()
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe (Hewlett-Packard)
PRC - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe (CA, Inc.)
PRC - C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe (Hewlett-Packard Co.)
PRC - F:\ALL_FILES\Malware requirements\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (avg8emc [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (CaCCProvSP [On_Demand | Running]) -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe (CA, Inc.)
SRV - (CAISafe [Auto | Running]) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe (Computer Associates International, Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (GoToMyPC [Auto | Running]) -- C:\Program Files\Citrix\GoToMyPC\g2svc.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (hpqcxs08 [On_Demand | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (hpqddsvc [Auto | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (ioloFileInfoList [Auto | Running]) -- C:\Program Files\iolo\common\lib\ioloServiceManager.exe ()
SRV - (ioloSystemService [Auto | Running]) -- C:\Program Files\iolo\common\lib\ioloServiceManager.exe ()
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Lavasoft Ad-Aware Service [Auto | Running]) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (LightScribeService [Auto | Running]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (NBService [On_Demand | Stopped]) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (Nero AG)
SRV - (NetTcpPortSharing [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NMIndexingService [Disabled | Stopped]) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG)
SRV - (nmraapache [On_Demand | Stopped]) -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe (Pure Networks, Inc.)
SRV - (nmservice [Auto | Running]) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Pure Networks, Inc.)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (QBCFMonitorService [Auto | Running]) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (QBFCService [On_Demand | Stopped]) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (QuickBooksDB19 [On_Demand | Running]) -- C:\Program Files\Intuit\QuickBooks 2009\QBDBMgrN.exe (Intuit, Inc.)
SRV - (RichVideo [Auto | Running]) -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe ()
SRV - (VETMSGNT [Auto | Stopped]) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe (CA, Inc.)
SRV - (vsmon [Auto | Running]) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (Aavmker4 [System | Running]) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (Afc [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\Afc.sys (Arcsoft, Inc.)
DRV - (AR2425 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\aw5006.sys (AzureWave Technologies, Inc.)
DRV - (aswFsBlk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV - (aswMon2 [Auto | Running]) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswRdr [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswSP [System | Running]) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswTdi [System | Running]) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (AvgLdx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX [System | Running]) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (Lbd [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (pfc [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (pnarp [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\pnarp.sys (Pure Networks, Inc.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (purendis [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\purendis.sys (Pure Networks, Inc.)
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Running]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SiS315 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\sisgrp.sys (Silicon Integrated Systems Corporation)
DRV - (SiSGbeXP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\SiSGbeXP.sys (Silicon Integrated Systems Corp.)
DRV - (SiSkp [System | Running]) -- C:\WINDOWS\system32\DRIVERS\srvkp.sys (Silicon Integrated Systems Corporation)
DRV - (SNPSTD3 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\snpstd3.sys (Sonix Co. Ltd.)
DRV - (srescan [Boot | Running]) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys (Check Point Software Technologies LTD)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (usbbus [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\lgusbbus.sys (LG Electronics Inc.)
DRV - (UsbDiag [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys (LG Electronics Inc.)
DRV - (USBModem [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys (LG Electronics Inc.)
DRV - (VETEBOOT [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\veteboot.sys (Computer Associates International, Inc.)
DRV - (VETEFILE [System | Running]) -- C:\WINDOWS\System32\drivers\vetefile.sys (Computer Associates International, Inc.)
DRV - (vsdatant [System | Running]) -- C:\WINDOWS\System32\vsdatant.sys (Check Point Software Technologies LTD)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"

FF - HKLM\software\mozilla\Firefox\Extensions\\remoteExt@emusic.com: C:\PROGRAM FILES\EMUSIC REMOTE\REMOTEEXT
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD [2007/10/18 19:18:03 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\PROGRAM FILES\AVG\AVG8\FIREFOX [2009/05/17 08:14:05 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/03/31 22:23:02 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{1d5287d1-8a92-0001-1f31-1cec198018d8}: C:\PROGRAM FILES\AVG\AVG8\TOOLBARFF [2009/05/17 08:14:05 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.18\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/02/18 17:00:07 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.18\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/02/18 17:00:07 | 00,000,000 | ---D | M]

[2009/02/10 09:59:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\mozilla\Firefox\Profiles\9uozlakh.default\extensions
[2009/05/20 10:31:59 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/02/10 09:58:53 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/05/20 10:32:00 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}
[2009/02/10 09:58:53 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\talkback@mozilla.org
[2009/02/10 09:58:31 | 00,067,696 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2009/02/10 09:58:31 | 00,054,376 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2009/02/10 09:58:32 | 00,034,952 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\myspell.dll
[2009/02/10 09:58:36 | 00,046,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\spellchk.dll
[2009/02/10 09:58:37 | 00,172,144 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2009/02/10 09:58:48 | 00,001,514 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/02/10 09:58:48 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/02/10 09:58:48 | 00,001,038 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/02/10 09:58:48 | 00,001,046 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/02/10 09:58:49 | 00,002,351 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/02/10 09:58:49 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (292648 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 10077 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_17\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG Technologies CZ, s.r.o.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [atr.exe] File not found
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" (CA, Inc.)
O4 - HKLM..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" (CA, Inc.)
O4 - HKLM..\Run: [GoToMyPC] "C:\Program Files\Citrix\GoToMyPC\g2svc.exe" -logon (Citrix Online, a division of Citrix Systems, Inc.)
O4 - HKLM..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash (Pure Networks, Inc.)
O4 - HKLM..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" (Pure Networks, Inc.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [ReminderApp] C:\Program Files\Nova Development\Scrapbook Factory Deluxe 4.0\ReminderApp.exe ()
O4 - HKLM..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" (Cyberlink Corp.)
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent File not found
O4 - HKLM..\Run: [SkyTel] SkyTel.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_17\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKLM..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe ()
O4 - HKLM..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide (Microsoft Corporation)
O4 - HKLM..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" (Yahoo! Inc)
O4 - HKLM..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (Nero AG)
O4 - HKCU..\Run: [eFax 4.4] "C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe" /R (j2 Global Communications, Inc.)
O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe (Silicon Integrated Systems Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Family\Start Menu\Programs\Startup\eFax 4.4.lnk = C:\Program Files\eFax Messenger 4.4\J2GTray.exe (j2 Global Communications, Inc.)
O4 - Startup: C:\Documents and Settings\Family\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Family\Start Menu\Programs\Startup\Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE File not found
O4 - Startup: C:\Documents and Settings\Family\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Family\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2 ()
O4 - Startup: C:\Documents and Settings\Family\Start Menu\Programs\Startup\Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe (Rainy)
O4 - Startup: C:\Documents and Settings\Family\Start Menu\Programs\Startup\Stickies.lnk = C:\Program Files\stickies\stickies.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_17\bin\npjpi150_17.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 46 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www2.snapfish...fishActivia.cab (Snapfish Activia)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg...l_v1-0-3-48.cab (EPUImageControl Class)
O16 - DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} http://vsp.closetmai..._downloader.cab (Maid Control)
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} file:///C:/WINDOWS/msxml4.cab (XML DOM Document 4.0)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.su...indows-i586.cab (Java Plug-in 1.5.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://a532.g.akamai...l/installer.exe (Virtools WebPlayer Class)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Pure Networks, Inc.)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\GoToMyPC: DllName - C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll - C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/06/01 12:51:47 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/12/12 20:01:46 | 00,554,622 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{6dda5f4e-0e5d-11de-98ab-00508d98533f}\Shell - "" = AutoRun
O33 - MountPoints2\{6dda5f4e-0e5d-11de-98ab-00508d98533f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6dda5f4e-0e5d-11de-98ab-00508d98533f}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found
O33 - MountPoints2\{be70dfeb-028d-11de-98a6-00508d98533f}\Shell - "" = AutoRun
O33 - MountPoints2\{be70dfeb-028d-11de-98a6-00508d98533f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{be70dfeb-028d-11de-98a6-00508d98533f}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/05/29 11:10:22 | 00,000,000 | ---D | M]
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[1 C:\DOCUME~1\Family\Desktop\*.tmp files]
[2009/05/29 11:11:21 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/05/29 10:25:40 | 00,321,040 | ---- | C] (CA, Inc.) -- C:\WINDOWS\System32\caavimages.1
[2009/05/29 10:25:40 | 00,075,280 | ---- | C] (CA, Inc.) -- C:\WINDOWS\System32\isafprod.1
[2009/05/29 10:25:40 | 00,011,280 | ---- | C] (CA, Inc.) -- C:\WINDOWS\System32\vetntmsg.1
[2009/05/29 10:25:39 | 00,079,376 | ---- | C] (CA, Inc.) -- C:\WINDOWS\System32\caavresource.1
[2009/05/29 10:25:39 | 00,008,720 | ---- | C] (CA, Inc.) -- C:\WINDOWS\System32\caavproduct.1
[2009/05/29 10:25:37 | 00,095,760 | ---- | C] (CA, Inc.) -- C:\WINDOWS\System32\avshlext.1
[2009/05/29 10:25:37 | 00,028,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vdmdbg.1
[2009/05/29 10:25:36 | 00,222,736 | ---- | C] (CA, Inc.) -- C:\WINDOWS\System32\driverif.1
[2009/05/29 10:25:36 | 00,214,544 | ---- | C] (CA, Inc.) -- C:\WINDOWS\System32\caavscan.1
[2009/05/29 10:25:35 | 00,243,216 | ---- | C] (CA, Inc.) -- C:\WINDOWS\System32\vetmsg.1
[2009/05/29 10:25:35 | 00,120,336 | ---- | C] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\unvet32.1
[2009/05/29 10:25:34 | 00,366,096 | ---- | C] (CA, Inc.) -- C:\WINDOWS\System32\cavrep.1
[2009/05/29 10:25:34 | 00,230,928 | ---- | C] (CA, Inc.) -- C:\WINDOWS\System32\cavrid.1
[2009/05/29 10:25:33 | 00,222,736 | ---- | C] (CA, Inc.) -- C:\WINDOWS\System32\caavguiscan.1
[2009/05/29 10:25:32 | 00,366,096 | ---- | C] (CA, Inc.) -- C:\WINDOWS\System32\caav.1
[2009/05/29 10:25:32 | 00,153,104 | ---- | C] (CA, Inc.) -- C:\WINDOWS\System32\caavcmdscan.1
[2009/05/29 10:17:56 | 00,320,752 | ---- | C] (CA, Inc.) -- C:\WINDOWS\System32\arclib.1
[2009/05/29 09:48:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/05/29 09:47:54 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\Family\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/05/29 09:47:46 | 00,000,611 | ---- | C] () -- C:\DOCUME~1\Family\Desktop\NTREGOPT.lnk
[2009/05/29 09:47:46 | 00,000,592 | ---- | C] () -- C:\DOCUME~1\Family\Desktop\ERUNT.lnk
[2009/05/29 09:47:34 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/05/29 09:21:16 | 00,000,000 | ---D | C] -- C:\DOCUME~1\Family\Desktop\Malware requirements
[2009/05/29 09:19:59 | 00,000,000 | ---D | C] -- F:\ALL_FILES\Malware requirements
[2009/05/28 21:32:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.3 Output
[2009/05/28 18:58:15 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/05/28 18:58:15 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/05/28 18:58:13 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/05/28 18:58:05 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/05/28 18:58:04 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/05/28 18:58:04 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/05/28 18:58:03 | 00,094,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/05/28 18:58:03 | 00,093,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/05/28 18:57:38 | 01,256,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/05/28 18:57:38 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/05/28 18:57:33 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/05/28 18:49:52 | 34,346,616 | ---- | C] () -- C:\DOCUME~1\Family\Desktop\setupeng.exe
[2009/05/26 16:36:00 | 00,397,964 | ---- | C] () -- C:\DOCUME~1\Family\Desktop\20090512144744028-15704510473-101_E_N.wav
[2009/05/26 16:32:00 | 00,635,724 | ---- | C] () -- C:\DOCUME~1\Family\Desktop\20090512120125081-restricted-101_E_N.wav
[2009/05/24 21:11:37 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/05/24 10:27:18 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/05/24 10:23:55 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/05/23 14:54:09 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/05/23 14:54:06 | 00,000,867 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Ad-Aware.lnk
[2009/05/21 22:08:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Family\Application Data\Windows Search
[2009/05/20 16:30:00 | 02,157,184 | ---- | C] () -- C:\DOCUME~1\Family\Desktop\00146 EM.wav
[2009/05/20 10:32:41 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2009/05/20 10:32:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Family\Application Data\Sun
[2009/05/20 10:31:06 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009/05/20 10:29:59 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2009/05/19 21:13:04 | 05,083,193 | ---- | C] () -- F:\ALL_FILES\pictures.xps
[2009/05/09 19:40:23 | 00,000,162 | -H-- | C] () -- C:\DOCUME~1\Family\Desktop\~$b chart for kids.doc
[2009/05/09 19:40:22 | 00,098,816 | ---- | C] () -- C:\DOCUME~1\Family\Desktop\Job chart for kids.doc
[2009/05/07 09:41:09 | 00,027,902 | ---- | C] () -- C:\Documents and Settings\Family\Application Data\Comma Separated Values (Windows).ADR
[2009/05/07 09:39:00 | 00,025,450 | ---- | C] () -- F:\ALL_FILES\Outlook 052009.CSV
[2009/05/03 12:29:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Family\Application Data\Windows Desktop Search
[2009/05/03 10:38:28 | 00,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2009/05/03 10:37:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2009/05/03 10:37:50 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2009/05/03 10:34:45 | 00,192,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\offfilt.dll
[2009/05/03 10:34:45 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nlhtml.dll
[2009/05/03 10:34:45 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mimefilt.dll
[2009/05/01 00:17:15 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2009/05/01 00:13:39 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2009/04/30 20:40:47 | 00,000,000 | ---- | C] () -- C:\WINDOWS\%smapisvc.inf
[2009/04/25 16:30:33 | 00,000,000 | ---- | C] () -- C:\WINDOWS\~tmp.INI
[2009/04/25 16:23:51 | 00,000,092 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/03/26 12:46:37 | 00,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2009/02/24 15:54:10 | 00,936,288 | ---- | C] () -- C:\WINDOWS\System32\Incinerator.dll
[2009/02/24 15:38:10 | 00,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2009/01/04 11:01:03 | 00,000,029 | ---- | C] () -- C:\WINDOWS\ATW.INI
[2008/10/07 08:22:53 | 00,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll
[2008/10/07 08:22:53 | 00,023,552 | ---- | C] () -- C:\WINDOWS\xobglu32.dll
[2008/10/05 15:13:16 | 00,000,043 | ---- | C] () -- C:\WINDOWS\juniordisplay.ini
[2008/09/30 18:38:42 | 00,000,075 | ---- | C] () -- C:\WINDOWS\pixworks.ini
[2008/08/26 18:42:50 | 00,015,498 | ---- | C] () -- C:\WINDOWS\snpstd3.ini
[2008/08/26 18:42:47 | 00,172,032 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnpstd3.dll
[2008/08/26 18:42:47 | 00,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd3.dll
[2008/08/26 18:42:47 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd3.dll
[2008/08/26 18:42:47 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\csnpstd3.dll
[2008/03/28 09:30:08 | 00,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2008/02/10 09:47:08 | 00,000,031 | ---- | C] () -- C:\WINDOWS\opera.ini
[2007/09/30 10:05:32 | 00,000,549 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2007/09/29 17:00:51 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2007/09/27 10:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/07/01 10:04:32 | 00,000,035 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2007/06/28 19:00:07 | 00,000,043 | ---- | C] () -- C:\WINDOWS\KA.INI
[2007/06/28 18:56:17 | 00,000,793 | ---- | C] () -- C:\WINDOWS\ACTIVITY.INI
[2007/06/07 21:01:34 | 00,000,086 | ---- | C] () -- C:\WINDOWS\WPCMAPI.INI
[2007/06/02 21:21:16 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/06/02 17:07:56 | 00,000,185 | ---- | C] () -- C:\WINDOWS\disney.ini
[2007/06/01 19:21:42 | 00,000,000 | ---- | C] () -- C:\WINDOWS\MSREGUSR.INI
[2007/06/01 19:15:42 | 00,446,464 | ---- | C] () -- C:\WINDOWS\System32\tx32.dll
[2007/06/01 19:15:42 | 00,000,231 | ---- | C] () -- C:\WINDOWS\System32\IC32.INI
[2007/06/01 19:15:39 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\U25STORE.DLL
[2007/06/01 19:15:39 | 00,059,904 | ---- | C] () -- C:\WINDOWS\System32\U25TOTAL.DLL
[2007/06/01 19:15:39 | 00,044,544 | ---- | C] () -- C:\WINDOWS\System32\U25DTS.DLL
[2007/06/01 19:15:39 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\U2LBAR.DLL
[2007/06/01 19:15:39 | 00,038,400 | ---- | C] () -- C:\WINDOWS\System32\U2LDTS.DLL
[2007/06/01 19:15:39 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\U2LEXCH.DLL
[2007/06/01 19:15:39 | 00,027,136 | ---- | C] () -- C:\WINDOWS\System32\U2LSAMP1.DLL
[2007/06/01 19:15:39 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\U2LFINRA.DLL
[2007/06/01 19:15:38 | 00,306,176 | ---- | C] () -- C:\WINDOWS\System32\p2smcube.dll
[2007/06/01 19:15:38 | 00,300,544 | ---- | C] () -- C:\WINDOWS\System32\p2molap.dll
[2007/06/01 19:15:38 | 00,239,616 | ---- | C] () -- C:\WINDOWS\System32\p2solap.dll
[2007/06/01 19:15:37 | 00,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\IMPLODE.DLL
[2007/06/01 14:18:37 | 00,796,312 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2007/06/01 13:01:47 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2007/06/01 13:00:13 | 00,089,984 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2007/06/01 12:58:47 | 00,075,113 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2007/06/01 12:57:40 | 00,006,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\ALLOW-IO.SYS
[2004/08/04 08:00:00 | 00,001,032 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 08:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[1 C:\DOCUME~1\Family\Desktop\*.tmp files]
[2009/05/29 11:10:17 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/29 10:17:34 | 00,011,280 | ---- | M] (CA, Inc.) -- C:\WINDOWS\System32\vetntmsg.1
[2009/05/29 10:17:32 | 00,075,280 | ---- | M] (CA, Inc.) -- C:\WINDOWS\System32\isafprod.1
[2009/05/29 10:17:31 | 00,079,376 | ---- | M] (CA, Inc.) -- C:\WINDOWS\System32\caavresource.1
[2009/05/29 10:17:31 | 00,008,720 | ---- | M] (CA, Inc.) -- C:\WINDOWS\System32\caavproduct.1
[2009/05/29 10:17:30 | 00,321,040 | ---- | M] (CA, Inc.) -- C:\WINDOWS\System32\caavimages.1
[2009/05/29 10:17:23 | 00,095,760 | ---- | M] (CA, Inc.) -- C:\WINDOWS\System32\avshlext.1
[2009/05/29 10:17:22 | 00,243,216 | ---- | M] (CA, Inc.) -- C:\WINDOWS\System32\vetmsg.1
[2009/05/29 10:17:20 | 00,028,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\vdmdbg.1
[2009/05/29 10:17:19 | 00,222,736 | ---- | M] (CA, Inc.) -- C:\WINDOWS\System32\driverif.1
[2009/05/29 10:17:19 | 00,120,336 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\unvet32.1
[2009/05/29 10:17:17 | 00,230,928 | ---- | M] (CA, Inc.) -- C:\WINDOWS\System32\cavrid.1
[2009/05/29 10:17:16 | 00,366,096 | ---- | M] (CA, Inc.) -- C:\WINDOWS\System32\cavrep.1
[2009/05/29 10:17:13 | 00,222,736 | ---- | M] (CA, Inc.) -- C:\WINDOWS\System32\caavguiscan.1
[2009/05/29 10:17:13 | 00,214,544 | ---- | M] (CA, Inc.) -- C:\WINDOWS\System32\caavscan.1
[2009/05/29 10:17:10 | 00,366,096 | ---- | M] (CA, Inc.) -- C:\WINDOWS\System32\caav.1
[2009/05/29 10:17:10 | 00,153,104 | ---- | M] (CA, Inc.) -- C:\WINDOWS\System32\caavcmdscan.1
[2009/05/29 10:14:27 | 00,320,752 | ---- | M] (CA, Inc.) -- C:\WINDOWS\System32\arclib.1
[2009/05/29 10:06:31 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/05/29 10:05:56 | 00,348,371 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/05/29 10:04:12 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Family\Local Settings\desktop.ini
[2009/05/29 10:03:10 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/29 10:02:53 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/29 10:02:52 | 10,395,85280 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/29 09:47:54 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\Family\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/05/29 09:47:46 | 00,000,611 | ---- | M] () -- C:\DOCUME~1\Family\Desktop\NTREGOPT.lnk
[2009/05/29 09:47:46 | 00,000,592 | ---- | M] () -- C:\DOCUME~1\Family\Desktop\ERUNT.lnk
[2009/05/29 09:37:27 | 00,011,280 | ---- | M] (CA, Inc.) -- C:\WINDOWS\System32\vetntmsg.dll
[2009/05/29 09:37:26 | 00,321,040 | ---- | M] (CA, Inc.) -- C:\WINDOWS\System32\caavimages.dll
[2009/05/29 09:37:26 | 00,079,376 | ---- | M] (CA, Inc.) -- C:\WINDOWS\System32\caavresource.dll
[2009/05/29 09:37:26 | 00,075,280 | ---- | M] (CA, Inc.) -- C:\WINDOWS\System32\isafprod.dll
[2009/05/29 09:37:26 | 00,008,720 | ---- | M] (CA, Inc.) -- C:\WINDOWS\System32\caavproduct.dll
[2009/05/29 09:37:23 | 00,095,760 | ---- | M] (CA, Inc.) -- C:\WINDOWS\System32\avshlext.dll
[2009/05/29 09:37:22 | 00,243,216 | ---- | M] (CA, Inc.) -- C:\WINDOWS\System32\vetmsg.exe
[2009/05/29 09:37:21 | 00,120,336 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\unvet32.exe
[2009/05/29 09:37:20 | 00,222,736 | ---- | M] (CA, Inc.) -- C:\WINDOWS\System32\driverif.dll
[2009/05/29 09:37:19 | 00,230,928 | ---- | M] (CA, Inc.) -- C:\WINDOWS\System32\cavrid.exe
[2009/05/29 09:37:18 | 00,366,096 | ---- | M] (CA, Inc.) -- C:\WINDOWS\System32\cavrep.exe
[2009/05/29 09:37:17 | 00,222,736 | ---- | M] (CA, Inc.) -- C:\WINDOWS\System32\caavguiscan.exe
[2009/05/29 09:37:17 | 00,214,544 | ---- | M] (CA, Inc.) -- C:\WINDOWS\System32\caavscan.dll
[2009/05/29 09:37:16 | 00,366,096 | ---- | M] (CA, Inc.) -- C:\WINDOWS\System32\caav.exe
[2009/05/29 09:37:16 | 00,153,104 | ---- | M] (CA, Inc.) -- C:\WINDOWS\System32\caavcmdscan.exe
[2009/05/29 09:36:24 | 00,320,752 | ---- | M] (CA, Inc.) -- C:\WINDOWS\System32\arclib.dll
[2009/05/29 08:41:52 | 36,528,201 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/05/29 08:41:52 | 00,062,955 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/05/28 18:58:04 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/05/28 18:53:39 | 34,346,616 | ---- | M] () -- C:\DOCUME~1\Family\Desktop\setupeng.exe
[2009/05/27 21:25:57 | 00,000,412 | ---- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Family.job
[2009/05/27 16:37:57 | 00,002,515 | ---- | M] () -- C:\DOCUME~1\Family\Desktop\Microsoft Office Word 2007.lnk
[2009/05/26 16:36:00 | 00,397,964 | ---- | M] () -- C:\DOCUME~1\Family\Desktop\20090512144744028-15704510473-101_E_N.wav
[2009/05/26 16:32:00 | 00,635,724 | ---- | M] () -- C:\DOCUME~1\Family\Desktop\20090512120125081-restricted-101_E_N.wav
[2009/05/25 11:24:09 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/05/25 10:23:42 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/05/24 10:22:15 | 00,015,688 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/05/24 10:21:08 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/05/23 14:54:06 | 00,000,867 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Ad-Aware.lnk
[2009/05/20 16:30:00 | 02,157,184 | ---- | M] () -- C:\DOCUME~1\Family\Desktop\00146 EM.wav
[2009/05/20 09:47:22 | 00,001,729 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Adobe Reader 8.lnk
[2009/05/19 21:13:25 | 05,083,193 | ---- | M] () -- F:\ALL_FILES\pictures.xps
[2009/05/16 08:46:28 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/05/16 08:46:22 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/05/16 08:46:20 | 00,325,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/05/16 08:45:25 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/05/11 14:37:07 | 00,098,816 | ---- | M] () -- C:\DOCUME~1\Family\Desktop\Job chart for kids.doc
[2009/05/09 19:40:23 | 00,000,162 | -H-- | M] () -- C:\DOCUME~1\Family\Desktop\~$b chart for kids.doc
[2009/05/07 09:41:09 | 00,027,902 | ---- | M] () -- C:\Documents and Settings\Family\Application Data\Comma Separated Values (Windows).ADR
[2009/05/07 09:39:00 | 00,025,450 | ---- | M] () -- F:\ALL_FILES\Outlook 052009.CSV
[2009/05/07 03:16:29 | 24,699,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/05/03 17:15:20 | 00,364,120 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/05/03 10:38:28 | 00,001,787 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2009/05/03 10:38:13 | 00,578,474 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/05/03 10:38:13 | 00,488,848 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/05/03 10:38:13 | 00,085,664 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/05/01 00:12:56 | 00,001,032 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/04/30 20:41:12 | 00,006,999 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2009/04/30 20:40:47 | 00,000,000 | ---- | M] () -- C:\WINDOWS\%smapisvc.inf
< End of report >





OTListIt Extras logfile created on: 5/29/2009 11:14:58 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = F:\ALL_FILES\Malware requirements
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

991.36 Mb Total Physical Memory | 175.79 Mb Available Physical Memory | 17.73% Memory free
2.33 Gb Paging File | 1.19 Gb Available in Paging File | 51.01% Paging File free
Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 53.22 Gb Total Space | 21.42 Gb Free Space | 40.24% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 210.68 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 21.30 Gb Total Space | 19.78 Gb Free Space | 92.90% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Z: | 226.05 Gb Total Space | 151.38 Gb Free Space | 66.97% Space Free | Partition Type: NTFS

Computer Name: FAMILYROOM
Current User Name: Family
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\stickies\stickies.exe:*:Enabled:Stickies 4.5b ()
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare File not found
C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger (Microsoft Corporation)
C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour (Apple Inc.)
C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe (AVG Technologies CZ, s.r.o.)
C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe (AVG Technologies CZ, s.r.o.)
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe (Hewlett-Packard Co.)
C:\Program Files\Intuit\QuickBooks 2009\QBDBMgrN.exe:*:Enabled:QuickBooks 2009 Data Manager (Intuit, Inc.)
C:\Novell\GroupWise\grpwise.exe:*:Disabled:GroupWise File not found
C:\Novell\GroupWise\notify.exe:*:Disabled:GroupWise Notify File not found
C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe (AVG Technologies CZ, s.r.o.)
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook (Microsoft Corporation)
C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove (Microsoft Corporation)
C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote (Microsoft Corporation)
C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox (Mozilla Corporation)
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service (Pure Networks, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08904DA6-01E6-4856-9CC1-FE608C769285}" = PamperedPartner® 17.1
"{0CE5F45E-F6CC-4638-B0DD-BB7F6EF56713}" = HP Deskjet D1500 Printer Driver Software 10.0 Rel .3
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{1C9A45C6-A367-472F-8FC7-45B10D661BF1}" = Wireless PCI-Express Network Adapter
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{2B04D44F-1D1B-4E0E-8431-D04F87C21033}" = Nero 7 Essentials
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{305468A6-DE2D-43ba-A168-2F45A97A89DA}" = DJ_SF_03_D1500_Software_Min
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0150170}" = J2SE Runtime Environment 5.0 Update 17
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36C9E08A-BE2B-40A0-83C5-576748F7B777}" = TestDrive Client
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{38436888-9EAA-4cec-A56F-65B73D9D423C}" = D1500
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{39D4FB9C-9CDE-4449-BD2B-6AD4D376CFDC}" = Art Explosion Publisher Pro 2.0
"{3FADAA19-E595-44CA-A072-58B6B0851768}" = Norton Security Scan
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 4.1
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1" = iolo technologies' System Mechanic
"{578B6EF9-119B-4FB8-8377-7DAFA9588B97}" = Network Magic
"{58F4D4FD-1814-4068-B316-C28FC776C6DD}" = GoToMyPC
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}" = Microsoft Money Shared Libraries
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67E4EE98-59F4-4210-89A6-A20AF5BEC689}" = Microsoft Streets and Trips 2005
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75B6C1BF-B98C-4B99-BD0D-CC9BF16C490D}" = Clifford Phonics
"{82C113AD-486F-4bd5-A2EA-2383AF57D084}" = D1500_Help
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8B8240B3-891D-4965-AA51-8799622D44FF}" = DJ_SF_03_D1500_ProductContext
"{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}" = URGE
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{9A2F0810-3622-4E86-9072-973FBE1679C5}" = QuickBooks Pro 2009
"{9A2F0810-369F-4E86-9072-973FBE1679C5}" = QuickBooks
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.5
"{AC76BA86-7AD7-1033-7B44-A81300000003}_814" = KB408682
"{AE133141-825E-440E-AAE5-898ACE8E33C1}" = Scrapbook Factory Deluxe 4.0
"{B1421599-A42D-47ef-B512-B9B0317BD599}" = DJ_SF_03_D1500_Software
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C9507D0D-1A9C-486E-91D6-33A71CCA55F2}" = Pure Networks Platform
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{DBCA9AEA-7E95-46B7-B809-F605FE21AD26}" = QuickBooks Customer Manager Version 2.5
"{DC226AC9-0314-496C-BE6A-B6A132628466}" = SiSAGP driver
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DF6DA606-904D-4C18-823F-A4CFC3035E53}" = eFax Messenger
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E376D45C-2C25-4437-9FDE-CEA857BF1DE9}" = Web Easy Professional 5.0
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{ECD03DA7-5952-406A-8156-5F0C93618D1F}" = USB PC Camera Plus
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F314B633-89C2-46F8-B074-3B79ECC3F0D8}" = Wireless PCI-Express Network Adapter
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced WindowsCare V2 Personal_is1" = Advanced WindowsCare 2.21 Personal
"AnyTime Organizer" = AnyTime Organizer
"avast!" = avast! Antivirus
"AVG8Uninstall" = AVG 8.5
"BlueVoda_Website_Builder_1.0" = BlueVoda Website Builder 9.22
"CCleaner" = CCleaner (remove only)
"Coupon Printer for Windows2.0" = Coupon Printer for Windows
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"ERUNT_is1" = ERUNT 1.1j
"Glary Registry Repair_is1" = Glary Registry Repair 3.0
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"LG USB Drivers" = LG USB Drivers
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Money2007b" = Microsoft Money 2007
"Mozilla Firefox (2.0.0.18)" = Mozilla Firefox (2.0.0.18)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"Network MagicUninstall" = Network Magic
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NSSSetup.{3FADAA19-E595-44CA-A072-58B6B0851768}" = Norton Security Scan (Symantec Corporation)
"Rainlendar" = Rainlendar (remove only)
"RealPlayer 6.0" = RealPlayer
"Serif DrawPlus 3.0" = Serif DrawPlus 3.0
"Shop for HP Supplies" = Shop for HP Supplies
"SiS VGA Driver" = SiS VGA Utilities
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"Stickies 4.5b" = Stickies 4.5b
"ULTIMATER" = Microsoft Office Ultimate 2007
"UnityWebPlayer" = Unity Web Player
"VETWIN32Vp5" = CA Anti-Virus
"WebPost" = Microsoft Web Publishing Wizard 1.52
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WMS" = Windows NT Messaging
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Search Defender" = Yahoo! Search Protection
"YInstHelper" = Yahoo! Install Manager
"ZoneAlarm" = ZoneAlarm

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/29/2009 10:06:44 AM | Computer Name = FAMILYROOM | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\FAMILY\START MENU\PROGRAMS\CYBERLINK
DVD SUITE\POWERDVD\CYBERLINK POWERDVD.LNK> in the hash map cannot be updated. Context:
Application, SystemIndex Catalog Details: A device attached to the system is not
functioning. (0x8007001f)

Error - 5/29/2009 10:06:44 AM | Computer Name = FAMILYROOM | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\FAMILY\START MENU\PROGRAMS\CYBERLINK
DVD SUITE\POWERDVD\POWERDVD HELP FILE.LNK> in the hash map cannot be updated. Context:
Application, SystemIndex Catalog Details: A device attached to the system is not
functioning. (0x8007001f)

Error - 5/29/2009 10:06:44 AM | Computer Name = FAMILYROOM | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\FAMILY\START MENU\PROGRAMS\CYBERLINK
DVD SUITE\POWERDVD\POWERDVD HELP FILE.LNK> in the hash map cannot be updated. Context:
Application, SystemIndex Catalog Details: A device attached to the system is not
functioning. (0x8007001f)

Error - 5/29/2009 10:06:45 AM | Computer Name = FAMILYROOM | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\FAMILY\START MENU\PROGRAMS\CYBERLINK
DVD SUITE\POWERDVD\SYSTEM DIAGNOSIS.LNK> in the hash map cannot be updated. Context:
Application, SystemIndex Catalog Details: A device attached to the system is not
functioning. (0x8007001f)

Error - 5/29/2009 10:06:45 AM | Computer Name = FAMILYROOM | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\FAMILY\START MENU\PROGRAMS\CYBERLINK
DVD SUITE\POWERDVD\SYSTEM DIAGNOSIS.LNK> in the hash map cannot be updated. Context:
Application, SystemIndex Catalog Details: A device attached to the system is not
functioning. (0x8007001f)

Error - 5/29/2009 10:06:45 AM | Computer Name = FAMILYROOM | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\FAMILY\START MENU\PROGRAMS\CYBERLINK
DVD SUITE\POWERDVD\READ ME.LNK> in the hash map cannot be updated. Context: Application,
SystemIndex Catalog Details: A device attached to the system is not functioning.
(0x8007001f)

Error - 5/29/2009 10:06:45 AM | Computer Name = FAMILYROOM | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\FAMILY\START MENU\PROGRAMS\CYBERLINK
DVD SUITE\POWERDVD\READ ME.LNK> in the hash map cannot be updated. Context: Application,
SystemIndex Catalog Details: A device attached to the system is not functioning.
(0x8007001f)

Error - 5/29/2009 10:06:47 AM | Computer Name = FAMILYROOM | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\FAMILY\START MENU\PROGRAMS\CYBERLINK
DVD SUITE\POWERDVD\UNINSTALL POWERDVD.LNK> in the hash map cannot be updated. Context:
Application, SystemIndex Catalog Details: A device attached to the system is not
functioning. (0x8007001f)

Error - 5/29/2009 10:06:47 AM | Computer Name = FAMILYROOM | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\FAMILY\START MENU\PROGRAMS\CYBERLINK
DVD SUITE\POWERDVD\UNINSTALL POWERDVD.LNK> in the hash map cannot be updated. Context:
Application, SystemIndex Catalog Details: A device attached to the system is not
functioning. (0x8007001f)

Error - 5/29/2009 10:25:53 AM | Computer Name = FAMILYROOM | Source = Microsoft Office 12 | ID = 5000
Description = EventType officelifeboathang, P1 outlook.exe, P2 12.0.4518.1014, P3
ntdll.dll, P4 5.1.2600.5755, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.

[ OSession Events ]
Error - 3/20/2008 7:54:25 AM | Computer Name = INTELPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 131332 seconds with 1500 seconds of active time. This session ended with
a crash.

Error - 3/28/2008 1:29:46 PM | Computer Name = INTELPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 246992
seconds with 660 seconds of active time. This session ended with a crash.

Error - 8/21/2008 3:38:21 PM | Computer Name = INTELPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 446
seconds with 420 seconds of active time. This session ended with a crash.

Error - 10/5/2008 3:13:19 PM | Computer Name = INTELPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 154541
seconds with 660 seconds of active time. This session ended with a crash.

Error - 1/17/2009 7:08:17 PM | Computer Name = INTELPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 21152
seconds with 3900 seconds of active time. This session ended with a crash.

Error - 5/3/2009 3:19:47 PM | Computer Name = INTELPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.6215.1000. This session lasted 1218
seconds with 300 seconds of active time. This session ended with a crash.

Error - 5/9/2009 7:21:37 PM | Computer Name = FAMILYROOM | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.6215.1000. This session lasted 119352
seconds with 5820 seconds of active time. This session ended with a crash.

Error - 5/13/2009 8:33:02 PM | Computer Name = FAMILYROOM | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.6215.1000. This session lasted 37009
seconds with 5760 seconds of active time. This session ended with a crash.

Error - 5/19/2009 12:24:56 AM | Computer Name = FAMILYROOM | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.6215.1000. This session lasted 43247
seconds with 5340 seconds of active time. This session ended with a crash.

Error - 5/19/2009 8:25:51 PM | Computer Name = FAMILYROOM | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.6215.1000. This session lasted 43346
seconds with 4740 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 5/29/2009 11:21:42 AM | Computer Name = FAMILYROOM | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service NMIndexingService
with arguments "" in order to run the server: {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}

Error - 5/29/2009 11:22:03 AM | Computer Name = FAMILYROOM | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service NMIndexingService
with arguments "" in order to run the server: {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}

Error - 5/29/2009 11:22:23 AM | Computer Name = FAMILYROOM | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service NMIndexingService
with arguments "" in order to run the server: {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}

Error - 5/29/2009 11:22:42 AM | Computer Name = FAMILYROOM | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service NMIndexingService
with arguments "" in order to run the server: {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}

Error - 5/29/2009 11:23:02 AM | Computer Name = FAMILYROOM | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service NMIndexingService
with arguments "" in order to run the server: {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}

Error - 5/29/2009 11:23:23 AM | Computer Name = FAMILYROOM | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service NMIndexingService
with arguments "" in order to run the server: {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}

Error - 5/29/2009 11:23:42 AM | Computer Name = FAMILYROOM | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service NMIndexingService
with arguments "" in order to run the server: {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}

Error - 5/29/2009 11:24:02 AM | Computer Name = FAMILYROOM | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service NMIndexingService
with arguments "" in order to run the server: {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}

Error - 5/29/2009 11:24:22 AM | Computer Name = FAMILYROOM | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service NMIndexingService
with arguments "" in order to run the server: {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}

Error - 5/29/2009 11:24:42 AM | Computer Name = FAMILYROOM | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service NMIndexingService
with arguments "" in order to run the server: {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}


< End of report >
  • 0

Advertisement




Similar Topics: I must have a virus - crashes and freezes     x


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

featured