Jump to content

Welcome Guest to Geeks to Go - Register now for FREE
Geeks To Go is a helpful hub, where thousands of friendly volunteers serve up answers and support. Get free advice from the experts. Feel free to browse the site as a guest. However, you must log in to reply to existing topics or start a new topic of your own, and enjoy all this forum has to offer. Additionally, if you can assist another member by sharing your knowledge, please post a reply! Best of all - Registration and all assistance, is FREE! Learn more about How it Works. Infected? Malware Cleaning Guide. What are you waiting for?
Create an Account Login to Account

I must have a virus - crashes and freezes


  • Please log in to reply

#1
JRex

JRex

    Member

  • Member
  • PipPip
  • 57 posts
Help Anyone,

This computer is crashing abd freezing. Most issues are with outlook 2007 and Internet running.

It's homemade Celeron D 3.46Ghz, with 1 G Ram. I want to upgrade ram but this problem started two weeks ago.

I run AVG and last night I came home and a relative came by and installed Avast now I have two anti-viruses running. Just yet another issue.

Any Help... :)

Things I Did:
1. TFC
2. SysRestorePoint
3. ERUNT
4. MBAM
5. Internet Security
6. Windows Updater
7. Rooter
8. OTList2

Thanks,
John



Microsoft Windows XP Home Edition (5.1.2600) Service Pack 3

A:\ [Removable] (Total:0 Mo/Free:0 Mo)
C:\ [Fixed] - NTFS - (Total:54501 Mo/Free:1452 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
E:\ [CD-Rom] (Total:210 Mo/Free:0 Mo)
F:\ [Fixed] - NTFS - (Total:21806 Mo/Free:3874 Mo)
G:\ [Removable] (Total:0 Mo/Free:0 Mo)
H:\ [Removable] (Total:0 Mo/Free:0 Mo)
I:\ [Removable] (Total:0 Mo/Free:0 Mo)
J:\ [Removable] (Total:0 Mo/Free:0 Mo)
Z:\ [Network] (Total:231476 Mo/Free:3496 Mo)

Fri 05/29/2009|11:11

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Windows Defender\MsMpEng.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
--Locked-- vsmon.exe
---------- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
---------- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
---------- C:\Program Files\Alwil Software\Avast4\ashServ.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
---------- C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
---------- C:\Program Files\Bonjour\mDNSResponder.exe
---------- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
---------- C:\Program Files\Citrix\GoToMyPC\g2svc.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\iolo\common\lib\ioloServiceManager.exe
---------- C:\Program Files\Citrix\GoToMyPC\g2comm.exe
---------- C:\Program Files\Citrix\GoToMyPC\g2pre.exe
---------- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
---------- C:\PROGRA~1\AVG\AVG8\avgrsx.exe
---------- C:\PROGRA~1\AVG\AVG8\avgnsx.exe
---------- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
---------- C:\Program Files\Citrix\GoToMyPC\g2tray.exe
---------- C:\Program Files\CyberLink\Shared Files\RichVideo.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\PROGRA~1\AVG\AVG8\avgemc.exe
---------- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
---------- C:\Program Files\AVG\AVG8\avgcsrvx.exe
---------- C:\WINDOWS\system32\SearchIndexer.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\WINDOWS\RTHDCPL.EXE
---------- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
---------- C:\Program Files\Windows Defender\MSASCui.exe
---------- C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
---------- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
---------- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
---------- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
---------- C:\WINDOWS\system32\wbem\unsecapp.exe
---------- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
---------- C:\Program Files\Nova Development\Scrapbook Factory Deluxe 4.0\ReminderApp.exe
---------- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
---------- C:\WINDOWS\system32\wbem\wmiprvse.exe
---------- C:\WINDOWS\tsnpstd3.exe
---------- C:\WINDOWS\vsnpstd3.exe
---------- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
---------- C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe
---------- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
---------- C:\PROGRA~1\AVG\AVG8\avgtray.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\Program Files\iTunes\iTunesHelper.exe
--Locked-- zlclient.exe
---------- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
---------- C:\Program Files\Java\jre1.5.0_17\bin\jusched.exe
---------- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
---------- C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
---------- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\Program Files\iPod\bin\iPodService.exe
---------- C:\Program Files\Messenger\msmsgs.exe
---------- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
---------- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
---------- C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe
---------- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
---------- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
---------- C:\WINDOWS\system32\sistray.exe
---------- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
---------- C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
---------- C:\Program Files\eFax Messenger 4.4\J2GTray.exe
---------- C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
---------- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
---------- C:\Program Files\Rainlendar\Rainlendar.exe
---------- C:\Program Files\stickies\stickies.exe
---------- C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
---------- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
---------- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
---------- C:\Program Files\Internet Explorer\iexplore.exe
---------- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
---------- C:\WINDOWS\system32\wuauclt.exe
---------- C:\WINDOWS\system32\SearchProtocolHost.exe
---------- C:\WINDOWS\system32\wbem\wmiprvse.exe
---------- C:\WINDOWS\system32\SearchFilterHost.exe
---------- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!



1 - "C:\Rooter$\Rooter_1.txt" - Fri 05/29/2009|11:12

----------------------\\ Scan completed at 11:12



OTListIt logfile created on: 5/29/2009 11:14:58 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = F:\ALL_FILES\Malware requirements
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

991.36 Mb Total Physical Memory | 175.79 Mb Available Physical Memory | 17.73% Memory free
2.33 Gb Paging File | 1.19 Gb Available in Paging File | 51.01% Paging File free
Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 53.22 Gb Total Space | 21.42 Gb Free Space | 40.24% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 210.68 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 21.30 Gb Total Space | 19.78 Gb Free Space | 92.90% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Z: | 226.05 Gb Total Space | 151.38 Gb Free Space | 66.97% Space Free | Partition Type: NTFS

Computer Name: FAMILYROOM
Current User Name: Family
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe (Computer Associates International, Inc.)
PRC - C:\Program Files\Citrix\GoToMyPC\g2svc.exe (Citrix Online, a division of Citrix Systems, Inc.)
PRC - C:\Program Files\iolo\common\lib\ioloServiceManager.exe ()
PRC - C:\Program Files\Citrix\GoToMyPC\g2comm.exe (Citrix Online, a division of Citrix Systems, Inc.)
PRC - C:\Program Files\Citrix\GoToMyPC\g2pre.exe (Citrix Online, a division of Citrix Systems, Inc.)
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
PRC - C:\Program Files\Citrix\GoToMyPC\g2tray.exe (Citrix Online, a division of Citrix Systems, Inc.)
PRC - C:\Program Files\CyberLink\Shared Files\RichVideo.exe ()
PRC - C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Pure Networks, Inc.)
PRC - C:\Program Files\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe (CA, Inc.)
PRC - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe (CA, Inc.)
PRC - C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\WINDOWS\system32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Nova Development\Scrapbook Factory Deluxe 4.0\ReminderApp.exe ()
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\WINDOWS\tsnpstd3.exe ()
PRC - C:\WINDOWS\vsnpstd3.exe ()
PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
PRC - C:\Program Files\Intuit\QuickBooks 2009\QBDBMgrN.exe (Intuit, Inc.)
PRC - C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Pure Networks, Inc.)
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Program Files\Java\jre1.5.0_17\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe (j2 Global Communications, Inc.)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
PRC - C:\WINDOWS\system32\sistray.exe (Silicon Integrated Systems Corporation)
PRC - C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\eFax Messenger 4.4\J2GTray.exe (j2 Global Communications, Inc.)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Program Files\Rainlendar\Rainlendar.exe (Rainy)
PRC - C:\Program Files\stickies\stickies.exe ()
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe (Hewlett-Packard)
PRC - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe (CA, Inc.)
PRC - C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe (Hewlett-Packard Co.)
PRC - F:\ALL_FILES\Malware requirements\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (avg8emc [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (CaCCProvSP [On_Demand | Running]) -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe (CA, Inc.)
SRV - (CAISafe [Auto | Running]) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe (Computer Associates International, Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (GoToMyPC [Auto | Running]) -- C:\Program Files\Citrix\GoToMyPC\g2svc.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (hpqcxs08 [On_Demand | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (hpqddsvc [Auto | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (ioloFileInfoList [Auto | Running]) -- C:\Program Files\iolo\common\lib\ioloServiceManager.exe ()
SRV - (ioloSystemService [Auto | Running]) -- C:\Program Files\iolo\common\lib\ioloServiceManager.exe ()
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Lavasoft Ad-Aware Service [Auto | Running]) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (LightScribeService [Auto | Running]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (NBService [On_Demand | Stopped]) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (Nero AG)
SRV - (NetTcpPortSharing [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NMIndexingService [Disabled | Stopped]) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG)
SRV - (nmraapache [On_Demand | Stopped]) -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe (Pure Networks, Inc.)
SRV - (nmservice [Auto | Running]) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Pure Networks, Inc.)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (QBCFMonitorService [Auto | Running]) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (QBFCService [On_Demand | Stopped]) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (QuickBooksDB19 [On_Demand | Running]) -- C:\Program Files\Intuit\QuickBooks 2009\QBDBMgrN.exe (Intuit, Inc.)
SRV - (RichVideo [Auto | Running]) -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe ()
SRV - (VETMSGNT [Auto | Stopped]) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe (CA, Inc.)
SRV - (vsmon [Auto | Running]) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (Aavmker4 [System | Running]) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (Afc [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\Afc.sys (Arcsoft, Inc.)
DRV - (AR2425 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\aw5006.sys (AzureWave Technologies, Inc.)
DRV - (aswFsBlk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV - (aswMon2 [Auto | Running]) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswRdr [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswSP [System | Running]) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswTdi [System | Running]) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (AvgLdx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX [System | Running]) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (Lbd [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (pfc [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (pnarp [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\pnarp.sys (Pure Networks, Inc.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (purendis [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\purendis.sys (Pure Networks, Inc.)
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Running]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SiS315 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\sisgrp.sys (Silicon Integrated Systems Corporation)
DRV - (SiSGbeXP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\SiSGbeXP.sys (Silicon Integrated Systems Corp.)
DRV - (SiSkp [System | Running]) -- C:\WINDOWS\system32\DRIVERS\srvkp.sys (Silicon Integrated Systems Corporation)
DRV - (SNPSTD3 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\snpstd3.sys (Sonix Co. Ltd.)
DRV - (srescan [Boot | Running]) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys (Check Point Software Technologies LTD)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (usbbus [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\lgusbbus.sys (LG Electronics Inc.)
DRV - (UsbDiag [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys (LG Electronics Inc.)
DRV - (USBModem [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys (LG Electronics Inc.)
DRV - (VETEBOOT [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\veteboot.sys (Computer Associates International, Inc.)
DRV - (VETEFILE [System | Running]) -- C:\WINDOWS\System32\drivers\vetefile.sys (Computer Associates International, Inc.)
DRV - (vsdatant [System | Running]) -- C:\WINDOWS\System32\vsdatant.sys (Check Point Software Technologies LTD)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"

FF - HKLM\software\mozilla\Firefox\Extensions\\remoteExt@emusic.com: C:\PROGRAM FILES\EMUSIC REMOTE\REMOTEEXT
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD [2007/10/18 19:18:03 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\PROGRAM FILES\AVG\AVG8\FIREFOX [2009/05/17 08:14:05 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/03/31 22:23:02 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{1d5287d1-8a92-0001-1f31-1cec198018d8}: C:\PROGRAM FILES\AVG\AVG8\TOOLBARFF [2009/05/17 08:14:05 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.18\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/02/18 17:00:07 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.18\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/02/18 17:00:07 | 00,000,000 | ---D | M]

[2009/02/10 09:59:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\mozilla\Firefox\Profiles\9uozlakh.default\extensions
[2009/05/20 10:31:59 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/02/10 09:58:53 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/05/20 10:32:00 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}
[2009/02/10 09:58:53 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\talkback@mozilla.org
[2009/02/10 09:58:31 | 00,067,696 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2009/02/10 09:58:31 | 00,054,376 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2009/02/10 09:58:32 | 00,034,952 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\myspell.dll
[2009/02/10 09:58:36 | 00,046,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\spellchk.dll
[2009/02/10 09:58:37 | 00,172,144 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2009/02/10 09:58:48 | 00,001,514 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/02/10 09:58:48 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/02/10 09:58:48 | 00,001,038 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/02/10 09:58:48 | 00,001,046 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/02/10 09:58:49 | 00,002,351 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/02/10 09:58:49 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (292648 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 10077 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_17\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG Technologies CZ, s.r.o.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [atr.exe] File not found
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" (CA, Inc.)
O4 - HKLM..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" (CA, Inc.)
O4 - HKLM..\Run: [GoToMyPC] "C:\Program Files\Citrix\GoToMyPC\g2svc.exe" -logon (Citrix Online, a division of Citrix Systems, Inc.)
O4 - HKLM..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash (Pure Networks, Inc.)
O4 - HKLM..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" (Pure Networks, Inc.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [ReminderApp] C:\Program Files\Nova Development\Scrapbook Factory Deluxe 4.0\ReminderApp.exe ()
O4 - HKLM..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" (Cyberlink Corp.)
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent File not found
O4 - HKLM..\Run: [SkyTel] SkyTel.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_17\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKLM..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe ()
O4 - HKLM..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide (Microsoft Corporation)
O4 - HKLM..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" (Yahoo! Inc)
O4 - HKLM..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (Nero AG)
O4 - HKCU..\Run: [eFax 4.4] "C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe" /R (j2 Global Communications, Inc.)
O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe (Silicon Integrated Systems Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Family\Start Menu\Programs\Startup\eFax 4.4.lnk = C:\Program Files\eFax Messenger 4.4\J2GTray.exe (j2 Global Communications, Inc.)
O4 - Startup: C:\Documents and Settings\Family\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Family\Start Menu\Programs\Startup\Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE File not found
O4 - Startup: C:\Documents and Settings\Family\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Family\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2 ()
O4 - Startup: C:\Documents and Settings\Family\Start Menu\Programs\Startup\Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe (Rainy)
O4 - Startup: C:\Documents and Settings\Family\Start Menu\Programs\Startup\Stickies.lnk = C:\Program Files\stickies\stickies.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_17\bin\npjpi150_17.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 46 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www2.snapfish...fishActivia.cab (Snapfish Activia)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg...l_v1-0-3-48.cab (EPUImageControl Class)
O16 - DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} http://vsp.closetmai..._downloader.cab (Maid Control)
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} file:///C:/WINDOWS/msxml4.cab (XML DOM Document 4.0)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.su...indows-i586.cab (Java Plug-in 1.5.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://a532.g.akamai...l/installer.exe (Virtools WebPlayer Class)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Pure Networks, Inc.)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\GoToMyPC: DllName - C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll - C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/06/01 12:51:47 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/12/12 20:01:46 | 00,554,622 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{6dda5f4e-0e5d-11de-98ab-00508d98533f}\Shell - "" = AutoRun
O33 - MountPoints2\{6dda5f4e-0e5d-11de-98ab-00508d98533f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6dda5f4e-0e5d-11de-98ab-00508d98533f}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found
O33 - MountPoints2\{be70dfeb-028d-11de-98a6-00508d98533f}\Shell - "" = AutoRun
O33 - MountPoints2\{be70dfeb-028d-11de-98a6-00508d98533f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{be70dfeb-028d-11de-98a6-00508d98533f}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/05/29 11:10:22 | 00,000,000 | ---D | M]
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[1 C:\DOCUME~1\Family\Desktop\*.tmp files]
[2009/05/29 11:11:21 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/05/29 10:25:40 | 00,321,040 | ---- | C] (CA, Inc.) -- C:\WINDOWS\System32\caavimages.1
[2009/05/29 10:25:40 | 00,075,280 | ---- | C] (CA, Inc.) -- C:\WINDOWS\System32\isafprod.1
[2009/05/29 10:25:40 | 00,011,280 | ---- | C] (CA, Inc.) -- C:\WINDOWS\System32\vetntmsg.1
[2009/05/29 10:25:39 | 00,079,376 | ---- | C] (CA, Inc.) -- C:\WINDOWS\System32\caavresource.1
[2009/05/29 10:25:39 | 00,008,720 | ---- | C] (CA, Inc.) -- C:\WINDOWS\System32\caavproduct.1
[2009/05/29 10:25:37 | 00,095,760 | ---- | C] (CA, Inc.) -- C:\WINDOWS\System32\avshlext.1
[2009/05/29 10:25:37 | 00,028,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vdmdbg.1
[2009/05/29 10:25:36 | 00,222,736 | ---- | C] (CA, Inc.) -- C:\WINDOWS\System32\driverif.1
[2009/05/29 10:25:36 | 00,214,544 | ---- | C] (CA, Inc.) -- C:\WINDOWS\System32\caavscan.1
[2009/05/29 10:25:35 | 00,243,216 | ---- | C] (CA, Inc.) -- C:\WINDOWS\System32\vetmsg.1
[2009/05/29 10:25:35 | 00,120,336 | ---- | C] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\unvet32.1
[2009/05/29 10:25:34 | 00,366,096 | ---- | C] (CA, Inc.) -- C:\WINDOWS\System32\cavrep.1
[2009/05/29 10:25:34 | 00,230,928 | ---- | C] (CA, Inc.) -- C:\WINDOWS\System32\cavrid.1
[2009/05/29 10:25:33 | 00,222,736 | ---- | C] (CA, Inc.) -- C:\WINDOWS\System32\caavguiscan.1
[2009/05/29 10:25:32 | 00,366,096 | ---- | C] (CA, Inc.) -- C:\WINDOWS\System32\caav.1
[2009/05/29 10:25:32 | 00,153,104 | ---- | C] (CA, Inc.) -- C:\WINDOWS\System32\caavcmdscan.1
[2009/05/29 10:17:56 | 00,320,752 | ---- | C] (CA, Inc.) -- C:\WINDOWS\System32\arclib.1
[2009/05/29 09:48:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/05/29 09:47:54 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\Family\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/05/29 09:47:46 | 00,000,611 | ---- | C] () -- C:\DOCUME~1\Family\Desktop\NTREGOPT.lnk
[2009/05/29 09:47:46 | 00,000,592 | ---- | C] () -- C:\DOCUME~1\Family\Desktop\ERUNT.lnk
[2009/05/29 09:47:34 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/05/29 09:21:16 | 00,000,000 | ---D | C] -- C:\DOCUME~1\Family\Desktop\Malware requirements
[2009/05/29 09:19:59 | 00,000,000 | ---D | C] -- F:\ALL_FILES\Malware requirements
[2009/05/28 21:32:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.3 Output
[2009/05/28 18:58:15 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/05/28 18:58:15 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/05/28 18:58:13 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/05/28 18:58:05 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/05/28 18:58:04 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/05/28 18:58:04 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/05/28 18:58:03 | 00,094,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/05/28 18:58:03 | 00,093,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/05/28 18:57:38 | 01,256,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/05/28 18:57:38 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/05/28 18:57:33 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/05/28 18:49:52 | 34,346,616 | ---- | C] () -- C:\DOCUME~1\Family\Desktop\setupeng.exe
[2009/05/26 16:36:00 | 00,397,964 | ---- | C] () -- C:\DOCUME~1\Family\Desktop\20090512144744028-15704510473-101_E_N.wav
[2009/05/26 16:32:00 | 00,635,724 | ---- | C] () -- C:\DOCUME~1\Family\Desktop\20090512120125081-restricted-101_E_N.wav
[2009/05/24 21:11:37 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/05/24 10:27:18 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/05/24 10:23:55 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/05/23 14:54:09 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/05/23 14:54:06 | 00,000,867 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Ad-Aware.lnk
[2009/05/21 22:08:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Family\Application Data\Windows Search
[2009/05/20 16:30:00 | 02,157,184 | ---- | C] () -- C:\DOCUME~1\Family\Desktop\00146 EM.wav
[2009/05/20 10:32:41 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2009/05/20 10:32:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Family\Application Data\Sun
[2009/05/20 10:31:06 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009/05/20 10:29:59 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2009/05/19 21:13:04 | 05,083,193 | ---- | C] () -- F:\ALL_FILES\pictures.xps
[2009/05/09 19:40:23 | 00,000,162 | -H-- | C] () -- C:\DOCUME~1\Family\Desktop\~$b chart for kids.doc
[2009/05/09 19:40:22 | 00,098,816 | ---- | C] () -- C:\DOCUME~1\Family\Desktop\Job chart for kids.doc
[2009/05/07 09:41:09 | 00,027,902 | ---- | C] () -- C:\Documents and Settings\Family\Application Data\Comma Separated Values (Windows).ADR
[2009/05/07 09:39:00 | 00,025,450 | ---- | C] () -- F:\ALL_FILES\Outlook 052009.CSV
[2009/05/03 12:29:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Family\Application Data\Windows Desktop Search
[2009/05/03 10:38:28 | 00,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2009/05/03 10:37:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2009/05/03 10:37:50 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2009/05/03 10:34:45 | 00,192,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\offfilt.dll
[2009/05/03 10:34:45 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nlhtml.dll
[2009/05/03 10:34:45 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mimefilt.dll
[2009/05/01 00:17:15 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2009/05/01 00:13:39 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2009/04/30 20:40:47 | 00,000,000 | ---- | C] () -- C:\WINDOWS\%smapisvc.inf
[2009/04/25 16:30:33 | 00,000,000 | ---- | C] () -- C:\WINDOWS\~tmp.INI
[2009/04/25 16:23:51 | 00,000,092 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/03/26 12:46:37 | 00,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2009/02/24 15:54:10 | 00,936,288 | ---- | C] () -- C:\WINDOWS\System32\Incinerator.dll
[2009/02/24 15:38:10 | 00,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2009/01/04 11:01:03 | 00,000,029 | ---- | C] () -- C:\WINDOWS\ATW.INI
[2008/10/07 08:22:53 | 00,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll
[2008/10/07 08:22:53 | 00,023,552 | ---- | C] () -- C:\WINDOWS\xobglu32.dll
[2008/10/05 15:13:16 | 00,000,043 | ---- | C] () -- C:\WINDOWS\juniordisplay.ini
[2008/09/30 18:38:42 | 00,000,075 | ---- | C] () -- C:\WINDOWS\pixworks.ini
[2008/08/26 18:42:50 | 00,015,498 | ---- | C] () -- C:\WINDOWS\snpstd3.ini
[2008/08/26 18:42:47 | 00,172,032 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnpstd3.dll
[2008/08/26 18:42:47 | 00,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd3.dll
[2008/08/26 18:42:47 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd3.dll
[2008/08/26 18:42:47 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\csnpstd3.dll
[2008/03/28 09:30:08 | 00,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2008/02/10 09:47:08 | 00,000,031 | ---- | C] () -- C:\WINDOWS\opera.ini
[2007/09/30 10:05:32 | 00,000,549 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2007/09/29 17:00:51 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2007/09/27 10:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/07/01 10:04:32 | 00,000,035 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2007/06/28 19:00:07 | 00,000,043 | ---- | C] () -- C:\WINDOWS\KA.INI
[2007/06/28 18:56:17 | 00,000,793 | ---- | C] () -- C:\WINDOWS\ACTIVITY.INI
[2007/06/07 21:01:34 | 00,000,086 | ---- | C] () -- C:\WINDOWS\WPCMAPI.INI
[2007/06/02 21:21:16 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/06/02 17:07:56 | 00,000,185 | ---- | C] () -- C:\WINDOWS\disney.ini
[2007/06/01 19:21:42 | 00,000,000 | ---- | C] () -- C:\WINDOWS\MSREGUSR.INI
[2007/06/01 19:15:42 | 00,446,464 | ---- | C] () -- C:\WINDOWS\System32\tx32.dll
[2007/06/01 19:15:42 | 00,000,231 | ---- | C] () -- C:\WINDOWS\System32\IC32.INI
[2007/06/01 19:15:39 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\U25STORE.DLL
[2007/06/01 19:15:39 | 00,059,904 | ---- | C] () -- C:\WINDOWS\System32\U25TOTAL.DLL
[2007/06/01 19:15:39 | 00,044,544 | ---- | C] () -- C:\WINDOWS\System32\U25DTS.DLL
[2007/06/01 19:15:39 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\U2LBAR.DLL
[2007/06/01 19:15:39 | 00,038,400 | ---- | C] () -- C:\WINDOWS\System32\U2LDTS.DLL
[2007/06/01 19:15:39 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\U2LEXCH.DLL
[2007/06/01 19:15:39 | 00,027,136 | ---- | C] () -- C:\WINDOWS\System32\U2LSAMP1.DLL
[2007/06/01 19:15:39 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\U2LFINRA.DLL
[2007/06/01 19:15:38 | 00,306,176 | ---- | C] () -- C:\WINDOWS\System32\p2smcube.dll
[2007/06/01 19:15:38 | 00,300,544 | ---- | C] () -- C:\WINDOWS\System32\p2molap.dll
[2007/06/01 19:15:38 | 00,239,616 | ---- | C] () -- C:\WINDOWS\System32\p2solap.dll
[2007/06/01 19:15:37 | 00,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\IMPLODE.DLL
[2007/06/01 14:18:37 | 00,796,312 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2007/06/01 13:01:47 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2007/06/01 13:00:13 | 00,089,984 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2007/06/01 12:58:47 | 00,075,113 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2007/06/01 12:57:40 | 00,006,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\ALLOW-IO.SYS
[2004/08/04 08:00:00 | 00,001,032 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 08:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[1 C:\DOCUME~1\Family\Desktop\*.tmp files]
[2009/05/29 11:10:17 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/29 10:17:34 | 00,011,280 | ---- | M] (CA, Inc.) -- C:\WINDOWS\System32\vetntmsg.1
[2009/05/29 10:17:32 | 00,075,280 | ---- | M] (CA, Inc.) -- C:\WINDOWS\System32\isafprod.1
[2009/05/29 10:17:31 | 00,079,376 | ---- | M] (CA, Inc.) -- C:\WINDOWS\System32\caavresource.1
[2009/05/29 10:17:31 | 00,008,720 | ---- | M] (CA, Inc.) -- C:\WINDOWS\System32\caavproduct.1
[2009/05/29 10:17:30 | 00,321,040 | ---- | M] (CA, Inc.) -- C:\WINDOWS\System32\caavimages.1
[2009/05/29 10:17:23 | 00,095,760 | ---- | M] (CA, Inc.) -- C:\WINDOWS\System32\avshlext.1
[2009/05/29 10:17:22 | 00,243,216 | ---- | M] (CA, Inc.) -- C:\WINDOWS\System32\vetmsg.1
[2009/05/29 10:17:20 | 00,028,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\vdmdbg.1
[2009/05/29 10:17:19 | 00,222,736 | ---- | M] (CA, Inc.) -- C:\WINDOWS\System32\driverif.1
[2009/05/29 10:17:19 | 00,120,336 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\unvet32.1
[2009/05/29 10:17:17 | 00,230,928 | ---- | M] (CA, Inc.) -- C:\WINDOWS\System32\cavrid.1
[2009/05/29 10:17:16 | 00,366,096 | ---- | M] (CA, Inc.) -- C:\WINDOWS\System32\cavrep.1
[2009/05/29 10:17:13 | 00,222,736 | ---- | M] (CA, Inc.) -- C:\WINDOWS\System32\caavguiscan.1
[2009/05/29 10:17:13 | 00,214,544 | ---- | M] (CA, Inc.) -- C:\WINDOWS\System32\caavscan.1
[2009/05/29 10:17:10 | 00,366,096 | ---- | M] (CA, Inc.) -- C:\WINDOWS\System32\caav.1
[2009/05/29 10:17:10 | 00,153,104 | ---- | M] (CA, Inc.) -- C:\WINDOWS\System32\caavcmdscan.1
[2009/05/29 10:14:27 | 00,320,752 | ---- | M] (CA, Inc.) -- C:\WINDOWS\System32\arclib.1
[2009/05/29 10:06:31 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/05/29 10:05:56 | 00,348,371 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/05/29 10:04:12 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Family\Local Settings\desktop.ini
[2009/05/29 10:03:10 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/29 10:02:53 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/29 10:02:52 | 10,395,85280 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/29 09:47:54 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\Family\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/05/29 09:47:46 | 00,000,611 | ---- | M] () -- C:\DOCUME~1\Family\Desktop\NTREGOPT.lnk
[2009/05/29 09:47:46 | 00,000,592 | ---- | M] () -- C:\DOCUME~1\Family\Desktop\ERUNT.lnk
[2009/05/29 09:37:27 | 00,011,280 | ---- | M] (CA, Inc.) -- C:\WINDOWS\System32\vetntmsg.dll
[2009/05/29 09:37:26 | 00,321,040 | ---- | M] (CA, Inc.) -- C:\WINDOWS\System32\caavimages.dll
[2009/05/29 09:37:26 | 00,079,376 | ---- | M] (CA, Inc.) -- C:\WINDOWS\System32\caavresource.dll
[2009/05/29 09:37:26 | 00,075,280 | ---- | M] (CA, Inc.) -- C:\WINDOWS\System32\isafprod.dll
[2009/05/29 09:37:26 | 00,008,720 | ---- | M] (CA, Inc.) -- C:\WINDOWS\System32\caavproduct.dll
[2009/05/29 09:37:23 | 00,095,760 | ---- | M] (CA, Inc.) -- C:\WINDOWS\System32\avshlext.dll
[2009/05/29 09:37:22 | 00,243,216 | ---- | M] (CA, Inc.) -- C:\WINDOWS\System32\vetmsg.exe
[2009/05/29 09:37:21 | 00,120,336 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\unvet32.exe
[2009/05/29 09:37:20 | 00,222,736 | ---- | M] (CA, Inc.) -- C:\WINDOWS\System32\driverif.dll
[2009/05/29 09:37:19 | 00,230,928 | ---- | M] (CA, Inc.) -- C:\WINDOWS\System32\cavrid.exe
[2009/05/29 09:37:18 | 00,366,096 | ---- | M] (CA, Inc.) -- C:\WINDOWS\System32\cavrep.exe
[2009/05/29 09:37:17 | 00,222,736 | ---- | M] (CA, Inc.) -- C:\WINDOWS\System32\caavguiscan.exe
[2009/05/29 09:37:17 | 00,214,544 | ---- | M] (CA, Inc.) -- C:\WINDOWS\System32\caavscan.dll
[2009/05/29 09:37:16 | 00,366,096 | ---- | M] (CA, Inc.) -- C:\WINDOWS\System32\caav.exe
[2009/05/29 09:37:16 | 00,153,104 | ---- | M] (CA, Inc.) -- C:\WINDOWS\System32\caavcmdscan.exe
[2009/05/29 09:36:24 | 00,320,752 | ---- | M] (CA, Inc.) -- C:\WINDOWS\System32\arclib.dll
[2009/05/29 08:41:52 | 36,528,201 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/05/29 08:41:52 | 00,062,955 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/05/28 18:58:04 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/05/28 18:53:39 | 34,346,616 | ---- | M] () -- C:\DOCUME~1\Family\Desktop\setupeng.exe
[2009/05/27 21:25:57 | 00,000,412 | ---- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Family.job
[2009/05/27 16:37:57 | 00,002,515 | ---- | M] () -- C:\DOCUME~1\Family\Desktop\Microsoft Office Word 2007.lnk
[2009/05/26 16:36:00 | 00,397,964 | ---- | M] () -- C:\DOCUME~1\Family\Desktop\20090512144744028-15704510473-101_E_N.wav
[2009/05/26 16:32:00 | 00,635,724 | ---- | M] () -- C:\DOCUME~1\Family\Desktop\20090512120125081-restricted-101_E_N.wav
[2009/05/25 11:24:09 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/05/25 10:23:42 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/05/24 10:22:15 | 00,015,688 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/05/24 10:21:08 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/05/23 14:54:06 | 00,000,867 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Ad-Aware.lnk
[2009/05/20 16:30:00 | 02,157,184 | ---- | M] () -- C:\DOCUME~1\Family\Desktop\00146 EM.wav
[2009/05/20 09:47:22 | 00,001,729 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Adobe Reader 8.lnk
[2009/05/19 21:13:25 | 05,083,193 | ---- | M] () -- F:\ALL_FILES\pictures.xps
[2009/05/16 08:46:28 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/05/16 08:46:22 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/05/16 08:46:20 | 00,325,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/05/16 08:45:25 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/05/11 14:37:07 | 00,098,816 | ---- | M] () -- C:\DOCUME~1\Family\Desktop\Job chart for kids.doc
[2009/05/09 19:40:23 | 00,000,162 | -H-- | M] () -- C:\DOCUME~1\Family\Desktop\~$b chart for kids.doc
[2009/05/07 09:41:09 | 00,027,902 | ---- | M] () -- C:\Documents and Settings\Family\Application Data\Comma Separated Values (Windows).ADR
[2009/05/07 09:39:00 | 00,025,450 | ---- | M] () -- F:\ALL_FILES\Outlook 052009.CSV
[2009/05/07 03:16:29 | 24,699,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/05/03 17:15:20 | 00,364,120 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/05/03 10:38:28 | 00,001,787 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2009/05/03 10:38:13 | 00,578,474 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/05/03 10:38:13 | 00,488,848 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/05/03 10:38:13 | 00,085,664 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/05/01 00:12:56 | 00,001,032 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/04/30 20:41:12 | 00,006,999 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2009/04/30 20:40:47 | 00,000,000 | ---- | M] () -- C:\WINDOWS\%smapisvc.inf
< End of report >





OTListIt Extras logfile created on: 5/29/2009 11:14:58 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = F:\ALL_FILES\Malware requirements
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

991.36 Mb Total Physical Memory | 175.79 Mb Available Physical Memory | 17.73% Memory free
2.33 Gb Paging File | 1.19 Gb Available in Paging File | 51.01% Paging File free
Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 53.22 Gb Total Space | 21.42 Gb Free Space | 40.24% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 210.68 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 21.30 Gb Total Space | 19.78 Gb Free Space | 92.90% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Z: | 226.05 Gb Total Space | 151.38 Gb Free Space | 66.97% Space Free | Partition Type: NTFS

Computer Name: FAMILYROOM
Current User Name: Family
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\stickies\stickies.exe:*:Enabled:Stickies 4.5b ()
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare File not found
C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger (Microsoft Corporation)
C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour (Apple Inc.)
C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe (AVG Technologies CZ, s.r.o.)
C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe (AVG Technologies CZ, s.r.o.)
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe (Hewlett-Packard Co.)
C:\Program Files\Intuit\QuickBooks 2009\QBDBMgrN.exe:*:Enabled:QuickBooks 2009 Data Manager (Intuit, Inc.)
C:\Novell\GroupWise\grpwise.exe:*:Disabled:GroupWise File not found
C:\Novell\GroupWise\notify.exe:*:Disabled:GroupWise Notify File not found
C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe (AVG Technologies CZ, s.r.o.)
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook (Microsoft Corporation)
C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove (Microsoft Corporation)
C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote (Microsoft Corporation)
C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox (Mozilla Corporation)
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service (Pure Networks, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08904DA6-01E6-4856-9CC1-FE608C769285}" = PamperedPartner® 17.1
"{0CE5F45E-F6CC-4638-B0DD-BB7F6EF56713}" = HP Deskjet D1500 Printer Driver Software 10.0 Rel .3
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{1C9A45C6-A367-472F-8FC7-45B10D661BF1}" = Wireless PCI-Express Network Adapter
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{2B04D44F-1D1B-4E0E-8431-D04F87C21033}" = Nero 7 Essentials
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{305468A6-DE2D-43ba-A168-2F45A97A89DA}" = DJ_SF_03_D1500_Software_Min
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0150170}" = J2SE Runtime Environment 5.0 Update 17
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36C9E08A-BE2B-40A0-83C5-576748F7B777}" = TestDrive Client
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{38436888-9EAA-4cec-A56F-65B73D9D423C}" = D1500
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{39D4FB9C-9CDE-4449-BD2B-6AD4D376CFDC}" = Art Explosion Publisher Pro 2.0
"{3FADAA19-E595-44CA-A072-58B6B0851768}" = Norton Security Scan
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 4.1
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1" = iolo technologies' System Mechanic
"{578B6EF9-119B-4FB8-8377-7DAFA9588B97}" = Network Magic
"{58F4D4FD-1814-4068-B316-C28FC776C6DD}" = GoToMyPC
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}" = Microsoft Money Shared Libraries
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67E4EE98-59F4-4210-89A6-A20AF5BEC689}" = Microsoft Streets and Trips 2005
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75B6C1BF-B98C-4B99-BD0D-CC9BF16C490D}" = Clifford Phonics
"{82C113AD-486F-4bd5-A2EA-2383AF57D084}" = D1500_Help
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8B8240B3-891D-4965-AA51-8799622D44FF}" = DJ_SF_03_D1500_ProductContext
"{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}" = URGE
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{9A2F0810-3622-4E86-9072-973FBE1679C5}" = QuickBooks Pro 2009
"{9A2F0810-369F-4E86-9072-973FBE1679C5}" = QuickBooks
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.5
"{AC76BA86-7AD7-1033-7B44-A81300000003}_814" = KB408682
"{AE133141-825E-440E-AAE5-898ACE8E33C1}" = Scrapbook Factory Deluxe 4.0
"{B1421599-A42D-47ef-B512-B9B0317BD599}" = DJ_SF_03_D1500_Software
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C9507D0D-1A9C-486E-91D6-33A71CCA55F2}" = Pure Networks Platform
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{DBCA9AEA-7E95-46B7-B809-F605FE21AD26}" = QuickBooks Customer Manager Version 2.5
"{DC226AC9-0314-496C-BE6A-B6A132628466}" = SiSAGP driver
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DF6DA606-904D-4C18-823F-A4CFC3035E53}" = eFax Messenger
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E376D45C-2C25-4437-9FDE-CEA857BF1DE9}" = Web Easy Professional 5.0
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{ECD03DA7-5952-406A-8156-5F0C93618D1F}" = USB PC Camera Plus
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F314B633-89C2-46F8-B074-3B79ECC3F0D8}" = Wireless PCI-Express Network Adapter
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced WindowsCare V2 Personal_is1" = Advanced WindowsCare 2.21 Personal
"AnyTime Organizer" = AnyTime Organizer
"avast!" = avast! Antivirus
"AVG8Uninstall" = AVG 8.5
"BlueVoda_Website_Builder_1.0" = BlueVoda Website Builder 9.22
"CCleaner" = CCleaner (remove only)
"Coupon Printer for Windows2.0" = Coupon Printer for Windows
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"ERUNT_is1" = ERUNT 1.1j
"Glary Registry Repair_is1" = Glary Registry Repair 3.0
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"LG USB Drivers" = LG USB Drivers
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Money2007b" = Microsoft Money 2007
"Mozilla Firefox (2.0.0.18)" = Mozilla Firefox (2.0.0.18)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"Network MagicUninstall" = Network Magic
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NSSSetup.{3FADAA19-E595-44CA-A072-58B6B0851768}" = Norton Security Scan (Symantec Corporation)
"Rainlendar" = Rainlendar (remove only)
"RealPlayer 6.0" = RealPlayer
"Serif DrawPlus 3.0" = Serif DrawPlus 3.0
"Shop for HP Supplies" = Shop for HP Supplies
"SiS VGA Driver" = SiS VGA Utilities
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"Stickies 4.5b" = Stickies 4.5b
"ULTIMATER" = Microsoft Office Ultimate 2007
"UnityWebPlayer" = Unity Web Player
"VETWIN32Vp5" = CA Anti-Virus
"WebPost" = Microsoft Web Publishing Wizard 1.52
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WMS" = Windows NT Messaging
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Search Defender" = Yahoo! Search Protection
"YInstHelper" = Yahoo! Install Manager
"ZoneAlarm" = ZoneAlarm

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/29/2009 10:06:44 AM | Computer Name = FAMILYROOM | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\FAMILY\START MENU\PROGRAMS\CYBERLINK
DVD SUITE\POWERDVD\CYBERLINK POWERDVD.LNK> in the hash map cannot be updated. Context:
Application, SystemIndex Catalog Details: A device attached to the system is not
functioning. (0x8007001f)

Error - 5/29/2009 10:06:44 AM | Computer Name = FAMILYROOM | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\FAMILY\START MENU\PROGRAMS\CYBERLINK
DVD SUITE\POWERDVD\POWERDVD HELP FILE.LNK> in the hash map cannot be updated. Context:
Application, SystemIndex Catalog Details: A device attached to the system is not
functioning. (0x8007001f)

Error - 5/29/2009 10:06:44 AM | Computer Name = FAMILYROOM | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\FAMILY\START MENU\PROGRAMS\CYBERLINK
DVD SUITE\POWERDVD\POWERDVD HELP FILE.LNK> in the hash map cannot be updated. Context:
Application, SystemIndex Catalog Details: A device attached to the system is not
functioning. (0x8007001f)

Error - 5/29/2009 10:06:45 AM | Computer Name = FAMILYROOM | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\FAMILY\START MENU\PROGRAMS\CYBERLINK
DVD SUITE\POWERDVD\SYSTEM DIAGNOSIS.LNK> in the hash map cannot be updated. Context:
Application, SystemIndex Catalog Details: A device attached to the system is not
functioning. (0x8007001f)

Error - 5/29/2009 10:06:45 AM | Computer Name = FAMILYROOM | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\FAMILY\START MENU\PROGRAMS\CYBERLINK
DVD SUITE\POWERDVD\SYSTEM DIAGNOSIS.LNK> in the hash map cannot be updated. Context:
Application, SystemIndex Catalog Details: A device attached to the system is not
functioning. (0x8007001f)

Error - 5/29/2009 10:06:45 AM | Computer Name = FAMILYROOM | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\FAMILY\START MENU\PROGRAMS\CYBERLINK
DVD SUITE\POWERDVD\READ ME.LNK> in the hash map cannot be updated. Context: Application,
SystemIndex Catalog Details: A device attached to the system is not functioning.
(0x8007001f)

Error - 5/29/2009 10:06:45 AM | Computer Name = FAMILYROOM | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\FAMILY\START MENU\PROGRAMS\CYBERLINK
DVD SUITE\POWERDVD\READ ME.LNK> in the hash map cannot be updated. Context: Application,
SystemIndex Catalog Details: A device attached to the system is not functioning.
(0x8007001f)

Error - 5/29/2009 10:06:47 AM | Computer Name = FAMILYROOM | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\FAMILY\START MENU\PROGRAMS\CYBERLINK
DVD SUITE\POWERDVD\UNINSTALL POWERDVD.LNK> in the hash map cannot be updated. Context:
Application, SystemIndex Catalog Details: A device attached to the system is not
functioning. (0x8007001f)

Error - 5/29/2009 10:06:47 AM | Computer Name = FAMILYROOM | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\FAMILY\START MENU\PROGRAMS\CYBERLINK
DVD SUITE\POWERDVD\UNINSTALL POWERDVD.LNK> in the hash map cannot be updated. Context:
Application, SystemIndex Catalog Details: A device attached to the system is not
functioning. (0x8007001f)

Error - 5/29/2009 10:25:53 AM | Computer Name = FAMILYROOM | Source = Microsoft Office 12 | ID = 5000
Description = EventType officelifeboathang, P1 outlook.exe, P2 12.0.4518.1014, P3
ntdll.dll, P4 5.1.2600.5755, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.

[ OSession Events ]
Error - 3/20/2008 7:54:25 AM | Computer Name = INTELPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 131332 seconds with 1500 seconds of active time. This session ended with
a crash.

Error - 3/28/2008 1:29:46 PM | Computer Name = INTELPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 246992
seconds with 660 seconds of active time. This session ended with a crash.

Error - 8/21/2008 3:38:21 PM | Computer Name = INTELPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 446
seconds with 420 seconds of active time. This session ended with a crash.

Error - 10/5/2008 3:13:19 PM | Computer Name = INTELPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 154541
seconds with 660 seconds of active time. This session ended with a crash.

Error - 1/17/2009 7:08:17 PM | Computer Name = INTELPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 21152
seconds with 3900 seconds of active time. This session ended with a crash.

Error - 5/3/2009 3:19:47 PM | Computer Name = INTELPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.6215.1000. This session lasted 1218
seconds with 300 seconds of active time. This session ended with a crash.

Error - 5/9/2009 7:21:37 PM | Computer Name = FAMILYROOM | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.6215.1000. This session lasted 119352
seconds with 5820 seconds of active time. This session ended with a crash.

Error - 5/13/2009 8:33:02 PM | Computer Name = FAMILYROOM | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.6215.1000. This session lasted 37009
seconds with 5760 seconds of active time. This session ended with a crash.

Error - 5/19/2009 12:24:56 AM | Computer Name = FAMILYROOM | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.6215.1000. This session lasted 43247
seconds with 5340 seconds of active time. This session ended with a crash.

Error - 5/19/2009 8:25:51 PM | Computer Name = FAMILYROOM | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.6215.1000. This session lasted 43346
seconds with 4740 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 5/29/2009 11:21:42 AM | Computer Name = FAMILYROOM | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service NMIndexingService
with arguments "" in order to run the server: {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}

Error - 5/29/2009 11:22:03 AM | Computer Name = FAMILYROOM | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service NMIndexingService
with arguments "" in order to run the server: {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}

Error - 5/29/2009 11:22:23 AM | Computer Name = FAMILYROOM | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service NMIndexingService
with arguments "" in order to run the server: {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}

Error - 5/29/2009 11:22:42 AM | Computer Name = FAMILYROOM | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service NMIndexingService
with arguments "" in order to run the server: {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}

Error - 5/29/2009 11:23:02 AM | Computer Name = FAMILYROOM | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service NMIndexingService
with arguments "" in order to run the server: {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}

Error - 5/29/2009 11:23:23 AM | Computer Name = FAMILYROOM | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service NMIndexingService
with arguments "" in order to run the server: {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}

Error - 5/29/2009 11:23:42 AM | Computer Name = FAMILYROOM | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service NMIndexingService
with arguments "" in order to run the server: {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}

Error - 5/29/2009 11:24:02 AM | Computer Name = FAMILYROOM | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service NMIndexingService
with arguments "" in order to run the server: {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}

Error - 5/29/2009 11:24:22 AM | Computer Name = FAMILYROOM | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service NMIndexingService
with arguments "" in order to run the server: {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}

Error - 5/29/2009 11:24:42 AM | Computer Name = FAMILYROOM | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service NMIndexingService
with arguments "" in order to run the server: {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}


< End of report >
  • 0

Advertisement




Similar Topics: I must have a virus - crashes and freezes     x


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

featured