Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan DNSChanger Virus problem on Vista SP1


  • Please log in to reply

#1
kittens22

kittens22

    New Member

  • Member
  • Pip
  • 1 posts
Hi,

My Vista SP1 laptop has the Vimax ads everywhere virus and when I try to connect to antivirus sites (malwarebytes.org, windows update) they don't show up. I went through the malware cleaning guide (although I had followed other internet advice prior to finding that one, so hopefully the other random shots in the dark before I followed the guide aren't problematic) and it seemed to find a number of problems but did not fix the vimax ads or the blocked sites. I am using the free AVG (version 8.5.375) but saw that was not the most recommended option. I have scanned the computer with both AVG and MBAM multiple times, found something, restarted, rechecked, and none of those have stopped the above problem. AVG is up to date, but I can't connect to the malwarebytes.org site so it fails when it tries to update the definitions. Is there a way to do that manually?

I really appreciate the help provided on this website! Let me know if there is any other info required to help troubleshoot this problem.

Logs posted below:


8/24/2009 9:12:29 AM
mbam-log-2009-08-24 (09-12-29).txt

Scan type: Quick Scan
Objects scanned: 81719
Time elapsed: 3 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{a5155dcb-4e6c-49c7-a285-36fb30ba7fc8}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.100 85.255.112.100 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{a5155dcb-4e6c-49c7-a285-36fb30ba7fc8}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.100 85.255.112.100 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.100 85.255.112.100 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{a5155dcb-4e6c-49c7-a285-36fb30ba7fc8}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.100 85.255.112.100 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

######################################################################################################

OTL logfile created on: 8/24/2009 8:54:48 AM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Users\$$$$$$\Documents\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.88 Gb Available Physical Memory | 93.76% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.04 Gb Total Space | 89.92 Gb Free Space | 40.68% Space Free | Partition Type: NTFS
Drive D: | 11.84 Gb Total Space | 1.99 Gb Free Space | 16.82% Space Free | Partition Type: NTFS
Drive E: | 5.12 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAPTOP
Current User Name: $$$$$$$
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/07/09 12:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/06/25 20:02:52 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/05/11 17:04:00 | 02,341,960 | ---- | M] (BigFix Inc.) -- C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe
PRC - [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2007/08/23 17:40:48 | 00,079,136 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2009/06/25 20:03:09 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/05/20 19:28:55 | 00,594,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2007/12/19 19:28:34 | 00,271,760 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
PRC - [2008/10/28 23:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE
PRC - [2007/01/09 03:25:30 | 00,272,024 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe
PRC - [2009/04/27 18:09:52 | 00,093,960 | ---- | M] (Sling Media Inc.) -- C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
PRC - [2007/07/09 16:28:08 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\xaudio.exe
PRC - [2009/06/25 20:03:02 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2006/05/02 16:41:28 | 00,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
PRC - [2009/06/25 20:03:08 | 00,692,504 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2007/12/19 19:28:34 | 00,112,016 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
PRC - [2009/05/11 17:04:02 | 01,403,976 | ---- | M] (BigFix, Inc.) -- C:\Program Files\BigFix Enterprise\BES Client\BESClientUI.exe
PRC - [2007/07/08 10:11:08 | 00,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\Apoint.exe
PRC - [2007/12/19 19:27:50 | 00,468,264 | ---- | M] (CyberLink Corp.) -- C:\Program Files\HP\QuickPlay\QPService.exe
PRC - [2007/09/19 14:31:34 | 00,202,032 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
PRC - [2007/09/04 13:54:20 | 00,554,320 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
PRC - [2008/06/02 00:55:22 | 00,080,896 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
PRC - [2007/09/13 09:47:52 | 00,480,560 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
PRC - [2009/03/02 19:16:04 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiprvse.exe
PRC - [2007/01/08 16:53:06 | 00,311,296 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
PRC - [2007/05/08 16:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2009/06/25 20:02:57 | 01,948,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/03/09 05:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/07/13 14:03:10 | 00,292,128 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2008/01/20 19:25:11 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe
PRC - [2008/01/20 19:25:11 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe
PRC - [2007/05/16 11:43:06 | 00,677,432 | R--- | M] () -- C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
PRC - [2008/01/20 19:23:52 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2007/01/28 21:07:18 | 00,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\ApMsgFwd.exe
PRC - [2006/09/07 17:06:08 | 00,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\Apntex.exe
PRC - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2007/09/19 18:30:52 | 00,065,536 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
PRC - [2009/07/28 15:32:22 | 00,830,960 | ---- | M] (Google Inc.) -- C:\Users\$$$$$$\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2009/07/28 15:32:22 | 00,830,960 | ---- | M] (Google Inc.) -- C:\Users\$$$$$$\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2009/07/28 15:32:22 | 00,830,960 | ---- | M] (Google Inc.) -- C:\Users\$$$$$$\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2009/07/28 15:32:22 | 00,830,960 | ---- | M] (Google Inc.) -- C:\Users\$$$$$$\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2009/08/24 08:49:36 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Users\$$$$$$\Documents\Downloads\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/07/09 12:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2009/06/25 20:03:02 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])
SRV - [2009/06/25 20:02:52 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2009/05/11 17:04:00 | 02,341,960 | ---- | M] (BigFix Inc.) -- C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe -- (BESClient [Auto | Running])
SRV - [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/07/27 11:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2007/03/05 10:30:06 | 00,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb [On_Demand | Stopped])
SRV - [2008/01/20 19:25:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])
SRV - [2006/11/02 05:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
SRV - [2006/11/02 05:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2008/01/20 19:23:49 | 01,013,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll -- (Eventlog [Auto | Running])
SRV - [2008/06/19 18:14:44 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2007/07/23 16:33:06 | 00,181,800 | ---- | M] (WildTangent, Inc.) -- C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe -- (GameConsoleService [On_Demand | Stopped])
SRV - [2007/09/19 18:30:52 | 00,065,536 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service [Auto | Running])
SRV - [2006/05/02 16:41:28 | 00,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe -- (hpqwmiex [Auto | Running])
SRV - [2005/11/14 02:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/06/19 18:14:31 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2007/08/23 17:40:48 | 00,079,136 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2008/06/19 18:14:31 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2007/08/24 04:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2007/12/19 19:28:34 | 00,271,760 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe -- (QPCapSvc [Auto | Running])
SRV - [2007/12/19 19:28:34 | 00,112,016 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe -- (QPSched [Auto | Running])
SRV - [2007/01/09 03:25:30 | 00,272,024 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo [Auto | Running])
SRV - [2009/04/27 18:09:52 | 00,093,960 | ---- | M] (Sling Media Inc.) -- C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe -- (SlingAgentService [Auto | Running])
SRV - [2008/01/20 19:23:32 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])
SRV - [2008/01/20 19:25:33 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2007/07/09 16:28:08 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\xaudio.exe -- (XAudioService [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...n&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...n&pf=laptop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...n&pf=laptop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/06/25 20:05:04 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/04/04 19:04:45 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/19 22:41:56 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/20 06:55:15 | 00,000,000 | ---D | M]

[2008/09/03 18:51:26 | 00,000,000 | ---D | M] -- C:\Users\$$$$$$\AppData\Roaming\mozilla\Extensions
[2008/09/03 18:51:26 | 00,000,000 | ---D | M] -- C:\Users\$$$$$$\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/19 21:48:03 | 00,000,000 | ---D | M] -- C:\Users\$$$$$$\AppData\Roaming\mozilla\Firefox\Profiles\l9m2mdii.default\extensions
[2009/01/31 17:41:48 | 00,000,000 | ---D | M] -- C:\Users\$$$$$$\AppData\Roaming\mozilla\Firefox\Profiles\l9m2mdii.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/08/16 10:16:03 | 00,000,000 | ---D | M] -- C:\Users\$$$$$$\AppData\Roaming\mozilla\Firefox\Profiles\l9m2mdii.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/05/01 22:00:00 | 00,000,000 | ---D | M] -- C:\Users\$$$$$$\AppData\Roaming\mozilla\Firefox\Profiles\l9m2mdii.default\extensions\[email protected]
[2009/05/01 22:00:00 | 00,000,000 | ---D | M] -- C:\Users\$$$$$$\AppData\Roaming\mozilla\Firefox\Profiles\l9m2mdii.default\extensions\[email protected]
[2009/08/16 10:15:06 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/16 10:15:07 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/05/16 17:15:47 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008/08/01 11:12:48 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/03/05 19:10:04 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/04/16 17:55:39 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/04/03 16:45:27 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/03 16:45:27 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2007/04/10 18:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2008/08/06 16:22:02 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2009/03/09 05:19:09 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/02/06 12:44:28 | 01,447,296 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2009/04/03 16:45:28 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2008/10/14 21:33:30 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/08/20 06:55:15 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/08/20 06:55:15 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/08/20 06:55:15 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/08/20 06:55:15 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/08/20 06:55:15 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/08/20 06:55:15 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/08/20 06:55:15 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/07/30 00:24:20 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/07/30 00:24:20 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/07/30 00:24:20 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/07/30 00:24:20 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/07/30 00:24:20 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/07/30 00:24:20 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/07/30 00:24:20 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Print Clips) - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HP Health Check Scheduler] File not found
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QPService] C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Google Update] C:\Users\$$$$$$\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/28 22:04:12 | 00,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 08:18:54 | 00,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O32 - AutoRun File - [2007/10/11 13:16:01 | 01,611,008 | R--- | M] (Gas Powered Games) - E:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2007/06/28 13:45:48 | 00,000,044 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{5f3c2959-133a-11dd-b0de-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5f3c2959-133a-11dd-b0de-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2007/10/11 13:16:01 | 01,611,008 | R--- | M] (Gas Powered Games)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

NetSvcs: FastUserSwitchingCompatibility - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: Nla - Service key not found. File not found
NetSvcs: Ntmssvc - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: SRService - Service key not found. File not found
NetSvcs: Wmi - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: LogonHours - Service key not found. File not found
NetSvcs: PCAudit - Service key not found. File not found
NetSvcs: helpsvc - Service key not found. File not found
NetSvcs: uploadmgr - Service key not found. File not found

========== Files/Folders - Created Within 14 Days ==========

[2009/08/24 08:47:24 | 00,000,000 | ---D | C] -- C:\Windows\Minidump
[2009/08/24 08:46:44 | 29,166,2074 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2009/08/23 10:21:22 | 01,683,691 | -H-- | C] () -- C:\Users\$$$$$$\AppData\Local\IconCache.db
[2009/08/23 10:00:41 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/08/23 10:00:31 | 00,000,733 | ---- | C] () -- C:\Users\$$$$$$\Desktop\NTREGOPT.lnk
[2009/08/23 10:00:31 | 00,000,714 | ---- | C] () -- C:\Users\$$$$$$\Desktop\ERUNT.lnk
[2009/08/23 10:00:27 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/08/23 09:41:17 | 31,529,20576 | -HS- | C] () -- C:\hiberfil.sys
[2009/08/22 00:27:33 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2009/08/20 07:03:36 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/08/20 07:03:28 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/08/20 06:55:52 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/08/20 00:20:45 | 00,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2009/08/19 22:50:47 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/08/19 22:50:41 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/08/19 21:08:33 | 00,000,000 | ---D | C] -- C:\Program Files\iPod(130)
[2009/08/19 21:08:31 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes(131)
[2009/08/19 21:06:32 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime(255)
[2009/08/16 09:45:45 | 00,000,000 | ---D | C] -- C:\Windows\temp
[2009/08/16 09:45:45 | 00,000,000 | ---D | C] -- C:\Users\$$$$$$\AppData\Local\Temp(290)
[2009/08/15 14:55:49 | 00,000,000 | ---D | C] -- C:\Users\$$$$$$\AppData\Roaming\Malwarebytes
[2009/08/15 14:55:43 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/08/15 14:55:43 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/08/15 14:42:38 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/08/15 14:25:12 | 00,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2009/08/15 14:25:00 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster

========== Files - Modified Within 14 Days ==========

[2009/08/24 08:54:02 | 00,709,154 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/08/24 08:54:02 | 00,608,884 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/08/24 08:54:02 | 00,105,952 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/08/24 08:48:54 | 00,125,535 | ---- | M] () -- C:\Users\$$$$$$\AppData\Roaming\nvModes.001
[2009/08/24 08:48:49 | 00,000,237 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2009/08/24 08:47:24 | 29,166,2074 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/08/24 08:47:08 | 00,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/08/24 08:47:07 | 00,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/08/24 08:47:00 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/08/24 08:46:52 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/08/24 08:46:38 | 31,529,20576 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/24 08:30:28 | 40,120,667 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/08/23 21:15:00 | 00,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1742111955-3207088005-442430068-1000UA.job
[2009/08/23 20:15:00 | 00,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1742111955-3207088005-442430068-1000Core.job
[2009/08/23 18:27:23 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2009/08/23 18:27:15 | 01,683,691 | -H-- | M] () -- C:\Users\$$$$$$\AppData\Local\IconCache.db
[2009/08/23 18:21:38 | 00,068,038 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/08/23 10:00:31 | 00,000,733 | ---- | M] () -- C:\Users\$$$$$$\Desktop\NTREGOPT.lnk
[2009/08/23 10:00:31 | 00,000,714 | ---- | M] () -- C:\Users\$$$$$$\Desktop\ERUNT.lnk
[2009/08/22 00:33:38 | 00,043,520 | ---- | M] () -- C:\Users\$$$$$$\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/22 00:27:33 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2009/08/21 11:50:37 | 00,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/08/15 12:42:05 | 00,125,535 | ---- | M] () -- C:\Users\$$$$$$\AppData\Roaming\nvModes.dat

========== LOP Check ==========

[2009/08/15 14:55:49 | 00,000,000 | ---D | M] -- C:\Users\$$$$$$\AppData\Roaming
[2008/08/06 22:13:59 | 00,000,000 | ---D | M] -- C:\Users\$$$$$$\AppData\Roaming\CyberLink
[2009/06/11 20:59:51 | 00,000,000 | ---D | M] -- C:\Users\$$$$$$\AppData\Roaming\Hamachi
[2006/11/02 05:37:34 | 00,000,000 | ---D | M] -- C:\Users\$$$$$$\AppData\Roaming\Media Center Programs
[2008/11/30 19:47:01 | 00,000,000 | RH-D | M] -- C:\Users\$$$$$$\AppData\Roaming\SecuROM
[2008/12/03 19:29:02 | 00,000,000 | ---D | M] -- C:\Users\$$$$$$\AppData\Roaming\Stanford
[2009/08/19 22:42:01 | 00,000,000 | ---D | M] -- C:\Users\$$$$$$\AppData\Roaming\teamspeak2
[2009/08/23 20:15:00 | 00,000,864 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1742111955-3207088005-442430068-1000Core.job
[2009/08/23 21:15:00 | 00,000,916 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1742111955-3207088005-442430068-1000UA.job
[2009/08/24 08:47:00 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/08/23 18:27:23 | 00,032,592 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\system32\eventlog.dll >

< %systemroot%\system32\scecli.dll >
[2008/01/20 19:24:50 | 00,177,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\scecli.dll

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >
[2006/11/02 02:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cngaudit.dll

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34
< End of report >


############################################################################################

OTL Extras logfile created on: 8/24/2009 8:54:48 AM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Users\$$$$$$\Documents\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.88 Gb Available Physical Memory | 93.76% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.04 Gb Total Space | 89.92 Gb Free Space | 40.68% Space Free | Partition Type: NTFS
Drive D: | 11.84 Gb Total Space | 1.99 Gb Free Space | 16.82% Space Free | Partition Type: NTFS
Drive E: | 5.12 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAPTOP
Current User Name: $$$$$$
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0659A2E7-FD94-4708-856B-6EA1129498C1}" = lport=138 | protocol=17 | dir=in | app=system |
"{1A94C039-F8D3-E944-969E-9EFEB592CEC7}" = lport=52311 | protocol=6 | dir=in | name=bigfix enterprise client (tcp) |
"{226AF79B-8C9C-4227-A441-F14167A58276}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{2C9566F1-52ED-4550-8014-356EA9DEAF11}" = rport=139 | protocol=6 | dir=out | app=system |
"{2FD5F410-BAEB-4795-8481-294B3849CFE5}" = rport=445 | protocol=6 | dir=out | app=system |
"{3610911D-BB37-49FF-A846-104D797F6BBC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{408B168E-310B-4B53-BCFD-26932485390B}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{4493C5C2-86F6-1042-B5DD-DDCA9BEDADF3}" = lport=52311 | protocol=17 | dir=in | name=bigfix enterprise client (udp) |
"{51A328CD-BF68-44AB-BF64-952260071385}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{55AAE3EB-BA46-41B1-8DE0-6F203109F5A4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{75218192-7783-4514-9918-DF3E5677903A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7726677E-5965-42D5-8F8D-33455A47A440}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{9B26566D-28F3-49AC-A301-81F4DBB14EAB}" = rport=137 | protocol=17 | dir=out | app=system |
"{ACCB8F15-9C22-4432-A8B1-3164079ED477}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AE00229A-B327-4141-A053-5766746ABE03}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D43F9131-04C3-4A84-A98F-1F1BA37484A6}" = rport=138 | protocol=17 | dir=out | app=system |
"{D7A0BEBE-D7B8-4E12-AFCF-289F2850E4AE}" = lport=139 | protocol=6 | dir=in | app=system |
"{E1FA9E2C-F411-48FB-ABE3-2662A77D9C9A}" = lport=445 | protocol=6 | dir=in | app=system |
"{E763A960-4DBE-4A1B-8C87-C649B13EB5C7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F247539F-8FFA-4200-B272-E09D4D966DAB}" = lport=137 | protocol=17 | dir=in | app=system |
"{FB98B3E2-CE65-440D-89AC-90988C1220B5}" = lport=80 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A22178B-C5CD-4868-A8BA-B91A7681A0E9}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{1365AB4E-47F7-4D04-BE3B-30D31C3C4997}" = protocol=58 | dir=out | [email protected],-28546 |
"{157C96E2-9459-4AF9-B9F4-ED992DB7D1D9}" = protocol=17 | dir=in | app=c:\program files\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe |
"{167BE05E-A65C-476A-A01B-C3B1D78BD124}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{3BD5CE79-4436-4204-921D-1B8E51162E77}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{5053A6E5-30AC-4D6F-B095-19156B085DAA}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{505D8E7A-4BB1-4FD4-A73E-02A96164BEF3}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{53A96D4A-AC0D-4EA8-9DF3-9D886E92CCBC}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{5A6592F1-E08B-4D7F-A205-12237EF4A87D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{654E0CEE-A297-4719-8778-E49A092A41E8}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{6C234BF1-C999-49D3-9B4A-FA7C2FAEB228}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6FB82307-8070-41C1-833B-62FCB1DB397F}" = protocol=58 | dir=in | [email protected],-28545 |
"{79BB1CEB-96D1-43A2-B898-B9D8BF4DF180}" = protocol=1 | dir=out | [email protected],-28544 |
"{7C154DA9-96B9-4480-91C3-8FC2F9E01536}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{8BE8D0E2-7256-442C-97F7-41CCD714F8AA}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{8D918B2F-0246-4655-8A5D-18286C4C2C04}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{935047ED-B9B4-4350-92EA-9A0EB00556ED}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9532E627-50A8-458C-9268-84C449E3BFEA}" = protocol=17 | dir=in | app=c:\program files\thq\gas powered games\supreme commander\bin\supremecommander.exe |
"{9E6FD836-81AF-4012-8A39-9ED3DA23CDCE}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe |
"{A9AAFC9D-2385-4528-8147-2519D1E2E1D5}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{ACE79C0C-21A9-4443-8313-E2B400B9DBD3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B4D03168-4646-47AB-A137-A008A96A6F77}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{B53B3C3D-19CD-45E4-8868-502C1A608D5C}" = protocol=1 | dir=in | [email protected],-28543 |
"{B58D7FF9-1242-4ABF-9C03-5407305A2427}" = protocol=6 | dir=in | app=c:\program files\thq\gas powered games\supreme commander\bin\supremecommander.exe |
"{C2CB0A51-E75F-4333-AD4D-27A33B386271}" = protocol=6 | dir=in | app=c:\program files\thq\gas powered games\supreme commander - forged alliance\bin\forgedalliance.exe |
"{E680EF53-367D-413D-8BF8-FEA035C10653}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{EB15CD0A-D009-44CE-8D41-FBCFEB5A258F}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{F1D81E47-30D1-4AB7-A405-2D53770961B9}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{F2D6C3ED-2E18-493E-A458-9C7F7C15B4FC}" = protocol=6 | dir=in | app=c:\program files\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe |
"{F5C27D70-4E1C-413A-9614-18657C1284DC}" = protocol=17 | dir=in | app=c:\program files\thq\gas powered games\supreme commander - forged alliance\bin\forgedalliance.exe |
"{F87F295F-D795-4C1B-98E2-E0955B847972}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{FA68AEC2-F352-4337-AB0D-991D8FB54BD9}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"TCP Query User{1553CB34-DFCA-434B-9C10-F32E24BB5550}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"TCP Query User{AF7B5B85-4D59-4FC3-B85A-6DF519B8463E}C:\program files\hamachi\hamachi.exe" = protocol=6 | dir=in | app=c:\program files\hamachi\hamachi.exe |
"UDP Query User{B7BD7549-6579-44FB-8E68-C586BAB94B84}C:\program files\hamachi\hamachi.exe" = protocol=17 | dir=in | app=c:\program files\hamachi\hamachi.exe |
"UDP Query User{D0A301E8-DEEC-40BC-8A3E-1987355345A7}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.5500
"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{082F8ABA-84D5-4837-9DFC-F365D91A07D4}" = HP Smart Web Printing
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2412" = CanoScan LiDE 90
"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{2284D904-C138-4B58-93EC-5C362AB5130A}" = The Sims™ Life Stories
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{250E9609-E830-43EB-B379-DAB7546A2422}" = muvee autoProducer 6.1
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{25A1E6A4-2DBD-4AC0-8650-8EA9A45B183D}" = Supreme Commander
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 13
"{28EDCE9C-3304-4331-8AB3-F3EBE94C35B4}" = HP Help and Support
"{31D95937-B237-405D-920C-A3EF4E482395}" = Supreme Commander - Forged Alliance
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 E1
"{38EAC694-0D90-445F-8C17-8B50ADFE3162}" = Slingbox Flash Tour
"{3D08333C-C366-425D-8C2D-D05630D68A46}" = SlingPlayer
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.6
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7DC4A410-9986-4329-9E5D-687B2C42CA39}" = HP QuickTouch 1.00 C4
"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Touch Pad Driver
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{b02df929-29a7-4fd2-9a70-81a644b635f7}" = HP Total Care Advisor
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B53620C0-3A83-4F50-A7AB-175DB64C1CE3}" = HP User Guides 0090
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements
"{BF7023BC-319B-4FE1-B569-C854A19F81F8}" = BigFix Enterprise Client
"{C194D333-B84A-4BB7-B35E-060732D98DC4}" = GPGNet
"{C21C30F2-521C-4F86-882E-60CDCE615FBD}" = Intel® IPP Run-Time Installer 5.3 for Windows* on IA-32
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software 1.10.13.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{DDBB28C8-B2AA-45A1-8DCE-059A798509FB}" = MobileMe Control Panel
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
"{FC8A7918-D65D-440C-9596-C88185E8DCA4}" = Activision®
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AVG8Uninstall" = AVG Free 8.5
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Drum Machine" = Drum Machine 1.36 BETA
"ERUNT_is1" = ERUNT 1.1j
"Hamachi" = Hamachi 1.0.3.0
"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{3D08333C-C366-425D-8C2D-D05630D68A46}" = SlingPlayer
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"InstallShield_{FC8A7918-D65D-440C-9596-C88185E8DCA4}" = Drum Controller Standard Tuning Kit
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.8)" = Mozilla Firefox (3.0.8)
"NVIDIA Drivers" = NVIDIA Drivers
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"Sorian AI Mod_is1" = Sorian AI Mod 1.9.0b
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"USb Missile Launcher1.0" = USb Missile Launcher
"ViewpointMediaPlayer" = Viewpoint Media Player
"Warcraft III" = Warcraft III
"WildTangent hp Master Uninstall" = My HP Games
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/20/2009 10:07:09 AM | Computer Name = Laptop | Source = Windows Search Service | ID = 3013
Description =

Error - 8/20/2009 10:07:11 AM | Computer Name = Laptop | Source = Windows Search Service | ID = 3013
Description =

Error - 8/20/2009 10:07:11 AM | Computer Name = Laptop | Source = Windows Search Service | ID = 3013
Description =

Error - 8/21/2009 2:48:40 PM | Computer Name = Laptop | Source = MsiInstaller | ID = 11704
Description =

Error - 8/22/2009 3:25:34 AM | Computer Name = Laptop | Source = WinMgmt | ID = 10
Description =

Error - 8/22/2009 2:51:11 PM | Computer Name = Laptop | Source = EventSystem | ID = 4609
Description =

Error - 8/22/2009 2:51:28 PM | Computer Name = Laptop | Source = WinMgmt | ID = 10
Description =

Error - 8/23/2009 12:42:11 PM | Computer Name = Laptop | Source = WinMgmt | ID = 10
Description =

Error - 8/23/2009 12:56:56 PM | Computer Name = Laptop | Source = WinMgmt | ID = 10
Description =

Error - 8/23/2009 1:23:28 PM | Computer Name = Laptop | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 6/8/2008 1:26:49 PM | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 4/30/2009 12:04:27 AM | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 4/3/2009 7:41:30 PM | Computer Name = Laptop | Source = HTTP | ID = 15016
Description =

Error - 4/3/2009 7:42:08 PM | Computer Name = Laptop | Source = Service Control Manager | ID = 7000
Description =

Error - 4/3/2009 7:42:33 PM | Computer Name = Laptop | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 0021000531A5. The following
error occurred: %%258. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 4/4/2009 6:01:20 PM | Computer Name = Laptop | Source = HTTP | ID = 15016
Description =

Error - 4/4/2009 6:01:30 PM | Computer Name = Laptop | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.100 for the Network Card with network
address 0021000531A5 has been denied by the DHCP server 1.1.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 4/4/2009 6:02:50 PM | Computer Name = Laptop | Source = Service Control Manager | ID = 7000
Description =

Error - 4/4/2009 6:24:52 PM | Computer Name = Laptop | Source = netbt | ID = 4321
Description = The name "LAPTOP :0" could not be registered on the interface
with IP address 128.12.188.67. The computer with the IP address 171.64.7.155 did
not allow the name to be claimed by this computer.

Error - 4/4/2009 6:24:52 PM | Computer Name = Laptop | Source = netbt | ID = 4321
Description = The name "LAPTOP :0" could not be registered on the interface
with IP address 128.12.188.67. The computer with the IP address 171.64.7.155 did
not allow the name to be claimed by this computer.

Error - 4/4/2009 6:24:55 PM | Computer Name = Laptop | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{089DF9A4-C1BE-4588-82FD-EC50339728D7}
because another computer on the network has the same name. The server could not
start.

Error - 4/4/2009 6:24:55 PM | Computer Name = Laptop | Source = netbt | ID = 4321
Description = The name "LAPTOP :20" could not be registered on the interface
with IP address 128.12.188.67. The computer with the IP address 171.64.7.155 did
not allow the name to be claimed by this computer.


< End of report >

###########################################################################################

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/24 08:53
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP1
==================================================

Drivers
-------------------
Name: \Driver跮DProxy
Image Path: \Driver跮DProxy
Address: 0x8D7E3000 Size: 69632 File Visible: No Signed: -
Status: Hidden from the Windows API!

Name: dump_atapi.sys
Image Path: C:\Windows\System32\Drivers\dump_atapi.sys
Address: 0x8F711000 Size: 32768 File Visible: No Signed: -
Status: -

Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x8F706000 Size: 45056 File Visible: No Signed: -
Status: -

Name: rootrepeal1.sys
Image Path: C:\Windows\system32\drivers\rootrepeal1.sys
Address: 0x9E723000 Size: 49152 File Visible: No Signed: -
Status: -

Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1288 Status: Locked to the Windows API!

==EOF==


Thanks!
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP